Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Strange smtp handling

To: [email protected]
Subject: [FW-1] Strange smtp handling
From: Bourque Daniel <[email protected]>
Date: Sat, 5 Jul 2003 16:05:22 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

We are using an antivirus acting as a smtp relay server in the DMZ to act as
first level antivirus for our mail system.  We also use the mail security
server of Checkpoint to intercept all incoming smtp connection to this
server.

With 4.1, if for any reason there were a mail pile-up either in the FW or
the relay because of work being done on the upstrem server or a process
crashing on the fw (happen a lot when we were using CVP but not anymore), as
soon as communication were re-established with the internal server, mail
started to flow very rapidely, emtying the queue in the fw and the dmz smtp
relay.

Since replacing our 2 Sun with 4.1 with 2 Nokia with NG FP3, in 2 case where
we had mail pile-up because of a crashing fw, the mail flow restart but the
mail pile-up on the dmz relay has taken hours to empty. Normal mail flow is
ok but in those 2 cases, it was as if the smtp dmz server and the internal
Exchange server were not able to deliver message at full speed.  A first
sniffer trace doesn't show any problem at first glance (we use the smtp
security server between outside-dmz but not between dmz-inside)

It's really like there were a limit in the number of connection between the
2 servers.  We change the default smtp setting in the fw but the delay is
still there.

Since the 2 mail servers have not change and only the FW has, it seem that
there is a default setup that we haven't found yet.


Any idea?
Daniel Bourque

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Error: Peer sent wrong dn?
Next by Date: [FW-1] Tool to convet pix - netscreen configs to CP configs
Previous by thread: [FW-1] [SPAMSCORE] (hoog): [FW-1] AW: [FW-1] HFA's
Next by thread: [FW-1] Tool to convet pix - netscreen configs to CP configs
Index(es):
- Date
- Thread