none
Exchange Server 2007 Blocking Received PDF Attachments

    Question

  • Our new installation of Exchange Server 2007 insists on blocking all (or virtually all) emails containing PDF attachments.  This occurs for both external and internal senders, though I cannot be sure if it occurs for all senders all the time.  The sender whose email was blocked will typically receive a message back notifying them that the delivery failed (at least I did, from my home address when I tested this).

     

    Unfortunately, my company has to be able to receive PDFs without a problem from many different sources.  We deal extensively with multi-function printers that scan and email files in PDF format, so there's no way we can "allow" or "white list" certain senders, and I'm not sure how to do that even if it would work on a case-by-case basis.

     

    Our Exchange setup is a single-server only system.  We have mailboxes, client access and hub transport roles on one machine, with no separate edge server configured.  I have applied the latest updates, including rollup 3.

     

    Any help would be extremely welcome!

     

    Thanks in advance,

     

    Gavin

    Wednesday, August 08, 2007 8:54 PM

Answers

  • Found the problem! In the Organization Configuration, Hub Transport, Anti-Spam, Content Filtering. On the Action tab, I had checked (default value) : "Reject messages that have an SCL rating greateer than or equal to" 7.

     

    I bumped that up to 8 and now I can receive PDF attachments from outside. Not sure why a PDF attachment would be flagged with SCL 7, I'll investigate that. Hopefully this will help other people having the same issue.

     

    Max

    Tuesday, August 28, 2007 3:07 PM

All replies

  • Hard to say what's going on without more info, perhaps some headers to show the exact error.  However, is it possible that this is a message/attachment size limit issue?  If you are scanning to PDF those can get quite large, and most of your connectors in Exchange 2007 have a default size limit of 10MB.

     

     

    Thursday, August 09, 2007 7:53 PM
  • What antivirus solution you running? Most that I have used can do file blocking of this type at a global level regardless of connector/etc settings.

    Check your quarantine and see if they are there... that is if it is set to quarantine the file.

     

    What is the delivery failure message detail? 550 error?

    Thursday, August 09, 2007 8:05 PM
  •  

    Thanks for the feedback, Lee and LLTJ.

     

    I forgot to mention that I'd looked at size considerations already.  The files in question that I was testing were no more than about 1.7MB.  I also increased the limits throughout the Exchange Server system up to 25MB because I knew that the default 10MB ceiling would be problematic at times.  But that's not the issue here.

     

    I could not find any issues with firewalls or anti-virus applications blocking the attachments, but it's hard to be 100% sure across the whole flow of the email messages.  We use Norton Antivirus Corporate on the internal domain, though I am very certain that it's not blocking anything on the Exchange Server machine itself.

     

    I'm trying to find a 550-error message that'd explain more about what's going on, but it's not clear to me how to get that from the logs.  I'll have to see if I can generate another failed message at home tonight and look at that header info.

     

    One update though:  It appears that emails sent from senders who are in Active Directory (and therefore who have a mailbox in exchange) do not get PDFs blocked, whereas most external senders (or ones from a device within the company network, but that isn't in AD as a 'user' do suffer the PDF problem.  Again, I can't be 100% sure of this, but it seems to follow that scenario.

     

    Gavin

    Thursday, August 09, 2007 8:31 PM
  •  

    Here's the header information from my failed email with PDF

    attachments. Clearly it's a "content restrictions" problem. I've

    obviously changed any identifying particulars to protect the innocent

    (i.e. me). The strange thing is, I don't think anything's changed with

    our network other than installing Exchange Server 2007. So I really

    can't imagine where PDFs may be blocked unless it's the Exchange Server

    itself that's doing it.

     

     

    Header Info from failure notification:

     

    Hi. This is the qmail-send program at yahoo.com.

    I'm afraid I wasn't able to deliver your message to the following addresses.

    This is a permanent error; I've given up. Sorry it didn't work out.

    <recipient at mycompany.com>:

    66.xxx.xxx.xxx failed after I sent the message.

    Remote host said: 550 5.7.1 Message rejected due to content restrictions

    --- Below this line is a copy of the message.

    Return-Path: <sender at somewhereexternal.net>

    Received: (qmail 44133 invoked from network); 10 Aug 2007 05:35:55 -0000

    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

    s=s1024; d=somewhereexternal.net;

    h=Received:X-YMail-OSG:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type;

    b=L3XEwPZqr6KLomwRTmkha1x4RR8XveElZGkpKeX+fPEjjIymTFtMOweRsoDw54YX8znXEML+0oNKGsWMHEljlyBRobKxoOMruDINjkGivOP0lvy3oxtkIBn0CFpr9tttFXsMdW8aG1U1wvRuermYUuPZtEsxxLPa2SMHE8JA1yU= ;

    Received: from unknown (HELO ?75.54.139.168?) (sender at somewhereexternal.net@75.xxx.xxx.xxx with plain)

    by smtp110.sbc.mail.re2.yahoo.com with SMTP; 10 Aug 2007 05:34:45 -0000

    X-YMail-OSG: yYRYxiUVM1m.r6r8xIZNgL97I4i6iHcB496a0gTTLANKZjJGi5AgpmVHLH1nskYiODQ0CsJlDeFORmKJ2w--

    Message-ID: <46BBF8FE.1040509@provider.net>

    Date: Thu, 09 Aug 2007 22:34:54 -0700

    From: Gavin <sender at somewhereexternal.net>

    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4

    MIME-Version: 1.0

    To: Gavin <recipient at mycompany.com>

    Subject: Test with PDFs

    Content-Type: multipart/mixed;

    boundary="------------090501080503050901040507"

    This is a multi-part message in MIME format.

