Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 4 subscribers
  • Views 32086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX not encrypting

Nitron

Hi,

I'm trying to set up SPX encryption but can't get it to work. This is what I have done:

  • Created an SMTP profile and punting a particular domain's emails through the profile.(That domain is external to our system.)
  • Turned on SPX encryption and created an SPX template. Linked the SMTP profile to the template.
  • Run the Sophos Outlook Addin on a test PC.

When I create and attempt to encrypt an email the x-sophos-spx-encrypt header is being added, the correct profile is being used but the message is not encrypted. The only difference the receiver sees is the header and "Please treat this as Confidential" when viewing the message in Outlook. I've also tried using the [secure:password] format in the subject.

Any ideas?

It's very worrying that the x-sophos-spx-encrypt header has been added but UTM sends the message in the clear. Even if the system is not configured for SPX, the header should surely prompt UTM to quarantine the message or return is to the sender? It's unacceptable that the user asks for the email to be encrypted and it is sent cleartext.



This thread was automatically locked due to age.
  • 0
    Which Mailserver do you use? Did you setup the Sophos as Mailrelay?
  • 0
    The mail server is Exchange 2007. I set up a send connector to push emails to my test domain through Sophos and when I send the test email I can see it in the SMTP live log.
    Sophos then forwards to our mail gateway as a smart host.
  • 0 in reply to Nitron

    Plz restart the SPX-Engine in the webinterface!

    By the way... you can uncheck in the relaytab under smtp, that outgoing mails will be checked by the spamfilter...

  • 0 in reply to ThorstenSult
    How do I restart the SPX engine? I see no option for this - unless it is done by turning off the option, then on again?
  • 0 in reply to ThorstenSult
    Same result - not encrypted.
  • 0 in reply to ThorstenSult

    Here's the relevant section. 10.20.10.14 is my Exchange server and 10.20.10.127 is the smart host that the UTM forwards the message to. I can't see any material difference in the live log whether the encryption x-header is present or not.

    2016:02:05-09:05:52 myutm exim-in[4951]: 2016-02-05 09:05:52 SMTP connection from [10.20.10.14]:46408 (TCP/IP connection count = 1)
    2016:02:05-09:05:53 myutm exim-in[47933]: 2016-02-05 09:05:53 H=(EXCHSRVR.mydomain.local) [10.20.10.14]:46408 Warning: externaldomain.com profile excludes greylisting: Skipping greylisting for this message
    2016:02:05-09:05:53 myutm exim-in[47933]: 2016-02-05 09:05:53 H=(EXCHSRVR.mydomain.local) [10.20.10.14]:46408 Warning: externaldomain.com profile excludes spam scan: Skipping SMTP inline spam scan for this message
    2016:02:05-09:05:53 myutm exim-in[47933]: 2016-02-05 09:05:53 1aRcKv-000CT7-1R <= sender@mydomain.com H=(EXCHSRVR.mydomain.local) [10.20.10.14]:46408 P=esmtps X=TLSv1:AES256-SHA:256 S=47064 id=0AC5A4E940165B4886C747275A158BD83FBE572CA2@EXCHSRVR.mydomain.local
    2016:02:05-09:05:53 myutm exim-in[47933]: 2016-02-05 09:05:53 SMTP connection from (EXCHSRVR.mydomain.local) [10.20.10.14]:46408 closed by QUIT
    2016:02:05-09:05:54 myutm smtpd[4903]: QMGR[4903]: 1aRcKv-000CT7-1R moved to work queue
    2016:02:05-09:06:00 myutm smtpd[47945]: SCANNER[47945]: 1aRcL2-000CTJ-Hh <= sender@mydomain.com R=1aRcKv-000CT7-1R P=INPUT S=46067
    2016:02:05-09:06:00 myutm smtpd[47945]: SCANNER[47945]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.20.10.14" from="sender@mydomain.com" to="recipient@externaldomain.com" subject="Test encryption" queueid="1aRcL2-000CTJ-Hh" size="46067"
    2016:02:05-09:06:00 myutm smtpd[47945]: SCANNER[47945]: 1aRcKv-000CT7-1R => work R=SCANNER T=SCANNER
    2016:02:05-09:06:00 myutm smtpd[47945]: SCANNER[47945]: 1aRcKv-000CT7-1R Completed
    2016:02:05-09:06:00 myutm exim-out[47949]: 2016-02-05 09:06:00 1aRcL2-000CTJ-Hh => recipient@externaldomain.com P=<sender@mydomain.com> R=static_route_hostlist T=static_smtp H=10.20.10.127 [10.20.10.127]:25 C="250 2.0.0 Message received OK"
    2016:02:05-09:06:00 myutm exim-out[47949]: 2016-02-05 09:06:00 1aRcL2-000CTJ-Hh Completed

  • 0 in reply to Nitron
    Did you check the header of the mail that you receive? You should find the x-sophos-spx-encrypt tag in there.

    This is my livelog:

    2016:02:08-09:17:30 sophos smtpd[32725]: SCANNER[32725]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="xxx" from="sender@mydomain" to="receiver@remotedomain" subject="test" queueid="1aSh0k-0008Vp-En" size="14330" reason="spx" extra=""
    2016:02:08-09:17:30 sophos smtpd[32725]: SCANNER[32725]: 1aSh0k-0008Vp-En [SPX] SPX Encryption starts with profile: REF_template and password type: recipientspec
    2016:02:08-09:17:30 sophos smtpd[32725]: SCANNER[32725]: 1aSh0k-0008Vp-En [SPX] SPX encryption was successfull
    2016:02:08-09:17:30 sophos smtpd[32725]: SCANNER[32725]: 1aSh0e-0008Vo-1R => work R=SCANNER T=SCANNER
    2016:02:08-09:17:30 sophos smtpd[32725]: SCANNER[32725]: 1aSh0e-0008Vo-1R Completed
  • 0 in reply to ThorstenSult
    Hi,
    Yes x-sophos-spx-encrypt is added to the header. My live log looks the same whether I've asked for encryption or not.
Unfiltered HTML