Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 13615 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pop3SSL not working properly

ChristianKüppers
I upgraded to 9.1 and swiched my clients to force SSL-connection.
after two days working Ok I a see following messages after Downloading a few mails:
2013:04:29-09:01:35 UTM9 pop3proxy[19507]: Client: Maildrop locked for account_id 1
2013:04:29-09:01:38 UTM9 pop3proxy[19201]: SslServer timeout
2013:04:29-09:01:38 UTM9 pop3proxy[19201]: Failed to shutdown SSL connection

Sometimes after restarting Thiunderbird I get a Maildrop locked warning as popup
and fond following in the log:
013:04:29-08:56:20 UTM9 pop3proxy[18561]: Client: Maildrop locked for account_id 1
disabling/enabling the pop3 Proxy does not help.



any Idea?


This thread was automatically locked due to age.
  • 0
    I posted a link to this thread in the stickied thread in the 'Hardware, Installation, Up2Date, Licensing' forum.  The devs should be monitoring that.  When there's an active beta, they watch the threads there.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I'm homeversionuser. Does anyone know how to report this to Sophos?
    Thx, xhrustian
  • 0
    @Bill

    Thanks - found that one a bit later...
  • 0 in reply to BAlfson
    Hi Bob, I agree this is something different. I was referring to Microsaft and didn't notice his edit at the end of his post.
    Christian posted during the beta https://community.sophos.com/products/unified-threat-management/astaroorg/f/80/t/65158 but gave up before further testing his problem. Probably would have been fixed otherwise. Oh well, its still a soft release... I think there is going to be a soft release 2 soon [:D]

    Regards
    Bill
    Edit: AAAAAAh, never mind, Christian's post was after the soft release so no way it would have been caught otherwise.
  • 0
    Hi, Bill,

    I dunno.  This one is two successful, identical connections instead of a single failed one.  The server times out, the proxy fails to close the connection and establishes a competing connection.  The client, still working with #1, is blocked by connection #2.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Microsaft

    2013:05:01-09:23:50 *** pop3proxy[17445]: Fatal: Failed to accept SSL client
    2013:05:01-09:23:50 *** pop3proxy[17445]: SSL Error: 0x1408a0c1d (error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher) 

    Hi, your problem is related to this thread http://www.astaro.org/beta-versions/utm-9-1-public-beta/46022-9-060-bug-pop3-proxy-ssl.html
    Regards
    Bill
  • 0
    2013:04:30-18:32:11 UTM9 pop3proxy[16555]: SslServer timeout
     2013:04:30-18:32:11 UTM9 pop3proxy[16555]: Failed to shutdown SSL connection
     2013:04:30-18:32:57 UTM9 pop3proxy[16859]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
     2013:04:30-18:32:58 UTM9 pop3proxy[16859]: christian@christiansberge.info logged in (account 1)
     2013:04:30-18:33:33 UTM9 pop3proxy[16899]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
     2013:04:30-18:33:33 UTM9 pop3proxy[16899]: Client: Maildrop locked for account_id 1

    Looks like a bug to me!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I have run into the same error. For scanning ssl content utm has to break the ssl connection. So a certificate with existing private key has to be present for that.
  • 0
    Hi,

    I can't access my Gmail account anymore since updating to 9.100 (using Outlook 2007 and POP3-Proxy):

    2013:05:01-09:23:50 *** pop3proxy[17445]: Fatal: Failed to accept SSL client
    2013:05:01-09:23:50 *** pop3proxy[17445]: SSL Error: 0x1408a0c1d (error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher) 

    EDIT: Have set certificate at the advanced options - can receive mails now..
    Any ideas?

    M4
  • 0 in reply to BAlfson
    More mysterious:
    I got it working - but onlyfor a few of mails that should be downloaded:

