E-Mail gets deleted by Local Bad Sender IPs policy but address cannot be found on the list

book

Article ID: 156965

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

E-Mail gets deleted by what seems to be Local Bad Sender IPs policy but sender's IP address visible in Message Audit Log (MAL) field "Accepted From:" cannot be found on the Local Bad Sender IPs list.


MAL entry displays following information:
- Verdict: System denied IP
- Filter Policy: static delete
- Action taken: Delete message

Screenshot of MAL verdict:

Resolution

This works as designed.

Message Audit Log is designed to primarily display IP Address discovered at connection time. Local Bad Sender IPs policy applies to IP Address discovered at connection time as well as any IP addresses discovered in "Received:" headers which are present in "Message Body" part of e-mail message.

For further information with regards to differences between "Message Envelope" and "Message Body" please refer to following documents:
http://tools.ietf.org/html/rfc5321
http://tools.ietf.org/html/rfc5322

http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
http://en.wikipedia.org/wiki/Email

 

Please consider following example to illustrate the situation:

1. Local Bad Sender IPs policy configured as follows:

2. E-Mail with following contents in message body part:

3. Message is sent from MTA with IP 10.2.46.241, correct verdict delivered by SMG, based on contents of "Received:" headers found in message body:

 


Attachments