Can't see incoming mails - ORF Forums

Hello,

After easy installation and more than easy configuration I started the service. I send an E-Mail to a not existing recipient and was happy about the "1" on the overview page.

Unfortunately all mails are whitelisted. After a short view on the report I can see, that only outgoing mails are inspected. In this case the NBR. Can't see any entries about traffic from the internet.

ORF is installaed on a edge server (MS Exchange 2010).

Recipient validation is on via text file and before arrival.

What's wrong?

Just for clarification:

Send from outside (private domain to business domain):
Send an E-Mail to a valid recipient: Works
Send an E-Mail to a invalid recipient: Not rejected, receive an NDR.
Send an E-Mail to a valid recipient with a blacklisted keyword: Works (sent and received)

Send from inside (business domain to private domain):
Send an E-Mail from and to a valid recipient with a blacklisted keyword: Works (sent and received)

I can see the outgoing messages only (from business to private domain) in ORF Log Viewer.

Hi Jens,

are you using ORF on Exchange (which version) or with IIS?

Regards
Norbert

@NorbertFe: Hi Norbert,

we have

- Exchange 2010 (Edge) in perimeter network
- Forefront Protection 2010 for Exchange (I want to replace/extend it with ORF because it's discontinued)

Jens

@Jens: Hi Jens,

ok, so you installed ORF on the Edge server? The recipient validation shouldn't work at all on an edge server because there is no ldap it can connect to. Let the Exchange recipient filter do the work instead. Can you tell the order of your transport agents? Where are the whitelisted mails coming from?
You're still using FP2010? It's discontinued since years iirc 2015.

Regards
Norbert

Norbert,
ORF is installed on the Edge-Server. Recipient validation isn't my problem.

All mails are Whitelisted. Because alle E-Mails comes from the internal Mail-Server.
No mails from the internet passed the ORF.

My test procedure:
- Sent from an external E-Mail-Account a E-Mail to my Business account. I can't see the E-Mail on the statistic and not in logfiles.
- Sent from Businesss to any extern: The statistic reflects the E-mail, the E-Mail ist whitelisted because it's from internal Mail-Server. (This decision should be right)

Jens

Hi Jens,

if you don't see the incoming mails (from external) in the ORF logfiles, can you see them in the SMTP Logging from exchange for verification? Outbound mails are and should always whitelisted.

@NorbertFe: I can't see incomming mails from external in the ORF-Logfiles and can't see it on the overview and statistic view.
I can't see only the outgoing mail from internal in the ORF-Logfiles (and they are well whitelisted).

If you want to take a look you can find some screenshots here:
https://1drv.ms/u/s!ArEfuEx-j7okneNzB6EUfp-baIJ6hw

URL:
https://1drv.ms/f/s!ArEfuEx-j7okneNx4r-5qzNor3f8xQ

Hi Jens,

do you have verbose logging on your "internet receive connector" enabled? Do you see inbound mails in them?

Regards
Norbert

@Jens: Looking at your screenshot: Thats _ALL_ backscatter. Its outbound mail. Doesn't your edge server do recipient filtering? I guess it would be easier we talk by phone on monday (you already contacted my co-worker).

Norbert, can I send you an email? Which address do you have?
Of course we can make a call on monday. It's would be great. Which number?

We talking every time about the same problem. I know was happend, but I dont know why.

I want recipient filtering on ORF (not on Exchange) for external inbounds. And exact this point dosn't work.

Catched!
Firewall misconfiguration published smtp protocol from internal mail server, not from edge.

Thanks Norbert, your suspicion was right.

Jens

Hi Jens,

no problem at all. :) Hopefully you find ORF the right product for your environment. Let me know if you have any other questions.

Regards
Norbert