none
This attachment was removed.

    Question

  • Hello,

    we are encountering a problem where .pdf files are being removed from specific sender.

    I have checked Attachment Filtering on Edge server and .pdf are not listed there (default settings) neither as files, extensions nor mime types.

    My guess is that this specific sender uses some weird application to create pdf files and those get identified as some other MIME type on our edge therefore getting removed.

    What can I do in this situation? Is there a way to check that .pdf file and how it is recognized by our edge server, or some other software which will try to tell me the MIME type of the file.

    Friday, March 01, 2013 9:31 AM

Answers

  • Hello Aurimas,

    Thank you for your confirmation.

    The special PDF is recognized as invalid attachment. To resolve the issue, perform the steps below from your Edge server.

       

    1.Stop the Microsoft Exchange Transport service.
    2.Locate the EdgeTransport.exe.config file. This file is located in the following path:
    drive:\Program Files\Microsoft\Exchange Server\Bin\

     

    3.Add the following entry between the <appSettings> element and the </appSettings> element of the EdgeTransport.exe.config file:

      

    <add key="AllowInvalidAttachment" value="true" />

     

    4.Restart the Microsoft Exchange Transport service.

        

    Thanks


    Bruce R.
    TechNet Community ESC Support






    Monday, March 18, 2013 6:26 AM
    Moderator

All replies

  • Hello

    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue.


    Terence Yu

    TechNet Community Support

    Monday, March 04, 2013 3:07 AM
    Moderator
  • Hello Aurimas,

    You may change the settings for the specific senders.
       
    Open Exchange Management Console -> Recipient Configuration -> Mail Contact
    Locate the contact for specific sender, go to Properties.
    Under the General tab, change the "Use MAPI rich text format" to Never.

     

    Thanks


    Bruce R.
    TechNet Community ESC Support


    Monday, March 04, 2013 7:27 AM
    Moderator
  • Hello Bruce_R,

    it did not solve my problem, I still get .txt replacement instead of .pdf attachment even after I made the changes you suggested (I also did not understand how that setting relates to attachment filtering).

    Monday, March 04, 2013 9:57 AM
  • Thank you very much

    its working 

    sampath SL


    SAmPAt

    Monday, March 04, 2013 10:55 AM
  • Hello Aurimas and Sampath,

    Are you from the same org? Is the issue resolved?

     

    Thanks


    Bruce R.
    TechNet Community ESC Support



    Tuesday, March 05, 2013 9:52 AM
    Moderator
  • Hello,

    no we are not from same organization, my issue is still not resolved.

    Tuesday, March 05, 2013 10:21 AM
  • what level is set in your edge filtering, you can bring down the level and test it..

    that may pass that file to your org..

    Thanks


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, March 05, 2013 12:58 PM
  • Hello Mihir Nayak,

    what levels are you talking about? Spam Confidence Levels?

    If you are referring to those I believe attachment filtering is not part of anti spam engine, because I tried to add sender to bypass senders using cmdlet set-ContentFilterConfig -BypassedSenders sender@domain.com

    it had no effect on attachment removal that is .pdf attachments are still removed from that senders emails and replaced with .txt message "This attachment was removed".

    Tuesday, March 05, 2013 1:15 PM
  • Yes, i was referring to SCL. Infact if you track that mail in edge, is it giving anything ?

    are you using forefront for exchange ? if yes please analyze the logs .


    Mihir Nayak If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks

    Tuesday, March 05, 2013 2:09 PM
  • We are not using forefront for exchange.

    I do not know of a way how to track what attachment filtering component does with an email message.

    Tuesday, March 05, 2013 3:01 PM
  • Hello Aurimas,
     
    Are the senders in question and recipients are internal users? If both, in sender's Sent Items, is the attachment also stripped?
     
    Is the issue specific to sender, not recipient? Which means no matter who the sender sends message to, the recipient cannot receive the attachment.
       
    To narrow down the issue, do the below test:
       
    1. Pick up a recipient, inform he/she to exit Outlook.
    2. Let the sender send an email with attachment to the recipient.
    3. Inform the recipient to access his/her mailbox using OWA. Check whether the recipient can see the attachment in OWA.
     
    This test would help us verify whether the problem is caused by Outlook client.

     

    Thanks


    Bruce R.
    TechNet Community ESC Support




    Wednesday, March 06, 2013 3:03 AM
    Moderator
  • Hello Aurimas,
     
    Are the senders in question and recipients are internal users? If both, in sender's Sent Items, is the attachment also stripped?
     
