cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1116
Views
0
Helpful
9
Replies

Domain White listed but no incoming mail

NABILIT
Beginner
Beginner

Hi Teams, 

Please, We have Cisco Email Security Appliance C190 (10.0.0.25) - 

We configured for one domain trusted in the sender whitelist, But the emails are blocked what should I check please 

 

regards 

9 Replies 9

dmccabej
Cisco Employee
Cisco Employee

Hello,

 

Mail flow policies do not tie to envelope sender domains, but instead the domain/FQDN of the connecting server. 

 

For example, if you had bob@abc.com trying to send you an email, but the server he was sending it from was smtp.xyz.com, you would need to whitelist *.xyz.com on the Host Access Table (HAT) level. 

 

If you were able to provide a copy of the mail logs and/or message tracking we could help identify why they may be blocked. 

 

Thanks!

-Dennis M.

Hi

Thanks for your feedback, We added the full domain on HAT as sender group white liste also , stil the same issue 

On the tracking mail we don't have any mail for troobelshoot , Also we ask the netwrk admin if he can see the incomnig mail no trace :( also we witelsted this domain on our fortigate 

regrads 

In the GUI, you can try enabling Rejected Connection Handling under Security Services --> Message Tracking. This would allow you to search message tracking using the hostname of the connecting server if it was rejected (or you can grep within the mail_logs from the CLI) If we don't have any logs to look at there's not going to be much we can do. You can always open a TAC case and we can try to take a closer look.

 

Thanks!

-Dennis M.

 

 

 

 

Hi,

The last mail tracking date since  november as you can see on the log , We can see the exchange mail from this domain and our domain, but since this date no mail coming :(

=========

Message Details

Envelope and Header Summary


Received Time:
25 Nov 2018 18:47:47 (GMT +01:00) 

MID:
121462 

Message Size:
675.03 (KB) 

Subject:
A/S : des Facture en instances 2017. 

Envelope Sender:
xxx2@domainsender

Envelope Recipients:
AAA@Ourdomain

Message ID Header:
<OFF1175A00.47237E89-ON41258350.0062E5FD-41258350.0063FA68@> 

SMTP Auth User ID:
N/A 

Attachment Attachments:
FACTURE N

Sending Host Summary


Reverse DNS Hostname:
Mail from senderdomain (verified) 

IP Address:
IP 

SBRS Score:
5.1
====


MAIL POLICY "Policy" MATCHED THESE RECIPIENTS: AAA@Ourdomain,  

25 Nov 2018 18:47:47 (GMT +01:00)
Protocol SMTP interface Data 2 (IP IP) on incoming connection (ICID 212397) from sender IP2. Reverse DNS host Mail from senderdomain verified yes. 

25 Nov 2018 18:47:47 (GMT +01:00)
(ICID 212397) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 5.1 

25 Nov 2018 18:47:47 (GMT +01:00)
Start message 121462 on incoming connection (ICID 212397). 

25 Nov 2018 18:47:47 (GMT +01:00)
Message 121462 enqueued on incoming connection (ICID 212397) from xxx@domainsender. 

25 Nov 2018 18:47:47 (GMT +01:00)
Message 121462 on incoming connection (ICID 212397) added recipient (AAA@Ourdomain). 

25 Nov 2018 18:47:47 (GMT +01:00)
Message 121462 on incoming connection (ICID 212397) added recipient (AAA2@Ourdomain). 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 contains message ID header '<OFF1175A00.47237E89-ON41258350.0062E5FD-41258350.0063FA68@'. 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 original subject on injection: A/S : des Facture en instances 2017. 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 (691230 bytes) from xxx@domainsender ready. 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 matched per-recipient policy Policy for inbound mail policies. 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 size 691230 exceeds max size 524288 for Anti-Spam scanning by Outbreak Filters 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 scanned by Anti-Spam engine: CASE. Interim verdict: Negative 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 scanned by Anti-Spam engine CASE. Interim verdict: definitely negative. 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 scanned by Anti-Spam engine: CASE. Final verdict: Negative 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 scanned by Anti-Virus engine. Final verdict: Negative 

25 Nov 2018 18:47:49 (GMT +01:00)
Message 121462 contains attachment 'FACTURE Num 101275277 01022017 143510 FEVRIER 2017 FEVRIER 1.pdf'. 


25 Nov 2018 18:47:49 (GMT +01:00)
SMTP delivery connection (DCID 97800) opened from Cisco IronPort interface IP to IP address IP on port 25. 

25 Nov 2018 18:47:49 (GMT +01:00)
(DCID 97800) Delivery started for message 121462 to AAA@Ourdomain, AAA2@Ourdomain. 

25 Nov 2018 18:47:50 (GMT +01:00)
(DCID 97800) Delivery details: Message 121462 sent to AAA@Ourdomain, AAA2@Ourdomain 

25 Nov 2018 18:47:50 (GMT +01:00)
Message 121462 to AAA@Ourdomain, AAA2@Ourdomain received remote SMTP response '2.6.0 <OFF1175A00.47237E89-ON41258350.0062E5FD-41258350.0063FA68@z> [InternalId=78615081386013, Hostname=] Queued mail for delivery'. 
 

 

 

 

Hello,

 

Unfortunately, a working tracking summary isn't going to provide us with much detail as to why current messages are not being received. What you'll want to do is what I mentioned previously and enabled Rejected Connection Handling, and then search through the tracking (from the GUI) and mail_logs (from the CLI) for anything related to the sending host.

 

For example, from the CLI you could do :

 

grep -i "sendinghost.domain.com" mail_logs

 

Thanks!

-Dennis M.

Hi Dennis, 

here is the configuration after your feedback 

Rejected Connection Handling ==> is Enabled , W ewill try to have the logs 

regards 

Hi , No incoming mail :(

regards

Hello,

 

If you enabled rejection handling and you're still not seeing the sending host, then either the search parameters are still incorrect or the emails are not hitting the ESA at all. You may want to work with the sending domain to see if perhaps they're getting caught up somewhere prior to the ESA.

 

Thanks!

-Dennis M.

Hi Dennis ,

Thank you for your help, We have done tests, We receive emails from Gmail and other personnal mailbOx, except on our email

always on invitigations

Regrads

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers