Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2020
Views
0
Helpful
7
Replies

Bounce verification and From: <>

arcastor_ironport
Level 1
Level 1

‎05-29-2008 09:51 AM

Hi all,

I need some help or explanations about bounce verification. I'm on C150 AsynOS v6.1.0-304

I have some (valid) bounce like autoreply responder which are dropped by bounce verification.

I have BATV on.

As far as I have understand bounce verification, IronPort dropped mail with From: <> but here the rcpt address is tagged so is it normal that it consider it's an invalide bounce?

Thu May 29 10:37:17 2008 Info: ICID 627709 ACCEPT SG UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.5
Thu May 29 10:37:17 2008 Info: Start MID 125491 ICID 627709
Thu May 29 10:37:17 2008 Info: MID 125491 ICID 627709 From: <>
Thu May 29 10:37:17 2008 Info: MID 125491 ICID 627709 invalid bounce, rcpt address <prvs> rejected by bounce verification.
Thu May 29 10:37:17 2008 Info: Message aborted MID 125491 Receiving aborted by sender
Thu May 29 10:37:17 2008 Info: Message finished MID 125491 aborted
Thu May 29 10:37:17 2008 Info: ICID 627709 close


I have tested to add a header instead of reject the mail but IronPort doesn't untag the address and is then rejected by RAT.

Someone have an idea? :wink:

Thanks by advance.

Best regards,
Arcastor

EDIT: the tagged address doesn't work between code brackets but it's a tagged address.

Labels:
0 Helpful
7 Replies 7

kluu_ironport
Level 2
Level 2

‎05-29-2008 06:27 PM

If you are running AsyncOS 6.1.0-304, there was a defect in that version with respect to the Bounce Verification.

Below is a snippet from the release notes for version 6.1.0-306 that fixes that issue.

You can download the new version by going to [System Administration > System Upgrade] and get the release notes from the Support Portal > Documentation > Email



Fixed: Bounce Verification Treats All Bounces as Invalid An issue with Bounce Verification has been identified that results in all bounces being flagged as invalid. For those customers who have the “Reject” action enabled, this will result in all valid bounces being rejected by the system. This issue will affect a bounce of any message that was sent from an appliance on April 30, 2008 or later. This issue affects all versions of
AsyncOS for Email Security Appliances and Security Management Appliances. IronPort has released updated versions of AsyncOS to address this issue. Please note that any new messages sent from an IronPort appliance with an unfixed build of AsyncOS will still fail
bounce verification. [Defect ID: 41303]





Hi all,

I need some help or explanations about bounce verification. I'm on C150 AsynOS v6.1.0-304

I have some (valid) bounce like autoreply responder which are dropped by bounce verification.

I have BATV on. 

As far as I have understand bounce verification, IronPort dropped mail with From: <> but here the rcpt address is tagged so is it normal that it consider it's an invalide bounce?

Thu May 29 10:37:17 2008 Info: ICID 627709 ACCEPT SG UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.5
Thu May 29 10:37:17 2008 Info: Start MID 125491 ICID 627709
Thu May 29 10:37:17 2008 Info: MID 125491 ICID 627709 From: <>
Thu May 29 10:37:17 2008 Info: MID 125491 ICID 627709 invalid bounce, rcpt address  rejected by bounce verification.
Thu May 29 10:37:17 2008 Info: Message aborted MID 125491 Receiving aborted by sender
Thu May 29 10:37:17 2008 Info: Message finished MID 125491 aborted
Thu May 29 10:37:17 2008 Info: ICID 627709 close


I have tested to add a header instead of reject the mail but IronPort doesn't untag the address and is then rejected by RAT.

Someone have an idea?  :wink: 

Thanks by advance. 

Best regards,
Arcastor

EDIT: the tagged address doesn't work between code brackets but it's a tagged address.

0 Helpful

kluu_ironport
Level 2
Level 2

‎05-29-2008 06:28 PM

By the way, when upgrading AsyncOS, it is recommended that you go to the Support Portal, log in, go to the Documentation section for the Email appliances and skim over the Release Notes to get familiar with the Fixes and Enhancements.

0 Helpful

arcastor_ironport
Level 1
Level 1

‎05-29-2008 06:36 PM 

By the way, when upgrading AsyncOS, it is recommended that you go to the Support Portal, log in, go to the Documentation section for the Email appliances and skim over the Release Notes to get familiar with the Fixes and Enhancements.


I fully agree and I have made a mistake: I have read the release note which tell there is a bug but was thinking it was the version I was running :)

I plan an upgrade and come back for news. Thanks for answers and advice ;)

0 Helpful

arcastor_ironport
Level 1
Level 1

‎06-02-2008 05:02 PM

Hi,

Indeed, after upgrade I receive valid bounce (autoreply, etc ...) but the destination address which appear in my mail client (Outlook 2003) is the tagged address and users are asking me what is this address.

In the KB (Answer ID 706), it is written

However, you may find that by preemptively inserting a header  -- with an Outbound Policy Content Filter -- you can prevent the other system from inserting its own header.


As I'm a real great beginner with IronPort, can someone help me in writing this Outbound Policy Content Filter?

Best regards,
Arcastor

0 Helpful

kluu_ironport
Level 2
Level 2

‎06-02-2008 09:29 PM

Can you provide an example of what is shown in the Internet headers?

Hi,

Indeed, after upgrade I receive valid bounce (autoreply, etc ...) but the destination address which appear in my mail client (Outlook 2003) is the tagged address and users are asking me what is this address.

In the KB (Answer ID 706), it is written
However, you may find that by preemptively inserting a header  -- with an Outbound Policy Content Filter -- you can prevent the other system from inserting its own header.


As I'm a real great beginner with IronPort, can someone help me in writing this Outbound Policy Content Filter?

Best regards,
Arcastor

0 Helpful

arcastor_ironport
Level 1
Level 1

‎06-03-2008 09:15 AM

Here is Internet headers :wink: 

Message-ID: <6ede6fb50805301502t17184089q>
Date: Fri, 30 May 2008 15:02:58 -0700
From: "David Toto" 
To: prvs=david_user=019bd19d9@my_company.com
Subject: toto3 Re: test
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Precedence: bulk
X-Autoreply: yes
Return-Path: <>
X-OriginalArrivalTime: 30 May 2008 22:04:05.0551 (UTC) FILETIME=[13AA4BF0:01C8C2A1]

0 Helpful

rogerfinch_ironport
Level 1
Level 1

‎06-24-2008 01:01 PM

hey, did the 306 patch work?

we still get bounces on this version of code on a C30. :cry:

we've had to add the 2 domains that bounce into the whitelist, add destination controls to def allow outbound mail without bounce verification and it still happens.

everyone else ok with BV ?

cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents