[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Messages getting stuck in SMTP security server spool?
Good $daytime,
I have rather strange symptom with 4.1 Build 41814 (Solaris 7).
There is _exactly one_ external user whose mail is orbiting within
FW-1 for many hours before it gets through. Here are the facts:
External user is sending similar emails every so often to our users.
At some point, recipients have noticed one-day delivery delays not
seen before.
Nothing has been done to firewall within time frame between last good
and first delayed message.
All messages from the user are affected.
Examined logs (about 6 months back) show no such events. All other
messages are also going through well during an event.
Message lives in $FWDIR/CPfw1-41/spool/Rnnnnnnnn, for no apparent
reason. It differs from all others in that it has a duplicate spool
header. Example is included below, slightly obfuscated.
Delivery delay varies from 19 to 30 hours.
At some random moment message gets delivered to its destination.
Message is checked by the CVP server just before sending to internal
SMTP gateway (172.16.15.14). Message is marked OK by the CVP server.
There are no open TCP connections related to the message in question
all the time.
Relevant FW-1 rule says:
Any 172.16.15.14 smtp->CVP-inbound accept Long Gateways Any
Value of resend_period in $FWDIR/conf/smtp.conf is 600.
http://www.phoneboy.com/faq/0418.html had no effect.
Neither of FW-1, firewall host, or CVP server restart attempts had any
effect.
Otherwise swift, this time my support contract gurus weren't of any
help, either.
Any ideas? Further questions are welcome.
Thanks in advance.
Regards,
Willy.
--
No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov
Shall bring us to our goal, | Control Systems and Processes Division
But iron sacrifice | LUKOIL Company, Chelyabinsk Branch
Of Body, Will and Soul. | [email protected] +7 3512 620367
R.Kipling | VVF1-RIPE
AV_SETTING: cure
AV_IPADDR: 172.16.17.18
AV_PORT: 18181
AV_HEADERS: 0
COMPOUND: 1
SRC: 10.11.12.13
SPORT: 4635
DST: 172.16.15.14
DPORT: 25
ERR_SERVER: 172.16.15.14
RULE: 7
RULEACT: 0
ERRMAIL: 0
ACCT: 0
LOG_OK: MDQ_LOG
LOG_BAD: MDQ_ALERT
LOG_ERR: MDQ_ALERT
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
DATA
Received: by Exchange.sender.example.com with Internet Mail Service (5.5.2653.19)
id <VQ0ZRNGW>; Fri, 2 Nov 2001 10:16:04 +0500
Message-ID: <AAE21A4ACA17D511953800D0B746BBDD900DC7@Exchange>
From: =?koi8-r?Q?=F3=D5=CB=CD=C1=CE=CF=D7=C1_=F4=2E=E7=2E?=
<[email protected]>
To: =?koi8-r?Q?=EC-=FE=E5=EC=F1=E2=EE=E5=E6=F4=E5=F0=F2=EF=E4=F5=EB=F4?=
<[email protected]>, =?koi8-r?Q?=EC-=FE=E5=EC=F1=E2=EE=E5=E6=F4?=
=?koi8-r?Q?=E5=F0=F2=EF=E4=F5=EB=F4?= <[email protected]>
Subject: =?koi8-r?Q?=F0=E5=F2=ED=F8?=
Date: Fri, 2 Nov 2001 10:16:03 +0500
Importance: high
X-Priority: 1
Return-Receipt-To: =?koi8-r?Q?=F3=D5=CB=CD=C1=CE=CF=D7=C1_=F4=2E=E7=2E?=
<[email protected]>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01C1635D.77E21C60"
.
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
DATA
Received: by Exchange.sender.example.com with Internet Mail Service (5.5.2653.19)
id <VQ0ZRNGW>; Fri, 2 Nov 2001 10:16:04 +0500
Message-ID: <AAE21A4ACA17D511953800D0B746BBDD900DC7@Exchange>
From: =?koi8-r?Q?=F3=D5=CB=CD=C1=CE=CF=D7=C1_=F4=2E=E7=2E?=
<[email protected]>
To: =?koi8-r?Q?=EC-=FE=E5=EC=F1=E2=EE=E5=E6=F4=E5=F0=F2=EF=E4=F5=EB=F4?=
<[email protected]>, =?koi8-r?Q?=EC-=FE=E5=EC=F1=E2=EE=E5=E6=F4?=
=?koi8-r?Q?=E5=F0=F2=EF=E4=F5=EB=F4?= <[email protected]>
Subject: =?koi8-r?Q?=F0=E5=F2=ED=F8?=
Date: Fri, 2 Nov 2001 10:16:03 +0500
Importance: high
X-Priority: 1
Return-Receipt-To: =?koi8-r?Q?=F3=D5=CB=CD=C1=CE=CF=D7=C1_=F4=2E=E7=2E?=
<[email protected]>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01C1635D.77E21C60"
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--- 8< --- <the rest of the message body is skipped - Willy> --- 8< ---
