Exchange Server 2007 Blocking Received PDF Attachments
Our new installation of Exchange Server 2007 insists on blocking all (or virtually all) emails containing PDF attachments. This occurs for both externaland internal senders, though I cannot be sure if it occurs for all senders all the time. The sender whose email was blocked will typically receive a message back notifying them that the delivery failed (at least I did, from my home address when I tested this).
Unfortunately,my company has to be able to receive PDFs without a problem from many different sources. We deal extensively with multi-function printers that scan and email files in PDF format, so there's no way we can "allow" or "white list" certain senders, and I'm not surehow to do that even if itwould work on a case-by-case basis.
Our Exchange setup is a single-server only system. We have mailboxes, client access and hub transport roles on one machine, with no separate edge server configured. I have applied the latest updates, including rollup 3.
Any help would be extremely welcome!
Thanks in advance,
Gavin
August 8th, 2007 11:54pm
Hard to say what's going on without more info, perhaps some headers to show the exact error. However, is it possible that this is a message/attachment size limit issue? If you are scanning to PDF those can get quite large, and most of your connectors in Exchange 2007 have a default size limit of 10MB.
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2007 10:53pm
What antivirus solution you running? Most that I have used can do file blocking of this type at a global level regardless of connector/etc settings.
Check your quarantine and see if they are there... that is if it is set to quarantine the file.
What is the delivery failure message detail? 550 error?
August 9th, 2007 11:05pm
Thanks for the feedback, Lee and LLTJ.
I forgot to mention that I'd looked at size considerations already. The files in question that I was testing were no more than about 1.7MB. I also increased the limits throughout the Exchange Server system up to 25MB because I knew that the default 10MB ceiling would be problematic at times. But that's not the issue here.
I could not find any issues with firewalls or anti-virus applications blocking the attachments, but it's hard to be 100% sure across the whole flow of the email messages. We use Norton Antivirus Corporate on the internal domain, though I am very certain that it's not blocking anything on the Exchange Server machine itself.
I'm trying to find a 550-error message that'd explain more about what's going on, but it's not clear to me how to get that from the logs. I'll have to see if I can generate anotherfailed message at home tonight and look at that header info.
One update though: It appears that emails sent from senders who are in Active Directory (and therefore who have a mailbox in exchange) do not get PDFs blocked, whereas most external senders (or ones from a device within the company network, but that isn't in AD as a 'user' do suffer the PDF problem. Again, I can't be 100% sure of this, but it seems to follow that scenario.
Gavin
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2007 11:31pm
Here's the header information from my failed email with PDF
attachments. Clearly it's a "content restrictions" problem. I've
obviously changed any identifying particulars to protect the innocent
(i.e. me). The strange thing is, I don't think anything's changed with
our network other than installing Exchange Server 2007. So I really
can't imagine where PDFs may be blocked unless it's the Exchange Server
itself that's doing it.
Header Info from failure notification:
Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<recipient at mycompany.com>:
66.xxx.xxx.xxx failed after I sent the message.
Remote host said: 550 5.7.1 Message rejected due to content restrictions
--- Below this line is a copy of the message.
Return-Path: <sender at somewhereexternal.net>
Received: (qmail 44133 invoked from network); 10 Aug 2007 05:35:55 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=somewhereexternal.net;
h=Received:X-YMail-OSG:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type;
b=L3XEwPZqr6KLomwRTmkha1x4RR8XveElZGkpKeX+fPEjjIymTFtMOweRsoDw54YX8znXEML+0oNKGsWMHEljlyBRobKxoOMruDINjkGivOP0lvy3oxtkIBn0CFpr9tttFXsMdW8aG1U1wvRuermYUuPZtEsxxLPa2SMHE8JA1yU= ;
Received: from unknown (HELO ?75.54.139.168?) (sender at somewhereexternal.net@75.xxx.xxx.xxx with plain)
by smtp110.sbc.mail.re2.yahoo.com with SMTP; 10 Aug 2007 05:34:45 -0000
X-YMail-OSG: yYRYxiUVM1m.r6r8xIZNgL97I4i6iHcB496a0gTTLANKZjJGi5AgpmVHLH1nskYiODQ0CsJlDeFORmKJ2w--
Message-ID: <46BBF8FE.1040509@provider.net>
Date: Thu, 09 Aug 2007 22:34:54 -0700
From: Gavin <sender at somewhereexternal.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4
MIME-Version: 1.0
To: Gavin <recipient at mycompany.com>
Subject: Test with PDFs
Content-Type: multipart/mixed;
boundary="------------090501080503050901040507"
This is a multi-part message in MIME format.
