Version 9.508 - report on experience

What error does the recipient see, Markus - a picture, maybe?

Cheers - Bob

If the recipient uses f.e. thunderbird he will get:

Some recipient bounce our mails and return: the digital signature is invalid.

To be clear: email encryption does not work for us since updating to V9.508!  That's awful. We have about 450 email encryption users an use sophos generated certificates.

On a 2nd utm whith V9.508 I tested to reset email encryption, created a new ca and created a new user. -> Same error.

In my opinion the statement in kb 131727 is wrong:  "Note: You do not have to regenerate the certs to get S/MIME working. The new engine will work fine without deleting and regenerating certificates. Correcting the SHA1 vulnerability requires certificate regeneration, which will require the users to be deleted and re-added"

Markus

I have revoked my S/Mime and applied again with stonger key. Then I set it up in the email encryption. The error still exists. The signature is invalid for the recipient. I´m still waiting for an answer from the support.

Running with it since the soft-release.

I thin aI see an increased memory usage from the http proxy, anyone seeing this?

810       9345 33.9 36.9 1812024 1484612 ?     Ssl  20:40   0:33 /var/chroot-http/usr/bin/httpproxy -f -c /var/chroot-http -u httppr

Having 4gb memory in the appliance and it's a 88%, when I shutdown http proxy it moved to 41%.

Only my private servers are behind and no throughput to talt about :-)

(Runnning on old UTM 320 appliance with SSD)

Regards Martin

I notice that it takes a lot more when it starts httpproxy, Martin, but I have the same device on 9.508 and httpproxy is at 16%.

Cheers - Bob

Hi Thorsten,

same here on our UTM, we did recreate most users, outgoing signed messages still get bounced. On one user i saw that the certificate was not recreated, i had to delete the user stop/start encryption, regenerate the user so a new cert was created.

Any news from Sophos support?

best regards / Viele Grüße,

Christian

Hmm...odd, are you using sandstorm license also Bob?

I did some more tests to see if umlauts or special characters are causing the problem. Furthermore I have made various settings like deactivating the scan of outgoing emails and so on. But the problem could not be solved in this way. I'm still waiting for a response from support.

Hi Thorsten,

we also checked for umlauts etc. - does not seem to be the problem.

Some external partners notified us that they maybe had stored old certificates from our users which may cause this problem. E.g. Barracuda Antispam solutions also seem to store certificate information. They deleted the old ones, we are testing at the moment.

We contacted Sophos support but did not get any help on this bug, we were told to contact our reseller on this...

Best regards

Christian

Yes, Martin, Sandstorm is active.

Cheers - Bob