Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DHA - but User/E-Mail listed

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

I experienced this in the past, but my ESA running 10.0.6 is still refusing incoming mails as DHA, even the User and E-Mail address is listed in System Setup / Users, Groups & Organizations / Users.

What is the logic behind this? The ESA is retrieving the addresses from a LDAP directory and I would suspect that it is ready to receive when the ESA knows about the address.

--Michael@BWC

Category: Email Security Appliances
Reply

Answers

  • J_M0eckelJ_M0eckel SonicWall Employee

    There are a couple of things that could be causing this issue. If you are running Email Security in Split Config, it could be that the user list is not replicating to the RAs properly. It could also be that the user list is corrupted and will have to be rebuilt. If you're not receiving replication alerts or not using Split Configuration, the most likely answer is the user list is corrupted. If that sounds like the issue you're experiencing, please open a case with Support.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @J_M0eckel

    it's a simple deployment, All-in-One, in the meantime the address is no longer blocked as DHA, the usermap.xml was fine all the time, no alerts. It's one of the situation with ESA that makes you think WTF. No biggie when happening with my own appliance, but it really sucks explaining such stuff to customers.

    How can the userlist be corrupted when its shown correctly? Is there another list (besides usermap.xml) which can be different from what is shown in the Management UI and used for DHA protection?

    --Michael@BWC

  • KmehtaKmehta SonicWall Employee

    Hi @BWC ,

    If you can download the usermap.xml file from that download logs section and open it in a word pad or notepad ++ format, it will list all the users that considered valid users for DHA. please make sure that the user in question is listed there.

    One way to findout if the usermap.xml is corrupted or not try to open it in any internet browser like chrome or firefox, if it shows gibberish characters then its corrupted.

    Another reason this might be happening is that the usermap race file has gone stale, ( may sometimes not general an alert) its an updater file which has a time stamp on how frequently the usermap should update which is typically one hour. You will not be able to see the race file but if you cannot find the user in question, in the usermap file here are steps you can do to see if the usermap is updated correctly.


  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Kmehta

    as I wrote before, the usermap.xml looked perfectly fine (I downloaded it) and there were no alerts. If there is nothing besides the usermap.xml then it's a mystery.

    I'll check next time when I create a new address.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited April 2020

    I had to create a new distribution list today and the address shows in the Management UI, but usermap.xml lacks behind and will probably updated in the next hour.

    This can be quite irritating to the customer, because not everyone is fiddling with the usermap.xml to see whats going on, that's what a Management UI is for.


    UPDATE: 1 hour later the usermap.xml is current as well.

    --Michael@BWC

  • J_M0eckelJ_M0eckel SonicWall Employee

    Hi, @BWC .


    When adding new users, you can force the usermap.xml update by going to the Manage page and selecting Users, Groups, and Organizations > Users from the left menu then click the Refresh Users & Groups button.

    By design the usermap.xml file updates hourly and refreshing the list should prevent any DHA issues you might see after adding new users.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @J_M0eckel

    of course I hit refresh Users, but it did not do anything. I stick with the 60 minutes and do not put any faith in any manual updates.

    --Michael@BWC

Sign In or Register to comment.