Solved

Watchguard Firebox 1000 - email problem - removing unknown or denied header

Posted on 2009-07-14
8
1,237 Views
Last Modified: 2013-11-16
I am not receiving email from a particular domain. I've had a look and it appears the our Firebox is stripping some of the headers. Below is the sanitized log file.

I assume the last 4 entries are the key.

What can I do to allow these messages?

Thanks!

E.D.
153919088 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "TURN"

153919098 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "ETRN"

153919108 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "PIPELINING"

153919118 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "DSN"

153919128 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "ENHANCEDSTATUSCODES"

153919138 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "BINARYMIME"

153919148 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "CHUNKING"

153919158 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "VRFY"

153919168 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-EXPS"

153919178 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-EXPS=LOGIN"

153919188 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "AUTH"

153919198 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "AUTH=LOGIN"

153919208 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-LINK2STATE"

153919218 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "XEXCH50"

153919448 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Thread-Topic"

153919458 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Thread-Index"

153919468 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Accept-Language"

153919478 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "acceptlanguage"

Open in new window

0
Comment
Question by:edalzell
  • 6
  • 2
8 Comments
 
LVL 12

Accepted Solution

by:
jmlamb earned 500 total points
ID: 24855808
Look under the Headers section of the SMTP-Incoming proxy action. You can add in the headers being removed there.
0
 

Author Comment

by:edalzell
ID: 24862922
jmlamb!

Thanks fr the suggesion. I've added the following to the 'Allow the headers' Tab in the incoming SMTP proxy: "Thread-Topic", "Thread-Index", "Accept-Language", "acceptlanguage".

Just need to run some tests now.

I'll post back shortly.

Thanks!

E.D.
0
 

Author Comment

by:edalzell
ID: 24863752
Looks like a little more success.
Athough... the 'MAIL FROM: invalid sender address "<#Ours-AdminGroup@domain.com> SIZE=2708 BODY=7BIT"' Is the problem the # (pound) symbol?
Is this a weird coincidence?

Thanks again jmlamb!



 

105068 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "TURN"

105078 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "ETRN"

105088 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "PIPELINING"

105098 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "DSN"

105108 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "ENHANCEDSTATUSCODES"

105118 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "BINARYMIME"

105128 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "CHUNKING"

105138 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "VRFY"

105148 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-EXPS"

105158 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-EXPS=LOGIN"

105168 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "AUTH"

105178 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "AUTH=LOGIN"

105188 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-LINK2STATE"

105198 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "XEXCH50"

105208 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "OK"

105218 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] MAIL FROM: invalid sender address "<#Ours-AdminGroup@domain.com> SIZE=2708 BODY=7BIT"

Open in new window

0
 
LVL 12

Expert Comment

by:jmlamb
ID: 24864103
# is actually a valid character in the username portion of an email address. Check your SMTP-Incoming proxy action again, under Address, Mail From. By default there is an * in the Rules box. See if that's been changed.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:edalzell
ID: 24878803
jmlamb,

Under Incoming SMTP, Address Patterns, there is asterisk (*).
I'm going to try it again andsee what happens.

Thanks!
0
 

Author Comment

by:edalzell
ID: 24878827
Still the same error.
Any thought?

3496358 07/17/09 10:11:18 smtp-proxy[9918] [64.114.x.x:27053 192.168.0.227:25] MAIL FROM: invalid sender address "<#Ours-AdminGroup@doamin.com> SIZE=2708 BODY=7BIT"
0
 

Author Closing Comment

by:edalzell
ID: 31603342
Thanks a bunch!
0
 

Author Comment

by:edalzell
ID: 24879092
jmlamb,

It was the # symbol.
I had to add it to the address validation field/allow chracters.
It was just set to this.... "_-.+=%*/~!^&?"

I still get the following, see below, but the email is delivered.
I hate to sound silly... but what is it actually removing?

Thanks again for all your help!
removing unknown or denied header "Content-class"
 

removing unknown or denied header "Content-Location"
 

removing unknown or denied header "Content-Location"
 

removing unknown or denied header "Content-Location"

Open in new window

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now