Smtp proxy Massage

HeroHero
in Firebox - Proxies
Hello, I have set up a new watchguard. Using an outbound SMTP proxy over port 25. If we send an email through a client SW, not Outlook, the email cannot be sent through the proxy. I see a log message “SMTP command was denied”. The email can be sent without the proxy. Does anyone have an idea?

Answers

  • Bruce_BriggsBruce_Briggs

    What do you see in Traffic Monitor when this is being sent?
    It should help understand what is being blocked.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Hero
    The log in traffic monitor for that traffic should show what specific action is being denied. Under most circumstances, you can change that action to allow that traffic via the proxy.

    In this example log message, the SMTP proxy is saying that the deny was due to the SMTP To address:

    Deny 1-Trusted 0-External tcp 10.0.1.2 100.100.100.11 39384 25
    msg="ProxyDeny: SMTP To address" proxy_act="SMTP-Outgoing.1"
    rule_name="Default" address="tester@testnet.com" (SMTP-proxy-00)

    If you're unable to make out what the problem is, I'd suggest opening a support case via the support center link at the top right of this page.

    -James Carson
    WatchGuard Customer Support

  • HeroHero
    Hello Bruce, hello James, thank you for your feedback. James, can you also tell me what exactly the problem is in the log message that you gave as an example. I suspect it's because of the recipient's address. But why exactly can't you find out from the log message, right? I will attach the log message about the problem later.
  • HeroHero
    Hi this is the Massage from log manager

    2025-03-13 17:29:51 Deny 192.168.7.32 81.169.145.133 smtp/tcp 52674 25 vLan100 External ProxyDeny: SMTP command (SMTP-proxy-00) proc_id="smtp-proxy" rc="595" msg_id="1BFF-0018" proxy_act="SMTP-Outgoing-ohne Inspektion" response="503" keyword="EHLO PC01\x0d\x0a"
  • Bruce_BriggsBruce_Briggs

    The SMTP command "EHLO PC01" is being denied
    EHLO is an ESMTP command.

    Make sure that you have an SMTP-Outgoing type SMTP proxy action selected on your SMTP proxy policy.
    Make sure that ESMTP Settings -> Enable ESMTP is selected on the proxy action.

  • HeroHero
    Okay, thank you bruce for the Notice.
    I'll test it.
    Have an nice weekend.
  • HeroHero

    h

  • HeroHero

    Hi Bruce, I've enabled the setting in the proxy. Attached is a log when sending a message. Unfortunately, the program displays an error message and the message isn't sent. Can you tell what the problem is from the log?

  • Bruce_BriggsBruce_Briggs

    Please post the new log message

  • HeroHero
    Hello Bruce, Sorry, I attach the TXT file with the log
  • Bruce_BriggsBruce_Briggs

    The SMTP proxy only supports a limited number of ESMTP options. Those not supported will be stripped, thus the ProxyStrip log messages.

    See this article:
    SMTP proxy strips ESMTP options: PIPELINING, DSN, and ENHANCEDSTATUSCODES
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3AMSAY&lang=en_US

    Is there a new error message from this program?
    What is the program? From what company?
    Is there any documentation about this program?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Hero
    The logs you posted showing stripped SMTP options should not stop SMTP from working. Does the device that is trying to send show any errors in that application's logs?

    -James Carson
    WatchGuard Customer Support

  • HeroHero
    Hi guys, thanks for your answer.
    I'll take a look at it and get in touch if necessary.
    Thank you very much.
Sign In to comment.