Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1272 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam release using cluster (ASG320 V9.106)

mkiehl
We are having a very strange issue with releasing spam VIA email. The web proxy is blocking the request even with the site being added to exceptions. The system has three nodes. If we shut down two of the nodes it will release fine but when they are running it times out with the following. BTW It can be released from outside the operation with no issues. 

2013:10:30-15:58:54 westerville-3 httpproxy[6318]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.112" dstip="192.168.1.233" user="lhoshor" statuscode="504" cached="0" profile="REF_FZoxISIdPn (HTTP)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2644" request="0xe1e4da0" url="blank.com:3840/release.plc
2013:10:30-15:59:55 westerville-3 httpproxy[6318]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.112" dstip="192.168.1.233" user="lhoshor" statuscode="504" cached="0" profile="REF_FZoxISIdPn (HTTP)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2553" request="0xe2af7b0" url="blank:3840/favicon.ico" exceptions="" error="Connection to server timed out" category="9998" reputation="neutral" categoryname="Uncategorized"
2013:10:30-16:00:26 westerville-3 httpproxy[6318]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.112" dstip="192.168.1.233" user="lhoshor" statuscode="504" cached="0" profile="REF_FZoxISIdPn (HTTP)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2644" request="0xe2ca7c0" url="blank:3840/release.plc

Haven't seen this before. Could be a bug.


This thread was automatically locked due to age.
Parents
  • 0

    Mike, if there are more than two units in the cluster, I'm not sure how to adjust the following.  Hopefully Sophos Support already has fixed this.

    To rebuild the SMTP PostgreSQL database:

    /var/mdw/scripts/smtp stop
    dropdb -U postgres smtp
    createdb -U postgres smtp
    /var/mdw/scripts/smtp start

    EDIT 2016-07-12 - changed line 3 to createdb which is new standard

    From the command line, you then need to get to the Slave: ha_utils ssh

    And then, rebuild the database there as above.

    Please let us know the result and anything different that Support did.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Mike, if there are more than two units in the cluster, I'm not sure how to adjust the following.  Hopefully Sophos Support already has fixed this.

    To rebuild the SMTP PostgreSQL database:

    /var/mdw/scripts/smtp stop
    dropdb -U postgres smtp
    createdb -U postgres smtp
    /var/mdw/scripts/smtp start

    EDIT 2016-07-12 - changed line 3 to createdb which is new standard

    From the command line, you then need to get to the Slave: ha_utils ssh

    And then, rebuild the database there as above.

    Please let us know the result and anything different that Support did.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML