09-12-2007 02:01 PM
I am filtering outbound email for compliance. My filter is also catching "Delivery Failure" messages that my email server is sending. How can I make an Outgoing Content Filter ignore those messages that are not really coming from us but are return to sendor messages? Any help would be appreciated. Thanks
09-12-2007 03:34 PM
Can you paste into this thread what those "Deliver Failure" messages look like? We can maybe put together a strong message filter or outgoing content filter that looks for the IP of your mailserver and another characteristic of the "Delivery Failure" and then drop it or something.
I am filtering outbound email for compliance. My filter is also catching "Delivery Failure" messages that my email server is sending. How can I make an Outgoing Content Filter ignore those messages that are not really coming from us but are return to sendor messages? Any help would be appreciated. Thanks
09-12-2007 05:15 PM
They are just standard delivery failure messages when an email is sent to us at user@company.com and user@company.com is not a valid email address. Example
Subject: User USER (USER@company.com) not listed in Domino Directory
Body:
Delivery Failure Report
Your message: “original subject line”
was not delivered to: USER@company.com
because: User USER (USER@company.com) not listed in Domino Directory
The IP of our email server is the same IP that all of our other legitimate email goes out from so IP address will not help. The consistant thing is that these Delivery Failure Report email is null/blank in the from field.
09-12-2007 05:33 PM
They are just standard delivery failure messages when an email is sent to us at user@company.com and user@company.com is not a valid email address. Example
Subject: User USER (USER@company.com) not listed in Domino Directory
Body:
Delivery Failure Report
Your message: “original subject line”
was not delivered to: USER@company.com
because: User USER (USER@company.com) not listed in Domino Directory
The IP of our email server is the same IP that all of our other legitimate email goes out from so IP address will not help. The consistant thing is that these Delivery Failure Report email is null/blank in the from field.
09-12-2007 08:21 PM
Thanks Richard. We do not have a problem with our address books. Here is what is happening:
1 Incoming email that addressed to email addresses that are NOT VALID (the people don't work here, the incoming email address is invalid, including any spam to invalid addresses that gets through spam filter)
2. Our Lotus Notes email server sends "Delivery Failure" messages in response to the incoming email with invalid email addresses.
3. Those outgoing "Delivery Failure" messages may include words or phrases that we are filtering for in our outgoing filters (such as profanity in spam)
4. My outgoing content filter catches these Delivery Failure messages and I don't want them to. I only want my outgoing email filter to act upon email that was actually sent by us.
5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.
Thanks again
09-12-2007 10:10 PM
Delivery failure notices always have a null SMTP envelope sender address, so you can check for that:
if (mail-from == "^$") {
...
}
09-12-2007 10:27 PM
OIC. Any reason you don't want to do LDAP through Domino? I just got mine working a couple of weeks ago, I had an aggravation problem with Notes hierarchical name resolution. But it works now and this would end the invalid address problem for you. Well worth the effort to set it up.
Thanks Richard. We do not have a problem with our address books. Here is what is happening:
5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.
Thanks again
09-12-2007 10:36 PM
Hello Ricard,
Is possible and convenient, can you post the steps you took to get ldap to work in your Lotus Domino environment? Any gotchas that you overcame or had to make changes to? I'm sure it would be helpful to the forum.
OIC. Any reason you don't want to do LDAP through Domino? I just got mine working a couple of weeks ago, I had an aggravation problem with Notes hierarchical name resolution. But it works now and this would end the invalid address problem for you. Well worth the effort to set it up.Thanks Richard. We do not have a problem with our address books. Here is what is happening:
5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.
Thanks again
09-12-2007 11:01 PM
Hope this link works, see my post:
https://www.ironportnation.com/forums/viewtopic.php?t=423&highlight=domino+ldap
Nothing special about Domino LDAP, the address book Short Name/UserID field aliases were the major required entries and the query string as mentioned above sees the aliases.
If I have time I might be able to make a more detailed report if the above is not clear. I was pretty happy to get it working! Fwiw I had been trying for a long time to get LDAP working in my Barracuda and finally gave it a go on the IronPort and had it working in short order after some help from IBM/Lotus support.
Hello Ricard,
Is possible and convenient, can you post the steps you took to get ldap to work in your Lotus Domino environment? Any gotchas that you overcame or had to make changes to? I'm sure it would be helpful to the forum.
09-12-2007 11:11 PM
Thanks Kluu, Richard, and Dlnash.
We are currently on an older version of Domino and every time they try to turn on ldap, the ldap crashes. We have decided to hold off on Domino LDAP until we upgrade to the newer version of Domino early next year.
Yes, we definately want to get the ldap working but have decided to wait for when we upgrade. So for the time being we know that email will get through to invalid addresses.
Thanks again DLnash. I tried a variation of your suggested filter and placed it first in order and I believe that is working. Mine is:
mail-from == "^$|" yours looks much cleaner, I might try that.
Thanks for everyone's help
09-12-2007 11:43 PM
Mine is: mail-from == "^$|"
09-13-2007 12:25 PM
Sorry for the mistake. In my post I said my filter was:
mail-from == "^$|"
My filter was actually
mail-from == "^$|<\\s*>"
Which I copied from the help file on my ironport box which shows examples of how to make a Blank “From:” Filter
09-13-2007 01:39 PM
I use to not keep up with Domino upgrades but find it less painful to keep on the major releases. It usually isn't too difficult to even move it to new hardware. 8.x should be a good release to jump on, the Lotus Domino forum has some good info and help at times.
Between firewalls/spam filters/appliances/servers etc. it does take a bit of detective work to figure out how to make all of these technologies work together. The more I've used and gotten to know the IronPort the better I like it.
We are currently on an older version of Domino and every time they try to turn on ldap, the ldap crashes. We have decided to hold off on Domino LDAP until we upgrade to the newer version of Domino early next year.
09-13-2007 01:57 PM
mail-from == "^$|"
09-13-2007 03:12 PM
When I click on help from the GUI, it is in the following guide.
AsyncOS 5.0 Advanced User Guide
-Practical Filter Examples
Blank “From:” Filter
Summary: Identifying blank “From” headers,
This filter can alleviate various forms of blank “from” addresses:
blank_mail_from_stop:
if (recv-listener == "InboundMail" AND header("From") == "^$|") {
drop ();
}
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: