Category Archives: Uncategorized

Zimbra SASL Errors

If you’re observing errors on your Zimbra servers’ mail-log similar to the one below, and your users are reporting password prompts on ‘sending’ e-mails.

Nov 24 17:12:07 areto postfix/smtpd[5528]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused

Run the following commands under your servers root user.
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
zmcontrol restart

After Zimbra finishes restarting all the services, get your users to re-try sending mail.

Sophos XG – Irremovable Interfaces!

Occasionally, I’ve found interfaces on the Sophos XG firewall that won’t or can’t be removed. (Sometimes the name shows blank, with nothing in it)


#1 – SSH into the appliance with the admin user
#2 – Select Option 5 “Device Management”
#3 – Select Option 3 “Advanced Shell”
#4 – Look at the configured interfaces in the Database, identify the one you want to remove. (In this example, we’ll select PortG.1046)

psql -U nobody -d corporate -c "select * from tblinterface;"

#5 – Delete the affected/faulty Interface. In this example, we remove PortG.1046

psql -U nobody -d corporate -c "delete from tblinterface where interface='PortG.1046'; "

#6 – Navigate back to the Web UI, your interface should be successfully removed.

Sophos – Captive Portal Excess Traffic Over WAN

I have noticed that Sophos 16 seems to have a problem with the way it’s captive portal works. If enabled (firewall policy set to drop), it seems to generate excessive amounts of traffic over my links to the remote branches.

Screenshot below shows the traffic when captive portal is enabled, and you can see the massive drop after disabling it. (The blue line reflects the traffic being sent TO the branches, over the WAN)

As an interim solution, I have done the following

  1.  Creating an external ‘landing page’ and a firewall policy matching unauthenticated traffic destined to it with the action set to DROP. (Displays the portal)
  2. Set the action on all other unauthenticated traffic to REJECT, thus eliminating the excessive traffic

Curious if anyone else has encountered this problem. If so, hit me up on mail or in the comments. This issue could likely affect previous versions as well.