Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 1433 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.103-5][BUG]URL bug in Quarantine Report Email

JimmyJoeBob
UTM FW 9.103-5

Summary:
When the periodic EMail Quarantine Report is created, two URLs are built for the Action column to support Release and Whitelist actions for each email in the report. Clicking these URLs result in a failed connection to the UTM. 

Repro:
1. Enable Quarantine reports under Email Protection->Quarantine Report->Global.
2. Populate the SMTP hostname field (mail.domain.tld) in SMTP->Advanced->Advanced Settings
3. Populate the Hostname field (utm1.domain.tld) in Email Protection->Quarantine Report->Advanced
4. Generate Quarantine Reports

Expected:
Quarantine Action URLs would be built using the Hostname defined under Email Protection->Quarantine Report->Advanced (utm1.domain.tld). 

Actual:
Quarantine Action URLs are built using the SMTP Hostname (mail.domain.tld) defined in Email Protection->SMTP->Advanced->Advanced Settings, even if the Hostname is defined under Email Protection->Quarantine Report->Advanced. If mail.domain.tld resolves to any host other than the UTM, the connection will fail.


This thread was automatically locked due to age.
  • 0
    Jim, this sounds like a problem with your DNS configuration or a typo in your hostname.  I'll take a look if you want.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Bob,

    Happy to engage a second pair of eyes, but I don't see how DNS or typo causes UTM to produce a URL with the wrong hostname..?

    What would you need; screenshots or config export?

    Jim

    Sophos XG1 (SFOS 17.5.9 MR-9) on ProtectLi FW2B

  • 0
    It wasn't until I looked at WebAdmin that I realized I hadn't read your post closely enough.  I haven't tried such an experiment, but it does look like this is a bug.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Kewl - t'anxq, Bob!

    Sophos XG1 (SFOS 17.5.9 MR-9) on ProtectLi FW2B

  • 0 in reply to JimmyJoeBob
    This still seems to be a problem with 9.202. I have one site with a UTM 220 that originally had 8.something and Release Links work correctly on it even though it is now at 9.202.
    However, I have a new site with a new UTM 220 that came with 9.X and Release Links fail as described, it's using the SMTP Host name instead of the Quarantine host name.
    The other difference between the sites, is the first is using SSO with AD and the second is not.
    Anybody have a solution for this?
  • 0
    I have UTM version 9.209-8 and the problem is the same as JimmyJoeBob.

    This is a bug that must be correct.

    Thanks
  • 0 in reply to DavideBissacco
    I Have the same issue on 9.301-2. I just posted another thread regarding this issue.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?