Solved

Mail Netgear log using IIS SMTP service

Posted on 2003-11-10
11
2,219 Views
Last Modified: 2012-08-13
I'm running a Netgear firewall router FVS318 to connect a small LAN via DSL to the internet. This router offers a feature to send the logfile every hour/day to a specified mail address. Because my ISP's SMTP server needs authentication and the Netgear router is not able to send ESMTP I want to use a local Windows 2000 server with enabled SMTP service as SMTP server.

I've configured the router with IP 10.1.2.18 and the SMTP server with IP 10.1.2.3. When I use blat.exe to send an email it will be delivered successful. But when the router tries to send a mail it won't be delivered. I even can't find this mail in any of the c:\inetpub\mailroot subfolders. In the IIS logfile the following lines do appear for each attempt of the router to send a mail:

10.1.2.18, FVS318, 16:40:06, SMTPSVC1, SRVAPP01, 10.1.2.3, 0, 30, 47, 250, 0, HELO, -, +FVS318.xxx.domain.com,
10.1.2.18, FVS318, 16:40:06, SMTPSVC1, SRVAPP01, 10.1.2.3, 10, 32, 45, 250, 0, MAIL, -, +FROM:<user@domain.com>,
10.1.2.18, FVS318, 16:40:06, SMTPSVC1, SRVAPP01, 10.1.2.3, 0, 30, 33, 250, 0, RCPT, -, +TO:<user@domain.com>,
10.1.2.18, FVS318, 16:41:08, SMTPSVC1, SRVAPP01, 10.1.2.3, 61789, 30, 33, 240, 61839, QUIT, -, FVS318.xxx.domain.com

Please help me to find the proper configuration for IIS SMTP service!
0
Comment
Question by:ghana
  • 6
  • 4
11 Comments
 
LVL 5

Expert Comment

by:vtobusman
ID: 9716512
 Ok   try reading this link
http://forums.devshed.com/archive/16/2003/6/3/64728

 see if that helps....
but i would install CDONTS on the server  try this link
for info and help installing and for the download of cdonts

http://www.webwizguide.info/asp/tutorials/email_using_cdonts_tutorial.asp

 Good Luck
0
 
LVL 11

Author Comment

by:ghana
ID: 9716971
vtobusman, thanks for your reply. The suggestions made in the devshed forum were already done in my installation. The SMTP server is working with other applications and even with another Netgear router (FR114P). But it won't send messages created by Netgear FVS318. I've installed a freeware mail server (MailEnable) on another server: Using this mail server all is working as expected. But I'm not able to find out why FVS318 isn't able to send mails via Microsoft SMTP service. Any ideas?

I've never heard about CDONTS. This seems to be a tool that allows users browsing on my IIS to send emails. Is that right? If yes then it doesn't seem to be the thing I'm looking for.
0
 
LVL 5

Expert Comment

by:vtobusman
ID: 9717489
cdonts lets you specify the domain the mail is comming from so the e-mail server doesnt reject and yes it is used with websites mostly because windows smtp service is not a full blown e-mail server ..

  here try this instead...

http://kbserver.netgear.com/kb_web_files/n100603.asp

 and then this
 
 Cannot Send or Receive Email

This may happen if your Internet connection uses dynamic DNS. Change the email application to use a fully qualified domain name for the login. A fully qualified name is composed of both the host and domain.

Correct: yourusername.aol.com

Incorrect: yourusername

The correct fully qualified name can also be derived by putting your router's username and domain name together as they appear on the router's setup screens. E.g., if username = sueandfred, and domain name = aol.com, then the fully qualified name = sueandfred.aol.com. (Note the dot between the username and domain.)

  i found both on NETGEAR's Site  it might help...

0
 
LVL 11

Author Comment

by:ghana
ID: 9718431
I've tried your suggestions (MTU size, FQDN names...) but unfortunately it didn't solve the problem. I also upgraded the router's firmware to latest version 2.1 but the behaviour doesn't change. If I send the logfile from Netgear FVS318 it will appear a session in Internet Information Manager for 60 seconds. Then the session will disappear. The mail seems neither get dropped nor moved to badmail folder. It's so frustrating....
0
 
LVL 5

Expert Comment

by:vtobusman
ID: 9718540
are the to and from the same name ??


