Solved

Not receiving exteral email from anyone that does not belong to our internal network

Posted on 2007-03-20
11
290 Views
Last Modified: 2013-11-12
I am having the same problem as eptexascrazy, Except THey will kill me tommorow
I was not getting a backup with backup exec in grpwise since SP6 I followed novell  #$%$#**&^ s
patch  for the problem TSA5UP.exe.
I can send out, Send and receive within the network. BUT can't receive from the outside world.
NOw i cant even telnet in to dss.co.lake.ca.us (75.10.255.100). I have a couple hundred people that will ..... Oh well...
I have exactly the same problem as eptexascrazy
eptexascrazy wrote:
A couple of days ago our district stopped receiving email from anyone outside our network.  I can send within and outside, I can send from within our groupwise emails but we cannot receive from outside sources.  I have tried emailing myself from my other email accounts outside but nothing.  I have gone through our PIX and Gateway but nothing has changed.  At the GW server I have been having issues with the GW Internet Agent which continues to close.  I used to restart it and it would be good for a few days (had to also restart the PO Agent and Web Agent) then it got to the point where only a server restart would do the trick and now it is not working with any means so far.  On my Log this is a cut and paste of the typical error I keept receiving:

10-14-05 00:03:27 0  Queuing deferred message: GROUPWISE/DATA:\GRPWISE\DOMAIN\WPGATE\GWIA\send\s34e3e48.078

10-14-05 00:03:27 7  DMN: MSG 36557 Send Failure: 450 Host down (domain.net)

10-14-05 00:03:57 0  Queuing deferred message: GROUPWISE/DATA:\GRPWISE\DOMAIN\WPGATE\GWIA\send\s34e768a.099

10-14-05 00:03:57 0  MSG 36558 Analyzing result file: GROUPWISE/DATA:\GRPWISE\DOMAIN\WPGATE\GWIA\result\r34e3e48.078

10-14-05 00:03:57 0  MSG 36558 Detected error on SMTP command

10-14-05 00:03:57 0  MSG 36558  Command:  domain.net

10-14-05 00:03:57 0  MSG 36558  Response: 450 Host down (domain.net)

10-14-05 00:03:57 7  DMN: MSG 36559 Send Failure: 450 Host down (domain.net)

10-14-05 00:04:27 0  MSG 36560 Analyzing result file: GROUPWISE/DATA:\GRPWISE\DOMAIN\WPGATE\GWIA\result\r34e768a.099

10-14-05 00:04:27 0  MSG 36560 Detected error on SMTP command

10-14-05 00:04:27 0  MSG 36560  Command:  domain.net

10-14-05 00:04:27 0  MSG 36560  Response: 450 Host down (domain.net)

I have posted on the Novell Groupwise forums but I have not received any responses.  I am offering TOP point value so please, please HELP!!!!!!!


Authored by: eptexascrazy
0
Comment
Question by:shawn_flynn
11 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18761279
Can't help you with the Groupwise stuff, but I would be glad to take a look at your PIX config to see if I can find anything there that could be the culprit...
0
 

Author Comment

by:shawn_flynn
ID: 18761328
i pretty sure its groupwise, like cause and effect. Like i added the %&^%$$ files from Novell in to the correct dir and subs. then no outside email. I guess i will have to go back find the files i added and replace them with old one, which of course i don't have backed up. But I do have a couple other mail servers set up the same way..
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 500 total points
ID: 18761423
What would be helpful is if you would post back with the VERSION and SP of GroupWise.  The problem you describe occurs for various reasons and the fix may be different depending on the version.

Also helpful would be to know a tad about how you've got it physically configured.  Is it one of the following, or something different?

1) GWIA on the same NetWare server as the MTA and POA, with only one NIC in the server and the firewall/router doing a NAT of the public IP to the private NIC IP, with packet filter exceptions for port 25 and 53,

2) GWIA on the same server as the MTA and POA, but with a second NIC in the server for public access, either NATted or actually with a public IP (say which)

3)  GWIA on a separate server from the MTA and POA, possibly with the GWWA web service as well, inside the firewall but not in a DMZ, with one NIC for both private and public access, or one for private and one for public (say which)

4) GWIA/GWWA on a separate server in its own GroupWise domain, in the DMZ, with an MTA to MTA link the only access between the primary GW domain and this public-facing secondary domain.

