This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Sophos Firewall was unable to send the following mail..." after upgrade to (SFOS 17.0.1)

Device: XG210

Current Version: SFOS 17.0.2 MR-2

Error:

Sophos Firewall was unable to send the following mail:
Mail delivery to following recipients failed:
xxxxxxx@domain1.com (No error code)

Sophos Firewall was unable to send the following mail:
Mail delivery to following recipients failed:
xxxxxxx@domain2.co.nz - 550 through this server without authentication.

Sophos Firewall was unable to send the following mail:
Mail delivery to following recipients failed:
xxxxxxx@domain3.com - 554: Relay access denied

We are previously in communication with the users in these 3 domains before upgrading to version 17.01.

Unfortunately, I cannot determine if it is version 17 or 17.01 that started the problem.

I waited for MR1 before upgrading to 17 then after several hours of testing, upgraded to MR1.

I did a telnet from Sophos' Device console and it shows Sender and Recipient OK.

Also, I read through "Advisory: Sophos XG Firewall email fails to send to servers that only support TLS 1.0"

Link: community.sophos.com/.../127745

Excerpt from the Link: """ There will be a UI change that will allow the admin of the firewall to disable/enable TLS1.0 for email communication.

Email behavior will change when TLS cannot be correctly negotiated and will fall back to plain text.

Fix to be released in v17 MR2."""""

Based on the Advisory, I am unable to find the UI to disable TLS1.0.

So I upgraded to MR2 as the release notes shows that the Mail Flow issue will be fixed.

Excerpt from Release Notes: ---"NC-22921 [Mail Proxy] Email flow is affected for recipients using TLS1.0"---

However, even after upgrade to MR2, it it still the same issue.

Additional Info:

Email Server: On-Premise Exchange Server 2016

Confirmed that Mail Flow has no issues. I have checked the Exchange logs and I have monitored the Exchange queue when sending emails to these domains.

All emails were sent through from the Exchange Server side and I did not get stuck emails in the Exchange queue (which is normally the case).

I only started getting these Sophos Firewall bounced back error messages after the upgrade to 17.01.

I called Sophos support for assistance but there is no resolution.

I really need assistance on this issue as the emails needs to be sent urgently.

Thank you very much for the support in these community forums.

This thread was automatically locked due to age.

Parents

0 ChrisKnight over 7 years ago

Under Email go into General Settings.

In the SMTP TLS Configuration section, untick Disable Legacy TLS protocols or add the remote mail servers that are failing to the Skip TLS Negotiation list.
Cancel
Vote Up 0 Vote Down

Cancel
0 Graboid$ over 7 years ago in reply to ChrisKnight

Originally disabled so I have tick and untick "Disable Legacy TLS protocols" before MR2 and even after Mr2.

Under Skip TLS negotation, I am not sure how to add the recipient's MX records as per the Advisory.

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel
0 Graboid$ over 7 years ago in reply to Graboid$

Here it is...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Graboid$ over 7 years ago in reply to Graboid$

Here it is...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data