10.1.2.18, FVS318, 16:40:06, SMTPSVC1, SRVAPP01, 10.1.2.3, 10, 32, 45, 250, 0, MAIL, -, +FROM:<user@domain.com>,   <-----------


10.1.2.18, FVS318, 16:40:06, SMTPSVC1, SRVAPP01, 10.1.2.3, 0, 30, 33, 250, 0, RCPT, -, +TO:<user@domain.com>, <-----------  

 is fo try making one different.
also have you tried setting up your own e-mail server ?? as i said B4  iis smtp service is not and e-mail server its just an smtp transport service.. it needs some kind of script to tell it what to do ( I.E. Blatt, Cdonets, ect... )

try installing a mail server like "MDAEMON" and see if it works then...
 http://altn.com
 or another good one is GSM Mail server located at
http://www.gordano.com/technology/mail.htm

  Good Luck..
   


0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 11

Author Comment

by:ghana
ID: 9720551
Yes the to and from are the same name. It isn't able to change that because the router only offers to specify the recipient address and uses the same address as sender too.

I've already tried to install another mail server for testing: MailEnable is a freeware SMTP server and with this server all is working well. But for the live server this is not an option. In addition I want to know, what is the problem in this case. The IIS SMTP server is working well with another router that has a fixed IP address and is routing between 2 local subnets. Because of that I assume there is something wrong with the domain settings, DNS entries or something like that. But I'm not familiar with troubleshooting mail issues.


Here are the log entries in IIS SMTP log. This is the result for the FR114P router, which is working well:

#Fields: date time c-ip cs-username s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query sc-status
2003-11-11 06:08:14 10.1.2.253 ita.net SMTPSVC1 SRVMAIL 10.1.2.3 HELO - +ita.net 250
2003-11-11 06:08:14 10.1.2.253 ita.net SMTPSVC1 SRVMAIL 10.1.2.3 MAIL - +FROM:+<ms@ita.net> 250
2003-11-11 06:08:14 10.1.2.253 ita.net SMTPSVC1 SRVMAIL 10.1.2.3 RCPT - +TO:+<ms@ita.net> 250
2003-11-11 06:08:14 10.1.2.253 ita.net SMTPSVC1 SRVMAIL 10.1.2.3 DATA - <SRVMAILGKssHZAkKMo00000001@SRVMAIL.sta.ita.net> 250
2003-11-11 06:08:14 10.1.2.253 ita.net SMTPSVC1 SRVMAIL 10.1.2.3 QUIT - ita.net 240
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 220+kundenserver.de+ESMTP+Tue,+11+Nov+2003+07:08:15++0100 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionCommand SMTPSVC1 SRVMAIL - EHLO - SRVMAIL.sta.ita.net 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 250-mxng09.kundenserver.de+Hello+SRVMAIL.sta.ita.net+[80.128.22.18] 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionCommand SMTPSVC1 SRVMAIL - MAIL - FROM:<ms@ita.net>+SIZE=740 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 250+<ms@ita.net>+is+syntactically+correct 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionCommand SMTPSVC1 SRVMAIL - RCPT - TO:<ms@ita.net> 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 250+<ms@ita.net>+verified 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionCommand SMTPSVC1 SRVMAIL - DATA - - 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 354+Enter+message,+ending+with+"."+on+a+line+by+itself 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 250+OK+id=1AJRhH-0005sX-00 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionCommand SMTPSVC1 SRVMAIL - QUIT - - 0
2003-11-11 06:08:14 212.227.126.159 OutboundConnectionResponse SMTPSVC1 SRVMAIL - - - 221+mxng09.kundenserver.de+closing+connection 0



And this is the result for the FVS318 which is not working:

#Fields: date time c-ip cs-username s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query sc-status
2003-11-11 07:25:18 10.1.2.18 FVS318 SMTPSVC1 SRVMAIL 10.1.2.3 HELO - +FVS318 250
2003-11-11 07:25:18 10.1.2.18 FVS318 SMTPSVC1 SRVMAIL 10.1.2.3 MAIL - +FROM:<ms@ita.net> 250
2003-11-11 07:25:18 10.1.2.18 FVS318 SMTPSVC1 SRVMAIL 10.1.2.3 RCPT - +TO:<ms@ita.net> 250
2003-11-11 07:26:19 10.1.2.18 FVS318 SMTPSVC1 SRVMAIL 10.1.2.3 QUIT - FVS318 240