After answering what your physical configuration is like, then we have to look at 1) your public domain entries and name/address resolution, specifically the MX record and the mail host domain name, 2) your GWIA's configuration re: hostname, your GroupWise server's resolver configuration, perhaps the SYS:/etc/hosts file, and maybe a couple of other things, depending on the version/sp of GroupWise you have.

If you post back anything with addresses or names, feel free to mask them to maintain your privacy, but please stay consistent - if it's a public DNS name, for example, always call it "mail.mycompany.com" every time.  If you use 10.10.10.10 for (one of) your public IP address(es), always use 10.10.10.10 for that address, and so on.   Thanks.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:shawn_flynn
ID: 18761586
Ok lets go.. Had to take a walk...
I am running netware/ grpwise  6.5 all the 'stuff' gwia, poa,webacc, mta is running on the same server, with one nic. as far as the mx I am part of the county of lake, co.lake.ca.us they hold the mx records. I have the server behind sonicwall. I runs in its own "DMZ" I am not too sure about resolver.. thats the DNS? I figure the dss.co.lake.ca.us is public record. Inside we have a world of routers, with heavy state security. So we have a division of labor.
This one's kicking me though...
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 18761803
Can you send out but not receive in, or is it outbound that fails but inbound's OK, or no internet comm at all?

The particular error eptexascrazy posted is an outbound error, not an inbound error.  However, have you examined your GWIA message folders for the offending message(s) to find who they're from or to?

If GWIA is not configured to send response messages with a FROM: of Postmaster, or if Mailer-Daemon isn't set us as an alias for Postmaster, GWIA can get into a message loop if someone sends something from the outside to Mailer-Daemon and it's not deliverable.  That's one thing to check.  See TID# 10056642 in the Novell KB for more info on that.

If you don't have a ROUTE.CFG configured, since you're most-likely behind a NAT firewall, it's also possible you're not able to route a message from GWIA to an internal address, potentially also causing a message loop.  If I remember right (it's been a while) you'd put the host name that the MX record points to in the route.cfg, but your server's private IP address.  That way, internal messages to mail@yourdomain.com would go to the GWIA directly instead of out and then back in.

Another possibility is that somewhere in your county's public network setup you've got an "intelligent mail host" like a spam filter or a store-and-forward mail host, rather than your GWIA going directly to the Internet.  In such case, your GWIA config should be using the "/mh" (mail host) switch, to point outgoing mail to the mail relay.  If that mail host is a) unreachable or b) they changed the name or c) the /MH is otherwise wrong, you'll get a 450 host down on outbound messages too.  Make sure if the mailhost option is set, it's pointing at a valid, reachable mail host, and the host name is resolvable by the server.

That's the other part of the picture - make sure whatever mail server address is failing is reachable and resolveable.  If it's not in DNS but you know the host name and IP address, adding it to your server's SYS:/etc/hosts might fix it...
0
 

Author Comment

by:shawn_flynn
ID: 18766211
Shineon:
Sorry for your efforts… This is what happened: I panicked.
I have a dozen servers. I had forgotten that I had move a new server into a DMZ to handle the internet stuff.
I applied a patch for problems I was having with Backup Exec on my post office server.
I then restarted the server. No gwia. So I started the gwia. Now, unknown to myself  I have two running! The one which should be running gwia started abending, 'course since I forgot about it, I never looked at it..
After reading shineons suggestions, I started to realize that my problem was more connection orientated. Since I could telnet inside the building to port 25 but not outside
When I got to work today, (more calm) I looked at firewall configuration and and saw I had the internet traffic pointing to another server! I could have hit myself in the head! I suddenly remembered setting up the server to handle internet traffic and placing it in a DMZ!
So I turned off the gwia running on the post office server. Restarted the gwia on the DMZ server, and now all is well in Social Services. Lesson learned. And I thank you for the calming influence.
Shawn
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20286802
Forced accept.

Computer101
EE Admin
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
ping results - mixed 5 42
RST ACK question 4 49
hp laptop wireless issue 19 60
pfSense IP Helper 4 89
Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now