--------------090501080503050901040507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Test with PDFs
--------------090501080503050901040507
Content-Type: application/pdf;
name="PLE_04Eng-Photo.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="PLE_04Eng-Photo.pdf"
JVBERi0xLjUNJeLjz9MNCjEgMCBvYmo8PC9MZW5ndGggMzQ3MC9GaWx0ZXIvRmxhdGVEZWNv
ZGUvVHlwZS9FbWJlZGRlZEZpbGU+PnN0cmVhbQ0KSIm0V1tT28gSft9f4cezDwuju3UqlSow
OCEbwIudvVQqD7I0Ap0IySXLIeyvP3PrmZ6xZGDDFkXZnu7p69eXefPmp8nk+GQ5u7iYRudN
<snipping the pages of encoded text>
MDAwMDA0MDU1MCAwMDAwMCBuDQowMDAwMDQwNjA4IDAwMDAwIG4NCjAwMDAwNDA2NDEgMDAw
MDAgbg0KMDAwMDA0MDY5NyAwMDAwMCBuDQp0cmFpbGVyDQo8PC9TaXplIDQ1Pj4NCnN0YXJ0
eHJlZg0KMTE2DQolJUVPRg0K
--------------090501080503050901040507--
As always, any insight is extremely appreciated!
Gavin
August 10th, 2007 8:43pm
Another gentleman has contacted me with this exact same problem, so I know it's unlikely to be due toa really weird unique situation on our part.
Does anyone out there have any more ideas of what to check?
Thanks!
Gavin
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2007 7:04pm
I am also having problems with .pdf files getting blocked. In my testing, some go through, others do not. When I look through the logs, I can see that they are getting blocked because they are above the SCL threshold, but the messages are legitimate and should not be getting this high of a SCL.
Check your logs on your Edge or HT for more detailed info on why messages are getting blocked: ..\Microsoft\Exchange Server\TransportRoles\Logs\AgentLog\AgentLogDATE-1.LOG
Here's an example of what you should see: "....RejectMessage,550 5.7.1 Message rejected due to content restrictions,SclAtOrAboveRejectThreshold,8"
I will continue to research and let you know if I find an answer (or work around).
Thanks!
AC
August 14th, 2007 10:39pm
I, too, have this issue. Exchange 2007 single server topology and all peripheral devices (multi-function printers, error reports from all applications and devices, SNMP trap reports, spam analysis reports, etc) are never delivered to the users when the peripheral device's settings are set to use the Exchange Server to delever the mail. I've tried all different settings with ports and authentication and nothing has worked.
On an internet-facing server, I have BrightMail installed with a SMTP Relay setup that forwards only to the Exchange Server. If I set the peripheral devices to use the SMTP Relay to deliver the emails, all internal users receive the emails, but external email addresses do not.
Did anyone ever get any ideas or solutions for this?
Any assistance would be greatly appreciated.
Thanks,
Chris
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2007 2:00am
I'm having the same problem. For some reason Exchange rejects messages from outside if there is a PDF attachment.
Max
August 27th, 2007 8:33pm
Found the problem! In the Organization Configuration, Hub Transport, Anti-Spam, Content Filtering. On the Action tab, I had checked (default value) : "Reject messages that have an SCL rating greateer than or equal to" 7.
I bumped that up to 8 and now I can receive PDF attachments from outside. Not sure why a PDF attachment would be flagged with SCL 7, I'll investigate that. Hopefully this will help other people having the same issue.
Max
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2007 6:07pm
Nice work Massim!
Following the suggestions given above, I had also increased the SCL rating in that area, and it seems to be working okay for me too. We're currently set at 8+ to quarantine, and 9+ to reject. I agree that flagging a PDF attachment at level 7 does seem high, but at least this is a workaround.
Thanks for everyone's input!
Gavin
August 28th, 2007 6:54pm
Hi,
This is a tricky one, took me some days to find out how to do this.