I'm a little bit confused about the parameters in the HELO command: Why does the FR114P use "ita.net" (which is the target domain of the mail recipient) and the FVS318 does use "FVS318" (which is its own host name)?
Any ideas?
0
 
LVL 11

Author Comment

by:ghana
ID: 9725066
Okay, I've done a lot of investigation today. I've used Ethereal to analyze the network traffic between FVS318 (10.1.2.18) and Windows 2000 SMTP server (10.1.2.3):

No. Time       Source       Destination              Protocol Info
12 16:35:00  10.1.2.18    10.1.2.3     SMTP    Command: RCPT TO:<ms@fooo.de>
13 16:35:00  10.1.2.3      10.1.2.18   SMTP    Response: 250 2.1.5 ms@fooo.de
14 16:35:00  10.1.2.18    10.1.2.3     TCP      231 > smtp [ACK] Seq=33310083 Ack=1918093393 Win=1793 Len=0
15 16:36:02  10.1.2.18    10.1.2.3     TCP      231 > smtp [FIN, ACK] Seq=33310083 Ack=1918093393 Win=1793 Len=0

The FVS318 does not send the DATA command which should be send after ACK to the 250 reply code (line 14). Instead it will terminate the session 60 seconds later. The following lines show the traffic between FVS318 (10.1.2.18) and the MailEnable freeware SMTP server (10.1.2.5):

No. Time       Source       Destination             Protocol Info
14 17:36:06  10.1.2.18    10.1.2.5     SMTP    Command: RCPT TO:<ms@fooo.de>
15 17:36:06  10.1.2.5      10.1.2.18   SMTP    Response: 250 Requested mail action okay, completed
16 17:36:06  10.1.2.18    10.1.2.5     TCP       227 > smtp [ACK] Seq=36910079 Ack=161781 Win=1823 Len=0
17 17:36:06  10.1.2.18    10.1.2.5     SMTP    Command: DATA

In this case the DATA command is sent as expected. I assume the FVS318 is not compliant with SMTP RFC 2821 (http://ftp.rfc-editor.org/in-notes/rfc2821.txt) because it does not analyze the reply code only. It also seems to parse the following text string which is not RFC compliant in Windows 2000 SMTP server but in MailEnable. This could explain why mail will be successfully send with that server.

Am I right to claim that FVS318 and Windows 2000 SMTP server are both not RFC compliant regarding SMTP? That would mean these two components are incompatible - until Microsoft would offer a patch / Netgear would offer a firmware upgrade to make the systems RFC compliant...
0
 
LVL 5

Accepted Solution

by:
vtobusman earned 500 total points
ID: 9725697
 Thats correct from the microsoft standpoint i dont know if the FVS318  id rfc compliant...
the microsoft one becomes compliant with the install of exchange server... this adds features need to be compliant...

0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9745108
try allowing the router's internal IP relay ability on the SMTP VS.

D
0
 
LVL 11

Author Comment

by:ghana
ID: 9745622
Kidego, I'm not sure whether I really understand your comment (sorry). That's what I've already done: I did allow the internal subnet to relay messages on the SMTP server. The internal IP address of the router is part of this range. I'm quite sure that this is not a relay configuration problem because MS SMTP server answers with reply code 250 in line 13 (see above). That means it has accepted the connection and waits for the message body. Or am I wrong?
0
 
LVL 11

Author Comment

by:ghana
ID: 9951284
vtobusman, thanks for your help! In fact MS smtp service that comes with IIS 5.0 is not RFC compliant. So installing MS Exchange Server should also fix the problem. For people who are looking for a cheaper solution: Install MailEnable. It's a freeware SMTP server and it works very well. See the following URL for more information: http://www.mailenable.com/
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Problem: You created a new custom form in Outlook for your contacts (added fields, deleted fields, changed the layout of fields, whatever) and made it the default form for contacts. The good news is that all new contacts will utilize the new form. T…
Today, security is a big concern in an organization to prevent sensitive data leakage. In Outlook you can secure your Outlook items (emails, calendars, contacts and other stuff) using various techniques like by marking item as private, or you can pu…
The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Mailchimp.com Go to Mailchimp.com : Enter an Email, Username, and Password. Click Create My Acco…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now