Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 501 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After Upgrade to XG 18.0.4 WAF Rule for Exchange Anywhere / Outlook 2019 fails.

juergenb52

Hi,

i had 17.5.14-1 running and all users where able to use Windows 10 and Outlook 2019 in Home Office.
Outlook was able to sync emails over mapi connections.

After the migration to XG 18.0.4 some users complain that they can´t send mails or receive mails, some maisl are missing at all.

I verified the settings with all the information available for publishing exchange 2016 and i even had tickets in 2020 four publishing exchange 2019.
But sophos was never able to supply information for Exchange 2019 WAF rules.

So the client fails and Outlook connection status show alot of retries and errors for the connection to the mapi mailbox. mail.domain.de/.../ ... 2830/13 (requests/errors).

reversproxy.log shows me a lot of error 401 .. with these information


[Tue Feb 9 11:52:34.655129 2021] timestamp="1612867954" srcip="94.31.ab.cd" localip="94.241.ab.cde" user="-"
method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipURLHardening" duration="11606" url="/mapi/emsmdb/"
server="mail.domain.de" referer="-" cookie="MapiContext=MAPIAAAAAPak8t+S05rW+43kl56j436hjk5464jk3649c33xPymhbSFt4O7g7OAtIasKwAAAAAAAA==;
MapiRouting=UlVNOjNmZmYwN2FmLTM0MGEtNGMyZi04ZjIyLTY5M56jkh43jk6h54654jYjU5YTqrKGTJ6MzYCA==;MapiSequence=99-+KXCCA==;
X-BackEndCookie=93d44f8f-a3dc-48cf-ad43-4abcbbe45fad=ufgfdgd43334JqBzs2bz8ucmsbSys+eydLLys2c0seens/Sxp3Nxp3LysjKmZqcgYHNz83O0s/M0s7Oq87PxcrNxczL"
set-cookie="-" recvbytes="1424" sentbytes="6946" protocol="HTTP/1.1" ctype="-" uagent="Microsoft Office/16.0 (Windows NT 10.0;
Microsoft Outlook 16.0.10368; Pro)" querystring="?MailboxId=93d443dg-a3dc-48cf-ad43-4abcgr665hfgfad@domain.de" websocket_scheme="-"
websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="23"

What do i need to change in WAF or protection rule to get this working again?

Thanks

Jürgen

Even with most rules skipped ...

[Tue Feb 9 12:20:57.385608 2021] timestamp="1612869657" srcip="94.31.ab.cd" localip="94.241.ab.cde" user="-"
method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening,
SkipFormHardeningMissingToken, SkipCookieSigning, SkipThreatsFilter" duration="8152" url="/mapi/emsmdb/" server="mail.domain.de"



This thread was automatically locked due to age.