Released yesterday:
Found out so far, that mailmanager is broken:
Others? :-)
This thread was automatically locked due to age.
Released yesterday:
Found out so far, that mailmanager is broken:
Others? :-)
Hi,
same issue here. I installed 9.510 on my SG 105W at home. I´m not using mail protection, but I checked the mail manager before and after the installation.
After the installation i get the same error message "invalid request".
Maybe mail manager is no longer necessary... Sophos fixed the quarantine report release option for end users (NUTM-9836) instead ;)
Kind regards
Daniel
Hello,
I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.
Then i went to another PC and from there Mailmanager opened in EDGE without problems.
But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:
2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout
2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
The connection closed and the mail would not be processed.
As a workaround, RCPT Verification in AD works as expected.
As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...
But i think its not a good way to disable TLS...
Marco
Unknown said:Hello,
I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.
Then i went to another PC and from there Mailmanager opened in EDGE without problems.
But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:
2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout
2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
The connection closed and the mail would not be processed.
As a workaround, RCPT Verification in AD works as expected.
As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...
But i think its not a good way to disable TLS...
Marco
I too can confirm this!
-----
Best regards
Martin
Sophos XGS 2100 @ Home | Sophos v20 Technician
New update on Mailmanager bug:
Firefox: "Invalid request"
Chrome on SAME UTM: ALL GOOD!
Firefox as before, but cleared cookies and website data: ALL GOOD!
:-)
-----
Best regards
Martin
Sophos XGS 2100 @ Home | Sophos v20 Technician
Well done :)
Worked for me too. Cleared all data in Firefox and the mail manager works like a charm.
Kind regards
Daniel
Unknown said:Hello,
I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.
Then i went to another PC and from there Mailmanager opened in EDGE without problems.
But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:
2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout
2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
The connection closed and the mail would not be processed.
As a workaround, RCPT Verification in AD works as expected.
As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...
But i think its not a good way to disable TLS...
Marco
I had these issues before in 9.509 and haven't yet upgraded to 9.510. Skipping TLS negotiation is not wise, there are some hosts that simply won't communicate without it so you'll loose mails (try to send from Gmail and you will likely get a delivery message from Gmail hours later than you sent the mail and your mail most likely will not be delivered to your mailbox).
Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Unknown said:It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.
Check this post I posted a week ago, that's when I noticed things had changed regarding recipient verification:
Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Hello Marco,
i think it is the TLS Renegotation protection.
show there https://wiki.mozilla.org/Security:Renegotiation
i have TLS1.2 activate and it running.
br Christian
Br McWolle
Sophos Certified Engineer (SCE)
Sophos Certified Architect (SCA)
Hello Marco,
i think it is the TLS Renegotation protection.
show there https://wiki.mozilla.org/Security:Renegotiation
i have TLS1.2 activate and it running.
br Christian
Br McWolle
Sophos Certified Engineer (SCE)
Sophos Certified Architect (SCA)