cancel
Showing results for 
Search instead for 
Did you mean: 

ASM secheduled reports "SMTP Error: The following recipients failed"

WilliamLin
Nimbostratus
Nimbostratus

Hello everyone,

I want to use BIGIP ASM  "Secheduled Reports" to send attack report to my enterprise email. But when I use "send now" button to send mail, somehow it just keep getting the error message

"Could not send e-mails: SMTP Error: The following recipients failed: [my email address]"

I had send 5 QKviews and a bunch of pcap to my support team, but they just can't figure out any problem.

 

My SMTP device configuration:

1. "Test Connection" button get "OK".

2.SMTP Server Port Number if "25".

3. My SMTP servers don't need any authentication to send the mail. 

 

Had anyone encountered the same problem before?

Please let me know how to fix it.

Thanks!

1 ACCEPTED SOLUTION

Thanks for your reply !!

It's really helpful to let me think about the error may not cause by BIG-IP it self.

Although in pcap the SMTP server reponsed status 220 and 250, which should mean the request was successed. But the connection terminated at SMTP RCPT phase.

So, I searched SIEM logs to find out which device cut the connection down. Eventually it comes firewall between DMZ and Intranet dropped the request. Our firewall admin only allowed BIGIP connect SMTP port 465, which our SMTP serve at port 25. It seems BIGIP "Test Connection" doesn't base on port. (And I really have no idea why L4 firewall didn't drop the connection at the first time SMTP handshake in disallow port.)

Secheduled Reports worked fine after changed the firewall allowing WAF to SMTP server port 25.

Thanks again!

View solution in original post

2 REPLIES 2

AlexBCT
MVP
MVP

Hi, 

Seen that the test button is working correctly, I suspect the problem is in the handling of the traffic on the mail server side. Maybe the sending account is not allowed to send mails, or possibly the IP address it's coming from, is not on the mail servers allowed-list? Even though authentication may not be required, there are still other mechanisms that may stop it from accepting the mail. 

In the pcap's that you've taken, you should find the SMTP response codes (https://www.socketlabs.com/blog/21-smtp-response-codes-that-you-need-to-know/), these should give you a good indication of what the mail server responds. I often use these codes to then look into the mail server logs for further details. 

Hope this helps. 

Thanks for your reply !!

It's really helpful to let me think about the error may not cause by BIG-IP it self.

Although in pcap the SMTP server reponsed status 220 and 250, which should mean the request was successed. But the connection terminated at SMTP RCPT phase.

So, I searched SIEM logs to find out which device cut the connection down. Eventually it comes firewall between DMZ and Intranet dropped the request. Our firewall admin only allowed BIGIP connect SMTP port 465, which our SMTP serve at port 25. It seems BIGIP "Test Connection" doesn't base on port. (And I really have no idea why L4 firewall didn't drop the connection at the first time SMTP handshake in disallow port.)

Secheduled Reports worked fine after changed the firewall allowing WAF to SMTP server port 25.

Thanks again!