Sophos UTM 9.7 – SMTP proxy isn’t working
I’m working with Astaro/Sophos UTMs since the beginning of my professional IT career and I’m also running a hardware Sophos UTM 9.7 appliance in my homelab. 4 month ago I bought a used SG135 Rev2 for my lab. The performance compare to the old UTM120 Rev5 was enormous. New one had 4 cores, 6GB memory and 64GB SSD. Unfortunately the mainboard died 3 weeks ago and I had to go back to the old one. This was some days before my PTO.
During my 3 weeks PTO I wondered why I didn’t receive any e-mails from my internal systems like Veeam backup etc.. I had some time to check the Sophos UTM 9.7 installation after my PTO. I found out that the SMTP proxy wasn’t working correctly. It was running but nothing was listing on port 25. For the next procedures you need SU permission.
I checked the following log files and found this:
/var/log/smtp.log
utm smtpd[21690]: Reset password: Connecting to Confd was successful.
utm smtpd[21690]: Reset password: Confd returned the expected expiry period: 30 day(s).
utm smtpd[21671]: Expired letters: Removing letters from SPX Portal that are older than 30 days…
utm smtpd[21671]: Expired letters: There was an error while removing expired letters:
utm smtpd[21690]: Reset password: Expired passwords successfully deleted.
utm smtpd[22227]: QMGR[22227]: Master is gone, exiting too
utm smtpd[22585]: QMGR[22585]: Master is gone, exiting too
utm smtpd[23270]: QMGR[23270]: Master is gone, exiting too
utm smtpd[23651]: QMGR[23651]: Master is gone, exiting too
utm smtpd[24184]: QMGR[24184]: Master is gone, exiting too
utm smtpd[24710]: QMGR[24710]: Master is gone, exiting too
I did some research and found some community and forum posts and some of them recommended to rebuild the UTM database. I had nothing to lose because it’s a homelab firewall and I run the following command:
/etc/init.d/postgresql92 rebuild
Unfortunately it didn’t solve the problem. Accidentally I found a mention about another log file, I wasn’t aware of and checked it for failure. The file was /var/chroot-smtp/tmp/smtpd_debug.log and I found this:
MASTER[20207] DIE at Mon Aug 17 21:13:31 2020 ——————————————————–
error creating SAVI client: libsavi not loaded at /</bin/smtpd.bin>modules/SAVI/SAVI.pm line 14.
1 modules::SAVI::SAVI::init_savi
I had no idea what this message was about. I saw that it was correlating with the “Master is gone” message from the other log. I found also some clues mentioning a symbolic link in this directory:
/var/storage/chroot-smtp/var/pattern/savi/engine
There should be a symbolic link called libsavi.so.3 (checked with another UTM installation) pointing to the most recent file in this directory but it was missing. The directory looked like this:
-rw-r–r– 1 root root 4.6M Feb 6 2017 libsavi.so.3.2.07.367.2
-rw-r–r– 1 root root 4.8M Oct 4 2017 libsavi.so.3.2.07.368.1
-rw-r–r– 1 root root 4.9M Oct 16 2018 libsavi.so.3.2.07.373.0
-rw-r–r– 1 root root 4.9M Apr 15 2019 libsavi.so.3.2.07.375.0
-rw——- 1 root root 3.9M Aug 16 21:37 libsavi.so.3.2.07.376.0
-rw-r–r– 1 root root 5.0M Nov 23 2019 libsavi.so.3.2.07.377.1
-rw-r–r– 1 root root 12M Mar 31 22:36 libsavi.so.3.2.07.378.0
-rw-r–r– 1 root root 13M Aug 16 18:08 libsavi.so.3.2.07.378.6
So I created this symbolic link with the command ln -s -T libsavi.so.3.2.07.378.6 libsavi.so.3 and restarted the SMTP proxy. You can either restart the SMTP proxy through the web interface by going to Email Protection – SMTP – Global and toggle there the SMTP proxy status switch or through the command line with the command /var/mdw/scripts/smtp restart.