SMTP WEIRDNESS

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: AUGMAN70 (laughey_at_gmail.com)
Date: 02/03/05 

Date: 3 Feb 2005 12:08:55 -0800

We are using a Netscreen 5XP firewall that listens on multiple IP
addresses (designated ports per IP address) and forwards them off to
designated IP addresses on the internal network. One such 'policy' is
for SMTP (25). This policy allows all incoming traffic to enter the
network and go to a system running Windows 2003 IIS/SMTP. On top of
SMTP are the GFI MailSecurity and MailEssentials products. Once the
SMTP system allows the connection, the GFI products scan the message
for content (spam, viruses, etc.) and then forward it on to an Exchange
2000 server. All outbound messages do the reverse. Up until now, we've
had no problems to speak of.

Out of the blue, I have experienced three companies (that I know of)
who have indicated they can no longer (could in 2004) send mail to our
mail gateway; after a number of hours, they would receive a generic
NDR. Nothing (that I know of) was done on our end, but this is what I
do know about the senders:

#1) One company recently performed an upgrade of the firmware on their
IronMail gateway.
#2) The other two companies use outsourced mail gateways - both use the
same DNS provider as well.

This problem creeped up the first week of January 2005 and after hours
of reviewing log files (firewall, IIS/SMTP, GFI, etc.), I'm stumped as
to how and/or why this is happening. The only log file that registers
anything is the firewall log and it shows the tunnel to be in open
states of 1,000+ seconds each time with little to no data transfer
taking place. None of the other log files register anything relating to
the sending IP/domains. The information I've been able to gather from
GFI/Microsoft is that IIS/SMTP is the next log file in line for
registering (log file entry) the information. After that, GFI's
products kick into gear (and logs are written for both).

To make matters worse, we can send them email without problems. We
don't do RDNS lookups, we don't block domains/IPs. I've re-created the
SMTP policy. We haven't seen a drop in email; we still get tons of
email from all over the place (both good and bad senders).

I'm at a total loss; CipherTrust (the makers of IronMail) Support has
suggested that IIS/SMTP is severing the connection -- why wouldn't the
SMTP log register this if it were true?

Relevant Pages

  • Re: Account is not local
    ... >>> pages of the SMTP Virtal Server. ... >>The log file you asked me to look for does not exist ... is logging enabled on the SMTP Virtual Server? ... > _sending_ mail from the Exchange server. ...
    (microsoft.public.exchange.admin)
  • RE: Folder Redirection Problem
    ... I could not find the request registry key entry at that location so I ... am not getting any log file as described. ... > folder redirection logging on the SBS 2003, ... > register, please make sure that you have not change the permission of this ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange 2003 SMTP timing out error message!!
    ... Maximum logging on smtp. ... > You'll need to review the log file containing one of those messages that is ... >> I have enabled SMTP logging and it appears to be fine I can not see any ... >>> Exchange MVP ...
    (microsoft.public.exchange.admin)
  • RE: forwarding and filtering
    ... as the autoforward is an SMTP session as well. ... - Click the server you want to enable Message Tracking on, ... Reproduce the problem and save the log file. ... Microsoft Online Partner Support ...
    (microsoft.public.exchange.admin)
  • Re: Bare Problem with SBS 2003 Status Reports
    ... I'm sending the SMTP logs you requested along with one in the IIS log format ... The content of the message tracing log is in the same e-mail message. ... Virtual Server Properties". ... Reproduce the problem, after the problem occurs, then send the log file ...
    (microsoft.public.windows.server.sbs)