This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.2 doesn't send backups by mail

Hello!

Maybe I'm missing something simple but for me it’s very strange... I do not know why, but I don’t receive any more by mail the configuration backup files from our Sophos UTM 9.2 HW appliance.
On eth0 I have defined more Ethernet VLANs interfaces, one of them for our computer network. I have set an IP for this interface. A SMTP relay server exists in the same subnet and is reachable from the firewall.
I set our UTM to send automatically mails with the configuration to my mail account using the SMTP relay server:
    - Management -> Backup/Restore -> Automatic Backups (Options & Send backups by mail)
    - Management -> Notifications -> Advanced (External SMTP server)
I haven’t received any mail.
I even tried to send to myself an existing configuration already backed up
    - Management -> Backup/Restore -> Backup/Restore
with no results.
I was not able to find in the logs of our SMTP relay server any data related to the sent mails mentioned previously.
When I've run on the HW appliance
    - tcpdump -i any -nvv host
I was not able to see any attempt of the UTM to connect to the SMTP relay server in order to send those mails.
I’ve checked also the UTMs’ firewall live log under
    - Network Protection -> Firewall -> Open live log
but also there was not shown any blocked attempt to send the mails.
Can anybody give me a hint? Thanks a lot in advance.

Best regards,
cicro

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

Cicro, if you try to login to WebAdmin with an incorrect password, are you sent a notification? If this all worked previously when/what changed?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 cicro over 10 years ago in reply to BAlfson

Hi Bob!

Thanks a lot for answering. I have tested what you have suggested and I've received a "[WARN-005] Failed WebAdmin login" message.
From what I remember I haven't changed anything. I have upgraded to latest versions and recently I have tested for 30 days a full subscription, but I'm missing the backups by mail before this. We are using now Base Functionality, Network Protection, Wireless Protection.
What should I try?

Best regards,
cicro
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Search in the Configuration Daemon log for "snapshot_sendnow" or, from the command line:
grep "snapshot_sendnow" confd.log

Does that appear in today's log?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 cicro over 10 years ago in reply to BAlfson

Hi Bob!

For 'cc get backup' the output is:

{
          'encryption' => 0,
          'interval' => 'daily',
          'max_backups' => 60,
          'password' => '',
          'recipients' => [
                            ''
                          ],
          'status' => 1
        }

For 'grep "snapshot_sendnow" confd.log' the output is:

2014:08:18-01:15:07 utm-1 confd[29539]: I Snapshot::snapshot_get:272() => id="310x" severity="info" sys="System" sub="confd" name="snapshot downloaded" user="system" srcip="127.0.0.1" facility="system" client="backup" call="snapshot_sendnow"

I forgot to mention that we have an active/passive HA cluster (2 UTMs).

Best regards,
cicro
Cancel
Vote Up 0 Vote Down

Cancel
0 cicro over 10 years ago in reply to cicro

Hi Bob!

I've tried to send a backup by mail and I've checked again:

grep "snapshot_sendnow" confd.log

2014:08:18-01:15:07 utm-1 confd[29539]: I Snapshot::snapshot_get:272() => id="310x" severity="info" sys="System" sub="confd" name="snapshot downloaded" user="system" srcip="127.0.0.1" facility="system" client="backup" call="snapshot_sendnow"
2014:08:18-10:46:50 utm-1 confd[5246]: I Snapshot::snapshot_get:272() => id="310x" severity="info" sys="System" sub="confd" name="snapshot downloaded" user="admin" srcip="" facility="webadmin" client="webadmin.plx" call="snapshot_sendnow"

No mail was received.

Best regards,
cicro
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

What do you see in the SMTP log file in the UTM at those times? Do you have a subscription for Email Protection?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 cicro over 10 years ago in reply to BAlfson

Hi Bob!

Sorry for the late answer. I have run the commands below:

:/var/log # grep "snapshot_sendnow" confd.log
2014:08:22-01:15:08 -1 confd[12617]: I Snapshot::snapshot_get:272() => id="310x" severity="info" sys="System" sub="confd" name="snapshot downloaded" user="system" srcip="127.0.0.1" facility="system" client="backup" call="snapshot_sendnow"

:/var/log # grep "2014:08:22-01:16" smtp.log
2014:08:22-01:16:00 -1 exim-out[12648]: 2014-08-22 01:16:00 Start queue run: pid=12648
2014:08:22-01:16:00 -1 exim-out[12648]: 2014-08-22 01:16:00 End queue run: pid=12648
2014:08:22-01:16:00 -2 exim-out[8096]: 2014-08-22 01:16:00 Start queue run: pid=8096
2014:08:22-01:16:00 -2 exim-out[8096]: 2014-08-22 01:16:00 End queue run: pid=8096

For what I have to look for?
Regarding your question: We haven't purchased a subscription for Email Protection, but right know we have a 30 days Full Guard subscription in order to test the Web Protection features. Email Protection is disabled.

Thanks a lot,
cicro
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 10 years ago in reply to cicro

If other notifications are working, then it's probably this bug:

ID31835 9.201 It's not possible to send automatic backups if INFO-011 is disabled
------------------------------------------------------------------------
Description:
Workaround:
Fixed in: 9.206

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 cicro over 10 years ago in reply to BrucekConvergent

Hello!

Thanks a lot for the answer. I'm missing INFO-011 from Management -> Notifications -> Notifications. I can't tell you that is enabled/disabled. Related to the firmware version: 9.205-12.
Other idea?

Best regards,
cicro
Cancel
Vote Up 0 Vote Down

Cancel

0 teched_01 over 10 years ago

This is from 9.113:

Show object of class notification with id "INFO-011":

cc get_objects_filtered '$_->{class} eq "notification" && $_->{data}->{id} eq "INFO-011"'

Note the REF value in addition to the smtp/snmp values.

Output if SMTP and SNMP enabled:


[
          {
            'autoname' => 0,
            'class' => 'notification',
            'data' => {
                        'comment' => 'INFO-011',
                        'email' => 1,
                        'id' => 'INFO-011',
                        'name' => 'INFO-011',
                        'snmp' => 1
                      },
            'hidden' => 0,
            'lock' => '',
            'nodel' => '',
            'ref' => 'REF_NotNotInfo011',
            'type' => 'notification'
          }
        ]

Output if SMTP and SNMP disabled:


[
          {
            'autoname' => 0,
            'class' => 'notification',
            'data' => {
                        'comment' => 'INFO-011',
                        'email' => 0,
                        'id' => 'INFO-011',
                        'name' => 'INFO-011',
                        'snmp' => 0
                      },
            'hidden' => 0,
            'lock' => '',
            'nodel' => '',
            'ref' => 'REF_NotNotInfo011',
            'type' => 'notification'
          }
        ]

Enable commands, based on above REF:


cc change_object REF_NotNotInfo011 email 1
cc change_object REF_NotNotInfo011 snmp 1

Disable commands, based on above REF:


cc change_object REF_NotNotInfo011 email 0
cc change_object REF_NotNotInfo011 snmp 0

UTM 9.2 doesn't send backups by mail

Submitted a Tech Support Case lately from the Support Portal?