Solved

email with attachment from certain domains is refused delivery

Posted on 2013-12-11
9
311 Views
Last Modified: 2014-03-25
Greetings.  We have in place a Barracuda 400.  A few months ago, emails with attachments larger than 1 or 2mb, from just two domains, are refused and eventually returned to the sender.  If either of these domains send an email with no attachment, or smaller attachments, the message will be delivered.  There is nothing in the logs on the Barracuda to indicate a problem.  The message is not Blocked or Quarantined.  Both the sender and I have tried to figure out the problem and have come up with nothing.  My last resort is to try and monitor the connection from the logs on our Firewall, which I'll be trying soon.  In the meantime, has anyone come across this before?
0
Comment
Question by:rsl-nsg
  • 6
  • 2
9 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39713791
When the messages are refused are they even reaching the Mail Server at all?

Did you checked the mail server also if there is anything there about those messages?

Sudeep
0
 

Author Comment

by:rsl-nsg
ID: 39714463
No, they do not appear to be reaching the Exchange server.  I have checked the mail and do not find any reference to the messages sent.  I will try to find a copy of the NDR they receive and attach it to my question.

Thank you
0
 
LVL 3

Expert Comment

by:jrlingam
ID: 39723314
Hi

1. Is there any mail gateway device located between the 2 domains. If yes, then please check the same.

2. What is the maximum message size for external emails that is set up in the sender domain. In my experience, most of these issues will be because the mail has crossed the maximum permissible size.

Also please provide us the NDR if any received by the sender.
0
 

Author Comment

by:rsl-nsg
ID: 39724081
Thank you for your reply.

1. There is not a gateway on our end.  The sender has a similar SPAM/Anti-Virus appliance we use that their email passess through before transmitting to a recipient.  

2. I'm not sure of their max size, however the same email that does not make it to a recipient in our domain is successfully delivered to my personal email account and another business account I have.  This appears to point to a problem at our end, however I'm unable to find the cause.  

I will be testing again with the client this afternoon.  I'm going to monitor the logs on our Firewall in the hopes of seeing what happnes to their initial connection.  The only NDR message they receive is the text I attached to my previous comment.  If you were unable to view that let me know and I'll try to re-attach it.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:rsl-nsg
ID: 39768994
Coincidentally, I have learned that the two domains we are experiencing this issue with use Cisco IronPort appliances.  If there are any experts knowledgeble with that appliance perhaps they can come up with some possible causes?  I was able to view their connections through our Firewall, which were reported as successful.  So, the problem does appear to be the connection to our Barracuda SPAM appliance.

Thanks,

Terry
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39771306
As you have mentioned that they are using Cisco Ironport Mail Appliances, so please check on the senderbase is your mail servers IP addresses are listed there.

http://www.senderbase.org

Sudeep
0
 

Author Comment

by:rsl-nsg
ID: 39783392
I do not find our mail server listed on this site.  Thanks Sudeep.

Terry
0
 

Accepted Solution

by:
rsl-nsg earned 0 total points
ID: 39942744
This issue has been resolved.  I had a Fortinet support engineer review the policies on our Firewall.  He found a couple of Public facing policies that had NAT enabled, which he said was not necessary and could cause issues.  We disabled NAT on both policies.  One policy had to do with SMTP traffice to our Exchange server.  The other policy was related to TLS handshake.  I had to re-enable NAT on the policy for our Exchange server because when disabled our remote users were unable to receive email to their hand held devices.  At our next round of testing we started receiving emails with large attachments from the domain in question.  As that was the only change I'm aware of I have to believe this was the solution.

Thanks to all who commented on my question.
0
 

Author Closing Comment

by:rsl-nsg
ID: 39952671
It was the solution to the reported issue.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now