Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How do I ignore "Delivery Failure" email in outbou

I am filtering outbound email for compliance. My filter is also catching "Delivery Failure" messages that my email server is sending. How can I make an Outgoing Content Filter ignore those messages that are not really coming from us but are return to sendor messages? Any help would be appreciated. Thanks

16 REPLIES
Community Member

Re: How do I ignore "Delivery Failure" email in ou

Can you paste into this thread what those "Deliver Failure" messages look like? We can maybe put together a strong message filter or outgoing content filter that looks for the IP of your mailserver and another characteristic of the "Delivery Failure" and then drop it or something.


I am filtering outbound email for compliance. My filter is also catching "Delivery Failure" messages that my email server is sending.  How can I make an Outgoing Content Filter ignore those messages that are not really coming from us but are return to sendor messages?  Any help would be appreciated.  Thanks

Community Member

How do I ignore "Delivery Failure" email in outbou

They are just standard delivery failure messages when an email is sent to us at user@company.com and user@company.com is not a valid email address. Example

Subject: User USER (USER@company.com) not listed in Domino Directory

Body:
Delivery Failure Report
Your message: “original subject line”
was not delivered to: USER@company.com
because: User USER (USER@company.com) not listed in Domino Directory

The IP of our email server is the same IP that all of our other legitimate email goes out from so IP address will not help. The consistant thing is that these Delivery Failure Report email is null/blank in the from field.

Community Member

Re: How do I ignore "Delivery Failure" email in ou

They are just standard delivery failure messages when an email is sent to us at user@company.com and user@company.com is not a valid email address. Example

Subject: User USER (USER@company.com) not listed in Domino Directory

Body:
Delivery Failure Report
Your message: “original subject line”
was not delivered to: USER@company.com
because: User USER (USER@company.com) not listed in Domino Directory

The IP of our email server is the same IP that all of our other legitimate email goes out from so IP address will not help. The consistant thing is that these Delivery Failure Report email is null/blank in the from field.


Check your main address book. When this happens to me there is a problem with the address, sometimes it is in the user's personal address book.

Community Member

How do I ignore "Delivery Failure" email in outbou

Thanks Richard. We do not have a problem with our address books. Here is what is happening:
1 Incoming email that addressed to email addresses that are NOT VALID (the people don't work here, the incoming email address is invalid, including any spam to invalid addresses that gets through spam filter)
2. Our Lotus Notes email server sends "Delivery Failure" messages in response to the incoming email with invalid email addresses.
3. Those outgoing "Delivery Failure" messages may include words or phrases that we are filtering for in our outgoing filters (such as profanity in spam)
4. My outgoing content filter catches these Delivery Failure messages and I don't want them to. I only want my outgoing email filter to act upon email that was actually sent by us.
5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.

Thanks again

Community Member

Re: How do I ignore "Delivery Failure" email in outbou

Delivery failure notices always have a null SMTP envelope sender address, so you can check for that:

if (mail-from == "^$") {
...
}

Community Member

Re: How do I ignore "Delivery Failure" email in ou

OIC. Any reason you don't want to do LDAP through Domino? I just got mine working a couple of weeks ago, I had an aggravation problem with Notes hierarchical name resolution. But it works now and this would end the invalid address problem for you. Well worth the effort to set it up.

Thanks Richard. We do not have a problem with our address  books.  Here is what is happening:  

5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.

Thanks again

Community Member

Re: How do I ignore "Delivery Failure" email in ou

Hello Ricard,

Is possible and convenient, can you post the steps you took to get ldap to work in your Lotus Domino environment? Any gotchas that you overcame or had to make changes to? I'm sure it would be helpful to the forum.


OIC.  Any reason you don't want to do LDAP through Domino?  I just got mine working a couple of weeks ago, I had an aggravation problem with Notes hierarchical name resolution.  But it works now and this would end the invalid address problem for you.  Well worth the effort to set it up.

Thanks Richard. We do not have a problem with our address  books.  Here is what is happening:  

5. Additonal information is that we do NOT have an LDAP available so IronPort does not know what are valid email addresses are.

Thanks again

Community Member

Re: How do I ignore "Delivery Failure" email in ou

Hope this link works, see my post:

https://www.ironportnation.com/forums/viewtopic.php?t=423&highlight=domino+ldap

Nothing special about Domino LDAP, the address book Short Name/UserID field aliases were the major required entries and the query string as mentioned above sees the aliases.

If I have time I might be able to make a more detailed report if the above is not clear. I was pretty happy to get it working! Fwiw I had been trying for a long time to get LDAP working in my Barracuda and finally gave it a go on the IronPort and had it working in short order after some help from IBM/Lotus support.

Hello Ricard,  

Is possible and convenient, can you post the steps you took to get ldap to work in your Lotus Domino environment? Any gotchas that you overcame or had to make changes to? I'm sure it would be helpful to the forum.

Community Member

How do I ignore "Delivery Failure" email in ou

Thanks Kluu, Richard, and Dlnash.

We are currently on an older version of Domino and every time they try to turn on ldap, the ldap crashes. We have decided to hold off on Domino LDAP until we upgrade to the newer version of Domino early next year.

Yes, we definately want to get the ldap working but have decided to wait for when we upgrade. So for the time being we know that email will get through to invalid addresses.

Thanks again DLnash. I tried a variation of your suggested filter and placed it first in order and I believe that is working. Mine is:
mail-from == "^$|" yours looks much cleaner, I might try that.

Thanks for everyone's help

Community Member

Re: How do I ignore "Delivery Failure" email in ou

Mine is: mail-from == "^$|"

I don' understand what the "" bit is suppose to do. Care to elaborate?

Community Member

How do I ignore "Delivery Failure" email in ou

Sorry for the mistake. In my post I said my filter was:
mail-from == "^$|"

My filter was actually
mail-from == "^$|<\\s*>"

Which I copied from the help file on my ironport box which shows examples of how to make a Blank “From:” Filter

Community Member

Re: How do I ignore "Delivery Failure" email in ou

I use to not keep up with Domino upgrades but find it less painful to keep on the major releases. It usually isn't too difficult to even move it to new hardware. 8.x should be a good release to jump on, the Lotus Domino forum has some good info and help at times.

Between firewalls/spam filters/appliances/servers etc. it does take a bit of detective work to figure out how to make all of these technologies work together. The more I've used and gotten to know the IronPort the better I like it.


We are currently on an older version of Domino and every time they try to turn on ldap, the ldap crashes. We have decided to hold off on Domino LDAP until we upgrade to the newer version of Domino early next year.

Community Member

Re: How do I ignore "Delivery Failure" email in ou

mail-from == "^$|"


OK, now I understand, but that's still not right. A proper delivery failure notice has a completely empty mail-from. That regexp matches an empty mail-from or one which has spaces in it.

What help file did you copy that out of? That just doesn't look right at all to me.

Community Member

Re: How do I ignore "Delivery Failure" email in outbou

When I click on help from the GUI, it is in the following guide.
AsyncOS 5.0 Advanced User Guide
-Practical Filter Examples

Blank “From:” Filter
Summary: Identifying blank “From” headers,
This filter can alleviate various forms of blank “from” addresses:
blank_mail_from_stop:
if (recv-listener == "InboundMail" AND header("From") == "^$|") {
drop ();
}

Community Member

Re: How do I ignore "Delivery Failure" email in outbou

Summary: Identifying blank “From” headers


Oh, that explains it. That's for matching a blank From: header, not a null SMTP envelope sender address. They're not the same thing. The From: header on a delivery failure notice is usually "MAILER-DAEMON@bouncing-mail-server", but the SMTP sender address is always null. The "mail-from" expression in a message filter only looks at the SMTP sender address, not the From: header. You want to use what I wrote originally:

if (mail-from = "^$") { ... }

That will unambiguously catch all properly constructed delivery failure notices.

Community Member

Identifying blank “From” headers

Will do. Thanks again :P

1374
Views
0
Helpful
16
Replies
CreatePlease to create content