    Is the issue specific to sender, not recipient? Which means no matter who the sender sends message to, the recipient cannot receive the attachment.
       
    To narrow down the issue, do the below test:
       
    1. Pick up a recipient, inform he/she to exit Outlook.
    2. Let the sender send an email with attachment to the recipient.
    3. Inform the recipient to access his/her mailbox using OWA. Check whether the recipient can see the attachment in OWA.
     
    This test would help us verify whether the problem is caused by Outlook client.

     

    Thanks


    Bruce R.
    TechNet Community ESC Support




    Senders are external users. If sender is internal the specific .pdf file is not stripped because it does not go through our edge server where Attachment Filtering happens.

    Also it only applies to .pdf files from specific user. The .pdf files are key here, because I've got that file (asked him to send me to gmail) and the file is stripped no matter from which external user I send it. It is not stripped if I send it from internal user (because no edge interaction).

    As for narrowing the issue I've tried closing outlook and opening newly received mail from OWA. The attachment is still stripped.

    To be honest for me this issue is narrow as it is. Attachment gets removed by Attachment Filtering on our Edge server. The question is why it does that with pdf files when our default configuration does not include .pdf in the list.

    I have also checked it on another exchange 2010 server which I have admin access to, also with default Attachment Filtering settings and got same results so it seems it's not specific to our infrastructure, but more of a general issue with MIME recognition or something of that kind?

    Thursday, March 07, 2013 9:09 AM
  • Hello Aurimas,

     

    You may provide me the pipeline trace log for further analysis. To do this:

       
    1. Type the following poweshell command from your Edge server:


    Get-ExchangeServer | Where {($_.AdminDisplayVersion -match "Version 14") -and ($_.ServerRole -match "Edge")} | Set-TransportServer -PipelineTracingSenderAddress example@microsoft.com -PipelineTracingenabled $True -ContentConversionTracingEnabled $True

    Note: The above message enables tracing for message sent from example@microsoft.com

     

    2. Then let the sender send a test email with the PDF, make sure the issue has been reproduced.
    3. The message snapshot will be generated in the folder on the Edge server where the message went through:

     

    C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\PipelineTracing\MessageSnapshots

     

    4. Please check the path on each of your Edge servers.
    5. Compress the folders and upload them to workspace below (Select “Send Files to Microsoft – Standard”):

     

    URL: https://sftus.one.microsoft.com/choosetransfer.aspx?key=7baa9c7b-f6d0-49f5-97a6-09f3fc7dff76
    Password: ptW)5r{*ja+m+

     

    6. After collecting the trace files, close pipeline tracing use the following command:

     

    Get-ExchangeServer | Where {($_.AdminDisplayVersion -match "Version 14") -and ($_.ServerRole -match "Edge")} | Set-TransportServer -PipelineTracingSenderAddress $null -PipelineTracingenabled $false -ContentConversionTracingEnabled $false

     

    Thanks


    Bruce R.
    TechNet Community ESC Support


    Tuesday, March 12, 2013 7:20 AM
    Moderator
  • Hello Bruce,

    I've reproduced the problem and uploaded trace files as per instructions

    The file, aa229c02-8d6a-477b-b84e-afb71224408d.7z, was uploaded successfully.
     

    Tuesday, March 12, 2013 9:29 AM
  • Hi,

    The application which create that PDF file may not be on correct format. Try to send email from external ID with good pdf file as attachment, check whether the email pass the edge server. Repro the same by attaching the problematic pdf file. If the problematic pdf file get reject then check with original sender whether the pdf format can be changed or the other option try disabled the attachment filtering agent.

    Regards
    Thani
    Tuesday, March 12, 2013 10:26 AM
  • Hello Aurimas,

     

    From the pipeline tracing data, I saw that the PDF was removed at first route. And entries like follows were added to the message header.
     
     
    X-KSE-AntiSpam-Interceptor-Info: scan successful
    X-KSE-AntiSpam-Version: 5.1.9, Database issued on: 2013.03.12 11:07:11
    X-KSE-AntiSpam-Status: KAS_STATUS_NOT_DETECTED
     
     
    I believe the PDF was removed by Kaspersky for Exchange. Try disable it and check the result.

     

    Thanks


    Bruce R.
    TechNet Community ESC Support





    Wednesday, March 13, 2013 8:58 AM
    Moderator
  • Thanks for looking into it Bruce,

    Our Kaspersky has .pdf as excluded file type for scanning. And more importantly as I've mentioned earlier, I already tested it with another exchange server in different organization and there is no Kaspersky for Exchange nor any other 3rd party product, but the result was the same. I could do a trace on that server and upload trace files from there if that would help.

    edit:

    reproduced problem on another server in another organization with no 3rd party products, uploaded trace files.

    The file, 7279523b-b54c-47b5-8a67-0e5486eb1b6a.7z, was uploaded successfully.

    • Edited by Aurimas N Wednesday, March 13, 2013 9:49 AM
    Wednesday, March 13, 2013 9:31 AM
  • Hello Aurimas,
     
     
    Thank you for providing the new data.
     
     
    I saw that the PDF was removed by Attachment Filter agent. Please run "Get-AttachmentFilterEntry |fl" to see if there is an entry for PDF and remove it.
     
     
    You may also upload the output of the command to workspace or post it here.
     

     

    Thanks


    Bruce R.
    TechNet Community ESC Support

    Thursday, March 14, 2013 3:23 PM
    Moderator
  • Hello Bruce,

    that is the strange thing, there is no entries for PDF, Attachment Filter is left with default settings after Edge server install.

    here is the output:

     

    Type     : ContentType
    Name     : application/x-msdownload
    Identity : ContentType:application/x-msdownload

    Type     : ContentType
    Name     : message/partial
    Identity : ContentType:message/partial

    Type     : ContentType
    Name     : text/scriptlet
    Identity : ContentType:text/scriptlet

    Type     : ContentType
    Name     : application/prg
    Identity : ContentType:application/prg

    Type     : ContentType
    Name     : application/msaccess
    Identity : ContentType:application/msaccess

    Type     : ContentType
    Name     : text/javascript
    Identity : ContentType:text/javascript

    Type     : ContentType
    Name     : application/x-javascript
    Identity : ContentType:application/x-javascript

    Type     : ContentType
    Name     : application/javascript
    Identity : ContentType:application/javascript

    Type     : ContentType
    Name     : x-internet-signup
    Identity : ContentType:x-internet-signup

    Type     : ContentType
    Name     : application/hta
    Identity : ContentType:application/hta

