Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 61 replies
  • Answers 2 answers
  • Subscribers 32 subscribers
  • Views 59091 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

There is a bug in the email imap proxy

rfcat_vk

Every so often I get time out errors on both ISP email accounts using IMAPS. At the same time outlook throws certificate errors. If I wait awhile, the error self heals. No it is not a network connection, speed tests show 50/20mbs. I would not mind so much if I was fiddling at the time, but I was elsewhere annoying weeds.

Why am I so sure it is the XG mail proxy, because I have another rule which does not use the mail proxy for the iPhones and iPads and they do not have an issue connecting and collecting messages.

Ian



This thread was automatically locked due to age.
Parents
  • 0

    Did you already checked the warren.log in this timeframe?

    Also possible is to keep warren in Debug and check it afterwards. 

  • 0 in reply to LuCar Toni

    Hi MBP,

    a restore fixed the problem for the moment. Next time I will review the warren.log when I am not under pressure to get it fixed because the tickets for the nights concert are stuck.

    Ian

  • 0 in reply to shred

    could you reproduce the issue with turning those options on/off. 

    Just to be sure, there is no config issue here.

  • 0 in reply to LuCar Toni

    I currently have it configured like you have pictured:

    • Allow Invalid Certificate - Enabled
    • Disable Legacy TLS protocols - Not enabled (disabled)

    I will try running with 'Disable Legacy TLS protools' enabled. If I still see the issue, I'll try disabling both.

  • 0 in reply to shred

    Changed my settings to disable legacy TLS and the debug collection.

    Not sure why disabling TLS would intermittently cause connections to time out, but time will tell.

    Ian

  • 0 in reply to shred

    shred said:

    I currently have it configured like you have pictured:

    • Allow Invalid Certificate - Enabled
    • Disable Legacy TLS protocols - Not enabled (disabled)

    I will try running with 'Disable Legacy TLS protools' enabled. If I still see the issue, I'll try disabling both.

     
    With both Allow Invalid Certificate and Disable Legacy TLS protocols enabled, the issue occurred again (on my iMac). The next thing I did was disable Allow Invalid Certificate and refreshed my Mail application and everything work. Could have been coincidence but usually when I have this issue, it won't work until I leave it alone for 30+ minutes then it randomly starts working. I'll continue to run Sophos XG with Allow Invalid Certificate disabled and Disable Legacy TLS protocols enabled.
  • 0 in reply to shred

    Hi Shred,

    I get the same using mac outlook and mac mail on one MBP more than I do on I my MBP.

    Ian

  • 0 in reply to rfcat_vk

    Some food for thought. Since I have reduced my email accounts to one I have not suffered any new occurrences, my wife has 3 email accounts which are accessible by either ms outlook or mac mail and she is seeing the time out issue quite often, sometime only for seconds eg long enough to see the message.

    Ian

  • 0 in reply to rfcat_vk

    Well, it's been a couple days now and I haven't seen the issue after disabling "Allow Invalid Certificate". Kind of odd if this does in fact fix it. My wife and I are also running two email accounts (Gmail and iCloud) on all of our devices (iMac, iPhones, iPads, MacBook Air). I'll continue to keep an eye on this.

  • 0 in reply to shred

    Hi Shred,

    there is another thread on tLS timeouts for web surfing. Similar vein to the mail issue. I might put  my accounts back on to my map instead of redirecting to see what happens.

    Ian

  • 0 in reply to rfcat_vk

    This is just plain stupid, my mail broke and has been for about two hours. Restart MBP did not fix the issue. Changed two firewall rules which do not affect the mail scanning and bingo my mail is working again. I wonder if my facebook is now working. It has been broken for a couple of days, just mine.

    Ian

     

    Update, another restore and all is working again, maybe.

  • 0 in reply to LuCar Toni

    This issue occurred again on both my iPhone and iMac this morning. Here is the warren.log. 172.16.16.66 is my iMac where the error is occurring:

     

    DEBUG Sep 26 08:32:24 [4124048192]: Client Hello Version : 771
    INFO Sep 26 08:32:24 [4124048192]: valid client hello
    INFO Sep 26 08:32:24 [4124048192]: h-ver '3' , chel-ver '5'
    INFO Sep 26 08:32:24 [4142947136]: SSL session established with server: '17.142.163.22'
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: *.mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: server certificate OK
    DEBUG Sep 26 08:32:24 [4142947136]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4142947136]: certificate for CN('mail.me.com') found in cache
    INFO Sep 26 08:32:24 [4142947136]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4142947136]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4142947136]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4142947136]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 21
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 22
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '17.142.163.22' closed
    INFO Sep 26 08:32:24 [4142947136]: fd: 21 closed
    INFO Sep 26 08:32:24 [4121951040]: accept(): protocol IMAP4: fd: 21
    INFO Sep 26 08:32:24 [4121951040]: 172.16.16.66 === IMAP4 ===> 17.142.163.22
    INFO Sep 26 08:32:24 [4124048192]: SSL session established with server: '74.125.28.109'
    DEBUG Sep 26 08:32:24 [4124048192]: CommonName: imap.gmail.com
    DEBUG Sep 26 08:32:24 [4124048192]: server certificate OK
    DEBUG Sep 26 08:32:24 [4124048192]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4124048192]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:24 [4124048192]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4124048192]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4124048192]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4124048192]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 23
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 24
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '74.125.28.109' closed
    INFO Sep 26 08:32:24 [4124048192]: fd: 23 closed
    INFO Sep 26 08:32:24 [4120902464]: accept(): protocol IMAP4: fd: 23
    INFO Sep 26 08:32:24 [4120902464]: 172.16.16.66 === IMAP4 ===> 74.125.28.109
    SFVH_SO01_SFOS 17.1.2 MR-2# tail -80 warren.log
    DEBUG Sep 26 08:32:23 [4128242496]: Acquired read-lock.
    DEBUG Sep 26 08:32:23 [4128242496]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:23 [4128242496]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:23 [4128242496]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:23 [4128242496]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:23 [4128242496]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:23 [4128242496]: Freeing client 19
    DEBUG Sep 26 08:32:23 [4128242496]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:23 [4128242496]: Freeing client 20
    DEBUG Sep 26 08:32:23 [4128242496]: SSL session with '74.125.28.109' closed
    INFO Sep 26 08:32:23 [4128242496]: fd: 19 closed
    INFO Sep 26 08:32:23 [4146092864]: accept(): protocol IMAP4: fd: 19
    INFO Sep 26 08:32:23 [4146092864]: 172.16.16.66 === IMAP4 ===> 74.125.28.109
    INFO Sep 26 08:32:24 [4142947136]: accept(): protocol IMAP4S: fd: 21
    INFO Sep 26 08:32:24 [4142947136]: 172.16.16.66 === IMAP4S ===> 17.142.163.22
    INFO Sep 26 08:32:24 [4124048192]: accept(): protocol IMAP4S: fd: 23
    INFO Sep 26 08:32:24 [4124048192]: 172.16.16.66 === IMAP4S ===> 74.125.28.109
    INFO Sep 26 08:32:24 [4142947136]: thread_tmpfile: /var/tmp/warren_4142947136
    INFO Sep 26 08:32:24 [4142947136]: compare_network_2: l = r Ret 0
    INFO Sep 26 08:32:24 [4142947136]: initialize_conn: POP[1] POPS[1] IMAP[1] IMAPS[1]
    DEBUG Sep 26 08:32:24 [4142947136]: relay_connection: _enter for loop
    ERROR Sep 26 08:32:24 [4142947136]: relay_connection: Read event on Client
    DEBUG Sep 26 08:32:24 [4142947136]: peek '194' bytes from client hello
    DEBUG Sep 26 08:32:24 [4142947136]: Validating Higher Version Client Hello.
    DEBUG Sep 26 08:32:24 [4142947136]: Handshake Version : 769
    DEBUG Sep 26 08:32:24 [4142947136]: Client Hello Version : 771
    INFO Sep 26 08:32:24 [4142947136]: valid client hello
    INFO Sep 26 08:32:24 [4142947136]: h-ver '3' , chel-ver '5'
    INFO Sep 26 08:32:24 [4124048192]: thread_tmpfile: /var/tmp/warren_4124048192
    INFO Sep 26 08:32:24 [4124048192]: compare_network_2: l = r Ret 0
    INFO Sep 26 08:32:24 [4124048192]: initialize_conn: POP[1] POPS[1] IMAP[1] IMAPS[1]
    DEBUG Sep 26 08:32:24 [4124048192]: relay_connection: _enter for loop
    ERROR Sep 26 08:32:24 [4124048192]: relay_connection: Read event on Client
    DEBUG Sep 26 08:32:24 [4124048192]: peek '188' bytes from client hello
    DEBUG Sep 26 08:32:24 [4124048192]: Validating Higher Version Client Hello.
    DEBUG Sep 26 08:32:24 [4124048192]: Handshake Version : 769
    DEBUG Sep 26 08:32:24 [4124048192]: Client Hello Version : 771
    INFO Sep 26 08:32:24 [4124048192]: valid client hello
    INFO Sep 26 08:32:24 [4124048192]: h-ver '3' , chel-ver '5'
    INFO Sep 26 08:32:24 [4142947136]: SSL session established with server: '17.142.163.22'
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: *.mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: server certificate OK
    DEBUG Sep 26 08:32:24 [4142947136]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4142947136]: certificate for CN('mail.me.com') found in cache
    INFO Sep 26 08:32:24 [4142947136]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4142947136]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4142947136]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4142947136]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 21
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 22
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '17.142.163.22' closed
    INFO Sep 26 08:32:24 [4142947136]: fd: 21 closed
    INFO Sep 26 08:32:24 [4121951040]: accept(): protocol IMAP4: fd: 21
    INFO Sep 26 08:32:24 [4121951040]: 172.16.16.66 === IMAP4 ===> 17.142.163.22
    INFO Sep 26 08:32:24 [4124048192]: SSL session established with server: '74.125.28.109'
    DEBUG Sep 26 08:32:24 [4124048192]: CommonName: imap.gmail.com
    DEBUG Sep 26 08:32:24 [4124048192]: server certificate OK
    DEBUG Sep 26 08:32:24 [4124048192]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4124048192]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:24 [4124048192]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4124048192]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4124048192]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4124048192]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 23
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 24
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '74.125.28.109' closed
    INFO Sep 26 08:32:24 [4124048192]: fd: 23 closed
    INFO Sep 26 08:32:24 [4120902464]: accept(): protocol IMAP4: fd: 23
    INFO Sep 26 08:32:24 [4120902464]: 172.16.16.66 === IMAP4 ===> 74.125.28.109
    ERROR Sep 26 08:32:38 [4125096768]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:38 [4125096768]: fd: 12 closed
    ERROR Sep 26 08:32:38 [4146092864]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:38 [4146092864]: fd: 19 closed
    ERROR Sep 26 08:32:39 [4121951040]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:39 [4121951040]: fd: 21 closed
    ERROR Sep 26 08:32:39 [4120902464]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:39 [4120902464]: fd: 23 closed

