ScreenOS Firewalls (NOT SRX)
Reply
Contributor
jayNEC
Posts: 39
Registered: ‎01-24-2009
0

Antispam enabled, large email attachments fail

SSG-20, running 6.3r1.  With antispam on the inbound SMTP policy enabled, emails with larger than 10mb are dropped with the message on the remote SMTP server "The connection was dropped by the remote host."

with antispam disabled, the same email makes it through just fine.

Any thoughts on that?

Distinguished Expert
muttbarker
Posts: 2,285
Registered: ‎01-29-2008
0

Re: Antispam enabled, large email attachments fail

Are you sure it is the anti-spam filter that is dropping? I know that you can set an attachment limit on anti-virus that will cause drops. It is part of scan-manager. As far as I know anti-spam just scans against spammer lists and should drop the whole message, not based on attachment size.

 

You could check this by placing the sending server onto a white-list and see if it goes through. Or, change the action to tag instead of drop. That would help confirm that it was the anti-spam. There is also a debug command just for anti-spam that might help you troubleshoot.

 

Hope this helps a little.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
jayNEC
Posts: 39
Registered: ‎01-24-2009
0

Re: Antispam enabled, large email attachments fail

It's definitely the filter.  If I checkmark "antispam enable" it fails.  Uncheck, it works.    The action is already set to Tag, and not Drop and always has been.

With the antispam enabled, there is no transfer of data, and the session eventually drops.

I will try the whitelist and see if there is a difference there...

Contributor
jayNEC
Posts: 39
Registered: ‎01-24-2009
0

Re: Antispam enabled, large email attachments fail

The whitelist had no effect.  The SMTP session just locks up and times out.  Uncheck the option and try again and it's smooth sailing.

Distinguished Expert
muttbarker
Posts: 2,285
Registered: ‎01-29-2008
0

Re: Antispam enabled, large email attachments fail

That is bizarre - have you tested the domain by using the "exec anti-spam test" command to see what the box thinks it will do with the traffic? Also curious to see if you do a "get anti-spam" do the email that gets blocked show as blocked in terms of the counters.

 

Finally - I would do a debug anti-spam and see exactly what the heck is going on.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.