cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3593
Views
0
Helpful
16
Replies

How do I ignore "Delivery Failure" email in outbou

john.hayden
Level 1
Level 1

I am filtering outbound email for compliance. My filter is also catching "Delivery Failure" messages that my email server is sending. How can I make an Outgoing Content Filter ignore those messages that are not really coming from us but are return to sendor messages? Any help would be appreciated. Thanks

16 Replies 16

kluu_ironport
Level 2
Level 2

Can you paste into this thread what those "Deliver Failure" messages look like? We can maybe put together a strong message filter or outgoing content filter that looks for the IP of your mailserver and another characteristic of the "Delivery Failure" and then drop it or something.


I am filtering outbound email for compliance. My filter is also catching "Delivery Failure" messages that my email server is sending.  How can I make an Outgoing Content Filter ignore those messages that are not really coming from us but are return to sendor messages?  Any help would be appreciated.  Thanks

john.hayden
Level 1
Level 1

They are just standard delivery failure messages when an email is sent to us at user@company.com and user@company.com is not a valid email address. Example

Subject: User USER (USER@company.com) not listed in Domino Directory

Body:
Delivery Failure Report
Your message: “original subject line”
was not delivered to: USER@company.com
because: User USER (USER@company.com) not listed in Domino Directory

The IP of our email server is the same IP that all of our other legitimate email goes out from so IP address will not help. The consistant thing is that these Delivery Failure Report email is null/blank in the from field.

IIAGDTRnSC
Level 1
Level 1

They are just standard delivery failure messages when an email is sent to us at user@company.com and user@company.com is not a valid email address. Example

Subject: User USER (USER@company.com) not listed in Domino Directory

Body:
Delivery Failure Report
Your message: “original subject line”
was not delivered to: USER@company.com
because: User USER (USER@company.com) not listed in Domino Directory

The IP of our email server is the same IP that all of our other legitimate email goes out from so IP address will not help. The consistant thing is that these Delivery Failure Report email is null/blank in the from field.


Check your main address book. When this happens to me there is a problem with the address, sometimes it is in the user's personal address book.

john.hayden
Level 1
Level 1

Thanks Richard. We do not have a problem with our address books. Here is what is happening:
1 Incoming email that addressed to email addresses that are NOT VALID (the people don't work here, the incoming email address is invalid, including any spam to invalid addresses that gets through spam filter)
2. Our Lotus Notes email server sends "Delivery Failure" messages in response to the incoming email with invalid email addresses.
3. Those outgoing "Delivery Failure" messages may include words or phrases that we are filtering for in our outgoing filters (such as profanity in spam)
4. My outgoing content filter catches these Delivery Failure messages and I don't want them to. I only want my outgoing email filter to act upon email that was actually sent by us.
5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.

Thanks again

Donald Nash
Level 3
Level 3

Delivery failure notices always have a null SMTP envelope sender address, so you can check for that:

if (mail-from == "^$") {
...
}

IIAGDTRnSC
Level 1
Level 1

OIC. Any reason you don't want to do LDAP through Domino? I just got mine working a couple of weeks ago, I had an aggravation problem with Notes hierarchical name resolution. But it works now and this would end the invalid address problem for you. Well worth the effort to set it up.

Thanks Richard. We do not have a problem with our address  books.  Here is what is happening:  

5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.

Thanks again

kluu_ironport
Level 2
Level 2

Hello Ricard,

Is possible and convenient, can you post the steps you took to get ldap to work in your Lotus Domino environment? Any gotchas that you overcame or had to make changes to? I'm sure it would be helpful to the forum.


OIC.  Any reason you don't want to do LDAP through Domino?  I just got mine working a couple of weeks ago, I had an aggravation problem with Notes hierarchical name resolution.  But it works now and this would end the invalid address problem for you.  Well worth the effort to set it up.

Thanks Richard. We do not have a problem with our address  books.  Here is what is happening:  

5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.

Thanks again

IIAGDTRnSC
Level 1
Level 1

Hope this link works, see my post:

https://www.ironportnation.com/forums/viewtopic.php?t=423&highlight=domino+ldap

Nothing special about Domino LDAP, the address book Short Name/UserID field aliases were the major required entries and the query string as mentioned above sees the aliases.

If I have time I might be able to make a more detailed report if the above is not clear. I was pretty happy to get it working! Fwiw I had been trying for a long time to get LDAP working in my Barracuda and finally gave it a go on the IronPort and had it working in short order after some help from IBM/Lotus support.

Hello Ricard,  

Is possible and convenient, can you post the steps you took to get ldap to work in your Lotus Domino environment? Any gotchas that you overcame or had to make changes to? I'm sure it would be helpful to the forum.

john.hayden
Level 1
Level 1

Thanks Kluu, Richard, and Dlnash.

We are currently on an older version of Domino and every time they try to turn on ldap, the ldap crashes. We have decided to hold off on Domino LDAP until we upgrade to the newer version of Domino early next year.

Yes, we definately want to get the ldap working but have decided to wait for when we upgrade. So for the time being we know that email will get through to invalid addresses.

Thanks again DLnash. I tried a variation of your suggested filter and placed it first in order and I believe that is working. Mine is:
mail-from == "^$|" yours looks much cleaner, I might try that.

Thanks for everyone's help

Donald Nash
Level 3
Level 3

Mine is: mail-from == "^$|"

I don' understand what the "" bit is suppose to do. Care to elaborate?

john.hayden
Level 1
Level 1

Sorry for the mistake. In my post I said my filter was:
mail-from == "^$|"

My filter was actually
mail-from == "^$|<\\s*>"

Which I copied from the help file on my ironport box which shows examples of how to make a Blank “From:” Filter

IIAGDTRnSC
Level 1
Level 1

I use to not keep up with Domino upgrades but find it less painful to keep on the major releases. It usually isn't too difficult to even move it to new hardware. 8.x should be a good release to jump on, the Lotus Domino forum has some good info and help at times.

Between firewalls/spam filters/appliances/servers etc. it does take a bit of detective work to figure out how to make all of these technologies work together. The more I've used and gotten to know the IronPort the better I like it.


We are currently on an older version of Domino and every time they try to turn on ldap, the ldap crashes. We have decided to hold off on Domino LDAP until we upgrade to the newer version of Domino early next year.

Donald Nash
Level 3
Level 3

mail-from == "^$|"


OK, now I understand, but that's still not right. A proper delivery failure notice has a completely empty mail-from. That regexp matches an empty mail-from or one which has spaces in it.

What help file did you copy that out of? That just doesn't look right at all to me.

john.hayden
Level 1
Level 1

When I click on help from the GUI, it is in the following guide.
AsyncOS 5.0 Advanced User Guide
-Practical Filter Examples

Blank “From:” Filter
Summary: Identifying blank “From” headers,
This filter can alleviate various forms of blank “from” addresses:
blank_mail_from_stop:
if (recv-listener == "InboundMail" AND header("From") == "^$|") {
drop ();
}

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: