SMTP Proxy - Email size restriction - NDR?

If you limit the incoming email size using the SMTP Proxy and an incoming message exceeds that limit, can you / or does the firebox issue an NDR to the sender?

Normally, denied packets and connection attempts get rejected silently on the firebox, but it's essential if we end up blocking legitimate email that the sender gets an NDR so we can make alternate arrangements for receiving the message/attachment.

I can't find a definitive answer in the documentation. Thanks in advance.


  • RalphRalph WatchGuard Representative

    Hello Darrin,

    No. We're just a proxy. Only Mail Transfer Agents aka email servers aka email relays are responsible for issuing NDRs (The last MTA that accepted a message for delivery). So, if an email is blocked because of a rule on the proxy, the sending MTA gets a response back (eg. a permanent 5XX reject) and acts accordingly (sends NDR). SMTP service still behaves as if the proxy wasn't there in the first place.

  • what I found is that the sending MTA does not get a proper response if the size limit is reached, so it retries several times

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The proxy should pass an NDR provided the MTA that the message is going to sends one. The firebox is a proxy, not an MTA, so it will not issue an NDR by itself.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.