This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

quarantined email release fails

Releasing has recently gone wrong on my macos Sierra machine.

Tried it with Safari, Firefox and Chrome but all fail:

Safari:
Safari Can't Open the Page "https://<fqdn>:3840/release.plc?proto=smtp&mp;cluster_id=0&amp;message_id=1c2X06-0006pM-MV&amp;size=3469&amp;whitelist;0" because Safari can't establish a secure connection to the server "<fqdn>".

Firefox:
Secure Connection Failed
An error occurred during a connection to vgk.rcan.nl:3840. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

 

Chrome:
This site can’t provide a secure connection
<fqdn> sent an invalid response
Try running Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

 

Update:

Now, a day later I found out that Safari is redirecting the http://<fqdn>:3840 to a https request. Odd. anyone experiencing similar issue?

 

Adrie



This thread was automatically locked due to age.
Parents
  • any news about this issue? Its definitly a chrome issue, because if you have visited one time an url with https, it requests in future only https (damn if you type a wrong url ....). i couldnt find a solution for chrome, all thinks i've found on google are to edit the apache server etc.......


    Sophos Platinum Partner 
    Sophos Certified Architect
    (Ceritfied UTM Architect / Certified XG Architect)

  • This is also an issue in Firefox

    If the browser connects to a HTTPS site (such as the user portal), the browser will change all future access to HTTPS even if on a different port.

    As this situation only occurs when UTM already has a certificate, one solution could be to add the option to have the the quarantine release on a different port with HTTPS, this would allow existing quarantine emails to continue to work.

     

  • This issue affects both FF on Windows (8) and Linux, and Safari on Mac - so it would be very helpful when Sophos fix it.

    On our utm9

    /var/chroot-httpd/etc/httpd/vhost/httpd-spam.conf

    Listen 3840
    <VirtualHost 0.0.0.0:3840>
            ServerAdmin admin
            DocumentRoot /var/content/httpd-spam
            
            SSLEngine Off
            
            Options ExecCGI

            <Directory /var/content/httpd-spam>       
              <Files _*>
                Order Deny,Allow
                Deny from All
              </Files>
            </Directory>
    </VirtualHost>

    it could be

            SSLEngine on
            SSLCertificateFile /etc/httpd/WebAdminCert.pem
            SSLCertificateKeyFile /etc/httpd/WebAdminKey.pem
            SSLCACertificateFile /etc/httpd/WebAdminCertCA.pem

    which is what is in

    /var/chroot-httpd/etc/httpd/vhost/httpd-portal.conf

    BUT the release links would have to be https://etc

  • HAProxy could be used to listen to both HTTP and HTTPS on the same port, and proxy the connection to the appropriate web server instance

    timjrobinson.com/.../ 

Reply Children
No Data