Most documents you find on the net only talk about the transportconfig service.When you edit this you should configure the global settings for SMTP traffic.I tried this but this but was unable to send or receive messages with large attachments.
what you also need to do is to configure your other connectors (send & receive)
here is a sample of the codeI used:
------------------------------------------------------------------------------------------------------------------
Set-TransportConfig -MaxReceiveSize xxmb -MaxSendSize xxmb
set-receiveconnector -identity "servername\connector name" -maxmessagesize xxmbset-receiveconnector -identity "servername\default servername" -maxmessagesize xxmbset-receiveconnector -identity "servername\client servername" -maxmessagesize xxmb
set-sendconnector -identity "servername\smtp connector" -maxmessagesize xxmb
-------------------------------------------------------------------------------------------------------------------
If you have more connectors you should configure them too.
Worked fine for me, can send an receive large emails.
I hope this helps you to configure it.
Dorian Groenewegen.
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2007 4:59pm
Thanks for the input, Dorian.
I had in fact already increased the allowable email message sizes, so I knew that this was not a problem relating to the size of the attachments. Some of the PDFs were only a few kBytes, but they'd still get blocked.
The issue was - as has been discovered above - an issue with the SCL levels blocking spam that wasn't spam.
Thanks anyway,
Gavin
August 30th, 2007 8:50pm
I suggest trying the Microsoft (FREE download) utility that converts Word 2007 documents to PDF.
I hope that the following can be used in the meantime while you are seeking a final solution.
Download details: 2007 Microsoft Office Add-in: Microsoft Save as PDF ...
This download allows you to export and save to the PDF format in eight 2007 Microsoft Office programs. ... Microsoft Office Visio 2007; Microsoft Office Word 2007 ...
www.microsoft.com/downloads/details.aspx?familyid=f1fc413c-6d89-4f15-991b-63b07ba5f2e5...
Also I read that Exchange blocks some file extensions by default but that they can be unblocked by the Exchange Administrator.
That info can be found at: http://office.microsoft.com/en-us/outlook/HP030850041033.aspx
If you do not have MS Office 2007 throughout your organization, consider the (FREE) viewer and also the separate Office 2007 compatability pack downloads from Microsoft at:
Be sure to install VIEWER BEFORE Compatibility Pack.
Download details: PowerPoint Viewer 2007
Microsoft Office PowerPoint Viewer 2007 lets you view full-featured presentations created in PowerPoint 97 and later versions. ... Microsoft Office PowerPoint Viewer 2007 lets you ...
www.microsoft.com/downloads/details.aspx?familyid=048DC840-14E1-467D-8DCA-19D2A8FD7485...
Download details: Microsoft Office Compatibility Pack for Word, Excel ...
... Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats also downloaded: Update for Word 2007 (KB934173) Office 2003 Service Pack 3 (SP3) PowerPoint Viewer 2007; Office File ...
www.microsoft.com/downloads/details.aspx?familyid=941b3470-3ae9-4aee-8f43-c6bb74cd1466...
Besure toINSTALL Viewer BEFORE the Compatibility Pack.
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2007 3:22am
The problem people have been having is that PDF attachments have been getting blocked. Converting more documents into PDFs clearly would not help that issue.
Your idea of checking into the file extensions that Exchange Server 2007 auto-blocks was a good one, but I had looked into that some time ago. And by taking a quick glance at the link you provided, you'd see that PDFs are not on it.
Thanks anyway,
Gavin
November 8th, 2007 8:04pm
I Have the same problem, however, I do not have Edge installed. Is it necessary to do this, or is there a work a round?
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2009 12:13am
Hi,You not installed the AntiSpam framework on your Hub Transport? If you done that the things are the same as mentioned above.Regards,Zoltnhttp://www.clamagent.org - Free Antivirus for Exchange
http://www.it-pro.hu
http://emaildetektiv.hu
May 29th, 2009 1:04am
I did not install this server. I had a tech company do it. I can tell you that I do not have antispam, content filtering or action tabs. Is there some one who can help guide me through this?
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2009 4:56pm
thanks! We just experienced the same problem and your solution worked.
November 16th, 2010 1:36pm
I did not install this server. I had a tech company do it. I can tell you that I do not have antispam, content filtering or action tabs. Is there some one who can help guide me through this?
HI MSMSKM,
Go to Exchange Management Con
Organization Configuration
Hub Transport Role > In the middel Pane Select the Anti-Spam Tabe
Free Windows Admin Tool Kit Click here and download it now
July 12th, 2011 6:38am