Solved

Exchange 2010 strips certain attachments

Posted on 2010-09-13
27
5,729 Views
Last Modified: 2012-05-10
Hi
I have a new Exchange 2010 server that strips some attachments. It only strips a certain type of attachment sent from an application to external users. The exchange server is a combined mbx, client and hub. there is no edge transport. The only agents are those listed below (no attachment filter)
--------------------------------------------------------------
[PS] C:\Windows\system32>Get-TransportAgent

Identity                                                        Enabled                   Priority
--------                                                          -------                        --------
Connection Filtering Agent                         True                             1
Transport Rule Agent                                 True                             2
Text Messaging Routing Agent                   True                             3
Text Messaging Delivery Agent                  True                             4
Sender Id Agent                                        True                              5
Sender Filter Agent                                    True                             6
Recipient Filter Agent                                 True                             7
-----------------------------------------------------------------------------------------

For troubleshooting i have removed forefront as i originally thought it was this but it is not

The send connector has a transport rule that appends a disclaimer only

The attachments are basicly an encrypted text file.

any help in figuring out why this application has its attachments stripped would be appreciated
0
Comment
Question by:PACSAdmin
  • 14
  • 12
27 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33668789
can you run
Get-AttachmentFilterEntry | FL

and output the results here

thanks
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33668819
That command does not work on this server as it does not have the edge transport role installed
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33668835
a) What type of attachments are getting stripped.
b) How is your exchange configured ? Please clarify

Internet > Firewall/Router > Switch > Exchange

thanks

0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33668995
The attachments are HL7 Files (basicly a text file) no bigger than 1kb

These files are only stripped when sent from the application that picks up the hl7 files and attaches them to an email to be transmitted to recipients. I have  a receive connector setup for this server that allows relay and can send emails from it OK. HL7 files just get stripped if attached.

If i attach the file manually using outlook it arrives OK.

Only pre reqs that work in older versions of exchange are the Application needs POP3 service enabled, content filtering disabled, and plain text authentication.

exchange is configured as a combined MBX, CAS, HUB that connects to the Internet through a send connector. I have disabled all anti spam filtering for troubleshooting

0
 
LVL 3

Expert Comment

by:proadmin
ID: 33669173
Your looking for this article:
http://technet.microsoft.com/en-us/library/aa997139.aspx

In the Shell:
Add-AttachmentFilterEntry -Name *.HL7 -Type FileName
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669179
proadmin
if get-attachmentfilterentry doesnt work - chances of that working is less - unless there was a typing mistake made earlier.

0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669224
Agree sunnyc i ignored the comment above for that very reason.
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669228
better say nothing against you proadmin thanks for your input anyway
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669233
what antivirus anti-spam do you have ?

This is what I understand
a) when you email from the application - it strips HL7 attachment.
b) when you email form outlook - HL7 attachment goes through.

Please confirm.
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669266
I was using forefront but disabled it for troubleshooting. i originally thought this was the culprit.

what you understand is correct
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669281
I keep going back to this everytime.

Did you grant permission to anonymous users to relay in your default receive connector ?

Check in the end @ add-adpermission
http://msexchangeteam.com/archive/2006/12/28/432013.aspx
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669285
forgot to add... and this is probably important. The file when sent from the application is encrypted
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669288
its not a relay issue as several other servers that use the same connector can relay.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669291
its probably important @ encrypted.

brb
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669317
Get-AttachmentFilterListConfig | fl

please output the result.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669323
also let me know what transport-rule is running

get-transportrule | fl

thanks
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669332
[PS] C:\Windows\system32>Get-AttachmentFilterListConfig | fl
The term 'Get-AttachmentFilterListConfig' is not recognized as the name of a cmdlet, function, script file, or operable
 program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:31
+ Get-AttachmentFilterListConfig <<<<  | fl
    + CategoryInfo          : ObjectNotFound: (Get-AttachmentFilterListConfig:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669333
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669336
2 transport rules

rule 1 gets fields from AD and creates a signature
rule 2 adds a disclaimer

to verbose to paste here
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669338
No we are not running SP1
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669339
sorry @ wrong link :(

Check this guide
http://www.expta.com/2010/09/how-forefront-protection-2010-for.html

Can you check if Forefront Exchange Agent is still running ?
Check form the console if it's configured like this.
If so - uncheck that

0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669346
forefront was uninstalled

no sign of an agent in processes or services
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33669403
Did you restart the exchange server after uninstalling forefront

Go to Org config
Hub transport
Anti spam Tab

Right click on sender filtering
Properties
Go to Blocked senders
> check if reject messages from blank senders is checked ?
Uncheck that

Check the action.

Restart hub transport -- see if that works.

---
Troubleshooting
you can try disabling transport agents one by one and see if that works and try to isolate the cause.

On the face of it - looks like a forefront problem
or a transport agent attachment filtering
> but you dont have any of the above.


also
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33669422
Yes i restarted

I have all the options under anti spam disabled

will try the transport agents but for the moment but need to arrange downtime to do.

will keep looking
0
 
LVL 6

Author Comment

by:PACSAdmin
ID: 33679132
This is what i have done and its working now

added an additional IP to the exchange Server
Created a receive connector with the following powershell Command
---------------------------------
new-ReceiveConnector -Name 'RelayConnector' -Usage 'Custom' -Bindings 'xxx.xxx.xxx.xxx:25' -RemoteIPRanges 'xxx.xxx.xxx.xxx'
-Server 'SERVERNAME' -permissiongroups ExchangeServers
-AuthMechanism ‘TLS, ExternalAuthoritative’
----------------------------------
This bound the receive connector to the additional I.P Address and set the problem server as the only server that can use it. Set it as a trusted server so anti spam filters were bypassed and no authentication required

With the send connector i changed it to route through a smarthost which is a server with SMTP installed that just relays the emails.

Now i did both at the same time so i am not sure which one fixed the issue. I am leaning towards the smarthost as the receive connector should not do spam filtering

sunnyc can you give any insight as to why this works now (old receive connector was configured the same only it was bound to exchange servers original I.P)  I am going to give you the points for all your help anyway.

0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33680680
I am leaning towards a smarthost too.
0
 
LVL 6

Author Closing Comment

by:PACSAdmin
ID: 33688447
thanks for the help
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now