Warning: The following message is gloom and
doom :)
I fought with the SMTP security server on
NT4 for months. Every service pack released seemed to bring promises of
"fixes to SMTP security server," but the behavior persisted. See if this
sounds familiar:
while
(youRunTheSMTPSecurityServer)
{
Things cruise along fine for <enter time
period here>. Suddenly, one day, someone calls and complains that they
aren't getting mail. You realize, "hey, haven't seen much activity on the
FW1 list for a while". Then you get that sick feeling again. You go
to the firewall and sure enough, the good Doctor is all over your console and
System event log. You stop the firewall, start the firewall, reboot,
fiddle with your external SMTP relay, fiddle with your internal SMTP relay,
fiddle with your MX records, reboot your internal relay, reboot your external
relay, monkey with the parameters on your SMTP resource, reboot again, etc.
etc. Then, you get so fed up that you finally go to lunch around
3:30pm. You come back, and everything has magically fixed
itself.
}
I never ever ever found a resolution to
this, nor could Checkpoint support provide an answer. Just a few days ago,
I had the distinct pleasure of encountering the exact same problem on a Nokia
box running 4.1SP2. The solution? Same as always: either sit around
and wait for it to fix itself, or switch to a simple SMTP accept rule with
static NAT.
Anyone out there who has fixed this problem
is strongly encouraged to be my hero by posting the answer to this nasty
problem. Checkpoint, this includes you!
I have a customer with FW1 version 4.0 and all of a sudden his secure
SMTP server is giving one after another Dr Watson error.
I can't imagine it's a license issue because they run an enterprise
(unlimited) FW1.
As the doc states: the FW.EXE restarts the SMTP secure server every time,
but I regret to see that after 20 DrWatsons or so the Firewall-1 Status shows
that the Firewall service stopped.
Any suggestions? Is this caused by bad messages? Too many
messages?
Are there any registry settings I could change to make the SMTP server
more robust so that it doesn't DrWatson anymore?
Thx,
Patrick Coomans
|