Email Connector intermittently fails to forward email to a relay host specified using a dynamic DNS host name
Last Modified: 2022-10-11 06:16:49 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Email Connector intermittently fails to forward email to a relay host specified using a dynamic DNS host name
Technical Articles ID:
KB91774
Last Modified: 2022-10-11 06:16:49 Etc/GMT Environment
Advanced Threat Defense (ATD) Intelligent Sandbox (IS) Problem
The ATD/IS Email Connector intermittently fails to forward email to a relay host. ATD/IS reports the delivery failure with an SMTP error status code back to your permitted host.
System Change
You entered an FQDN into the Relay Host setting for the Email Connector. The FQDN is a dynamic DNS host name that intermittently resolves to different IP addresses.
CauseThe ATD/IS back-end system maintains permissive local firewall rules for the Email Connector using the Linux Kernel feature. If a host name is given, ATD/IS resolves the host name to the IP address with an A record lookup. It performs this resolution once, when the rules are created. This behavior is per the Linux operating system.
The firewall rules are updated when the Email Connector configuration is updated. When the Email Connector status changes, the ATD/IS cluster status changes, and ATD boots. The permissive firewall rules retain one specific IP address for your dynamic DNS host name, until the next instance of rules update runs. NOTES:
Solution 1
Don't use dynamic DNS for the relay host FQDN. If you need DNS-based email load balancing, use a DNS round robin. This configuration means that the relay host name resolves to multiple IP addresses in a single lookup. The local firewall rules are created for all resolved IP addresses. For example: You want to configure DNS-based email load balancing to use addresses 172.16.165.40 and 172.16.165.33 for the relay host: Under the Email Connector Sending Email section, configure the following:
Solution 2Create dummy rules under the Relay Hosts configuration for all possible IP addresses of your dynamic DNS record. Then, continue using dynamic DNS for the relay host FQDN.
For example: You want to use dynamic DNS-based email load-balancing. You configure dynamic DNS forward lookup for the relay host, Under the Email Connector Sending Email section, configure the following wanted relay host:
172.16.165.33, 25, dummy2.local Affected ProductsLanguages:This article is available in the following languages: |
|