SMTP mail from scanner stopped working after upgrade to 12.11.3

ChaospinheadChaospinhead
edited August 14 in Firebox - Other

Firebox T25
12.11.3

I have a client who was on 12.11.2. They have had scan to email setup for awhile now. After the upgrade to 12.11.3 it stopped working. I checked all the settings and everything looks good in the scanner. I see traffic on port 587 green when I try to do a test scan, but it just isn't working. The only thing that makes me think it's the WG is because it stopped the exact day I did the FW upgrade.

What could it be? Something with TLS? I tried creating an any policy for the printer to get to the net on but that did not seem to help either. Its a pain to troubleshoot as I have to be on site since the printer doesn't have a test button for Scan to email. :(

Comments

  • Bruce_BriggsBruce_Briggs

    Make sure that your Any policy is at the top of your policy list - to make ure that it is being used instead of some other policy

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chaospinhead
    If there haven't been any other setting changes, it's more likely that something else may have broken.

    If the printer is providing any sort of SMTP error, it may provide more information about what the failure is.

    -James Carson
    WatchGuard Customer Support

  • ChaospinheadChaospinhead

    The printer provides no error other than "It failed". Really helpful. The only thing I can figure out is that it worked on the 22nd. We upgraded firmware that night, and it did not work on the 23rd on.

    365 is pretty straight forward. The scanner was setup using the MX record on unauthenticated port 25 using a connector in 365. I also tried a licensed mail account with authentication on port 587 and SSL enabled. Excluded from Condition access policies so no MFA on the account, verified by logging into the account. Same thing I do everywhere that usually works. Its baffling me.

    I did move the ANY policy up also, I do that anytime I ever create an any policy for a special purpose rule and I did see that traffic manager showed that it was using it. Suppose I will have to go back up and do some more troubleshooting.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chaospinhead
    If the firewall shows an allow log (especially for a packet filter), that probably means it is allowing the traffic.
    If you haven't already done so, when you're able to log into the device, I'd suggest opening a support case. Our support team can help determine if your traffic is being delivered to the server you're sending to.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.