This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.510-4 released - let's share experiences!

Released yesterday:

https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-510-released

 

Found out so far, that mailmanager is broken:

Others? :-)



This thread was automatically locked due to age.
Parents
  • Hi,

     

    same issue here. I installed 9.510 on my SG 105W at home. I´m not using mail protection, but I checked the mail manager before and after the installation.

    After the installation i get the same error message "invalid request".

     

    Maybe mail manager is no longer necessary... Sophos fixed the quarantine report release option for end users (NUTM-9836) instead ;)

     

    Kind regards

    Daniel

  • Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

  • Unknown said:

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

     

    I too can confirm this!

     

    2018:07:20-12:11:10 mail exim-in[18132]: 2018-07-20 12:11:10 [xxx.xxx.xxx.xxx] F=<sender> R=<receiver> Verifying recipient address with callout
    2018:07:20-12:11:10 mail exim-in[18132]: 2018-07-20 12:11:10 TLS error on connection from mail.domain.com [xxx.xxx.xxx.xxx]:60542 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
    Did not see it in the beginning as I validate though Active Directory normally, which works.
     
     

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • New update on Mailmanager bug:

     

    Firefox: "Invalid request"

    Chrome on SAME UTM: ALL GOOD!

    Firefox as before, but cleared cookies and website data: ALL GOOD!

    :-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Well done :)

     

    Worked for me too. Cleared all data in Firefox and the mail manager works like a charm.

     

    Kind regards

    Daniel

  • Unknown said:

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

     

    I had these issues before in 9.509 and haven't yet upgraded to 9.510. Skipping TLS negotiation is not wise, there are some hosts that simply won't communicate without it so you'll loose mails (try to send from Gmail and you will likely get a delivery message from Gmail hours later than you sent the mail and your mail most likely will not be delivered to your mailbox).


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.

  • Unknown said:

    It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.

     

    Check this post I posted a week ago, that's when I noticed things had changed regarding recipient verification:

    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/103994/recipient-verification-failing


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hello Marco,

     

    i think it is the TLS Renegotation protection.

    show there https://wiki.mozilla.org/Security:Renegotiation

    i have TLS1.2 activate and it running.

    br Christian

    Br McWolle

    Sophos Certified Engineer (SCE)
    Sophos Certified Architect (SCA)

  • My name in the callout verification tls issue hat as well.  Hopefully a quick 9.510-5+ build with the appropriate fix.

    Anyone opened a ticket on this yet?

  • you can switch the TLS-Version to 1.2 in the advanced tab since 9.510. After that, callout verification works.

  • No luck. After switching to TLS 1.2 the same error occurs:

     

    2018-07-30 11:23:13 [46.254.125.74] F=<prvs=074914ada1=sender> R=<rcpt> Verifying recipient address with callout
    2018:07:30-11:23:13 sophos-2 exim-in[50277]: 2018-07-30 11:23:13 TLS error on connection from <mailserver> (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
Reply
  • No luck. After switching to TLS 1.2 the same error occurs:

     

    2018-07-30 11:23:13 [46.254.125.74] F=<prvs=074914ada1=sender> R=<rcpt> Verifying recipient address with callout
    2018:07:30-11:23:13 sophos-2 exim-in[50277]: 2018-07-30 11:23:13 TLS error on connection from <mailserver> (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
Children