    --------------090501080503050901040507

    Content-Type: text/plain; charset=ISO-8859-1; format=flowed

    Content-Transfer-Encoding: 7bit

    Test with PDFs

     

    --------------090501080503050901040507

    Content-Type: application/pdf;

    name="PLE_04Eng-Photo.pdf"

    Content-Transfer-Encoding: base64

    Content-Disposition: inline;

    filename="PLE_04Eng-Photo.pdf"

    JVBERi0xLjUNJeLjz9MNCjEgMCBvYmo8PC9MZW5ndGggMzQ3MC9GaWx0ZXIvRmxhdGVEZWNv

    ZGUvVHlwZS9FbWJlZGRlZEZpbGU+PnN0cmVhbQ0KSIm0V1tT28gSft9f4cezDwuju3UqlSow

    OCEbwIudvVQqD7I0Ap0IySXLIeyvP3PrmZ6xZGDDFkXZnu7p69eXefPmp8nk+GQ5u7iYRudN

    <snipping the pages of encoded text>

    MDAwMDA0MDU1MCAwMDAwMCBuDQowMDAwMDQwNjA4IDAwMDAwIG4NCjAwMDAwNDA2NDEgMDAw

    MDAgbg0KMDAwMDA0MDY5NyAwMDAwMCBuDQp0cmFpbGVyDQo8PC9TaXplIDQ1Pj4NCnN0YXJ0

    eHJlZg0KMTE2DQolJUVPRg0K

    --------------090501080503050901040507--

     

     

     

     

    As always, any insight is extremely appreciated!

     

    Gavin

     

    Friday, August 10, 2007 5:43 PM
  • Another gentleman has contacted me with this exact same problem, so I know it's unlikely to be due to a really weird unique situation on our part.

     

    Does anyone out there have any more ideas of what to check?

     

    Thanks!

     

    Gavin

    Monday, August 13, 2007 4:04 PM
  • I am also having problems with .pdf files getting blocked.  In my testing, some go through, others do not.  When I look through the logs, I can see that they are getting blocked because they are above the SCL threshold, but the messages are legitimate and should not be getting this high of a SCL.

    Check your logs on your Edge or HT for more detailed info on why messages are getting blocked: ..\Microsoft\Exchange Server\TransportRoles\Logs\AgentLog\AgentLogDATE-1.LOG

    Here's an example of what you should see: "....RejectMessage,550 5.7.1 Message rejected due to content restrictions,SclAtOrAboveRejectThreshold,8"

    I will continue to research and let you know if I find an answer (or work around).

    Thanks!

    AC

    Tuesday, August 14, 2007 7:39 PM
  • I, too, have this issue.  Exchange 2007 single server topology and all peripheral devices (multi-function printers, error reports from all applications and devices, SNMP trap reports, spam analysis reports, etc) are never delivered to the users when the peripheral device's settings are set to use the Exchange Server to delever the mail.  I've tried all different settings with ports and authentication and nothing has worked.

     

    On an internet-facing server, I have BrightMail installed with a SMTP Relay setup that forwards only to the Exchange Server.  If I set the peripheral devices to use the SMTP Relay to deliver the emails, all internal users receive the emails, but external email addresses do not.

     

    Did anyone ever get any ideas or solutions for this?

     

    Any assistance would be greatly appreciated.

     

    Thanks,

    Chris

     

     

    Thursday, August 16, 2007 11:00 PM
  • I'm having the same problem. For some reason Exchange rejects messages from outside if there is a PDF attachment.

     

    Max

    Monday, August 27, 2007 5:33 PM
  • Found the problem! In the Organization Configuration, Hub Transport, Anti-Spam, Content Filtering. On the Action tab, I had checked (default value) : "Reject messages that have an SCL rating greateer than or equal to" 7.

     

    I bumped that up to 8 and now I can receive PDF attachments from outside. Not sure why a PDF attachment would be flagged with SCL 7, I'll investigate that. Hopefully this will help other people having the same issue.

     

    Max

    Tuesday, August 28, 2007 3:07 PM
  •  

    Nice work Massim!

     

    Following the suggestions given above, I had also increased the SCL rating in that area, and it seems to be working okay for me too.  We're currently set at 8+ to quarantine, and 9+ to reject.  I agree that flagging a PDF attachment at level 7 does seem high, but at least this is a workaround.

     

    Thanks for everyone's input!

     

    Gavin

    Tuesday, August 28, 2007 3:54 PM
  • Hi,

     

    This is a tricky one, took me some days to find out how to do this.

    Most documents you find on the net only talk about the transportconfig service.

