Question : FireBox expert needed

Since installing a Watchguard FireBox with SPAM and AV filtering all Efax documents that come in are being removed. I cant see where this is happenning. I have added the [email protected] to the "Allow" list. I have allowed .efx files through the gateway. Stumped

I have posted the logs from whet I think is a string from an Efax.

HELP!

dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-Authentication-Warning: media1.bos2.colo.j2noc.com: j2apps set sender to [email protected] using -f\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-Authentication-Warning: media1.bos2.colo.j2noc.com: Processed from queue /var/spool/mqueue\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-Authentication-Warning: media1.bos2.colo.j2noc.com: Processed by j2apps with -C /etc/sendmail.cf\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Header-Version: 1.0\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Phone-Number: 15084370335\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Customerkey: 8881463\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Servicekey: 4438469\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Message-Type: FAX\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Caller-Id: 508-540-8468\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Message-Duration: 50\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Message-Size: 41956\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Message-Format: EFX\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Message-Date: 01/25/2006 01:04:57 GMT\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Fax-Pages: 2\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Fax-Mode: 200Hx100V(Norm)\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Fax-Csid-Remote: .quot;5085408468.quot;\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="592" msg="ProxyStrip: SMTP Header" proxy_act="SMTP-Incoming.1" rule_name="Default" header="X-J2-Fax-Bps: 14400\x0d\x0a" log_type="tr" />
dst_port_nat="25" rc="598" msg="ProxyAvScan: SMTP Content type" proxy_act="SMTP-Incoming.1" rule_name="Default" content_type="Application/Octet-stream" sender="[email protected]ax.com" recipients="[email protected]g" log_type="tr" />
dst_port_nat="25" rc="590" msg="ProxyAllow: SMTP Filename" proxy_act="SMTP-Incoming.1" rule_name=".efx" file_name="d6ceb824.efx" sender="[email protected]ax.com" recipients="[email protected]g" log_type="tr" />

Answer : FireBox expert needed

Kdog,

Here's what you need to do. You need to be able to see the header information of this transmission to be able to know what you need to add to your proxy. If at all possible try to use something similar to Outlook, or Outlook Express (though I can only recommend Outlook) and use the View Message Option button. You might be able to do this from another account if the Efax can be directed so. Once you can view the Message Options, you will be able to see what type of MIME efax is to load on the firebox. For example, if you have a Jpeg image come through, the message type would be image/jpeg.

By default the check box on "Allow only safe content types and block file patterns" button should be checked. I haven't used Efax, and the only information that I've seen points to the file type "image/efax".

You should be able to add a new type as:

MIME TYPE: image/efax
Description: Efax

Click Ok.

Select your new content type and click ok, and save to the firebox.

However if the MIME type is differnet than above you will need to enter exactly what it is described as.

Hope this helps.

Random Solutions

Disabling time synchronization from Novell?

Solarwinds 2002 Engineers Edition

Vista machine putting XP machine in "The following discovered devices can not be placed in the map", XP can't see Vista.

Lynksys wirelss network card not connecting.

How to set up https in server 2000 and 2003

Microsoft Exchange E-mail Problems for only One User

Need help with Drive Mapping while Logged Off

Networkin main office with branches

How to get past a proxy that blocks all *.doc files?

Downgrading from a domain to a workgroup