Watchguard XTM330 SMTP Proxy Question

Posted on 2013-10-18
Medium Priority
Last Modified: 2013-10-30
Today a weird thing happened; we received an email with several attachments directed to one user and with copy to that user's secretary.

The email received by the secretary had all the  attachments stripped and only received a message.txt (The usual attachment that the UTM uses when stripping a file) detailing that the file "winmail.dat" had been stripped.

The WatchGuard Firebox that protects your network has detected a message that may not be safe.

Cause : The file type may not be safe.
Content type : application/ms-tnef
File name    : winmail.dat
Virus status : No information.
Action       : The Firebox deleted winmail.dat.

Your network administrator can not restore this attachment.

I know about winmail.dat attachments so we informed the sender to not use RTF when sending emails, but my concern is that while the secretary did not get any attachments the other user did get them with no problem.

So my question is:

Does the same email directed to one user and with copy to another have different rules for stripping?

Why did one user receive the attachments and the other just the txt explaining the deletion of the winmail.dat?
Question by:ScreenFox
1 Comment
LVL 66

Accepted Solution

btan earned 1000 total points
ID: 39583980
winmail.dat is safe to let through. It's created by Outlook clients that aren't communicating via Exchange, where the message is composed using Word. It contains RTF formatting information, etc., so that mail created in RTF format (as opposed to plain text or HTML) will look the same on the receiving side as the sending side. Mail clients that don't support winmail.dat receive superfluous winmail.dat attachments

See if this helps

I assuming the users ares still in the same domain on the same policy going through the same SMTP proxy. at times you may want to recreate the smtp proxy, the sending of to and cc is a good test as well for consistency of the policy enforced to all recipients.

Also to make sure if WG is the culprit disable your current SMTP proxy service; add a filtered SMTP service and configure to allow traffic to the server [proper NAT]; now check is the email still stripped; if yes; then WG is not at fault.

Featured Post

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
Read this tutorial to learn how to fix repeating password error prompts when setting up Gmail IMAP with Microsoft Outlook. The entire process is described with step by step, illustrated instructions. Enjoy...
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question