Sonicwall ES300 Appliance,  All incoming email for one user is marked as DHA threat...

teamorange used Ask the Experts™
Running, Exchange 2003, all patched on Windows Server 2003, all updates...

We have a Sonicwall ES300 Mail Appliance.  User complained she wasn't receiving any outside email.  I checked the AUDIT piece of the Sonicwall and all her incoming email messages are marked as DHA threat and deleted.  She can send out and receive internal email without issue.  Any idea how to correct this issue?  I am at a loss, checked online and haven't found any fix...

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

i've got experience with sonicwall appliance, just not this one.  on this appliance, does it interface Outlook in anyway?  since it's only affecting one mailbox, i have to think a filter was created affecting incoming email.  thoughts?
Under System>Connection Management is where DHA settings are. You can change this to reject instead of delete for faster troubleshooting. Ensure the user is listed under the Users and Groups page. There's also the option to refresh users and groups on that page. If the user is listed, it should not be considered DHA. There are other reasons it might be though. Did you find the user listed on that page?
On a side note, please make sure the unit is running the latest release of firmware which resolves issues with an apostrophe in the user name.


Here is an updae.  I actually called sonicwall a little after opening this case.  The last firmware they came out with had issues with email addresses containing ', for example, first'

It doesn't like that, so they came out with a new firmware to fix the issue.  I am downloading and will apply when done.  I will update this question after that happens.  

remarks999, I have the DHA settings set to delete, which was why they were being deleted, which is fine on my end, but obviously caused an issue when every piece of mail to this user was being detected as DHA and being deleted...
Top Expert 2010

interesting on the update...anxious to hear how the update goes.
When changing to reject, you can test faster because via a telnet connection it will reject the message at the recipient command level instead of delete where it takes the whole message. Hopefully update will fix it.
Upate, believe it or not the firmware update did fix the issue.  I hope this helps others out in the future, because it drove me crazy for a little while...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial