IMAP SSL handshake timed out through Sophos XG

Hello Sophos Community,

 

I am currently experiencing issues when accessing certain external imap servers through my Sophos XG.

I have several different imap accounts configured on my clients (7 accounts) but only 5 of them work through my Sophos without any problem.

When accessing two of them there's an error saying: SSL handshake timeout - all others work without any problem. All accounts work when using another network (e.g. mobile network or a friend's wifi) So this shouldn't be a configuration issue.

 

I have proxy, webfiltering and imap scanning enabled, so I created a FW rule allowing a test client to access any/any, put it on top, disabled webfiltering, created a webfilter exception (just to be sure) but there are still these handshake timeouts.

 

This is everything I get, when trying to check my mails: (unfortunately nothing else in the log files, so far)

Any advice would be appreciated

 

Cheers

 

I am running a Sophos XG 18.0.1 MR-1 

Parents
  • Hi,

    there is a bug in the current version of iMAP when using scanning. The bug is reportedly fixed in v18.0.3 MR-3

    Many people are waiting for the release of MR-3.Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi rfcat_vk, 

    yes, I read about that. I am not sure whether this will resolve my issue as I created an exception and disabled filtering so far. 
    And AFAIK there should be entries in the warren.log when IMAP/SMTP scanning is used but there are no entries when trying to connect via IMAP to these accounts. 

    But yes, I am also looking forward to the release of MR3. 

  • Hi,

    Please review the tls log. The error messages you have posted have nothing to do with email, they are from a sessions that have ended and handshake has not completed in time.

    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hello ian, 

    yes I am aware that these entries have nothng to do with email and I know what these "invalid traffic" messages mean in this case - but these are the only messages I receive and they're immediately displayed when checking for mail via IMAPS (TCP 993) So this is at least somehow connected to the issue/traffic. 
    Unfortunately I do not have any other message or logs - not even in the TLS logs (SSL/TLS inspection is not enabled). This is why I created this thread.

    There's nothing in the TLS logs. 

    Bjoern

Reply
  • Hello ian, 

    yes I am aware that these entries have nothng to do with email and I know what these "invalid traffic" messages mean in this case - but these are the only messages I receive and they're immediately displayed when checking for mail via IMAPS (TCP 993) So this is at least somehow connected to the issue/traffic. 
    Unfortunately I do not have any other message or logs - not even in the TLS logs (SSL/TLS inspection is not enabled). This is why I created this thread.

    There's nothing in the TLS logs. 

    Bjoern

Children
No Data