SMTP Incoming Email denied

edited December 2021 in Firebox - Proxies

Have a company trying to send us email and it keeps getting denied by our SMTP Proxy settings. I added to the email address to our "SPAM" and "Mail From" exceptions so this isn't blocking them. But I now get this message:

What am I missing?

smtp-proxy[2979]: msg_id="1BFF-0003" Deny External Trusted tcp -removed- -removed- 12668 25 msg="ProxyDrop: SMTP header" proxy_act="SMTP-Incoming.1" rule_name="Prevent Spoofing" header="X-DMZ-RCPT-TO: [email protected] geo_src="USA" geo_dst="USA" (SMTP-proxy-incoming-00

*removed IP addresses from logs. -jc


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SystemsA

    The proxy is hitting a rule called "Prevent Spoofing" which is likely rejecting any email that has FROM as your domain.

    If they have a reason to be sending email from your email domain, I'd suggest making a separate SMTP firewall rule FROM their mail server IP/IPs to your mail server, without that anti-spoofing rule in the SMTP proxy.

    For example

    Rule # - FROM - TO
    1 - - Exchange Server Static Nat.
    2 - Any External - Exchange Server Static NAT

    -James Carson
    WatchGuard Customer Support

  • I have a rule in the SMTP Proxy - Address - Mail From - Called "Prevent Spoofing". Which has rule to deny email from the outside coming in with domain name equal to our domain: *

    To stop Spam from outside the company faking domain email names looking like they came from us.

    This legit email thou is defiantly from outside our Firewall and from a legit domain and company. Not sure why it would have the "X-DMZ-RCPT-TO: [email protected]" in it.

    I disabled the rule and now it comes thru but not sure that is a best thing to leave off.


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SystemsA

    The sender will either need to stop sending it that way, or you'll need to make a firewall rule from the sender's mail server IP with a proxy rule that allows that header.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.