Navigation-Menus (Do Not Edit Here!)

Saturday, January 25, 2014

WatchGuard | Email attachments sent through the SMTP-proxy appear as Winmail.dat attachments | Microsoft Outlook

We recently ran in to this issue with a client running watch-guard SMTP proxy with an exchange server sitting behind it.

Issue:


Attachments on emails get stripped and the notification text file reads as follows

 Watchguard that protects your network has detected a message that may not be safe.   
   
 Cause : The file type may not be safe.  
 Content type : application/ms-tnef  
 File name    : winmail.dat  
 Virus status : No information.  
 Action: The Firebox deleted winmail.dat.  
   
 Your network administrator can not restore this attachment.  

As you can imagine affected users were quite pissed off about this and i don't blame them.



What is Winmail.dat


When users of Microsoft Outlook send email in Rich Text format, Rich Text format email messagess are TNEF encoded. This encoding type stores all attachments and formatting information in a file named winmail.dat.


Cause:



The SMTP-proxy on your XTM device strips some of the headers out of the email that identify it as a Rich Text formatted email. If the email client does not have the header information needed to interpret the winmail.dat attachment, the email client cannot display the proper formatting of the email, and incorrectly displays the attachment as a winmail.dat file.



Solution


Start Policy Manager for your XTM device.

Edit the SMTP proxy

Edit The SMTP Proxy Action

From the Categories tree, select Headers.

In the Pattern text box, type each of these patterns and click Add to add them to the Rules list.

  • X-MS-Has-Attach:*
  • X-MS-TNEF-Correlator:*
  • X-MimeOLE:*



From the If matched drop-down list, select Allow.

From the Categories tree, select Content Types.

In the Pattern text box, type application/ms-tnef and click set the action to “allow” (This is important)




From the Categories tree, select Filenames.

In the Pattern text box, type winmail.dat and Set action to allow or AV scan.

Save configuration


Source - http://customers.watchguard.com/articles/Article/3250?retURL=%2Fapex%2FknowledgeHome&popup=false