Smtp proxy Massage
Hello, I have set up a new watchguard. Using an outbound SMTP proxy over port 25. If we send an email through a client SW, not Outlook, the email cannot be sent through the proxy. I see a log message “SMTP command was denied”. The email can be sent without the proxy. Does anyone have an idea?
0
Sign In to comment.
Answers
What do you see in Traffic Monitor when this is being sent?
It should help understand what is being blocked.
Hi @Hero
The log in traffic monitor for that traffic should show what specific action is being denied. Under most circumstances, you can change that action to allow that traffic via the proxy.
In this example log message, the SMTP proxy is saying that the deny was due to the SMTP To address:
Deny 1-Trusted 0-External tcp 10.0.1.2 100.100.100.11 39384 25
msg="ProxyDeny: SMTP To address" proxy_act="SMTP-Outgoing.1"
rule_name="Default" address="tester@testnet.com" (SMTP-proxy-00)
If you're unable to make out what the problem is, I'd suggest opening a support case via the support center link at the top right of this page.
-James Carson
WatchGuard Customer Support
2025-03-13 17:29:51 Deny 192.168.7.32 81.169.145.133 smtp/tcp 52674 25 vLan100 External ProxyDeny: SMTP command (SMTP-proxy-00) proc_id="smtp-proxy" rc="595" msg_id="1BFF-0018" proxy_act="SMTP-Outgoing-ohne Inspektion" response="503" keyword="EHLO PC01\x0d\x0a"
The SMTP command "EHLO PC01" is being denied
EHLO is an ESMTP command.
Make sure that you have an SMTP-Outgoing type SMTP proxy action selected on your SMTP proxy policy.
Make sure that ESMTP Settings -> Enable ESMTP is selected on the proxy action.
I'll test it.
Have an nice weekend.
h
Hi Bruce, I've enabled the setting in the proxy. Attached is a log when sending a message. Unfortunately, the program displays an error message and the message isn't sent. Can you tell what the problem is from the log?
Please post the new log message
The SMTP proxy only supports a limited number of ESMTP options. Those not supported will be stripped, thus the ProxyStrip log messages.
See this article:
SMTP proxy strips ESMTP options: PIPELINING, DSN, and ENHANCEDSTATUSCODES
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3AMSAY&lang=en_US
Is there a new error message from this program?
What is the program? From what company?
Is there any documentation about this program?
Hi @Hero
The logs you posted showing stripped SMTP options should not stop SMTP from working. Does the device that is trying to send show any errors in that application's logs?
-James Carson
WatchGuard Customer Support
I'll take a look at it and get in touch if necessary.
Thank you very much.