Watchguard Firebox 1000 - email problem - removing unknown or denied header

I am not receiving email from a particular domain. I've had a look and it appears the our Firebox is stripping some of the headers. Below is the sanitized log file.

I assume the last 4 entries are the key.

What can I do to allow these messages?

Thanks!

E.D.
153919088 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "TURN"
153919098 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "ETRN"
153919108 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "PIPELINING"
153919118 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "DSN"
153919128 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "ENHANCEDSTATUSCODES"
153919138 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "BINARYMIME"
153919148 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "CHUNKING"
153919158 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "VRFY"
153919168 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-EXPS"
153919178 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-EXPS=LOGIN"
153919188 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "AUTH"
153919198 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "AUTH=LOGIN"
153919208 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-LINK2STATE"
153919218 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "XEXCH50"
153919448 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Thread-Topic"
153919458 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Thread-Index"
153919468 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Accept-Language"
153919478 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "acceptlanguage"

Open in new window

cuadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jmlambTechnical Account ManagerCommented:
Look under the Headers section of the SMTP-Incoming proxy action. You can add in the headers being removed there.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cuadminAuthor Commented:
jmlamb!

Thanks fr the suggesion. I've added the following to the 'Allow the headers' Tab in the incoming SMTP proxy: "Thread-Topic", "Thread-Index", "Accept-Language", "acceptlanguage".

Just need to run some tests now.

I'll post back shortly.

Thanks!

E.D.
0
cuadminAuthor Commented:
Looks like a little more success.
Athough... the 'MAIL FROM: invalid sender address "<#Ours-AdminGroup@domain.com> SIZE=2708 BODY=7BIT"' Is the problem the # (pound) symbol?
Is this a weird coincidence?

Thanks again jmlamb!



 
105068 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "TURN"
105078 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "ETRN"
105088 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "PIPELINING"
105098 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "DSN"
105108 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "ENHANCEDSTATUSCODES"
105118 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "BINARYMIME"
105128 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "CHUNKING"
105138 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "VRFY"
105148 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-EXPS"
105158 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-EXPS=LOGIN"
105168 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "AUTH"
105178 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "AUTH=LOGIN"
105188 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-LINK2STATE"
105198 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "XEXCH50"
105208 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "OK"
105218 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] MAIL FROM: invalid sender address "<#Ours-AdminGroup@domain.com> SIZE=2708 BODY=7BIT"

Open in new window

0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

jmlambTechnical Account ManagerCommented:
# is actually a valid character in the username portion of an email address. Check your SMTP-Incoming proxy action again, under Address, Mail From. By default there is an * in the Rules box. See if that's been changed.
0
cuadminAuthor Commented:
jmlamb,

Under Incoming SMTP, Address Patterns, there is asterisk (*).
I'm going to try it again andsee what happens.

Thanks!
0
cuadminAuthor Commented:
Still the same error.
Any thought?

3496358 07/17/09 10:11:18 smtp-proxy[9918] [64.114.x.x:27053 192.168.0.227:25] MAIL FROM: invalid sender address "<#Ours-AdminGroup@doamin.com> SIZE=2708 BODY=7BIT"
0
cuadminAuthor Commented:
Thanks a bunch!
0
cuadminAuthor Commented:
jmlamb,

It was the # symbol.
I had to add it to the address validation field/allow chracters.
It was just set to this.... "_-.+=%*/~!^&?"

I still get the following, see below, but the email is delivered.
I hate to sound silly... but what is it actually removing?

Thanks again for all your help!
removing unknown or denied header "Content-class"
 
removing unknown or denied header "Content-Location"
 
removing unknown or denied header "Content-Location"
 
removing unknown or denied header "Content-Location"

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.