Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 2016 OWA: Die folgenden Dateien konnten nicht angefügt werden: xyz.pdf. Versuchen Sie es später erneut.

Hallo zusammen,

ich bin neu im Bereich der XG FW.

Ich bin umgestiegen von der SG auf die XG und muss zugeben, das ich diese nicht richtig verstehe.

 

Ich habe das Problem, das ich per Webbrowser (OWA) keine Anhänge größer 1MB anhängen kann.

Es kommt immer die Meldung:

 

"Die folgenden Dateien konnten nicht angefügt werden: xyz.pdf. Versuchen Sie es später erneut."

 

Dabei spielt der Dateityp keine Rolle.

Mache ich das ganze lokal kann ich große Dateien anhängen.

Also muss es an einer Einstellung der XG liegen.

Hat jemand auch schon das Problem gehabt und für mich eine Lösung?

 

Ich setzte folgende FW ein: SFOS 18.0.0 GA-Build379

 

Danke und Gruß

Roman



This thread was automatically locked due to age.
  • We've noticed the same problem. Primarily with image attachments.

     

     

    We are using WAF for OWA. The problem mostly occurs with mobile devices but our customer also mentioned that OWA over browser is also affected. 

    I was not able to reproduce the problem myself and didn't find any useful log messages. 

     

    My theory so far:  the images get encoded with BASE64 (HTML inline), thus exceed the filesize increases and exceeds the max allowed size or are blocked by some mime type rule.

     

    cheers

     

    Here is a screenshot. 

  • Hallo zusammen,

    ich habe zumindest herausgefunden, an welcher Stelle ich genauer schauen muss.

    -> Regeln und Richtlinien -> Firewallregeln -> Exchange 2016 General -> Erweitert "Schutz"

    Wenn ich den Schutz deaktiviere:

    Dann kann ich auch wieder größere Dateien anhängen.

    Allerdings ist dann kein Virenschutz mehr vorhanden.

    Hier die Einstellung für die Richtlinie:

    Habe ich hier eine falsche Einstellung gemacht?

     

    Best Grüße

    Roman

  • There is a backend limitation to WAF, as in UTM.

    In UTM, you could switch this to a higher value. 

    You should see something like "ModSecurity: Request body no files data length is larger than the configured limit" in your reverseproxy.log.

    Please contact SophosSupport, they can increase the Limitation in the backend. 

    PS: As far as i know, this limitation should not be there for the standard templates. Did you recreate your firewall template? 

    __________________________________________________________________________________________________________________

  • In our case, we use the standard "Exchange General" templates with some modifications, mostly url hardening. 

    is there a bug ID which i could refer when contacting sophos support?

     

    As far as I can see there are no hits in the logfile..

    XG330_WP02_SFOS 18.0.0 GA-Build379.HF052220.1# cat smtpd_reject.log | grep ModSecurity
    XG330_WP02_SFOS 18.0.0 GA-Build379.HF052220.1# cat smtpd_main.log | grep ModSecurity
    XG330_WP02_SFOS 18.0.0 GA-Build379.HF052220.1#

  • That is the wrong log, take a look at the reverseproxy.log ||Smtpd_main is for MTA, not WAF.

     

    Actually there should not be a Bug ID. Simply point out whats the issue and maybe link this to  to get this proper routed. 

    __________________________________________________________________________________________________________________

  • Hi  

    As  suggested there is no specific bug to this, please share the service request number if you have raised a support case to investigate the issue further.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Toni

     

    Thanks for the reply. Agree, that was indeed the wrong log file, my brain somehow was on standby when I replyed.

     

    I checked the database for the values you mentioned and I was not able to identify any hardcoded limits, which refer to attachment size.

    at least not in those tables:

    config | tblwafadvanceconfig                        | table | pgroot

    config | tblwaffilter                               | table | pgroot

    config | tblwafsecurityprofile                      | table | pgroot

     

     

    The only real difference to other deployments was, that we set "limit scan size" in the WAF Firewall profile to "off"

    After I set the scan size to "50" the customer reported, that the problem was gone. 

     

     

     

    I don't see why this was necessary since a value of "0" should mean "no limit / all files"

    And like i said, i was not able to reproduce the problem myself, so I have to trust the feedback from the customer. 

     

    @Roman:  Maybe you can test this on your deployment as well and let us know if it solves your problem too?

  • Hallo Zusammen,

    habt ihr das Problem inzwischen gelöst bekommen?

    Mit freundlichem Gruß

  • Hi,

    had the same problem with Exchange 2019. Everything above 1mb was rejected. Message was

    413 Request entity too large.

    Please see https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/114221/413-request-entity-too-large/410813 

    Changing the value forsec_request_body_no_files_limit for the specific WAF rule helped me. I changed this to the same value I allow for inbound mail size. There is a easy to follow, step by step guide over there. 

    Regards,

    Christian