Out of office replies are deleted because they failed Bounce Address Tag Verification (BATV)
search cancel

Out of office replies are deleted because they failed Bounce Address Tag Verification (BATV)

book

Article ID: 153888

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Out of office replies from some external domains are being deleted because they fail BATV.

Looking the Message Audit Log on Symantec Messaging Gateway (SMG) entries are seen that indicate that the message failed bounce attack validation.

The subject portion of the failed message has also a string similar to out of office: <original subject>

 

Cause

Exchange 2007 and 2010 will send Message Disposition Notifications using a null sender address and will also use the MAIL FROM address as the RECIPIENT and this will cause messages to fail verification,  because it generates a new message that does not contain the original signature Return-Path added when it passed through the SBG appliance.

RFC references:

RFC 3798 - The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or
other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN.

RFC 3834 - Section 4 says auto-replies SHOULD be sent to the return path.

RFC 3834 -  section 7 gives an example of a Personal Responder (which is what the Out of Office Assistant is), and it uses a null sender, and the Return-Path of the subject message as the recipient.

RFC 2821 - Section 4.5.5 says non-standards-track autoreplies SHOULD be sent with non-null return paths.

 

Resolution

It is required to change the default action for messages that fail BATV validation to Deliver message normally and create a content filtering policy to address the issue.

To change the default action for the BATV validation:
 

  1. Login to the Control Center
  2. Navigate to SPAM
  3. Click the policy Failed Bounce Attack Validation: Reject message
  4. Select the checkbox next to the action Reject messages failing bounce attack validation
  5. Click Delete
  6. From the action dropbox options select Deliver message normally
  7. Click Add Action
  8. Click Save
     
Create a content filtering policy to allow Out of Office replies to be delivered and delete all other messages that will fail BATV validation.
 
NOTE: The instructions below assume that all out-of-office replies will have a subject line that begins with "Out of Office:". Not all mail servers will prepend that specific string, and even different versions of a given server (such as Exchange 2003/2007/2010) will vary as to the string that is used. Additionally, the mail administrator is often allowed to customize this as they choose. As a result, you will need to determine exactly what strings are being used by the domains you interact with and add them as additional conditions. The content filter described below is only an example.
 
  1. Login to the Control Center
  2. Navigate to Content
  3. Click Add
  4. Click Select
  5. Choose your desired policy name
  6. Under Conditions change the Apply To - Inbound messages
  7. Click Add
  8. Select  "Text in this specific part of message" - Message header
  9. Under Header Name type X-BATVResult inside the box on the right
  10. Select contains, 1 or more occurrences of fail
  11. Click Update Condition
  12. Under Conditions click Add
  13. Select  "Text in this specific part of message" - Subject
  14. Select  "does not start with" and type "Out of Office:" inside the box on the right
  15. Click Update Condition
  16. Select both the Conditions that were just created
  17. Click (X & Y)
  18. Under Actions select Delete message
  19. Click Add Action
  20. Select the group that you want to apply the policy
  21. Click Save
Powered by Wolken Software