     

Reply
  • 0 in reply to LuCar Toni

    This issue occurred again on both my iPhone and iMac this morning. Here is the warren.log. 172.16.16.66 is my iMac where the error is occurring:

     

    DEBUG Sep 26 08:32:24 [4124048192]: Client Hello Version : 771
    INFO Sep 26 08:32:24 [4124048192]: valid client hello
    INFO Sep 26 08:32:24 [4124048192]: h-ver '3' , chel-ver '5'
    INFO Sep 26 08:32:24 [4142947136]: SSL session established with server: '17.142.163.22'
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: *.mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: server certificate OK
    DEBUG Sep 26 08:32:24 [4142947136]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4142947136]: certificate for CN('mail.me.com') found in cache
    INFO Sep 26 08:32:24 [4142947136]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4142947136]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4142947136]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4142947136]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 21
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 22
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '17.142.163.22' closed
    INFO Sep 26 08:32:24 [4142947136]: fd: 21 closed
    INFO Sep 26 08:32:24 [4121951040]: accept(): protocol IMAP4: fd: 21
    INFO Sep 26 08:32:24 [4121951040]: 172.16.16.66 === IMAP4 ===> 17.142.163.22
    INFO Sep 26 08:32:24 [4124048192]: SSL session established with server: '74.125.28.109'
    DEBUG Sep 26 08:32:24 [4124048192]: CommonName: imap.gmail.com
    DEBUG Sep 26 08:32:24 [4124048192]: server certificate OK
    DEBUG Sep 26 08:32:24 [4124048192]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4124048192]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:24 [4124048192]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4124048192]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4124048192]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4124048192]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 23
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 24
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '74.125.28.109' closed
    INFO Sep 26 08:32:24 [4124048192]: fd: 23 closed
    INFO Sep 26 08:32:24 [4120902464]: accept(): protocol IMAP4: fd: 23
    INFO Sep 26 08:32:24 [4120902464]: 172.16.16.66 === IMAP4 ===> 74.125.28.109
    SFVH_SO01_SFOS 17.1.2 MR-2# tail -80 warren.log
    DEBUG Sep 26 08:32:23 [4128242496]: Acquired read-lock.
    DEBUG Sep 26 08:32:23 [4128242496]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:23 [4128242496]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:23 [4128242496]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:23 [4128242496]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:23 [4128242496]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:23 [4128242496]: Freeing client 19
    DEBUG Sep 26 08:32:23 [4128242496]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:23 [4128242496]: Freeing client 20
    DEBUG Sep 26 08:32:23 [4128242496]: SSL session with '74.125.28.109' closed
    INFO Sep 26 08:32:23 [4128242496]: fd: 19 closed
    INFO Sep 26 08:32:23 [4146092864]: accept(): protocol IMAP4: fd: 19
    INFO Sep 26 08:32:23 [4146092864]: 172.16.16.66 === IMAP4 ===> 74.125.28.109
    INFO Sep 26 08:32:24 [4142947136]: accept(): protocol IMAP4S: fd: 21
    INFO Sep 26 08:32:24 [4142947136]: 172.16.16.66 === IMAP4S ===> 17.142.163.22
    INFO Sep 26 08:32:24 [4124048192]: accept(): protocol IMAP4S: fd: 23
    INFO Sep 26 08:32:24 [4124048192]: 172.16.16.66 === IMAP4S ===> 74.125.28.109
    INFO Sep 26 08:32:24 [4142947136]: thread_tmpfile: /var/tmp/warren_4142947136
    INFO Sep 26 08:32:24 [4142947136]: compare_network_2: l = r Ret 0
    INFO Sep 26 08:32:24 [4142947136]: initialize_conn: POP[1] POPS[1] IMAP[1] IMAPS[1]
    DEBUG Sep 26 08:32:24 [4142947136]: relay_connection: _enter for loop
    ERROR Sep 26 08:32:24 [4142947136]: relay_connection: Read event on Client
