Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 13860 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email Protection

zeus1976

Hello,

I'm new here :-)

I have enabled the Email Protection and also activated SSL on the Sophos UTM. Now when I'm starting Outlook I receive the following error message: The target principal name is incorrect (translatet from the german)  - I have imported the certificate into the Trusted Root Certification Authority (translatet from german), but unfortunately I still get the error. What am I doing wrong? If you have questions, go for it.

Thank you for the help.

Best regards



This thread was automatically locked due to age.
Parents
  • 0

    Is this POP3 or SMTP?  Please insert a picture of the message.


    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    We are talking about POP3 - the error message (see picture below) is in German - if you need in englisch, let me know.

    Do you know that I'm doing wrong?

    Thank you for your help.

    Best regards

  • 0 in reply to zeus1976

    Danke, Deutsch ist für mich kein Problem. [;)]

    I think that message is because the HTTPS proxy is running in Transparent mode.  You may need to make an Exception there.  What is the corresponding line in the Web Filtering log file?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello,


    Thank you for your help.

    I have checked the Web Proxy log and I have only one message:
    2016:03:20-13:18:33 home httpproxy[7510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.242.3.2" dstip="64.4.26.155" user="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo7 (Laptop_Home)" filteraction="REF_HttCffLaptophome (Laptop_Home)" size="2660" request="0xdf7a4800" url="config.messenger.msn.com/.../msgrconfig.asmx referer="" error="Connection refused" authtime="0" dnstime="378" cattime="100" avscantime="0" fullreqtime="383341" device="0" auth="0" ua="OutlookSocialConnector/1.0" exceptions="" category="106" reputation="neutral" categoryname="Chat" country="United States" country="United States" application="msn" app-id="311"

    I insered an exception put unfortunately I have still the same error.

    Some more information:
    1. more Infos about the certificat:

    Ausgestellt für: home.ch
    Ausgestellt von Untrusted Bitefender CA

    2. Configuration in POP3 in Advanced:
    TLS: Certificates: Webadmin certificat for home.ch

    Otherwhise I have deinstalled the Bitdefender but wasn't the solution. (I have reimported the certificat after deinstallation)

    Do you know this issue?

    Thank you - best regards

  • 0 in reply to zeus1976

    statuscode="502"

    If an Exception for SSL and AV didn't fix this, then you will need to add a DNS Group for config.messenger.msn.com to the Transparent Mode Skiplist destination section.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    I have put the DNS Group in the Skip List - but unfortunately I have still the same problem.


    Here more information:

    - Without POP3 Proxy everything is working fine

    - My Emailaccounts are by GMX.de

    - Configuration Emailaccount: POP3 - Port 995 - SSL (pop.gmx.net) / SMTP - Port 587 - TLS (mail.gmx.net)

    - The Certificat is imported to the Trusted Root Certification Authority (Benutzer / Lokaler Computer) - tried both

    - Configuration on the Sophos UTM: Activate Scan TLS encrypted POP3 traffic - Certificate Webadmin Certificate for home.ch

    - Here the log from POP3 Sophos UTM:

    2016:03:23-11:43:16 home pop3proxy[25124]: Failed to shutdown SSL connection
    2016:03:23-11:47:33 home pop3proxy[25480]: Accepted client connection from 10.242.3.2 for 212.227.17.169
    2016:03:23-11:48:36 home pop3proxy[25480]: Failed to read from SSL
    2016:03:23-11:48:36 home pop3proxy[25495]: Client 25480 was signaled
    2016:03:23-11:48:37 home pop3proxy[25549]: Accepted client connection from 10.242.3.2 for 212.227.17.185
    2016:03:23-11:48:37 home pop3proxy[25549]: Failed to read from SSL
    2016:03:23-11:48:37 home pop3proxy[25495]: Client 25549 was signaled
    2016:03:23-11:48:37 home pop3proxy[25551]: Accepted client connection from 10.242.3.2 for 212.227.17.185
    2016:03:23-11:48:37 home pop3proxy[25551]: Failed to read from SSL
    2016:03:23-11:48:37 home pop3proxy[25495]: Client 25551 was signaled
    2016:03:23-11:48:50 home pop3proxy[25559]: Accepted client connection from 10.242.3.2 for 212.227.17.185

     

    What can I do to solve the problem? Many thanks for your help.

    Best regards

  • 0 in reply to zeus1976

    Hi,


    I have solved the problem - the certifact was wrong. thank you for your help.


    Best regards

Reply Children
No Data
Unfiltered HTML