This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Variable Substitution in SMTP Password

Here's an odd one...   I have an SG105 running 9.506-2 and configured an upstream SmartHost for outbound SMTP under Email Protection > SMTP > Advanced. Username and password are filled in. This has been this way for about a year.  The machine has been running since I last applied updates 24 days ago.  

Outbound emails from the firewall itself (hotspot passwords, config backups, etc) were being relayed properly until last Monday, 2 days ago. Also, outbound emails from internal hosts configured to use the firewall as their outbound relay have been relayed properly up to that date. Nothing since.

I pulled up the Mail Manager and see a few pages of spooled messages with "Waiting" status.  I viewed one and am seeing entries like below in the Message Delivery log at the top of the dialog.

2018-03-01 08:11:12 root@example.com R=smarthost_route T=smarthost_smtp defer (0): expansion of "$5w$foobar$7baz!MqL\N" failed in server_login authenticator: unknown variable name "foobar"

I've changed it for this example but that "$5w$foobar..." string is the SMTP password I entered.  Something is trying to replace $foobar in that string.  

I'm off to change the password to remove dollar signs but thought I'd mention it here.  Looks like something needs single-ticks instead of double-quotes somewhere...



This thread was automatically locked due to age.
Parents
  • Hello Paul,

    thanks for sharing this. Somehow such things has come several times into my sight over the years, not sophos related. But other products have bugs too ;-)

    But one thing is strange. The password wasn't changed the whole time. So the string $foobar worked for a limited time?

    Best

    Alex

    -

  • Yes, that's the really odd part.  The password with "$foobar" within the string has been that way for probably a year.  The machine was booted 24 days ago after applying pending updates.  According to the SMTP Logs in the Mail Manager UI, it only stopped working 3 days ago. Really odd...  I know. something I'm asserting must not be true but I can't tell what that would be.

Reply
  • Yes, that's the really odd part.  The password with "$foobar" within the string has been that way for probably a year.  The machine was booted 24 days ago after applying pending updates.  According to the SMTP Logs in the Mail Manager UI, it only stopped working 3 days ago. Really odd...  I know. something I'm asserting must not be true but I can't tell what that would be.

Children
No Data