03-24-2010 08:23 AM
SSG-20, running 6.3r1. With antispam on the inbound SMTP policy enabled, emails with larger than 10mb are dropped with the message on the remote SMTP server "The connection was dropped by the remote host."
with antispam disabled, the same email makes it through just fine.
Any thoughts on that?
03-24-2010 08:35 AM
Are you sure it is the anti-spam filter that is dropping? I know that you can set an attachment limit on anti-virus that will cause drops. It is part of scan-manager. As far as I know anti-spam just scans against spammer lists and should drop the whole message, not based on attachment size.
You could check this by placing the sending server onto a white-list and see if it goes through. Or, change the action to tag instead of drop. That would help confirm that it was the anti-spam. There is also a debug command just for anti-spam that might help you troubleshoot.
Hope this helps a little.
03-24-2010 09:51 AM
It's definitely the filter. If I checkmark "antispam enable" it fails. Uncheck, it works. The action is already set to Tag, and not Drop and always has been.
With the antispam enabled, there is no transfer of data, and the session eventually drops.
I will try the whitelist and see if there is a difference there...
03-24-2010 05:17 PM
That is bizarre - have you tested the domain by using the "exec anti-spam test" command to see what the box thinks it will do with the traffic? Also curious to see if you do a "get anti-spam" do the email that gets blocked show as blocked in terms of the counters.
Finally - I would do a debug anti-spam and see exactly what the heck is going on.