Corrupt attachments (ORF 5.0/5.1+Win 2012+Virtual SMTP+Exchange 2013) - ORF Forums

Corrupt attachments (ORF 5.0/5.1+Win 2012+Virtual SMTP+Exchange 2013) RSS Back to forum

1

We have a setup with Exchange 2013 running on Windows 2012 and ORF 5.0/5.1 running on a separate Windows 2012 server with Virtual SMTP (IIS6). There is a problem with some attachments (.pdf, .jpeg) which are getting corrupted both in incoming and outgoing email.

Specific attachments are corrupted each time they pass through ORF. As soon as we uninstall ORF and pass email directly through "virtual smtp->Exchange 2013" for the incoming or "Exchange 2013->internet" for the outgoing email everything reverts back to normal.

We noticed the problem with ORF 5.0 and tried ORF 5.1, but without much luck.

Any help will be appreciated.

by Santana 6 years ago
2

@Santana: You mentioned that outgoing emails are not going through the Virtual SMTP server which ORF is bound to (and even if they did, ORF would not test or alter them in any way: it ignores outgoing emails), but those get corrupted as well, so I do not think the issue is caused by ORF.

Or I misunderstood how outgoing emails are relayed to external recipients. Could you clarify this part please?

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

3

@Krisztián Fekete (Vamsoft): The outgoing email was passing through ORF to enable "Auto Sender Whitelist" functionality.

The initial setup (some incoming and outgoing attachments are corrupted):

Incoming emails: Internet->CISCO ASA->Virtual SMTP Server->ORF->Exchange 2013
Outoging emails: Exchange 2013->ORF ->Virtual SMTP Server->CISCO ASA->Internet

------------------------------------------

Modified setup#1 (only incoming attachments are corrupted, outgoing attachments are ok):

Incoming emails: Internet->CISCO ASA->Virtual SMTP Server->ORF->Exchange 2013
Outgoing emails: Exchange 2013->CISCO ASA->Internet

------------------------------------------

Modified setup#2 (both incoming and outgoing attachments are ok):

Incoming emails: Internet->CISCO ASA->Virtual SMTP Server->Exchange 2013
Outgoing emails: Exchange 2013->CISCO ASA->Internet

I double checked that there is no esmtp inspection on ASA and no antivirus installed on both servers. I can reproduce the problem by sending/receiving specific attachments when mail passes through ORF.

I tried sending and receiving emails through Outlook, Thunderbird and OWA on few different PCs to rule out non-server related problems.

by Santana 6 years ago
(in reply to this post)

4

@Santana: Thanks. The Auto Sender Whitelist feature only monitors the outgoing email flow, ORF does not modify the outgoing emails in any. Since we have never been reported this problem before, I believe the issue is not caused by ORF.

You mentioned that all outgoing and incoming emails are relayed through CISCO ASA. I found a thread describing the very same problem you experience:

https://supportforums.cisco.com/thread/2191946

Could you test by excluding CISCO ASA from the mail flow?

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

5

CISCO ASA was the first suspect and I already checked that there is no smtp inspection that the traffic wents through. Exchange 2013 was the second suspect and I ruled out both candidates by:

1) Sending email through a different smtp server: Outlook->CISCO ASA->"Popular email provider"->Internet

Result: Attachments are ok

2) Sending email straight from Exchange 2013: Outlook->Exchange->CISCO ASA->Internet

Result: Attachments are ok

3) Sending email through Virtual SMTP Server: Outlook->Exchange->Virtual SMTP Server->CISCO ASA->Internet

Result: Attachments are ok

4) Sending email through Virtual SMTP server with ORF installed: Outlook->Exchange->Virtual SMTP Server->ORF->CISCO ASA->Internet

Result: Some attachments are broken

I made extensive testing by simply sending the same email with the same attachments over and over again.

As soon as I uninstall ORF, attachments are getting through 100% correct. Install ORF back and selected attachments are corrupt.

I can provide original emails, their headers, logs and whatever information is needed.

It would be great if someone could contact me over email, so we can diagnose the problem and fix it.

by Santana 6 years ago
6

I would also like to add that I have different installations of ORF in other locations that are running just fine.

One example: Exchange 2010+Windows 2008R2 and ORF 5.0+Windows 2008R2 with the CISCO ASA 5505 as gateway

Another example: Lotus Domino 8.5+Windows 2003R2 and ORF 4.4+Windows 2003R2 with the CISCO 18xx gateway

Everything is great and I really like the product. It's that the Exchange 2013+Windows 2012+ORF 5.0 is causing some problems.

by Santana 6 years ago
7

@Santana: Could you send us some MIME samples (EML format) of the same emails with ORF installed and not installed (corrupted and not corrupted state) to please? We will look into this.

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

8

@Krisztián Fekete (Vamsoft): I sent you an email with 2 .eml files attached.

Do not hesitate to contact me if you'll need any other information.

by Santana 6 years ago
(in reply to this post)

9

@Santana: We have tried to reproduce the issue on IIS6 / Windows Server 2012 using the email samples you sent, but to no avail -- no message corruption here.

Comparing the email samples I have noticed that the corrupted email has one additional delivery hop:

Received: from mail.xxx ([192.168.0.4]) by mail.xxx with Microsoft SMTPSVC(8.0.9200.16384);Tue, 14 May 2013 15:44:44 +0400

This specific delivery hop does not show up in "good" email. If I understand correctly, you also confirmed the removal of the delivery hop when you said "As soon as we uninstall ORF and pass email directly through [...]" -- I think this delivery hop is somehow the problem. Also, the corrupted email features an "X-OriginalArrivalTime" header, normally added by IIS SMTP, but not by recent Exchange versions. The above leads me to be believe the "good email" is never passed through the IIS SMTP server where ORF runs.

Can you please re-run your test with ORF disabled or completely uninstalled, but without eliminating the IIS delivery hop from the relay chain? If the issue still occurs, we can rule out ORF as the source of the issue and the investigation can be focused elsewhere.

by Péter Karsai (Vamsoft) 6 years ago
(in reply to this post)

10

There are 2 servers:

192.168.0.4 - Exchange 2013
192.168.0.3 - Virtual SMTP Server + ORF

The delivery hop mail.xxx (192.168.0.4) is actualy Virtual SMTP Server (192.168.0.3) with ORF service installed, but it's masquerading it's FQDN to mail.xxx and resolves in DNS as 192.168.0.4.

You correctly noticed that the header is different to Exchange header, as this is IIS6 Virtual SMTP server on a different server. There is also difference in FQDN - one is in capitals (Exchange 2013), another one is small letters (different server with Virtual SMTP)

We started testing corruption issues with outgoing emails and the first step was eliminating 192.168.0.3 hop by sending directly from Exchange, which solved the problem for outgoing emails.

After that we decided to test incoming emails and faced the same issues. The last step was uninstalling/installing ORF to confirm the cause.

I have incoming emails that came through Virtual SMTP host with ORF installed (corrupt) and without it (ok). If it's ok I can send them.

If you definitely need outgoing emails, I can conduct new test and send the results, but it will take more time.

by Santana 6 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2