Forum Discussion

WilliamLin's avatar
WilliamLin
Icon for Nimbostratus rankNimbostratus
Sep 06, 2022
Solved

ASM secheduled reports "SMTP Error: The following recipients failed"

Hello everyone,

I want to use BIGIP ASM  "Secheduled Reports" to send attack report to my enterprise email. But when I use "send now" button to send mail, somehow it just keep getting the error message

"Could not send e-mails: SMTP Error: The following recipients failed: [my email address]"

I had send 5 QKviews and a bunch of pcap to my support team, but they just can't figure out any problem.

 

My SMTP device configuration:

1. "Test Connection" button get "OK".

2.SMTP Server Port Number if "25".

3. My SMTP servers don't need any authentication to send the mail. 

 

Had anyone encountered the same problem before?

Please let me know how to fix it.

Thanks!

application delivery
  • WilliamLin's avatar
    WilliamLin
    Sep 07, 2022

    Thanks for your reply !!

    It's really helpful to let me think about the error may not cause by BIG-IP it self.

    Although in pcap the SMTP server reponsed status 220 and 250, which should mean the request was successed. But the connection terminated at SMTP RCPT phase.

    So, I searched SIEM logs to find out which device cut the connection down. Eventually it comes firewall between DMZ and Intranet dropped the request. Our firewall admin only allowed BIGIP connect SMTP port 465, which our SMTP serve at port 25. It seems BIGIP "Test Connection" doesn't base on port. (And I really have no idea why L4 firewall didn't drop the connection at the first time SMTP handshake in disallow port.)

    Secheduled Reports worked fine after changed the firewall allowing WAF to SMTP server port 25.

    Thanks again!

2 Replies

Sort By
  • AlexBCT's avatar
    AlexBCT
    Icon for Cumulonimbus rankCumulonimbus
    Sep 06, 2022

    Hi, 

    Seen that the test button is working correctly, I suspect the problem is in the handling of the traffic on the mail server side. Maybe the sending account is not allowed to send mails, or possibly the IP address it's coming from, is not on the mail servers allowed-list? Even though authentication may not be required, there are still other mechanisms that may stop it from accepting the mail. 

    In the pcap's that you've taken, you should find the SMTP response codes (https://www.socketlabs.com/blog/21-smtp-response-codes-that-you-need-to-know/), these should give you a good indication of what the mail server responds. I often use these codes to then look into the mail server logs for further details. 

    Hope this helps. 

    • WilliamLin's avatar
      WilliamLin
      Icon for Nimbostratus rankNimbostratus
      Sep 07, 2022

      Thanks for your reply !!

      It's really helpful to let me think about the error may not cause by BIG-IP it self.

      Although in pcap the SMTP server reponsed status 220 and 250, which should mean the request was successed. But the connection terminated at SMTP RCPT phase.

      So, I searched SIEM logs to find out which device cut the connection down. Eventually it comes firewall between DMZ and Intranet dropped the request. Our firewall admin only allowed BIGIP connect SMTP port 465, which our SMTP serve at port 25. It seems BIGIP "Test Connection" doesn't base on port. (And I really have no idea why L4 firewall didn't drop the connection at the first time SMTP handshake in disallow port.)

      Secheduled Reports worked fine after changed the firewall allowing WAF to SMTP server port 25.

      Thanks again!