Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 24 replies
  • Subscribers 0 subscribers
  • Views 5972 views
  • Users 0 members are here
Options
Suggested

[8.162][NOTABUG][CLOSED] Unable to release emails

wingman
Hi All

I am unable to release/whitelist emails from quarantine via the email. I am able to release/whitelist them via the mail Manager 

I am getting the following error on my chrome

http://**********:3840/release.plc?proto=pop3&id=1573&whitelist=1&secure=f377cfd3c5b29ad89e16330765a3b229

I've found out that this is logged as spoofed packet on my packet filter

2011:04:13-18:15:35 **** ulogd[5177]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.**.***" dstip="86.***.***.30" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="49508" dstport="3840" tcpflags="SYN" 



My spoof protection is set to strict. Is that normal behaviour? Setting the protection back to "normal" resolved the issue

Thanks
Parents
  • 0
    just tried to release an email with strict spoof protection on an got spoofed packet again 

    2011:04:14-18:17:03 *******  ulogd[5221]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.2.1" dstip="81.***.***.108" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="57241" dstport="3840" tcpflags="SYN" 

    2011:04:14-18:17:06 *******  ulogd[5221]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.2.1" dstip="81.***.***.108" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="57241" dstport="3840" tcpflags="SYN" 

    2011:04:14-18:17:12 *******  ulogd[5221]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.2.1" dstip="81.***.***.108" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="57241" dstport="3840" tcpflags="SYN


     even If I set the hostname (under Advanced Quarantine Report options
    ) to the ip (19.268.x.x) I am getting the exact same issue

    Thanks
Reply
  • 0
    just tried to release an email with strict spoof protection on an got spoofed packet again 

    2011:04:14-18:17:03 *******  ulogd[5221]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.2.1" dstip="81.***.***.108" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="57241" dstport="3840" tcpflags="SYN" 

    2011:04:14-18:17:06 *******  ulogd[5221]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.2.1" dstip="81.***.***.108" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="57241" dstport="3840" tcpflags="SYN" 

    2011:04:14-18:17:12 *******  ulogd[5221]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1" srcmac="0:1f:c6:e2:c5:1d" dstmac="0:b0:c2:2:e4:4f" srcip="192.168.2.1" dstip="81.***.***.108" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="57241" dstport="3840" tcpflags="SYN


     even If I set the hostname (under Advanced Quarantine Report options
    ) to the ip (19.268.x.x) I am getting the exact same issue

    Thanks
Children
No Data
Unfiltered HTML