This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jean-Francois_G
Explorer
4 hours ago

Iphone emails sent over LTE get bounced by MTA

Hello  im running Checkpoint R81.20 Take 90 in cluster

 

Anyone has ever seen this problem ?  We have multiple external users that send us email with their iphone and gmail account over LTE and when Checkpoint MTA received the email it bounced it and drop it.  Note than if they send email over WI-FI with their Iphone we do not have this problem.  It's only happening over LTE.  Also we tried writing nothing in the email body and writing normal text and in both scenario the email is blocked

 

Here is one log

Time: 2024-11-25T17:11:04Z
Id: 56b37af0-a96f-73c6-c4fd-890fc0a86402
Sequencenum: 199
Source: 127.0.0.1
Destination: xxx.xxx.xxx.2
Destination Port: 25
Sender: externaluser@gmail.com
Recipient: internaluser@domain.ca
Email Subject: Test LtE
Email Message ID: <12E12082-6C34-4825-AA7E-0FD52C3B7134@gmail.com>
Email Queue Name: bounce
Arrival Time: 1970-01-01T00:00:00Z
Scan Started: 2024-11-25T17:11:04Z
Scan Ended: 2024-11-25T17:11:04Z
Email Status: Bounced
Last status update: 1970-01-01T00:00:00Z
Last Failure Reason: Spam email
Original Queue ID: 4Xxsfw07Lpz7t8J
Type: Log
Blade: MTA
Origin: infFire
Product Family: Threat
Logid: 131840
Marker: @A@@B@1732510800@C@5128445
Log Server Origin: xxx.xxx.xxx.3
Origin Log Server IP:xxx.xxx.xxx.3
Index Time: 2024-11-25T17:11:16Z
Lastupdatetime: 1732554676000
Lastupdateseqnum: 199
Severity: Informational
Confidence Level: N/A
Stored: true
Email Queue ID: 4Xxsfw07Lpz7t8J
Description: An email from externaluser@gmail.com was bounced
Email Headers: Received: from mail-qk1-f180.google.com (localhost [127.0.0.1]), by mail.domain.ca (Postfix) with ESMTPS id 4Xxsfw07Lpz7t8J, for <internaluser@domain.ca>; Mon, 25 Nov 2024 12:11:03 -0500 (EST), Received: by mail-qk1-f180.google.com with SMTP id af79cd13be357-7b66a740de4so76948885a.3, for <internaluser@domain.ca>; Mon, 25 Nov 2024 09:11:03 -0800 (PST), DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;, d=gmail.com; s=20230601; t=1732554663; x=1733159463; darn=domain.ca;, h=to:message-id:subject:date:mime-version:content-transfer-encoding, :from:from:to:cc:subject:date:message-id:reply-to;, bh=xbG2blgIDpVVqLeI9gG7eOxboqck3gUEy2bGANtuqBg=;, b=FwZ5++3SEWpBhZ1lYt3d9luGfZIZY6ERHiBOuIU73B6tbK8AETMEzufNSPA5Sgr5pX, n1KPtgEVaQ0+M/1vMnD9UhFbaFbBCC5x8jjTSxPdPUPDrDc32sfeo7eLItap79kMPF/D, nl1cO4OqqDXCxUQ+zHRcGzagjhiX69LOug6WHk76yWnp1z9UC/iu1j5/HC4Dfq6hBLX2, r3oLXWebQuJJrRuFfBtOAyRO9Tx7Fht+uqYm3DlbGEt77cNFolSMUbsplsu0XOHaPAWC, jI74v1FnMpV3ZwqUwHY8LZzo+2F5JWpzhkMlF28NgYPV5u1pZJaRwz49x4qya/Ul3IBg, 0tvQ==, X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;, d=1e100.net; s=20230601; t=1732554663; x=1733159463;, h=to:message-id:subject:date:mime-version:content-transfer-encoding, :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;, bh=xbG2blgIDpVVqLeI9gG7eOxboqck3gUEy2bGANtuqBg=;, b=Iv8rad/vwXuoDYQ8IwN5ZLa4m8/S26KFnk1/w59RPfszVn8veAlKaRHWfdXhzAc270, D8qUYmAJyVnTNJRwcIQvjag84svKJ6C5cUEsHlqxZu3eYcm81nNnS+ZOK9LSpZOGIj1j, F/lxpuLpkb1KdcvZv1Ru7S8wIvCrslikTD5Ebzk3T9V+om/3rKSRNozSuuXEK16be5fa, af2xWoLXQQGuQVgY8xSfs83RTTn/qb3+of5M+tXyeAyoalXEL8p8/mE+wdv6tgsMdtF2, QyUsmAMql3rVs2QwU4iG3L8zkv83AlBPzexNeLWlqLtyVWY4NX4uxTIhU4dCD9UWrpER, JpAg==, X-Gm-Message-State: AOJu0YzxbGQmVszBX1maZ3qFTAE3CoWOr5GLlbe1Y3ZMSUJglV1pstRe, DUkO6suvBKRLj91QeKe2YNK8PwHFZSlwneAcX2b9phN7KNrjRSH1F0AUpQ==, X-Gm-Gg: ASbGncs8tfZkyqSYROdELlZro/L3gOzczIN1oBV+ohBIDXh5y2eFJr0lCgJBQpdU81c, zj7VVppqrOxtzM39YADbhbME9+cRaD9JwV4+G7kCQ26nXSv3DKl7KC/oMGJuy7aOogJlgKge7dj, 1r3g+Oibs2LC2AWRMaBHjpmhKo7OXafCayHBDHuhyDX4e8QFjTv4BJdqS3YUKC0KDTMTM8HNaPX, ZSfffd0FJjhjMiOVkolI8WYijf/jPB9nNAR/88YiQxnbiDYuN9YY3bSD6ewAUdtnrAHkV5oE0h3, kOtV, X-Google-Smtp-Source: AGHT+IEpFETQ9d+qKyDNw+r3e6vPcQ0Ju4NWKDyPJaWBeWbWWNKlt+2CmHWbG3hFPkNiFoj0GDgp9w==, X-Received: by 2002:a05:620a:2906:b0:7b6:7257:1359 with SMTP id af79cd13be357-7b6725716b6mr144790885a.13.1732554662648;, Mon, 25 Nov 2024 09:11:02 -0800 (PST), Received: from smtpclient.apple ([2001:56b:9fe3:bb67:4cb7:549a:da46:38fc]), by smtp.gmail.com with ESMTPSA id af79cd13be357-7b514048e51sm370752985a.88.2024.11.25.09.11.01, for <internaluser@domain.ca>, (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);, Mon, 25 Nov 2024 09:11:01 -0800 (PST), From: External User <externaluser@gmail.com>, X-Google-Original-From: External User <externaluser@gmail.com>, Content-Type: text/plain; charset=us-ascii, Content-Transfer-Encoding: 7bit, Mime-Version: 1.0 (1.0), Date: Mon, 25 Nov 2024 12:10:50 -0500, Subject: Test LtE, Message-Id: <12E12082-6C34-4825-AA7E-0FD52C3B7134@gmail.com>, To: =?utf-8?Q?InternalUser= <internaluser@domain.ca>, X-Mailer: iPhone Mail (22A3370)

