Jeff Cochran wrote:
> On 3 Feb 2005 12:08:55 -0800, "AUGMAN70" <laughey@gmail.com> wrote:
>
> >We are using a Netscreen 5XP firewall that listens on multiple IP
> >addresses (designated ports per IP address) and forwards them off to
> >designated IP addresses on the internal network. One such 'policy'
is
> >for SMTP (25). This policy allows all incoming traffic to enter the
> >network and go to a system running Windows 2003 IIS/SMTP. On top of
> >SMTP are the GFI MailSecurity and MailEssentials products. Once the
> >SMTP system allows the connection, the GFI products scan the message
> >for content (spam, viruses, etc.) and then forward it on to an
Exchange
> >2000 server. All outbound messages do the reverse. Up until now,
we've
> >had no problems to speak of.
> >
> >Out of the blue, I have experienced three companies (that I know of)
> >who have indicated they can no longer (could in 2004) send mail to
our
> >mail gateway; after a number of hours, they would receive a generic
> >NDR. Nothing (that I know of) was done on our end, but this is what
I
> >do know about the senders:
> >
> >#1) One company recently performed an upgrade of the firmware on
their
> >IronMail gateway.
> >#2) The other two companies use outsourced mail gateways - both use
the
> >same DNS provider as well.
> >
> >This problem creeped up the first week of January 2005 and after
hours
> >of reviewing log files (firewall, IIS/SMTP, GFI, etc.), I'm stumped
as
> >to how and/or why this is happening. The only log file that
registers
> >anything is the firewall log and it shows the tunnel to be in open
> >states of 1,000+ seconds each time with little to no data transfer
> >taking place. None of the other log files register anything relating
to
> >the sending IP/domains. The information I've been able to gather
from
> >GFI/Microsoft is that IIS/SMTP is the next log file in line for
> >registering (log file entry) the information. After that, GFI's
> >products kick into gear (and logs are written for both).
> >
> >To make matters worse, we can send them email without problems. We
> >don't do RDNS lookups, we don't block domains/IPs. I've re-created
the
> >SMTP policy. We haven't seen a drop in email; we still get tons of
> >email from all over the place (both good and bad senders).
> >
> >I'm at a total loss; CipherTrust (the makers of IronMail) Support
has
> >suggested that IIS/SMTP is severing the connection -- why wouldn't
the
> >SMTP log register this if it were true?
>
> Have you checked to see if you've been blacklisted? Or are you using
> an IP with no valid reverse DNS? Have you asked the sending
companies
> for the relevant log info on their end?
>
> We had one instance recently where a system was disconnecting us and
> the log message on our end looked like their spam gateway was
> determining us as spamming. Turned out their gateway returned the
> message because the destination mailbox was full, but it took a long
> distance call and time on the phone with their IT guy to straighten
it
> out.
>
> Jeff

On 3 Feb 2005 12:08:55 -0800, "AUGMAN70" <laughey@gmail.com> wrote:

>We are using a Netscreen 5XP firewall that listens on multiple IP
>addresses (designated ports per IP address) and forwards them off to
>designated IP addresses on the internal network. One such 'policy' is
>for SMTP (25). This policy allows all incoming traffic to enter the
>network and go to a system running Windows 2003 IIS/SMTP. On top of
>SMTP are the GFI MailSecurity and MailEssentials products. Once the
>SMTP system allows the connection, the GFI products scan the message
>for content (spam, viruses, etc.) and then forward it on to an Exchange
>2000 server. All outbound messages do the reverse. Up until now, we've
>had no problems to speak of.
>
>Out of the blue, I have experienced three companies (that I know of)
>who have indicated they can no longer (could in 2004) send mail to our
>mail gateway; after a number of hours, they would receive a generic
>NDR. Nothing (that I know of) was done on our end, but this is what I
>do know about the senders:
>
>#1) One company recently performed an upgrade of the firmware on their
>IronMail gateway.
>#2) The other two companies use outsourced mail gateways - both use the
>same DNS provider as well.
>
>This problem creeped up the first week of January 2005 and after hours
>of reviewing log files (firewall, IIS/SMTP, GFI, etc.), I'm stumped as
>to how and/or why this is happening. The only log file that registers
>anything is the firewall log and it shows the tunnel to be in open
>states of 1,000+ seconds each time with little to no data transfer
>taking place. None of the other log files register anything relating to
>the sending IP/domains. The information I've been able to gather from
>GFI/Microsoft is that IIS/SMTP is the next log file in line for
>registering (log file entry) the information. After that, GFI's
>products kick into gear (and logs are written for both).
>
>To make matters worse, we can send them email without problems. We
>don't do RDNS lookups, we don't block domains/IPs. I've re-created the
>SMTP policy. We haven't seen a drop in email; we still get tons of
>email from all over the place (both good and bad senders).
>
>I'm at a total loss; CipherTrust (the makers of IronMail) Support has
>suggested that IIS/SMTP is severing the connection -- why wouldn't the
>SMTP log register this if it were true?