Solved

email with attachment from certain domains is refused delivery

Posted on 2013-12-11
9
326 Views
Last Modified: 2014-03-25
Greetings.  We have in place a Barracuda 400.  A few months ago, emails with attachments larger than 1 or 2mb, from just two domains, are refused and eventually returned to the sender.  If either of these domains send an email with no attachment, or smaller attachments, the message will be delivered.  There is nothing in the logs on the Barracuda to indicate a problem.  The message is not Blocked or Quarantined.  Both the sender and I have tried to figure out the problem and have come up with nothing.  My last resort is to try and monitor the connection from the logs on our Firewall, which I'll be trying soon.  In the meantime, has anyone come across this before?
0
Comment
Question by:rsl-nsg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
9 Comments
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39713791
When the messages are refused are they even reaching the Mail Server at all?

Did you checked the mail server also if there is anything there about those messages?

Sudeep
0
 

Author Comment

by:rsl-nsg
ID: 39714463
No, they do not appear to be reaching the Exchange server.  I have checked the mail and do not find any reference to the messages sent.  I will try to find a copy of the NDR they receive and attach it to my question.

Thank you
0
 
LVL 3

Expert Comment

by:jrlingam
ID: 39723314
Hi

1. Is there any mail gateway device located between the 2 domains. If yes, then please check the same.

2. What is the maximum message size for external emails that is set up in the sender domain. In my experience, most of these issues will be because the mail has crossed the maximum permissible size.

Also please provide us the NDR if any received by the sender.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:rsl-nsg
ID: 39724081
Thank you for your reply.

1. There is not a gateway on our end.  The sender has a similar SPAM/Anti-Virus appliance we use that their email passess through before transmitting to a recipient.  

2. I'm not sure of their max size, however the same email that does not make it to a recipient in our domain is successfully delivered to my personal email account and another business account I have.  This appears to point to a problem at our end, however I'm unable to find the cause.  

I will be testing again with the client this afternoon.  I'm going to monitor the logs on our Firewall in the hopes of seeing what happnes to their initial connection.  The only NDR message they receive is the text I attached to my previous comment.  If you were unable to view that let me know and I'll try to re-attach it.
0
 

Author Comment

by:rsl-nsg
ID: 39768994
Coincidentally, I have learned that the two domains we are experiencing this issue with use Cisco IronPort appliances.  If there are any experts knowledgeble with that appliance perhaps they can come up with some possible causes?  I was able to view their connections through our Firewall, which were reported as successful.  So, the problem does appear to be the connection to our Barracuda SPAM appliance.

Thanks,

Terry
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39771306
As you have mentioned that they are using Cisco Ironport Mail Appliances, so please check on the senderbase is your mail servers IP addresses are listed there.

http://www.senderbase.org

Sudeep
0
 

Author Comment

by:rsl-nsg
ID: 39783392
I do not find our mail server listed on this site.  Thanks Sudeep.

Terry
0
 

Accepted Solution

by:
rsl-nsg earned 0 total points
ID: 39942744
This issue has been resolved.  I had a Fortinet support engineer review the policies on our Firewall.  He found a couple of Public facing policies that had NAT enabled, which he said was not necessary and could cause issues.  We disabled NAT on both policies.  One policy had to do with SMTP traffice to our Exchange server.  The other policy was related to TLS handshake.  I had to re-enable NAT on the policy for our Exchange server because when disabled our remote users were unable to receive email to their hand held devices.  At our next round of testing we started receiving emails with large attachments from the domain in question.  As that was the only change I'm aware of I have to believe this was the solution.

Thanks to all who commented on my question.
0
 

Author Closing Comment

by:rsl-nsg
ID: 39952671
It was the solution to the reported issue.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question