AW: [FW1] SMTP troubles with FW-1, eSafe and a Notes SMTP Relay

To: 'GARCIA Frédéric' <[email protected]>, [email protected]

Subject: AW: [FW1] SMTP troubles with FW-1, eSafe and a Notes SMTP Relay

From: "Sommerfeld, Frank" <[email protected]>

Date: Mon, 12 Feb 2001 21:48:47 +0100

hi fred i´ve got the same prob with trendmicros firewall the problem is the sendmail deamon from checkpoints firewall. it makes a dns name resolution of the mail-server. but it asks only the first mx server (the one with the highest priority). if this server is not available, it will not send the email and tries to resend it every x-minutes (belongs to the configuration for f/w1, configuration tool). therefore i added an additional smtp server which should be the default smtp-server (tab "smtp-security server") in the firewall-configuration. here are the rules which i added to the rule-base (priv_dmz_tmvw is the place where i had installed the smtp-server): - priv_dmz2_tmvw, pub_dnsservers, dns, allow - any, priv_dmz2_tmvw, smtp, allow - priv_dmz2_tmvw, any, smtp, allow - any, pub_intra_mail, smtp->ZR_TMVW_SMTP,allow - priv_intra_mail, any, smtp->ZR_TMVW_SMTP,allow the way of the inbound mail is now: sender-smtp-server -> f/w -> secuity server -> f/w -> new smtp-server -> f/w -> internal smtp-server outbound mails internal smtp-server -> f/w1 -> security server -> f/w -> new smtp-server -> receiver-smtp-server hope this helps frank -----Ursprüngliche Nachricht----- Von: GARCIA Frédéric [mailto:[email protected]] Gesendet: Montag, 12. Februar 2001 20:24 An: [email protected] Betreff: [FW1] SMTP troubles with FW-1, eSafe and a Notes SMTP Relay Hi guys (and girls maybe ) :-) I'am running Fw-1 4.1 SP2 on NT for 5 months with a MZ server (eSafe, Webense and SMTP gateway on it). But i encountered a problem with the SMTP traffic. It seems like sometimes mails increase in the $FWDIR\Spool directory and are not send correclty to the SMTP gateway. In the logviewer all seems right, i can see that the messages are accepted and scanned by eSafe CVP server (if they contain attachments), but after that it's like some mail sessions were frozen in the Notes MTA gateway. When i edit some files on the $FWDIR\Spool directory i can see a header added by FW-1. I would like to know more about the SMTP process, from Internet to Firewall to eSafe and finallly to a MTA agent ... If you have any information about that or something which may help, please let me know ... somedays i've 350 mails waiting in the spool directory. I'am sending this through my personnal mailbox. :) Thanks and Regards. Fred. ..................... Scanned by Trend Micro Viruswall Verion 3.4 ..............................

hi fred

i´ve got the same prob with trendmicros firewall

the problem is the sendmail deamon from checkpoints firewall. it makes a dns name resolution of the mail-server. but it asks only the first mx server (the one with the highest priority). if this server is not available, it will not send the email and tries to resend it every x-minutes (belongs to the configuration for f/w1, configuration tool). therefore i added an additional smtp server which should be the default smtp-server (tab "smtp-security server") in the firewall-configuration. here are the rules which i added to the rule-base (priv_dmz_tmvw is the place where i had installed the smtp-server):

- priv_dmz2_tmvw, pub_dnsservers, dns, allow
- any, priv_dmz2_tmvw, smtp, allow
- priv_dmz2_tmvw, any, smtp, allow
- any, pub_intra_mail, smtp->ZR_TMVW_SMTP,allow
- priv_intra_mail, any, smtp->ZR_TMVW_SMTP,allow

the way of the inbound mail is now:

sender-smtp-server -> f/w -> secuity server -> f/w -> new smtp-server -> f/w -> internal smtp-server

outbound mails

internal smtp-server -> f/w1 -> security server -> f/w -> new smtp-server -> receiver-smtp-server

hope this helps

frank

-----Ursprüngliche Nachricht-----
Von: GARCIA Frédéric [mailto:[email protected]]
Gesendet: Montag, 12. Februar 2001 20:24
An: [email protected]
Betreff: [FW1] SMTP troubles with FW-1, eSafe and a Notes SMTP Relay

Hi guys (and girls maybe ) :-)

I'am running Fw-1 4.1 SP2 on NT for 5 months with a MZ server (eSafe, Webense and SMTP gateway on it).

But i encountered a problem with the SMTP traffic.

It seems like sometimes mails increase in the $FWDIR\Spool directory and are not send correclty to the SMTP gateway.

In the logviewer all seems right, i can see that the messages are accepted and scanned by eSafe CVP server (if they contain attachments), but after that it's like some mail sessions were frozen in the Notes MTA gateway.

When i edit some files on the $FWDIR\Spool directory i can see a header added by FW-1.

I would like to know more about the SMTP process, from Internet to Firewall to eSafe and finallly to a MTA agent ...

If you have any information about that or something which may help, please let me know ... somedays i've 350 mails waiting in the spool directory.

I'am sending this through my personnal mailbox. :)

Thanks and Regards.

Fred.