Problem: Firebox blocking attachments that it shouldn’t
Recently our Firebox has started blocking attachments randomly. We have several clients that send us automated emails throughout the week, and these seem to be the attachments that are getting blocked. Most of the time they are just plain text, but sometimes .csv and .pdf files. I’ve tripple checked my SMTP rules and made sure nothing is being blocked. I’m literally allowing every type of attachment to come in through the Firebox (I know this is unsafe, but I’m trying to eliminate anything that could be causing this). The strange part is that when someone other than the automated task sends the attachment, it arrives okay. When an email with a blocked attachment reaches a recipient it has one of these errors in it:
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding:
Content-Disposition: inline
The WatchGuard Firebox which protects your network detected a message which may not be safe.
Cause : The message format may not be safe.
Content type : (none)
File name : (none)
Virus status : No information.
Action : The Firebox deleted (none).
Your network administrator can not restore this attachment.
————————
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding:
Content-Disposition: inline
The WatchGuard Firebox which protects your network detected a message which may not be safe.
Cause : The message format may not be safe.
Content type : (none)
File name : (none)
Virus status : No information.
Action : The Firebox deleted (none).
Your network administrator can not restore this attachment.
Solution : Firebox blocking attachments that it shouldn’t
If the proxy service is still blocking traffic and the emails are business critical in that case you might want to create a new packet SMTP service from specific domains, and configure as below:
SMTP [packet service]
Enabled and allowed; from specific domains; to static-NAT or 1-1 NAT
Please note for traffic from these domains there would be no flitering at all.
