Solving SMTP TLS Problems with UTM 9.210

The Sophos UTM update 9.210 solves the problem with SSLv3 and the poodle bug. The update deactivates SSLv3 ………. and TLS 1.0, 1.1 and 1.2…

you can find this entries in your smtp.log:

2014:12:10-14:30:59 astaro exim-in[1270]: 2014-12-10 14:30:59 TLS error on connection from []:55470 (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

\ (  -_-) /     “yeah…”

you can check this with cat /var/log/smtp.log | grep SSL3

I will show you how to solve this manually. Login via SSH (User “loginuser”) to the shell and change to root with “su –“. After you are logged in, edit the exim.conf file:

vi /var/chroot-smtp/etc/exim.conf


now press i for Insert-Mode and go to the position where you will find this (use page down for browsing faster):

# Misc static settings

tls_require_ciphers = HIGH:!RC4:!MD5:!ADH:!SSLv2:!SSLv3


replace the line with this:

tls_require_ciphers = RC4+RSA:HIGH:!MD5:!ADH:!SSLv2


no go to this part:

tls_certificate = ${if eq{TLS_NAME}{} {}{INCLUDE/TLS_NAME.cert}}
tls_privatekey = ${if eq{TLS_NAME}{} {}{INCLUDE/TLS_NAME.key}}
tls_advertise_hosts = ${if eq{TLS_NAME}{} {}{!+tls_avoid}}


add a new line and copy this to it:

openssl_options = +no_sslv3


now press ESC to leave the Insert-Mode and type in “:wq” and press ENTER to write the file and quit the vi-editor.

To make your new changes effect, just restart the smtp-daemon:

/var/mdw/scripts/smtp restart



There is also a bug (ID 33990) that you can’t view live logs or saved logs. Sophos is working hard on a new patch for 9.210, I will look forward for this!



You can now directly update to 9.304, just upload this file to your UTM: u2d-sys-9.210020-304009.tgz.gpg

7 thoughts on “Solving SMTP TLS Problems with UTM 9.210”

  1. I have the latest version, see bellow, and still had this problem. Your fix helped though. BIG THANKS!

    Current firmware version: 9.210-20
    Your firmware is up to date.

  2. I am novice to linux and as such a bit hessitent to follow you steps above, is there any way to revert back to 9.209-8 instead of reinstaling. This email issue is really hurting us. I have downloaded latest version image also, but installing will erase my month old log record which I am trying to avoid.

    Any idea in 9.304 the issue is resolved or not? Are there any critical known issues with 9.304

    “You can now directly update to 9.304, just upload this file to your UTM: u2d-sys-9.210020-304009.tgz.gpg”
    Could you please explain what will above do, as I uploaded the above using managment/advance/upload and applied. could not see any change.???

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.