    When you edit this you should configure the global settings for SMTP traffic.
    I tried this but this but was unable to send or receive messages with large attachments.

     

    what you also need to do is to configure your other connectors (send & receive)

     

    here is a sample of the code I used:

     

    ------------------------------------------------------------------------------------------------------------------

    Set-TransportConfig -MaxReceiveSize xxmb -MaxSendSize xxmb

     

    set-receiveconnector -identity "servername\connector name" -maxmessagesize xxmb
    set-receiveconnector -identity "servername\default servername" -maxmessagesize xxmb
    set-receiveconnector -identity "servername\client servername" -maxmessagesize xxmb

     

    set-sendconnector -identity "servername\smtp connector" -maxmessagesize xxmb


    -------------------------------------------------------------------------------------------------------------------

     

    If you have more connectors you should configure them too.

     

    Worked fine for me, can send an receive large emails.

    I hope this helps you to configure it.

     

    Dorian Groenewegen.

     

    Thursday, August 30, 2007 1:59 PM
  • Thanks for the input, Dorian.

     

    I had in fact already increased the allowable email message sizes, so I knew that this was not a problem relating to the size of the attachments.  Some of the PDFs were only a few kBytes, but they'd still get blocked.

     

    The issue was - as has been discovered above - an issue with the SCL levels blocking spam that wasn't spam.

     

    Thanks anyway,

     

    Gavin

    Thursday, August 30, 2007 5:50 PM
  •  

    I suggest trying the Microsoft (FREE download) utility that converts Word 2007 documents to PDF.

     

    I hope that the following can be used in the meantime while you are seeking a final solution.

     

    Download details: 2007 Microsoft Office Add-in: Microsoft Save as PDF ...

    This download allows you to export and save to the PDF format in eight 2007 Microsoft Office programs. ... Microsoft Office Visio 2007; Microsoft Office Word 2007 ...

    www.microsoft.com/downloads/details.aspx?familyid=f1fc413c-6d89-4f15-991b-63b07ba5f2e5...

     

    Also I read that Exchange blocks some file extensions by default but that they can be unblocked by the Exchange Administrator.

     

    That info can be found at: http://office.microsoft.com/en-us/outlook/HP030850041033.aspx

     

    If you do not have MS Office 2007 throughout your organization, consider the (FREE) viewer and also the separate Office 2007 compatability pack downloads from Microsoft at:

     Be sure to install VIEWER BEFORE Compatibility Pack.

     

    Download details: PowerPoint Viewer 2007

    Microsoft Office PowerPoint Viewer 2007 lets you view full-featured presentations created in PowerPoint 97 and later versions. ... Microsoft Office PowerPoint Viewer 2007 lets you ...

    www.microsoft.com/downloads/details.aspx?familyid=048DC840-14E1-467D-8DCA-19D2A8FD7485...

    Download details: Microsoft Office Compatibility Pack for Word, Excel ...

    ... Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats also downloaded: Update for Word 2007 (KB934173) Office 2003 Service Pack 3 (SP3) PowerPoint Viewer 2007; Office File ...

    www.microsoft.com/downloads/details.aspx?familyid=941b3470-3ae9-4aee-8f43-c6bb74cd1466...

    Be sure to INSTALL Viewer BEFORE the Compatibility Pack.
    Thursday, November 08, 2007 12:22 AM
  •  

    The problem people have been having is that PDF attachments have been getting blocked.  Converting more documents into PDFs clearly would not help that issue.

     

    Your idea of checking into the file extensions that Exchange Server 2007 auto-blocks was a good one, but I had looked into that some time ago.  And by taking a quick glance at the link you provided, you'd see that PDFs are not on it.

     

    Thanks anyway,

     

    Gavin

    Thursday, November 08, 2007 5:04 PM
  • I Have the same problem, however, I do not have Edge installed. Is it necessary to do this, or is there a work a round?

    Thursday, May 28, 2009 9:13 PM
  • Hi,

    You not installed the AntiSpam framework on your Hub Transport? If you done that the things are the same as mentioned above.

    Regards,
    Zoltán
    http://www.clamagent.org - Free Antivirus for Exchange
    http://www.it-pro.hu
    http://emaildetektiv.hu
    Thursday, May 28, 2009 10:04 PM
  • I did not install this server. I had a tech company do it. I can tell you that I do not have antispam, content filtering or action tabs. Is there some one who can help guide me through this?
    Friday, May 29, 2009 1:56 PM
  • thanks!  We just experienced the same problem and your solution worked.

     

    Tuesday, November 16, 2010 6:31 PM
  • I did not install this server. I had a tech company do it. I can tell you that I do not have antispam, content filtering or action tabs. Is there some one who can help guide me through this?


    HI MSMSKM,

    Go to Exchange Management Con

    Organization Configuration

    Hub Transport Role >  In the middel Pane Select the Anti-Spam Tabe

    Tuesday, July 12, 2011 10:29 AM
  • Perfect, I have a copier that we are using as a scanner and the server kept blocking the PDFs but was allowing TIFFs. Your solution worked, I disabled filter and it works now.
    Tuesday, September 25, 2012 7:26 PM