    DEBUG Sep 26 08:32:24 [4142947136]: peek '194' bytes from client hello
    DEBUG Sep 26 08:32:24 [4142947136]: Validating Higher Version Client Hello.
    DEBUG Sep 26 08:32:24 [4142947136]: Handshake Version : 769
    DEBUG Sep 26 08:32:24 [4142947136]: Client Hello Version : 771
    INFO Sep 26 08:32:24 [4142947136]: valid client hello
    INFO Sep 26 08:32:24 [4142947136]: h-ver '3' , chel-ver '5'
    INFO Sep 26 08:32:24 [4124048192]: thread_tmpfile: /var/tmp/warren_4124048192
    INFO Sep 26 08:32:24 [4124048192]: compare_network_2: l = r Ret 0
    INFO Sep 26 08:32:24 [4124048192]: initialize_conn: POP[1] POPS[1] IMAP[1] IMAPS[1]
    DEBUG Sep 26 08:32:24 [4124048192]: relay_connection: _enter for loop
    ERROR Sep 26 08:32:24 [4124048192]: relay_connection: Read event on Client
    DEBUG Sep 26 08:32:24 [4124048192]: peek '188' bytes from client hello
    DEBUG Sep 26 08:32:24 [4124048192]: Validating Higher Version Client Hello.
    DEBUG Sep 26 08:32:24 [4124048192]: Handshake Version : 769
    DEBUG Sep 26 08:32:24 [4124048192]: Client Hello Version : 771
    INFO Sep 26 08:32:24 [4124048192]: valid client hello
    INFO Sep 26 08:32:24 [4124048192]: h-ver '3' , chel-ver '5'
    INFO Sep 26 08:32:24 [4142947136]: SSL session established with server: '17.142.163.22'
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: *.mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: CommonName: mail.me.com
    DEBUG Sep 26 08:32:24 [4142947136]: server certificate OK
    DEBUG Sep 26 08:32:24 [4142947136]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4142947136]: certificate for CN('mail.me.com') found in cache
    INFO Sep 26 08:32:24 [4142947136]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4142947136]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4142947136]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4142947136]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 21
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4142947136]: Freeing client 22
    DEBUG Sep 26 08:32:24 [4142947136]: SSL session with '17.142.163.22' closed
    INFO Sep 26 08:32:24 [4142947136]: fd: 21 closed
    INFO Sep 26 08:32:24 [4121951040]: accept(): protocol IMAP4: fd: 21
    INFO Sep 26 08:32:24 [4121951040]: 172.16.16.66 === IMAP4 ===> 17.142.163.22
    INFO Sep 26 08:32:24 [4124048192]: SSL session established with server: '74.125.28.109'
    DEBUG Sep 26 08:32:24 [4124048192]: CommonName: imap.gmail.com
    DEBUG Sep 26 08:32:24 [4124048192]: server certificate OK
    DEBUG Sep 26 08:32:24 [4124048192]: Acquired read-lock.
    DEBUG Sep 26 08:32:24 [4124048192]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:24 [4124048192]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    DEBUG Sep 26 08:32:24 [4124048192]: SSL_accept() failed: this is last msg!!!
    ERROR Sep 26 08:32:24 [4124048192]: relay_connection: Read event on Client [In break]
    DEBUG Sep 26 08:32:24 [4124048192]: relay_connection: _exit loop
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 23
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '172.16.16.66' closed
    DEBUG Sep 26 08:32:24 [4124048192]: Freeing client 24
    DEBUG Sep 26 08:32:24 [4124048192]: SSL session with '74.125.28.109' closed
    INFO Sep 26 08:32:24 [4124048192]: fd: 23 closed
    INFO Sep 26 08:32:24 [4120902464]: accept(): protocol IMAP4: fd: 23
    INFO Sep 26 08:32:24 [4120902464]: 172.16.16.66 === IMAP4 ===> 74.125.28.109
    ERROR Sep 26 08:32:38 [4125096768]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:38 [4125096768]: fd: 12 closed
    ERROR Sep 26 08:32:38 [4146092864]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:38 [4146092864]: fd: 19 closed
    ERROR Sep 26 08:32:39 [4121951040]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:39 [4121951040]: fd: 21 closed
    ERROR Sep 26 08:32:39 [4120902464]: opensock: connect() error "Connection timed out".
    INFO Sep 26 08:32:39 [4120902464]: fd: 23 closed

