Solved

email with attachment from certain domains is refused delivery

Posted on 2013-12-11
9
323 Views
Last Modified: 2014-03-25
Greetings.  We have in place a Barracuda 400.  A few months ago, emails with attachments larger than 1 or 2mb, from just two domains, are refused and eventually returned to the sender.  If either of these domains send an email with no attachment, or smaller attachments, the message will be delivered.  There is nothing in the logs on the Barracuda to indicate a problem.  The message is not Blocked or Quarantined.  Both the sender and I have tried to figure out the problem and have come up with nothing.  My last resort is to try and monitor the connection from the logs on our Firewall, which I'll be trying soon.  In the meantime, has anyone come across this before?
0
Comment
Question by:rsl-nsg
  • 6
  • 2
9 Comments
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39713791
When the messages are refused are they even reaching the Mail Server at all?

Did you checked the mail server also if there is anything there about those messages?

Sudeep
0
 

Author Comment

by:rsl-nsg
ID: 39714463
No, they do not appear to be reaching the Exchange server.  I have checked the mail and do not find any reference to the messages sent.  I will try to find a copy of the NDR they receive and attach it to my question.

Thank you
0
 
LVL 3

Expert Comment

by:jrlingam
ID: 39723314
Hi

1. Is there any mail gateway device located between the 2 domains. If yes, then please check the same.

2. What is the maximum message size for external emails that is set up in the sender domain. In my experience, most of these issues will be because the mail has crossed the maximum permissible size.

Also please provide us the NDR if any received by the sender.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:rsl-nsg
ID: 39724081
Thank you for your reply.

1. There is not a gateway on our end.  The sender has a similar SPAM/Anti-Virus appliance we use that their email passess through before transmitting to a recipient.  

2. I'm not sure of their max size, however the same email that does not make it to a recipient in our domain is successfully delivered to my personal email account and another business account I have.  This appears to point to a problem at our end, however I'm unable to find the cause.  

I will be testing again with the client this afternoon.  I'm going to monitor the logs on our Firewall in the hopes of seeing what happnes to their initial connection.  The only NDR message they receive is the text I attached to my previous comment.  If you were unable to view that let me know and I'll try to re-attach it.
0
 

Author Comment

by:rsl-nsg
ID: 39768994
Coincidentally, I have learned that the two domains we are experiencing this issue with use Cisco IronPort appliances.  If there are any experts knowledgeble with that appliance perhaps they can come up with some possible causes?  I was able to view their connections through our Firewall, which were reported as successful.  So, the problem does appear to be the connection to our Barracuda SPAM appliance.

Thanks,

Terry
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39771306
As you have mentioned that they are using Cisco Ironport Mail Appliances, so please check on the senderbase is your mail servers IP addresses are listed there.

http://www.senderbase.org

Sudeep
0
 

Author Comment

by:rsl-nsg
ID: 39783392
I do not find our mail server listed on this site.  Thanks Sudeep.

Terry
0
 

Accepted Solution

by:
rsl-nsg earned 0 total points
ID: 39942744
This issue has been resolved.  I had a Fortinet support engineer review the policies on our Firewall.  He found a couple of Public facing policies that had NAT enabled, which he said was not necessary and could cause issues.  We disabled NAT on both policies.  One policy had to do with SMTP traffice to our Exchange server.  The other policy was related to TLS handshake.  I had to re-enable NAT on the policy for our Exchange server because when disabled our remote users were unable to receive email to their hand held devices.  At our next round of testing we started receiving emails with large attachments from the domain in question.  As that was the only change I'm aware of I have to believe this was the solution.

Thanks to all who commented on my question.
0
 

Author Closing Comment

by:rsl-nsg
ID: 39952671
It was the solution to the reported issue.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This story has been written with permission from the scammed victim, a valued client of mine ā€“ identity protected by request.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: ā€¦
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail sā€¦

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question