    2013:04:30-18:25:25 UTM9 pop3proxy[15730]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
    2013:04:30-18:25:26 UTM9 pop3proxy[15730]: christian@christiansberge.info logged in (account 1)
    2013:04:30-18:25:28 UTM9 pop3proxy[15730]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="best-of@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Die besten PC-Spiele aller Zeiten (UPDATE) * Die besten Gratis-Mediaplayer für Windows" size="75250" srcip="217.115.132.188" dstip="46.30.211.93" uid="UID7317-1337440434"
    2013:04:30-18:25:29 UTM9 pop3proxy[15730]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="tipps-tricks@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Windows-Firewall per Kommandozeile steuern * Die besten Gratis-Mediaplayer für Windows" size="63977" srcip="217.115.132.178" dstip="46.30.211.93" uid="UID7318-1337440434"
    2013:04:30-18:26:30 UTM9 pop3proxy[15730]: SslServer timeout
    2013:04:30-18:26:30 UTM9 pop3proxy[15730]: Failed to shutdown SSL connection
    2013:04:30-18:29:24 UTM9 pop3proxy[16002]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
    2013:04:30-18:29:24 UTM9 pop3proxy[16002]: christian@christiansberge.info logged in (account 1)
    2013:04:30-18:29:26 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="business-it@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Diese rechtlichen Fallstricke lauern auf Facebook *Was Sie über NoSQL wissen sollten *Mit Wordpress die eigene Webseite erstellen – Workshop" size="41905" srcip="217.115.132.181" dstip="46.30.211.93" uid="UID7319-1337440434"
    2013:04:30-18:29:28 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="internet@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Samsung Galaxy S4 im Test * Das Sony Xperia Z im 4-Wochen-Härtetest" size="59366" srcip="217.115.132.181" dstip="46.30.211.93" uid="UID7320-1337440434"
    2013:04:30-18:29:29 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="bestellbestaetigung@amazon.de" to="christian@christiansberge.info" subject="Ihre Bestellung bei Amazon.de" size="22828" srcip="176.32.127.105" dstip="46.30.211.93" uid="UID7321-1337440434"
    2013:04:30-18:29:30 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="software@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Vollversion des Tages * Die besten PC-Spiele aller Zeiten (UPDATE)" size="59114" srcip="217.115.132.188" dstip="46.30.211.93" uid="UID7322-1337440434"
    2013:04:30-18:29:31 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="best-of@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Die 37 verrücktesten Amazon-Angebote * Droht auch Telekom-Bestandskunden die 75-GB-Grenze?" size="86231" srcip="217.115.132.177" dstip="46.30.211.93" uid="UID7323-1337440434"
    2013:04:30-18:29:32 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="mobile-computing@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="PC-WELT-Mobile-Computing" size="33436" srcip="217.115.153.213" dstip="46.30.211.93" uid="UID7324-1337440434"
    2013:04:30-18:29:33 UTM9 pop3proxy[16002]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="info@rechnung.o2online.de" to="kueppers.christian@googlemail.com" subject="Ihre Online-Rechnung von o2" size="23650" srcip="62.157.181.2" dstip="46.30.211.93" uid="UID7325-1337440434"
    2013:04:30-18:30:34 UTM9 pop3proxy[16002]: SslServer timeout
    2013:04:30-18:30:34 UTM9 pop3proxy[16002]: Failed to shutdown SSL connection
    2013:04:30-18:31:04 UTM9 pop3proxy[16555]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
    2013:04:30-18:31:04 UTM9 pop3proxy[16555]: christian@christiansberge.info logged in (account 1)
    2013:04:30-18:31:06 UTM9 pop3proxy[16555]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="security@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Drivedroid: Windows-Rettungssystem auf Android-Smartphone *Kostenlose Anti-Hacker-Tools schützen Ihren PC *Diese rechtlichen Fallstricke lauern auf Facebook *PC-WELT sucht Verstärkung" size="65919" srcip="217.115.132.170" dstip="46.30.211.93" uid="UID7326-1337440434"
    2013:04:30-18:31:07 UTM9 pop3proxy[16555]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="newsletter@mammut.ch" to="kueppers.christian@googlemail.com" subject="Mammut Sommer Highlights 2013" size="66464" srcip="193.17.194.43" dstip="46.30.211.93" uid="UID7327-1337440434"
    2013:04:30-18:31:08 UTM9 pop3proxy[16555]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="newsletter@newsletter.fluege.de" to="kueppers.christian@googlemail.com" subject="München - London ab 78 EUR // München - Florenz ab 89 EUR // München - Edinburgh ab 93 EUR // Hamburg - Dubai ab 403 EUR" size="86485" srcip="62.144.110.225" dstip="46.30.211.93" uid="UID7328-1337440434"
    2013:04:30-18:31:10 UTM9 pop3proxy[16555]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="tipps-tricks@newsletter.pcwelt.de" to="Christian.kueppers@web.de" subject="Die besten Apps für Windows 8 im Test * 20 clevere Tricks für Google-Kalender" size="59303" srcip="217.115.132.178" dstip="46.30.211.93" uid="UID7329-1337440434"
    2013:04:30-18:32:11 UTM9 pop3proxy[16555]: SslServer timeout
    2013:04:30-18:32:11 UTM9 pop3proxy[16555]: Failed to shutdown SSL connection
    2013:04:30-18:32:57 UTM9 pop3proxy[16859]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
    2013:04:30-18:32:58 UTM9 pop3proxy[16859]: christian@christiansberge.info logged in (account 1)
    2013:04:30-18:33:33 UTM9 pop3proxy[16899]: Accepted client connection from 192.168.10.22 for 46.30.211.93 (pop3.christiansberge.info Servers server_id 2)
    2013:04:30-18:33:33 UTM9 pop3proxy[16899]: Client: Maildrop locked for account_id 1
    2013:04:30-18:33:36 UTM9 pop3proxy[16899]: Client: Maildrop locked for account_id 1
    2013:04:30-18:33:39 UTM9 pop3proxy[16899]: Client: Maildrop locked for account_id 1
    2013:04:30-18:33:42 UTM9 pop3proxy[16899]: Client: Maildrop locked for account_id 1
    2013:04:30-18:33:44 UTM9 pop3proxy[16899]: SslClient 192.168.10.22 has closed the connection
    2013:04:30-18:33:59 UTM9 pop3proxy[16859]: SslServer timeout
    2013:04:30-18:33:59 UTM9 pop3proxy[16859]: Failed to shutdown SSL connection
    ------------
    After a time it run into a timeout, not knowing of it´s own or of the backend POP-Server.
    Shutting Down the proxy and reenabling didn´t solve the problem.
    And now it´s running only in SSL-Timeouts.
Unfiltered HTML