cancel
Showing results for 
Search instead for 
Did you mean: 
ozzy03
Level 7
Report Inappropriate Content
Message 1 of 15

451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

Since ~ March 18th, we have experienced multiple instances of the following mail failures:

Inbound email with multiple recipients, one or more of which are invalid addresses, fails to be delivered by McAfee SaaS Email Protection. This is occurring with multiple external senders and different internal recipients, so unlikely related to the sender email system. Prior to~ March 18th, the same email with invalid recipients would be delivered normally. Since (approximately) March 18th forward we see the following in McAfee SaaS logs:

Recipient Disposition: [553 Invalid recipient user@domain.com (Mode: normal); Mode: ; Queued: no; Frontend TLS: yes; SPF: n/a]

Recipient Disposition: [250 Deferred; Mode: normal; Queued: no; Frontend TLS: yes; SPF: n/a]

Message Disposition: [451 Unknown error reading data; Backend TLS: n/a; Backend IP: n/a; Policy Set: Default Inbound]

Additionally, the expected subject line is stripped and not present in the logs. If the sender removes the invalid email address, the message will be delivered as expected. Prior to this issue, invalid email addresses never caused a failure by McAfee to deliver to the receiving mail server.

A service request has been opened, but to date nobody from my reseller support or McAfee technical services has been able to determine root cause.

Has anyone experiences the same or similar issues?

 

1 Solution

Accepted Solutions
kwidhalm
Level 11
Report Inappropriate Content
Message 14 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

Hello Ozzy,

Are you still experiencing these issues?  A patch was rolled out on May 1 to correct these issues so please contact support if you have seen any instances since that time!


Thank you,

Karen Widhalm

Product Specialist

SaaS Email and Web Security

McAfee. Part of Intel Security.

14 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

Moved to SaaS Email Security for better support.

---

Peter

Moderator

kwidhalm
Level 11
Report Inappropriate Content
Message 3 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

Hello ozzy03,

Have you received a response on your service request?  If not, I would be happy to look in to it for you, I will just need the request number.

Regards,

Karen Widhalm

Product Specialist

SaaS Email and Web Security

McAfee. Part of Intel Security.

jpyle
Level 7
Report Inappropriate Content
Message 4 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

I have the same problem.  I think the McAfee SMTP server is responding incorrectly when the sender tries to send to an invalid e-mail address.

An "RCPT TO:" line for an invalid address results in two "553 Invalid recipient" messages instead of one.  This causes unpredictable results at the sender's end when there is a combination of valid addresses and invalid addresses.

If I send e-mail through the command line with exim4 to one invalid address and two valid addresses, exim4 discards the invalid address and the first valid addresses, then connects again to deliver to the third address only.  It is confused by the response and fails to deliver to an address even though it is valid.

Specifically, on the first try, exim4 sends three "RCPT TO:" messages, then sends "DATA," but then the server says "553 Invalid recipient" twice, and exim4 fails with the following error:

SMTP error from remote mail server after pipelined DATA: host philalegal.org.inbound10.mxlogic.net [208.65.144.3]: 250 jpyle@philalegal.org ok (RCPTMode: normal/deferred)

In the mcaffeesaas Message Audit, there are entries for all three addresses.  The delivery attempt for the first valid address gives a "451 Unknown error reading data."  This is consistent with exim4 aborting delivery after starting to send its "DATA."

My webmail SMTP client behaves differently.  After the first 553, it responds with a RSET, but then the response to the RSET is not 250, as it is supposed to be, but 553 (the duplicate 553).  This generates an exception, causing the client to QUIT.

When I send the same way to Gmail, sending to one invalid address and then two valid addresses, exim4 doesn't issue an "SMTP error," but rather the message goes through to the two valid addresses.

frankm
Level 10
Report Inappropriate Content
Message 5 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

Just curious. Does the email have all recipients listed in the To: header?

jpyle
Level 7
Report Inappropriate Content
Message 6 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

I tested whether that has any effect, and it doesn't.

echo "testing" | mail -v -a "To: csimonson@philalegal.org, jpyle@philalegal.org, forms@philalegal.org" -a "Subject: testing" csimonson@philalegal.org jpyle@philalegal.org forms@philalegal.org &> error3.txt

from error3.txt:

  SMTP>> MAIL FROM:<jpyle@litigationdatabase.org> SIZE=1522

  SMTP>> RCPT TO:<csimonson@philalegal.org>

  SMTP>> RCPT TO:<forms@philalegal.org>

  SMTP>> RCPT TO:<jpyle@philalegal.org>

  SMTP>> DATA

  SMTP<< 250 Sender Ok

  SMTP<< 553 Invalid recipient csimonson@philalegal.org (Mode: normal)

  SMTP<< 553 Invalid recipient csimonson@philalegal.org (Mode: normal)

  SMTP<< 250 forms@philalegal.org ok (RCPTMode: normal/deferred)

  SMTP<< 250 jpyle@philalegal.org ok (RCPTMode: normal/deferred)

LOG: MAIN

  SMTP error from remote mail server after pipelined DATA: host philalegal.org.inbound10.mxlogic.net [208.65.144.2]: 250 jpyle@philalegal.org ok (RCPTMode: normal/deferred)

  SMTP>> QUIT

frankm
Level 10
Report Inappropriate Content
Message 7 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

It doesn't make sense that 1 of 3 fail. What is your user creation set at?

jpyle
Level 7
Report Inappropriate Content
Message 8 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

User Creation Mode is set to "Explicit," and "when a recipient is invalid" is set to "deny delivery."

frankm
Level 10
Report Inappropriate Content
Message 9 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

OK, set it to do nothing and see it you get the same error, assuming the email address is listed as a valid user.

jpyle
Level 7
Report Inappropriate Content
Message 10 of 15

Re: 451 Unknown error reading data - McAfee SaaS Email Protection Service

Jump to solution

With "when a recipient is invalid" = "Do nothing," I do not get the same error.  The sender's SMTP conversation proceeds without error:

  SMTP>> MAIL FROM:<jpyle@litigationdatabase.org> SIZE=1522

  SMTP>> RCPT TO:<csimonson@philalegal.org>

  SMTP>> RCPT TO:<forms@philalegal.org>

  SMTP>> RCPT TO:<jpyle@philalegal.org>

  SMTP>> DATA

  SMTP<< 250 Sender Ok

  SMTP<< 250 csimonson@philalegal.org ok (RCPTMode: normal/deferred)

  SMTP<< 250 forms@philalegal.org ok (RCPTMode: normal/deferred)

  SMTP<< 250 jpyle@philalegal.org ok (RCPTMode: normal/deferred)

  SMTP<< 354 Start mail input; end with <CRLF>.<CRLF>

  SMTP>> writing message and terminating "."

  SMTP<< 250 Backend Replied [384be255.0.5661965.00-2357.11531621.p01c11m096.mxlogic.net]:  2.6.0 <E1YiSUl-00026D-AA@litigationd

  SMTP>> QUIT

Also, the final destination server sends a bounce-back e-mail to the sender's e-mail, which is appropriate given that one of the e-mail addresses is invalid.