Messaging Gateway

 View Only

  • 1.  System denied email address or domain

    Posted Apr 06, 2010 09:53 AM

    Hi,
    My own domain is added to the local bad domains to reject mail from outside that fakes my domain name. However, recently I had a problem receiveing mail from yahoo groups.
    When I check the audit logs I saw the following report:

    Sender: sentto-1234567-1234-1234567890-username=mydomainname@returns.groups.yahoo.com
      Original recipients: username@mydomainname
      Original Subject: subject
      Full attachment list: None
      Suspect attachments: None
    Recipient Data 
      Intended recipient: username@mydomainname
       
      Verdict:
    Verdict Filter Policy Group Details
    System denied email address or domain  static deny email address  default  None 
       


    The mails received from yahoo groups are seem to be sent from a mail addresses like follows where the address contains my domain name.
       
                     sentto-1234567-7890-1234567890-myusername=mydomainname@returns.groups.yahoo.com

    Could it be that my domain name appearing  in the sender mail address like this cause problem with the local bad domains lists? Because no other  static domain is added to the local bad domains list.





  • 2.  RE: System denied email address or domain

    Posted Apr 06, 2010 11:07 AM

    The mail in this example is being blocked because the From: header in the message contains your domain name.  Please see the topic titled "Supported methods for identifying senders" on page 160 in Symantec Brightmail Gateway 9.0 Administration Guide.  Here is the text for your reference:

    QUOTE:
    Symantec Brightmail Gateway checks the following
    characteristics of incoming mail against those in your lists:
    ■ MAIL FROM: address in the SMTP envelope. Specify a
    pattern that matches the value for localpart@domain in the
    address. You can use the * or ? wildcards in the pattern to
    match any portion of the address.
    ■ From: address in the message headers. Specify a pattern
    that matches the value for localpart@domain in the FROM:
    header. You can use wildcards in the pattern to match any
    portion of this value.
    UNQUOTE:

    Hope this answers your question.

    Regrads,

    Adnan


  • 3.  RE: System denied email address or domain

    Posted Apr 06, 2010 11:55 AM

    I don't follow.  molla5's example shows the domain in the local part, not the domain part.

    sentto-1234567-7890-1234567890-myusername=mydomainname@returns.groups.yahoo.com
    If Molla5 has spec'd simply mydomain.com in bad senders, it shouldn't be matching on text before the @.

    The manual section you quoted goes on to show this example:  an entry w/o an @ appears to be documented as the domain part, and should not match the local part

    Example

    Sample matches

    example.com

    chang@example.com, marta@example.com, john@bank.example.com



  • 4.  RE: System denied email address or domain

    Posted Apr 07, 2010 02:28 AM
    I have specified the domain name as mydomain.com, without any @ character. It that case as phhowe17 mentined it shouldn't match the local part. By the way, I am still using 8.03_11.


  • 5.  RE: System denied email address or domain

    Posted Apr 07, 2010 02:45 AM

    SBG first tries to match the entry in local bad senders list  with the "envelope sender" (the sender specified by "Mail From:" SMTP command).  If that does not match, then it tries to match the From: header in the message.

    In your case, the envelope sender is "sentto-1234567-1234-1234567890-username=mydomainname@returns.groups.yahoo.com" as seen in the Sender field of Message Audit Logs.  Since this envelope sender did not match, SBG then tried to match the From: header in the message.  I am quite sure that the message that got rejected had your domain in the From: header.  You can confirm this by setting the action to Quarantine the message and checking the message header when the message gets quarantined.

    Hope this helps.

    Regards,

    Adnan


  • 6.  RE: System denied email address or domain

    Posted Apr 07, 2010 03:48 AM

    Hi,
    I have verified Adnan's claim by setting up a group and making some tests. I also set the action in "Local Bad Domains" to quarantine the messages. The issues happens when I join a yahoo group using an email from my own domain and trying to send mail to the group with that email. When that mail is distributed to other users in my domain, From field contains the original address from my domain as you said. Those mails are then captured by SBG and processed according to the action.

    Now, how can I simultaneously disable mails from outside that are faking my domain and also accept mails that I described by above scenario?

    Regards.




  • 7.  RE: System denied email address or domain

    Posted Apr 07, 2010 03:56 AM

    hi,
    I have added the sender domain from Yahoo to Local Good domains, that resolved the issue for me.


  • 8.  RE: System denied email address or domain

    Posted Apr 07, 2010 10:32 AM

    Molla5: You find this to be endless.  Many websites that allow you to "send as e-mail" will cause this.
    AdnanH:  I think the docs should be update to reflect this change from envelope to message body from in domain matching.