I recently faced a situation where some attachments were being removed from incoming emails for no obvious reason. Instead of the attachment, all the user was getting was a text file that, when opened, read “This attachment was removed.” This was anything but useful, as it didn’t help identify at which part of the email route the attachment was being removed. It could have been removed at the sender’s end or the receiver’s end. And at each end, there are many different components involved, such as the local computer’s antivirus program, the mail server’s antivirus program, the mail server itself, the demilitarized zone (DMZ) firewall, the inside firewall, or even the intrusion prevention system (IPS).
To test the internal Microsoft Exchange Server mail system, I sent an email to another internal user with the same type of attachment. This test revealed that it wasn’t something internal that was removing the attachment. This made things more complicated, especially since the original email composer (an external user) could send the attachment successfully to other recipients. Then it hit me: The link between the internal and external email systems is the DMZ, which pointed to the Edge Transport server.
The Get-AttachmentFilterEntry and Get-AttachmentFilterListConfig cmdlets, which are part of the Exchange Management Shell (EMS) cmdlets, revealed the root of the problem. Apparently, Exchange was setup to remove this type of attachment, but by default, it put in the generic “This attachment was removed” text message. So, I used the following command to change the text file’s message to one that would be more helpful in future troubleshooting efforts:
-Action Strip -AdminMessage
"Edge Transport server on site X
has removed this type of content"
(Although this command wraps here, it should be entered all on one line.)
The moral of the story is that to make troubleshooting much easier, you should configure your security software (e.g., antivirus programs, firewalls) to provide you with enough information to point you in the right direction. Replace the default messages with messages that are meaningful and unique to your organization. Not only will you make the Help desk staff’s job easier but also yours.