Solved

Watchguard Firebox 1000 - email problem - removing unknown or denied header

Posted on 2009-07-14
8
1,239 Views
Last Modified: 2013-11-16
I am not receiving email from a particular domain. I've had a look and it appears the our Firebox is stripping some of the headers. Below is the sanitized log file.

I assume the last 4 entries are the key.

What can I do to allow these messages?

Thanks!

E.D.
153919088 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "TURN"

153919098 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "ETRN"

153919108 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "PIPELINING"

153919118 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "DSN"

153919128 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "ENHANCEDSTATUSCODES"

153919138 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "BINARYMIME"

153919148 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "CHUNKING"

153919158 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "VRFY"

153919168 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-EXPS"

153919178 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-EXPS=LOGIN"

153919188 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "AUTH"

153919198 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "AUTH=LOGIN"

153919208 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "X-LINK2STATE"

153919218 07/09/09 16:58:18 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing ESMTP keyword "XEXCH50"

153919448 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Thread-Topic"

153919458 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Thread-Index"

153919468 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "Accept-Language"

153919478 07/09/09 16:58:19 smtp-proxy[31168] [64.114.x.x:5416 192.168.x.x:25] removing unknown or denied header "acceptlanguage"

Open in new window

0
Comment
Question by:edalzell
  • 6
  • 2
8 Comments
 
LVL 12

Accepted Solution

by:
jmlamb earned 500 total points
ID: 24855808
Look under the Headers section of the SMTP-Incoming proxy action. You can add in the headers being removed there.
0
 

Author Comment

by:edalzell
ID: 24862922
jmlamb!

Thanks fr the suggesion. I've added the following to the 'Allow the headers' Tab in the incoming SMTP proxy: "Thread-Topic", "Thread-Index", "Accept-Language", "acceptlanguage".

Just need to run some tests now.

I'll post back shortly.

Thanks!

E.D.
0
 

Author Comment

by:edalzell
ID: 24863752
Looks like a little more success.
Athough... the 'MAIL FROM: invalid sender address "<#Ours-AdminGroup@domain.com> SIZE=2708 BODY=7BIT"' Is the problem the # (pound) symbol?
Is this a weird coincidence?

Thanks again jmlamb!



 

105068 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "TURN"

105078 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "ETRN"

105088 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "PIPELINING"

105098 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "DSN"

105108 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "ENHANCEDSTATUSCODES"

105118 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "BINARYMIME"

105128 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "CHUNKING"

105138 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "VRFY"

105148 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-EXPS"

105158 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-EXPS=LOGIN"

105168 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "AUTH"

105178 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "AUTH=LOGIN"

105188 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "X-LINK2STATE"

105198 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "XEXCH50"

105208 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] removing ESMTP keyword "OK"

105218 07/15/09 15:52:34 smtp-proxy[370] [64.114.x.x:8327 192.168.0.227:25] MAIL FROM: invalid sender address "<#Ours-AdminGroup@domain.com> SIZE=2708 BODY=7BIT"

Open in new window

0
 
LVL 12

Expert Comment

by:jmlamb
ID: 24864103
# is actually a valid character in the username portion of an email address. Check your SMTP-Incoming proxy action again, under Address, Mail From. By default there is an * in the Rules box. See if that's been changed.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:edalzell
ID: 24878803
jmlamb,

Under Incoming SMTP, Address Patterns, there is asterisk (*).
I'm going to try it again andsee what happens.

Thanks!
0
 

Author Comment

by:edalzell
ID: 24878827
Still the same error.
Any thought?

3496358 07/17/09 10:11:18 smtp-proxy[9918] [64.114.x.x:27053 192.168.0.227:25] MAIL FROM: invalid sender address "<#Ours-AdminGroup@doamin.com> SIZE=2708 BODY=7BIT"
0
 

Author Closing Comment

by:edalzell
ID: 31603342
Thanks a bunch!
0
 

Author Comment

by:edalzell
ID: 24879092
jmlamb,

It was the # symbol.
I had to add it to the address validation field/allow chracters.
It was just set to this.... "_-.+=%*/~!^&?"

I still get the following, see below, but the email is delivered.
I hate to sound silly... but what is it actually removing?

Thanks again for all your help!
removing unknown or denied header "Content-class"
 

removing unknown or denied header "Content-Location"
 

removing unknown or denied header "Content-Location"
 

removing unknown or denied header "Content-Location"

Open in new window

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in theā€¦
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
A short film showing how OnPage and Connectwise integration works.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now