[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Communication problem between TrendMicro IMSS 7.0 and SendMail

Posted on 2007-10-15
13
Medium Priority
?
4,733 Views
Last Modified: 2013-12-18
We are using an Trendmicro IMSS 7.0 server to send & receive emails.
Ever since we have upgraded from version 6.0 we experience problems in sending out emails to "SendMail" mailservers. Apparently their is a new feature in these mailservers (Sendmail) that detects Ghost (Spamsending) computers according to the amount of mail that is send from a server and a specific communication speed. Trendmicro's IMSS 7.0 system is automatticaly seen as on of these Ghostmachines.
This means that if someone tries to send to a Sendmail server, this mailserver will reject the connection and after 8 hours, IMSS will generate an "Relay time-out" error message.
Does anyone have any idea in how to resolve this issue?
0
Comment
Question by:saphico
  • 6
  • 5
  • 2
13 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20078117
Can you post your sendmail.mc (this is used to create sendmail.cf)?
0
 

Author Comment

by:saphico
ID: 20099500
We don't have a Sendmail, but an Interscan Messeging Security (IMSS) of Trendmicro
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20100438
There are several features in sendmail used to reduce spam.  None of them are new to my knowledge.

I'm curious as to this statement, "Trendmicro's IMSS 7.0 system is automatticaly seen as on of these Ghostmachines."

Why would TrendMicro be singled out?
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 22

Expert Comment

by:robocat
ID: 20125786
IMSS 7.0 has very low timeouts during the HELO/MAIL FROM/RCPT phase. If the sendmail server doesn't respond within 30 seconds, IMSS terminates the connection. This can easily happen if sendmail is configured with blacklists or an anti-spam solution.

All timeouts in IMSS should be changed to at least 5 minutes to comply with the SMTP RFC.
0
 

Author Comment

by:saphico
ID: 20125899
so they are timeout to 5 min
0
 
LVL 22

Expert Comment

by:robocat
ID: 20126372
Sorry, are you saying that you changed the setting or that they already were set to 5 minutes ?

Make sure you also check all postfix timeouts.
0
 

Author Comment

by:saphico
ID: 20128985
It already was on 5 minutes
0
 

Author Comment

by:saphico
ID: 20128992
I contacted Trend Micro about this matter and they said that the solution is not on the IMSS side, but only on the side of SendMail. Apparrently when the SendMail adds the IMSS to the Whitelist, the problem is solved.
Does anyone have any experience with this?
0
 
LVL 22

Expert Comment

by:robocat
ID: 20129323
Good luck convincing the entire world to add your domain to their whitelists :-)

Anyway, Trend Micro is wrong, the problem is on the IMSS side. This can be proved by this network trace (names are changed to protect the innocent):

  1   0.00000 Imss_server.com -> sendmail_server.com SMTP C port=3345
  2   0.00009 sendmail_server.com -> Imss_server.com SMTP R port=3345
  3   0.00252 Imss_server.com -> sendmail_server.com SMTP C port=3345
  4   0.30081 sendmail_server.com -> Imss_server.com AUTH C port=55281
  5   0.00042 Imss_server.com -> sendmail_server.com AUTH R port=55281
  6   2.01409 sendmail_server.com -> Imss_server.com SMTP R port=3345 220 sendmail ESMTP ready
  7   0.00245 Imss_server.com -> sendmail_server.com SMTP C port=3345 EHLO sendmail_server.com
  8   0.00004 sendmail_server.com -> Imss_server.com SMTP R port=3345
  9   0.00044 sendmail_server.com -> Imss_server.com SMTP R port=3345 250-sendmail_server.com
 10   0.00261 Imss_server.com -> sendmail_server.com SMTP C port=3345 MAIL FROM:<Steven.Mu
 11   0.00003 sendmail_server.com -> Imss_server.com SMTP R port=3345
 12   0.00978 sendmail_server.com -> Imss_server.com SMTP R port=3345 250 2.1.0 <Steven.Mu
 13   0.00254 Imss_server.com -> sendmail_server.com SMTP C port=3345 RCPT TO:<stephan.ren
 14   0.04168 sendmail_server.com -> Imss_server.com SMTP R port=3345
 15  29.94610 Imss_server.com -> sendmail_server.com SMTP C port=3345 QUIT\r\n
 16   0.04399 sendmail_server.com -> Imss_server.com SMTP R port=3345
 17   5.01141 sendmail_server.com -> Imss_server.com SMTP R port=3345 250 2.1.5 <stephan.r
 18   0.00011 sendmail_server.com -> Imss_server.com SMTP R port=3345
 19   0.00462 Imss_server.com -> sendmail_server.com SMTP C port=3345
 20   0.00005 Imss_server.com -> sendmail_server.com SMTP C port=3345
 21   0.00031 sendmail_server.com -> Imss_server.com SMTP R port=3345

Notice line 15: after 29.9 seconds, the IMSS server sends a quit before the recipients are accepted (or rejected). This is the IMSS timeout and is always 30 secs. Sendmail does NOT terminate the connection.

Line 17 is the sendmail server accepting (code 250)  the recipients (after about 35 secs), but this is too late for IMSS.

Ask Trend Micro where exactly the 30 secs timeout can be changed and your problem will be solved.


0
 
LVL 22

Expert Comment

by:robocat
ID: 20151937
Can you check the postfix config on the IMSS server with these commands:

postconf smtp_rcpt_timeout
postconf  smtp_mail_timeout
postconf smtp_data_init_timeout
postconf smtp_data_xfer_timeout
postconf  smtp_data_done_timeout
postconf smtp_quit_timeout
postconf smtp_connect_timeout
postconf smtp_helo_timeout
0
 

Accepted Solution

by:
saphico earned 0 total points
ID: 20153768
I've received the following feedback from TrendMicro:

 Change the IdleWaitingSecond as follows:
- Go to &Program Files\Trend Micro\IMSS\ config folder.
- Open the tsmtpd.ini file with notepad.
- Search "IdleWaitingSecond=30" and change it to 60. Remove the "#" sign to enable it.
- Save the file and restart the IMSS SMTP/Scanner services.

 
 http://esupport.trendmicro.com/support/search.do?cmd=displayKC&docType=kc&externalId=PUB-en-1035704

I've already changed the IdleWaitingSecond into 90, but still no good communication.
What is de default setting for a SendMail?
0
 
LVL 22

Expert Comment

by:robocat
ID: 20154570
Sendmail has many timeout settings ranging from 300 secs to 1 hour.

For IMSS for Linux, the appropriate timeout seems to be the "smtp_rcpt_timeout" parameter. I don't know how this translates into IMSS for Windows, that uses an internal MTA.


0
 
LVL 22

Expert Comment

by:robocat
ID: 20154623
I found a different support document that seems to closely related:

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035149&id=EN-1035149

Try setting the IdleWaitingSecond  timeout to at least 300 secs.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month19 days, 19 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question