 

 

Here is the log from MTA

 

[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (NOTICE)] emaild_new_connection(): [fw_conn_id=123, emaild_context_id=3654738582] New connection.
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (NOTICE)] pre(): sender='ExternalUser@gmail.com'
[mtad 13243 3809594176]@infFire[25 Nov 12:11:04] [EMAIL_MTA (WARNING)] async_op_task_dequeue(): queue(92c4014) is empty
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_SPF (NOTICE)] spf_scan_result(): SPF_response_result: pass
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (ERROR)] email_log_direction(): ms_ip_type(c0a864fd) failed. rc=-1
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (ERROR)] email_log_direction(): ms_ip_type(c0a864fd) failed. rc=-1
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (NOTICE)] pre() - :recipient='InternalUser@domain.ca'
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (NOTICE)] pre(): Message-ID=' <12E12082-6C34-4825-AA7E-0FD52C3B7134@gmail.com>'
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (NOTICE)] parseEmlFile() - 4Xxsfw07Lpz7t8J :[emailContextId=4231640330] MIME Parsing result: 0(Success)
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_AP (NOTICE)] handle() - 4Xxsfw07Lpz7t8J :AP policy off
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (WARNING)] email_ctengine_check_async_read_status(): The read operation is complete.
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (ERROR)] email_log_direction(): ms_ip_type(c0a864fd) failed. rc=-1
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_ASPAM (ERROR)] aspam_app_scan_cb() - 4Xxsfw07Lpz7t8J :rejecting mail with reason Spam email
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_ASPAM (NOTICE)] aspam_app_scan_cb() - 4Xxsfw07Lpz7t8J :block mail
[mtad 13243 4023886336]@infFire[25 Nov 12:11:04] [EMAIL_MTA (NOTICE)] emaild_connection_handler(): [emaild_context_id=3654738582] End connection(send error).
[mtad 13243 4023886336]@infFire[25 Nov 12:11:23] [EMAIL_MTA (ERROR)] TEScanListener_LogParamsMapCleaner(): Erasing 4XxrKw189cz7t8J from logParams_map!!!

 

 

Ive open a case with Checkpoint but was wondering if anyone using MTA have this problem 

 

Thanks !

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events