This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.510-4 released - let's share experiences!

Released yesterday:

https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-510-released

 

Found out so far, that mailmanager is broken:

Others? :-)



This thread was automatically locked due to age.
Parents
  • Hi,

     

    same issue here. I installed 9.510 on my SG 105W at home. I´m not using mail protection, but I checked the mail manager before and after the installation.

    After the installation i get the same error message "invalid request".

     

    Maybe mail manager is no longer necessary... Sophos fixed the quarantine report release option for end users (NUTM-9836) instead ;)

     

    Kind regards

    Daniel

  • Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

  • Marco Quattrocchi said:

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

     

    I too can confirm this!

     

    2018:07:20-12:11:10 mail exim-in[18132]: 2018-07-20 12:11:10 [xxx.xxx.xxx.xxx] F=<sender> R=<receiver> Verifying recipient address with callout
    2018:07:20-12:11:10 mail exim-in[18132]: 2018-07-20 12:11:10 TLS error on connection from mail.domain.com [xxx.xxx.xxx.xxx]:60542 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
    Did not see it in the beginning as I validate though Active Directory normally, which works.
     
     

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer v9.7
    Sophos  XG  Certified Architect v18.0
    Homelab: 2 x SG210 XG v18 (HA A/P) - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • New update on Mailmanager bug:

     

    Firefox: "Invalid request"

    Chrome on SAME UTM: ALL GOOD!

    Firefox as before, but cleared cookies and website data: ALL GOOD!

    :-)

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer v9.7
    Sophos  XG  Certified Architect v18.0
    Homelab: 2 x SG210 XG v18 (HA A/P) - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • Well done :)

     

    Worked for me too. Cleared all data in Firefox and the mail manager works like a charm.

     

    Kind regards

    Daniel

  • Marco Quattrocchi said:

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

     

    I had these issues before in 9.509 and haven't yet upgraded to 9.510. Skipping TLS negotiation is not wise, there are some hosts that simply won't communicate without it so you'll loose mails (try to send from Gmail and you will likely get a delivery message from Gmail hours later than you sent the mail and your mail most likely will not be delivered to your mailbox).


    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.

  • Marco Quattrocchi said:

    It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.

     

    Check this post I posted a week ago, that's when I noticed things had changed regarding recipient verification:

    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/103994/recipient-verification-failing


    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply Children
No Data