Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 671 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined Emails have wrong URL/Port in Release-Link (is Admin-Portal and not User-Portal)

Sebastian Richter1

We have report a bug with the release-link in the Quarantine Digest Mails.

The port in the release-link is the port of the admin-interface and this is wrong. the link is for the endpoint-user and he can not open.

this issue is not fixed in this new release SFOS 18.5.2 MR-2-Build380! still the same.

In the Sophos XG management under "admin and user settings" the port for admin-portal is 4444 the port for user-portal is 443 and the link in the Quarantined Emails is like that:

https://gateway.company.com:4444/webconsole/Controller?mode=458&release=aGR...

this is wrong!

we have all the time to delete all after the fqdn :4444/webconsole/Controller?mode=458&......

only then the user can login in the userportal... whats wrong here?



This thread was automatically locked due to age.
Parents
  • 0

    omg, how stupid is this?

    not usable for our custumers.

    and for the security: we don't want that the users can go into a portal and set a hole domain to the exception, like *.gmail.com

    this is a big security hole, is it poosible for the user to make a hole in the antispam-wall with exceptions for hole domains!

    i dont understand sophos and i see this very critical

    and is it confusing why sohpos not delete this not working link? strange

    but the user-interface with the exception-options is a big security-hole!

Reply
  • 0

    omg, how stupid is this?

    not usable for our custumers.

    and for the security: we don't want that the users can go into a portal and set a hole domain to the exception, like *.gmail.com

    this is a big security hole, is it poosible for the user to make a hole in the antispam-wall with exceptions for hole domains!

    i dont understand sophos and i see this very critical

    and is it confusing why sohpos not delete this not working link? strange

    but the user-interface with the exception-options is a big security-hole!

Children
  • 0 in reply to Sebastian Richter1

    It is also a security issue, because you have to allow all Quarantine Digest users to be allowed to access the Admin Interface. (At least if you want to allow the useless message to be displayed).

  • 0 in reply to seroal

    (very) unfortunately, Mail Security on XG has probably never been handled with priority by Sophos. It has way too few features. It could be handled with a dedcated port like Cisco is doing.

    I assume mail security is too much focused on cloud. Every vendor goes this way. I hope niche players fill that gap they leave soon.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?