Why are messages getting rejected with the verdict "Open Proxy"? Or when Sender Ip is not in Symantec OPL list.

Article:TECH86159  |  Created: 2007-01-17  |  Updated: 2012-05-16  |  Article URL http://www.symantec.com/docs/TECH86159
Article Type
Technical Solution

Product(s)

Issue



Why are messages coming from an open proxy getting rejected?

Symptoms
Inbound messages from certain senders are rejected by Symantec Mail Security 5.0.x for SMTP or Symantec Mail Security Appliance 5.0.0-14 or later.

  • Message Tracking shows the reason the message was rejected is 'Open proxy' or 'Open Proxy sender violation'.



 


Cause



Symantec Mail Security 5.0.x for SMTP is configured to use the Open Proxy List (OPL), a Symantec-maintained list of IP addresses. This list contains IP addresses that are either open proxies used by spammers or “zombie” computers that have been co-opted by spammers.


Solution



Symantec does not recommend permitting the receipt of messages from Open Proxy sources.

To receive messages from a source on the OPL, do one or more of the following:

  • Notify the administrator of the open proxy server that their machine is on the OPL.
  • Request the original sender to send the message again using an alternate mail service.
  • Whitelist the sender by IP address.
  • (Only if all other measures fail) Disable the OPL.



To whitelist the sender by IP address:

  1. In the Control Center, click Policies > Sender Groups.
  2. Click Allowed Senders (IP based).
  3. Type the IP address of the server which sent the rejected message.


*Note*

When examining the message, the software checks all IP addresses found within the message header. If the offending address is not the direct IP address that is making the connection to the Mail Security
software, then whitelisting the connecting IP address may not work. In that case, the full message header will need to be acquired and all IP addresses should be run against the following website
to determine the offending IP address:

http://ipremoval.sms.symantec.com/lookup/

Alternatively the OPL issue has to be replicated with Debug logging set to the Filter-Hub component, which will reveal the offending IP address.

To disable the OPL:

  1. In the Control Center, click Policies > Sender Groups.
  2. Click the checkbox to the left of Open Proxy List.
  3. Click Disable.






Technical Information
If the Open Proxy List sender group is configured to "Reject SMTP Connection", the IP address of the computer which attempted to send mail to SMTP5 appears on the OPL at the time the message was rejected. If the Open Proxy List sender group is configured to "Delete the message", then the product is traversing all the headers of the email message. If any IP address in the headers is on the OPL, then SMTP5 will delete the message.


To set the filter-hub logging to debug:

1. In the Control Center click Settings.
2. Click Logs on the left panel.
3. Select Debug from the drop down next to 'Filter-Engine'
4. Click Save.
5. Have the message be sent back in.
6. Once you can verify that the message was not received (it was Rejected/Deleted by SMS-SMTP), change the logging level of the "Filter Engine" back to the previous setting (Warnings by default)

7. Contact Symantec Support for assistance in analyzing the log file and identifying the offending IP address.



Legacy ID



2007159934297298


Article URL http://www.symantec.com/docs/TECH86159


Terms of use for this information are found in Legal Notices