This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 17.1.0 GA firmware upgrade breaks MTA

I have just tried the upgrade to 17.1.0 GA firmware version, but it breaks MTA.

On the main screen comes up with MTA service DEAD.

Tried reverting to Legacy mode and then back to MTA mode, but that didn't work.

In fact in legacy mode it then reported service SMPTD 'stopped' and one other service I cant recall at the moment.

I see there was a related bug fix in the beta 2 version so thought it would be OK.

But caution if you rely on MTA.

I have reverted to MR8 for now.



This thread was automatically locked due to age.
  • Hi NH1

    You should console to Sophos XG and check MTA log with command line:

    tail -f /log/awarrenmta.log

    find error and troubleshoot.

    - XG v17 Technician Certificate -

  • I did try to manually start the service from the console with "service awarrenmta:start -ds nosync", but it threw an error, a 503 or something like that I think.

    I should have paid more attention but needed the MTA to be working after being down for the upgrade.

    I am no expert, so the reversion to MR8 to get everything working was the best approach, will wait for a better time before I try again.

    Post was really for the information of others who may also be reliant on MTA.

  • Have you checked the logs with /log/awarrenmta.log ? during service restart attempt (i.e. service awarrenmta:restart -ds nosync) ? I suspect something might be related to certificates. 

  • For those interested (or who know this stuff better than I) the awarrenmta.log contains the following, and which keeps repeating over the period immediately after the upgrade to 17.1 GA

    As I mentioned, MTA was working fine in MR8, went "DEAD" after upgrade to 17.1 GA, and is fine again after reverting to MR8. I made no changes other than upgrading the firmware.

     

    .................................................................................................../cfs/proxy/smtp/conf/mta.conf: ERROR syntax error
    awarrenmta: /static/proxy/smtp/mta.conf:22: register_protocol: SMTP : /cfs/proxy/smtp/conf/mta.conf
    Total Pages: 1524862 Pagesize: 4 RAM: 5
    ......................................................................................................./cfs/proxy/smtp/conf/mta.conf: ERROR syntax error
    awarrenmta: /static/proxy/smtp/mta.conf:22: register_protocol: SMTP : /cfs/proxy/smtp/conf/mta.conf
    Total Pages: 1524862 Pagesize: 4 RAM: 5
    ............................................./cfs/proxy/smtp/conf/mta.conf: ERROR syntax error
    awarrenmta: /static/proxy/smtp/mta.conf:22: register_protocol: SMTP : /cfs/proxy/smtp/conf/mta.conf
    Total Pages: 1524862 Pagesize: 4 RAM: 5
    ............................/cfs/proxy/smtp/conf/mta.conf: ERROR syntax error

  • We have encountered same problem. Reverterd to mr8

  • This might be related to issues with certs especially if using the appliance CA (SecurityAppliance_SSL_CA) instead of a server certificate.

    One thing to try is to regenerate the CA on XG and reboot the appliance.

    From Webadmin > System > Certificates > Certificate Authorities > SecurityAppliance_SSL_CA (click on icon next to this CA to regenerate)

  • We are using letsencrypt

  • I am using a paid commercial SSL certificate.

  • Hi same problem with MTA is dead I have Exchange 2016, lets encrypt certificates

  • We use also MTA.

    It is not recommend to update this firmware 17.1.0 GA?

    What are Sophos support saying abuot this issue?