    Type     : FileName
    Name     : *.xnk
    Identity : FileName:*.xnk

    Type     : FileName
    Name     : *.wsh
    Identity : FileName:*.wsh

    Type     : FileName
    Name     : *.wsf
    Identity : FileName:*.wsf

    Type     : FileName
    Name     : *.wsc
    Identity : FileName:*.wsc

    Type     : FileName
    Name     : *.vbs
    Identity : FileName:*.vbs

    Type     : FileName
    Name     : *.vbe
    Identity : FileName:*.vbe

    Type     : FileName
    Name     : *.vb
    Identity : FileName:*.vb

    Type     : FileName
    Name     : *.url
    Identity : FileName:*.url

    Type     : FileName
    Name     : *.shs
    Identity : FileName:*.shs

    Type     : FileName
    Name     : *.shb
    Identity : FileName:*.shb

    Type     : FileName
    Name     : *.sct
    Identity : FileName:*.sct

    Type     : FileName
    Name     : *.scr
    Identity : FileName:*.scr

    Type     : FileName
    Name     : *.scf
    Identity : FileName:*.scf

    Type     : FileName
    Name     : *.reg
    Identity : FileName:*.reg

    Type     : FileName
    Name     : *.prg
    Identity : FileName:*.prg

    Type     : FileName
    Name     : *.prf
    Identity : FileName:*.prf

    Type     : FileName
    Name     : *.pif
    Identity : FileName:*.pif

    Type     : FileName
    Name     : *.pcd
    Identity : FileName:*.pcd

    Type     : FileName
    Name     : *.ops
    Identity : FileName:*.ops

    Type     : FileName
    Name     : *.mst
    Identity : FileName:*.mst

    Type     : FileName
    Name     : *.msp
    Identity : FileName:*.msp

    Type     : FileName
    Name     : *.msi
    Identity : FileName:*.msi

    Type     : FileName
    Name     : *.psc2
    Identity : FileName:*.psc2

    Type     : FileName
    Name     : *.psc1
    Identity : FileName:*.psc1

    Type     : FileName
    Name     : *.ps2xml
    Identity : FileName:*.ps2xml

    Type     : FileName
    Name     : *.ps2
    Identity : FileName:*.ps2

    Type     : FileName
    Name     : *.ps11xml
    Identity : FileName:*.ps11xml

    Type     : FileName
    Name     : *.ps11
    Identity : FileName:*.ps11

    Type     : FileName
    Name     : *.ps1xml
    Identity : FileName:*.ps1xml

    Type     : FileName
    Name     : *.ps1
    Identity : FileName:*.ps1

    Type     : FileName
    Name     : *.msc
    Identity : FileName:*.msc

    Type     : FileName
    Name     : *.mdz
    Identity : FileName:*.mdz

    Type     : FileName
    Name     : *.mdw
    Identity : FileName:*.mdw

    Type     : FileName
    Name     : *.mdt
    Identity : FileName:*.mdt

    Type     : FileName
    Name     : *.mde
    Identity : FileName:*.mde

    Type     : FileName
    Name     : *.mdb
    Identity : FileName:*.mdb

    Type     : FileName
    Name     : *.mda
    Identity : FileName:*.mda

    Type     : FileName
    Name     : *.lnk
    Identity : FileName:*.lnk

    Type     : FileName
    Name     : *.ksh
    Identity : FileName:*.ksh

    Type     : FileName
    Name     : *.jse
    Identity : FileName:*.jse

    Type     : FileName
    Name     : *.js
    Identity : FileName:*.js

    Type     : FileName
    Name     : *.isp
    Identity : FileName:*.isp

    Type     : FileName
    Name     : *.ins
    Identity : FileName:*.ins

    Type     : FileName
    Name     : *.inf
    Identity : FileName:*.inf

    Type     : FileName
    Name     : *.hta
    Identity : FileName:*.hta

    Type     : FileName
    Name     : *.hlp
    Identity : FileName:*.hlp

    Type     : FileName
    Name     : *.fxp
    Identity : FileName:*.fxp

    Type     : FileName
    Name     : *.exe
    Identity : FileName:*.exe

    Type     : FileName
    Name     : *.csh
    Identity : FileName:*.csh

    Type     : FileName
    Name     : *.crt
    Identity : FileName:*.crt

    Type     : FileName
    Name     : *.cpl
    Identity : FileName:*.cpl

    Type     : FileName
    Name     : *.com
    Identity : FileName:*.com

    Type     : FileName
    Name     : *.cmd
    Identity : FileName:*.cmd

    Type     : FileName
    Name     : *.chm
    Identity : FileName:*.chm

    Type     : FileName
    Name     : *.bat
    Identity : FileName:*.bat

    Type     : FileName
    Name     : *.bas
    Identity : FileName:*.bas

    Type     : FileName
    Name     : *.asx
    Identity : FileName:*.asx

    Type     : FileName
    Name     : *.app
    Identity : FileName:*.app

    Type     : FileName
    Name     : *.adp
    Identity : FileName:*.adp

    Type     : FileName
    Name     : *.ade
    Identity : FileName:*.ade

     

     

    Thursday, March 14, 2013 4:09 PM
  • Hello Aurimas,

     

    Please disable Attachment Filter agent and check the result.

     

    Thanks


    Bruce R.
    TechNet Community ESC Support

    Friday, March 15, 2013 5:58 AM
    Moderator
  • Hello Bruce,

    I can confirm that after disabling Attachment Filtering agent .pdf attachment is no longer stripped from email.

    Friday, March 15, 2013 8:53 AM
  • Hello Aurimas,

    Thank you for your confirmation.

    The special PDF is recognized as invalid attachment. To resolve the issue, perform the steps below from your Edge server.

       

    1.Stop the Microsoft Exchange Transport service.
    2.Locate the EdgeTransport.exe.config file. This file is located in the following path:
    drive:\Program Files\Microsoft\Exchange Server\Bin\

     

    3.Add the following entry between the <appSettings> element and the </appSettings> element of the EdgeTransport.exe.config file:

      

    <add key="AllowInvalidAttachment" value="true" />

     

    4.Restart the Microsoft Exchange Transport service.

        

    Thanks


    Bruce R.
    TechNet Community ESC Support






    Monday, March 18, 2013 6:26 AM
    Moderator
  • Hello Bruce,

    worked perfectly, I only wish .txt replacement instead of original attachment, had more specific info on removal reason.

    Thank you for your help.

    Monday, March 18, 2013 10:26 AM
  • Hello Aurimas,

    Glad to know it worked. I appreciate your efforts as well. Have a good day.

     

    Thanks


    Bruce R.
    TechNet Community ESC Support

    Monday, March 18, 2013 3:57 PM
    Moderator
  • Hi Bruce,

    Your answer are ok but is not secure for me. You recommend to turn off permanently this agent so for me is not acceptable because my users will be exposed to receive attachment who is not checked. Better answer for me should be make white list with allowed senders to send specifious files whitch exchange can't scan.

    Maybe You can tell me how to do it?

    Wednesday, February 17, 2016 3:55 PM