Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-20-2016 02:07 AM
Hi!
We enable the blocking email viruses attachement by setting the antivirus profile with an action “reset-both” for SMTP. The virus attachement could be blockded, however the sender’s mail server keep retry until timeout and no undelivered mail message returned to sender.
Please advice? Thank you!
Device : PA3050, PANOS 7.08
09-20-2016 03:06 AM
For SMTP related functions you will want to set the action to "block". This will send a SMTP 541 message to the sending server so it stops trying to deliver the message.
09-20-2016 06:49 AM
hi,
you mean "drop"?..."block" is not available...
09-20-2016 06:07 PM
Yes, "Block" action is not availiable anymore. I wondering it was related to response feature had been change.
04-14-2017 11:35 AM
Reset Client, Reset Server and Reset Both will all send an SMTP 541 message followed by the appropriate resets.
Reference:
11-29-2017 02:42 PM
Hey,
The SMTP 541 official definition is:
541 | The recipient address rejected your message: normally, it's an error caused by an anti-spam filter. | Your message has been detected and labeled as spam. You must ask the recipient to whitelist you |
Can someone confirm that this will not cause the SMTP server to stop sending ALL email, and this action only drops the email containing the malware?
We receive all email from an upstream / external mail filtering/relay service and occassionally some viruses get through. We want to stop this at the firewall, but are concerned changing the default action on the AV profile will result in all mail from the external relay being stopped once an event is detected and the SMTP 541 response is sent.
Thanks,
Shannon
11-30-2017 11:10 AM - edited 11-30-2017 11:11 AM
In case of SMTP protocol only email with virus will get 541 back. Others are not affected.
POP and IMAP don't have this capability built into the protocol.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
