System Denied IP with Filter Policy "Static Delete" in Message Audit Logs

book

Article ID: 156947

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Email is being deleted by Messaging Gateway (SMG). In Message Audit Logs (MAL), the verdict is "System denied IP" and filter policy is "static delete".

Verdict: "System denied IP", Filter Policy is "static delete".

Cause

When the connecting IP is not a routable IP, SMG will accept the message and scan the message headers for IP's on the Global Bad Sender's list.

If an IP in the header is on the Global Bad Senders list and the configured action is one we can no longer take, such as "Reject SMTP Connection", then the default (static) action will be taken.

Resolution

To prevent the "static delete" action from being used:

  • Ensure that the external, routable IP address is being transmitted to the SMG.
    • This typically means preventing a firewall or other routing device from appending its IP to the packets and
    • Ensuring that SMTP filtering is disabled on the firewall or other device.
    • Confirm this is happening by locating the email in the MAL (Status > Message Audit Logs) and check the "Accepted From" IP.


To troubleshoot this issue:

  1. Change action for "Global Bad Senders" to "Hold message in Spam Quarantine".
  2. Locate and release that email to the recipient from Spam Quarantine.
  3. Get the full message header information. The user should use "forward as attachment" to preserve the message headers.
  4. Check that the message header IPs are not listed on the "Global Bad Senders" list. (Reputation > IP Reputation Lookup)

If None of the IP's are listed under "Global Bad Senders", Please contact Symantec Technical Support for further assistance.