We help IT Professionals succeed at work.

Tracing incoming mail, suddenly gone?

Skrettis
Skrettis asked
on
1,137 Views
Last Modified: 2013-11-16
An user cant seem to receive emails from an specified sender, when the sender attatches files, (jpg images). (0.5-1 mbyte in size).
When the sender removes the images, the mail goes through to the user.

Thei firewall is an Fortigate 60, running with content filtering, and they run Lotus Domino, with Domino admin 6.5 for mail.

When tracking the mail in the firewall, the message is not tagged as spam in the firewall, and is logged as a normal email message:
2007-01-18 11:31:40 signori.xxxxxxx@fondmetal.com Per.xxxxx@xxxxxxxx.no R: pictures

fondmetal's MX record gives me:
mail.fondmetal.com. A IN 86400 195.137.129.1
drake.tzm.net. A IN 86400 195.137.128.30
zagor.tzm.net. A IN 86400 195.137.128.31


From the Domino server console, the mail isnt logged at all:
18.01.2007 11:33:14   SMTP Server: 42.175.36.72.reverse.layeredtech.com (72.36.175.42) connected
18.01.2007 11:33:14   SMTP Server: 42.175.36.72.reverse.layeredtech.com (72.36.175.42) disconnected. 0 message[s] received
18.01.2007 11:33:14   SMTP Server: I-Teco-gw.transtelecom.net (217.150.47.29) connected
18.01.2007 11:33:15   SMTP Server: I-Teco-gw.transtelecom.net (217.150.47.29) disconnected. 0 message[s] received
18.01.2007 11:35:48   SMTP Server: 60.53.88.124 connected
18.01.2007 11:35:51   SMTP Server: 60.53.88.124 disconnected. 0 message[s] received
18.01.2007 11:35:52   SMTP Server: host-48-234.pool.intred.it (62.97.48.234) connected
18.01.2007 11:36:44   SMTP Server: host-48-234.pool.intred.it (62.97.48.234) disconnected. 0 message[s] received
18.01.2007 11:40:19   Router: Transferring mail to domain YOKOHAMA.IT (host 188.YOKOHAMA.IT [83.103.83.188]) via SMTP
18.01.2007 11:40:20   Router: Transferred 1 messages to YOKOHAMA.IT (host 188.YOKOHAMA.IT) via SMTP
18.01.2007 11:40:24   Router: Message 003A8F46 transferred to 188.YOKOHAMA.IT for info@yokohama.it via SMTP

Theres a 4-5 minute clock difference from the firewall and the domino server, so adding 4-5 minutes to the firewall time makes it right when comparing with the domino server log.
I cant find any trace of the mail message when using the message tracking function in Domino Admin.
None of the ipadresses correspond either, so its like it never made it through to the domino server, but the mail did indeed pass through the firewall.
Theres an plain port forwarding in the firewall, no load balancing with several servers or things like that.
Any tip for whats happening here?
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Theres nothing between the firewall and the Domino server.
The firewall have 2 "recent" lists, for recent emails gone through it, one for normail mail, and one for mail tagged as spam, and its not listed in the spam list, but in the "legal" mail list.

>Are there any Domino Rules set up for content filtering ?
How do i check this? I didnt set up the Domino installation, so im not sure about this.
CERTIFIED EXPERT
Top Expert 2007

Commented:
In the admin client, go to Configuration Tab, choose your server and look under the messaging view.

The last Tab is rules, but the other tabs may have oter restrictions.

Also check the Admin client help under rules


I hope this helps !
CERTIFIED EXPERT
Top Expert 2007

Commented:
In help see

Setting server mail rules
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Theres no server rules Tab, neither from what Sysexpert explained or where the help in the admin client explainer it would be, this would mean that there are no rules defined i guess?
I found some old "leftovers" from an Symantec mail security for domino, checking out this now.

Commented:
I just had a similar problem with our Domino 6.5.4 install.  We have a spam filter that we outsource to another company, they were saying that we had a ton of mail qued up on their server and it mostly looked like spam.  It ended up being our Firewall, Cisco ASA 5510, we had the following lines in it,

policy-map global_policy
 class inspection_default
  inspect esmtp

and basically what was going on is the spam filter/mail server would connect to domino, then it would start sending the mail using a command that firewall did not like (see below for a list of what the ASA device looks for) and it would terminate the connection, hence Domino would not have a chance to kick an error code back, think it would have been tough even to see this on a sniffer, which was my next test.  So for me it was the firewall.  Good luck,

Chiprock,

ESMTP inspection operates in the same way that SMTP inspection does. Packets with illegal commands are modified to an "xxxx" pattern and forwarded to the server, which triggers a negative reply. An illegal ESMTP command is any command except for these commands:

AUTH

DATA

EHLO

ETRN

HELO

HELP

HELP

MAIL
 NOOP

QUIT

RCPT

RSET

SAML

SEND

SOML

VRFY
 


ESMTP inspection also examines these extensions via deeper command inspection:

Message Size Declaration (SIZE)

Remote Queue Processing Declaration (ETRN)

Binary MIME (BINARYMIME)

Command Pipelining

Authentication

Delivery Status Notification (DSN)

Enhanced Status Code (ENHANCEDSTATUSCODE)

8-bit MIMEtransport (8BITMIME)

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
>>Theres no server rules Tab<< Hmmm...
Open the Public Address Book
   Click on Configuration
     Then Messaging
       Then Under Messaging click on Configurations
 
If there isn't a Configurations document, then you need to create one.
If there is a configurations document for your smtp server, then open that document.
Click on the    Router/SMTP tab
Then click on Restrictions and Controls tab to view the inbound/outbound/Rules for that server.

Author

Commented:
I actually found an Symantec Mail security for domino installation now, just have to figure out how to access the web interface since it isnt working, but I bet this is whats yanking the emails.
CERTIFIED EXPERT
Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
SysExpert: it did help, but alle the logs and quarantine folders were empty. Looks like it never have been active? Anyway i will uninstall it tonight since we have other spam/virus scanning devices.
From what ive seen it looks like it was the Symantec software that did this, so ill split points between what I felt was helpful here.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.