     

Children
  • 0 in reply to shred

    Will check this tomorrow in the Bug Database. 

     

    Seems like some kind of issue with the certificate store.

     

    You find always some relation to the certificate. 

    DEBUG Sep 26 08:32:24 [4124048192]: certificate for CN('imap.gmail.com') found in cache
    INFO Sep 26 08:32:24 [4124048192]: SSL_accept() failed: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

    You guys imported the correct CA in your mail clients, correct? 

  • 0 in reply to LuCar Toni

    Hi MBP,

    yes I did to both MBPs and the issue is that you can be working fine for days, then suddenly your certificate is lost trust and the iMAP connection times out. Mine has again this morning.

    Ian

  • 0 in reply to rfcat_vk

    Hey Shred,

    are you using Mojave or High Sierra? I just found two new untrusted certificates in my Mojave which I have updated the trust and that seems to have cleared my mail issue of rat moment. The error cleared as soon as I trusted both certificates.

    Ian

     

    Too soon, came back at the next automatic check for mail.

  • 0 in reply to LuCar Toni

    I imported the Sophos SSL certificate into MacOS Keychain Access under the "Systems" Keychain. I have no issues browsing websites using Safari (HTTPS decryption & scanning and enabled) and the majority of the time, I don't have issues with my email either (using the official Mail application that comes with MacOS). This mail issue with IMAP just randomly occurs and sometimes it will start working after a few minutes and other times I have to wait a while (hour+) before it starts working again. I'm now using MacOS Mojave on my iMac and MacOS High Sierra on my MacBook Air. This issue also occurs on my iOS devices.

  • 0 in reply to shred

    Basically the same here, except the iOS devices do not use https scanning. The issue comes and goes and I suspect it is the same issue as identified by another thread about the dns cache failing. Very frustrating. Mine has become worse since upgrading the mr3. 

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    i cannot find any hint on a bug id to this issue. 

    Both of you are using XG home? 

    So we could try some kind of debugging without any problem? 

    Would like to see, what the proxy is doing if this happens in a dump. 

    Also can you tell me, which kind of appliances you use? Hardware / Software? 

  • 0 in reply to LuCar Toni

    Just sent you a message with a few hundred lines from my warren.log with everything functioning correctly.

    I am using Sophos XG Home. I was on 17.1.2 MR-2 and I just upgraded to 17.1.3 MR-3.

    I'm running Sophos XG on a Qotom Q335G4 (bare metal install).

  • 0 in reply to shred

    Hi MBP,

    I am using a server motherboard with 4 intel NICs, 8gb ram and e3-1225 v5 with an ssd. I can swap it out for a J1900 motherboard.

    Both mine and my wife's mail are broken at the moment, 2 different mail clients.

    Ian

  • 0 in reply to rfcat_vk

    Please perform a dump.

     

    Go to the Advanced Shell.

    tcpdump -ni WAN_interface host IP_OF_MAILserver -s0 -b -w /tmp/mail.pcap

    And try it again. 

    Then stop the dump with STRG + C.

    And download the dump. (use PSCP : https://community.sophos.com/kb/en-us/127647

    I assume, XG tries to build up a connection to the mail server and the TLS Handshake does not work. 

    Basically this should be visible in the wireshark. 

    Can you send me screenshots? Maybe via PM. 

  • 0 in reply to LuCar Toni

    Hi MBP,

    do I need to put the address of the WAN interface in the command, otherwise I get syntax error?

    Ian