Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Not receiving emails from some domains

Posted on 2008-11-09
5
Medium Priority
?
1,352 Views
Last Modified: 2013-11-16
Hello experts, I'm experiencing problems receiving emails from certain domains.  I'm using a Symantec Gateway Security 1600 appliance and GFI mail essentials 14 for spam filtering on the exchange.

Here is what is happening:
I'm almost positive that is not GFI causing the problems and I'm guessing is the firewall, I've added the senders ip address and email address to the whitelist.  If I monitor the GFI dashboard I don't see the emails from this senders so this tells me that is the email does not get to the GFI gateway for scanning at all....  looking at the exchange smtp virtual server logs I get the following for one of the senders:

2008-11-10 05:51:04 63.251.135.115 ccm09.constantcontact.com SMTPSVC1 KRA-MAIL 172.16.1.7 0 240 60032 319 30 SMTP -
2008-11-10 05:47:55 63.251.135.109 ccm08.constantcontact.com SMTPSVC1 KRA-MAIL 172.16.1.7 0 240 60062 319 30 SMTP -
2008-11-10 05:41:46 63.251.135.75 ccm00.constantcontact.com SMTPSVC1 KRA-MAIL 172.16.1.7 0 240 60031 318 30 SMTP -

Now, for another sender I don't show anything on the smtp virtual server logs but I do see it on the Symantec gateway logs.  Here is what I get:
Time:            Nov 10, 2008 12:51:07.520 AM EST
Type:            Informational
Classification:      Access allowed
Event:            Connection completed
Component:      smtpd
Process ID:      1309
Source:            216.54.20.221:53945
Destination:      
Rule:      
Details:      Connection completed, Source IP=216.54.20.221, Source Port=53945, Detail=Call startup failure, Protocol=smtp, Duration=0.57501, ID=anS5p, Received=38, Bytes=38

--------------------------------------------------------------------------------

All other incomming emails are working but I'm afraid I'll start seeing more email problems.  I've try changing the MTU setting from 1500 to 1400 but nothing.

Thanks for your help.
0
Comment
Question by:rogelio36
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:DMTechGrooup
ID: 22919499
Can you get the SMTP logs from the other side?
0
 

Author Comment

by:rogelio36
ID: 22919536
Some one emailed me the NDR, see below.
Reporting-MTA: dns; xxxx.domainname.com
Arrival-Date: Thu, 30 Oct 2008 08:52:12 -0500

Final-Recipient: RFC822; name@domain.com
Action: failed
Status: 4.4.7
Remote-MTA: DNS; xxx.domain.com
Diagnostic-Code: SMTP;
Last-Attempt-Date: Tue, 4 Nov 2008 08:10:45 -0500
0
 
LVL 24

Accepted Solution

by:
DMTechGrooup earned 1500 total points
ID: 22923182
Well it doesn't appear to be a reverse DNS issue..

I would bet from reading a bunch of other threads that the problem is on their end.  Like in the example above PP1.norfolk.gov does not have an A record..  It could be trying to do a reverse DNS and it's not set so your setup drops it.  You would really need to test from the end where the problem is.. You might have to setup logging on the Symantec to a SYSLOG to really get the clear picture..

http://www.experts-exchange.com/simpleSearch.jsp?q=4.4.7&sfZoneID=0&searchSubmit=1&cid=322&gSearch=0

RESULT: kra-mail.kra.com
Banner: kra-mail.kra.com ESMTP [47 ms]  
Connect Time: 0.047 seconds - Good
Transaction Time: 0.297 seconds - Good
Relay Check: OK - This server is not an open relay.
Rev DNS Check: OK - 207.188.202.86 resolves to kra-mail.kra.com
GeoCode Info: Geocoding server is unavailable
Session Transcript: HELO please-read-policy.mxtoolbox.com
250 kra-mail.kra.com talking to mxtb-pws1.mxtoolbox.com ([64.20.227.131]) [62 ms]
MAIL FROM: <test@mxtoolbox.com>
250 2.1.0 test@mxtoolbox.com....Sender OK [47 ms]
RCPT TO: <test@mxtoolbox.com>
550 5.7.1 Unable to relay for test@mxtoolbox.com [47 ms]
QUIT
221 2.0.0 kra-mail.kra.com [47 ms]
 

0
 
LVL 2

Expert Comment

by:stagira
ID: 23055250
Hi,

try to pass your domain into the tool http://www.zonecheck.fr/demo/, just to see if all is correct.

choose english as language, description, continue after fail, show all.

BUT a well configured MTA must have:

MX zone pointing to a record wich is a A record.

Example of zonecheck for my domain:

Progress

    * Testing: illegal symbols in domain name
    * Testing: dash ('-') at start or beginning of domain name
    * Testing: double dash in domain name
    * Testing: one nameserver for the domain
    * Testing: at least two nameservers for the domain
    * Testing: identical addresses
    * Testing: nameserver addresses are likely to be all on the same subnet
    * Testing: nameservers belong all to the same AS
    * Testing: delegation response fit in a 512 byte UDP packet
    * Testing: delegation response with additional fit in a 512 byte UDP packet
    * Testing: address in a private network (NS=ns0.xname.org.)
    * Testing: address in a private network (NS=ns1.xname.org.)
    * Testing: address shouldn't be part of a bogon prefix (NS=ns0.xname.org.)
    * Testing: address shouldn't be part of a bogon prefix (NS=ns1.xname.org.)
    * Testing: ICMP answer (IP=195.234.42.1)
    * Testing: ICMP answer (IP=87.98.164.164)
    * Testing: UDP connectivity (IP=195.234.42.1)
    * Testing: UDP connectivity (IP=87.98.164.164)
    * Testing: TCP connectivity (IP=195.234.42.1)
    * Testing: TCP connectivity (IP=87.98.164.164)
    * Testing: behaviour against AAAA query (IP=87.98.164.164)
    * Testing: SOA record present (IP=87.98.164.164)
    * Testing: SOA authoritative answer (IP=87.98.164.164)
    * Testing: given primary nameserver is primary (IP=87.98.164.164)
    * Testing: fully qualified master nameserver in SOA (IP=87.98.164.164)
    * Testing: illegal characters in SOA master nameserver (IP=87.98.164.164)
    * Testing: misused '@' characters in SOA contact name (IP=87.98.164.164)
    * Testing: behaviour against AAAA query (IP=195.234.42.1)
    * Testing: illegal characters in SOA contact name (IP=87.98.164.164)
    * Testing: serial number of the form YYYYMMDDnn (IP=87.98.164.164)
    * Testing: SOA 'expire' between 1W and 6W (IP=87.98.164.164)
    * Testing: SOA 'minimum' between 3M and 1W (IP=87.98.164.164)
    * Testing: SOA 'refresh' between 1H and 2D (IP=87.98.164.164)
    * Testing: SOA 'retry' between 15M and 1D (IP=87.98.164.164)
    * Testing: SOA 'retry' lower than 'refresh' (IP=87.98.164.164)
    * Testing: SOA 'expire' at least 7 times 'refresh' (IP=87.98.164.164)
    * Testing: SOA master is not an alias (IP=87.98.164.164)
    * Testing: SOA record present (IP=195.234.42.1)
    * Testing: SOA authoritative answer (IP=195.234.42.1)
    * Testing: coherence between SOA and ANY records (IP=87.98.164.164)
    * Testing: given primary nameserver is primary (IP=195.234.42.1)
    * Testing: fully qualified master nameserver in SOA (IP=195.234.42.1)
    * Testing: illegal characters in SOA master nameserver (IP=195.234.42.1)
    * Testing: misused '@' characters in SOA contact name (IP=195.234.42.1)
    * Testing: illegal characters in SOA contact name (IP=195.234.42.1)
    * Testing: serial number of the form YYYYMMDDnn (IP=195.234.42.1)
    * Testing: SOA 'expire' between 1W and 6W (IP=195.234.42.1)
    * Testing: SOA 'minimum' between 3M and 1W (IP=195.234.42.1)
    * Testing: SOA 'refresh' between 1H and 2D (IP=195.234.42.1)
    * Testing: SOA 'retry' between 15M and 1D (IP=195.234.42.1)
    * Testing: SOA 'retry' lower than 'refresh' (IP=195.234.42.1)
    * Testing: SOA 'expire' at least 7 times 'refresh' (IP=195.234.42.1)
    * Testing: SOA master is not an alias (IP=195.234.42.1)
    * Testing: coherence between SOA and ANY records (IP=195.234.42.1)
    * Testing: coherence of serial number with primary nameserver (IP=87.98.164.164)
    * Testing: coherence of administrative contact with primary nameserver (IP=87.98.164.164)
    * Testing: coherence of serial number with primary nameserver (IP=195.234.42.1)
    * Testing: coherence of master with primary nameserver (IP=87.98.164.164)
    * Testing: coherence of SOA with primary nameserver (IP=87.98.164.164)
    * Testing: coherence of administrative contact with primary nameserver (IP=195.234.42.1)
    * Testing: NS record present (IP=87.98.164.164)
    * Testing: coherence of master with primary nameserver (IP=195.234.42.1)
    * Testing: coherence of SOA with primary nameserver (IP=195.234.42.1)
    * Testing: NS record present (IP=195.234.42.1)
    * Testing: NS authoritative answer (IP=87.98.164.164)
    * Testing: NS authoritative answer (IP=195.234.42.1)
    * Testing: correctness of given nameserver list (IP=87.98.164.164)
    * Testing: NS name has a valid domain/hostname syntax (IP=87.98.164.164)
    * Testing: correctness of given nameserver list (IP=195.234.42.1)
    * Testing: NS is not an alias (IP=87.98.164.164)
    * Testing: NS name has a valid domain/hostname syntax (IP=195.234.42.1)
    * Testing: NS is not an alias (IP=195.234.42.1)
    * Testing: coherence between NS and ANY records (IP=195.234.42.1)
    * Testing: coherence between NS and ANY records (IP=87.98.164.164)
    * Testing: NS can be resolved (IP=195.234.42.1)
    * Testing: NS can be resolved (IP=87.98.164.164)
    * Testing: nameserver IP reverse (IP=87.98.164.164)
    * Testing: nameserver IP reverse (IP=195.234.42.1)
    * Testing: nameserver IP reverse matching nameserver name (IP=87.98.164.164)
    * Testing: MX record present (IP=87.98.164.164)
    * Testing: nameserver IP reverse matching nameserver name (IP=195.234.42.1)
    * Testing: MX authoritative answer (IP=87.98.164.164)
    * Testing: MX record present (IP=195.234.42.1)
    * Testing: MX authoritative answer (IP=195.234.42.1)
    * Testing: MX syntax is valid for a hostname (IP=87.98.164.164)
    * Testing: MX is not an alias (IP=87.98.164.164)
    * Testing: MX syntax is valid for a hostname (IP=195.234.42.1)
    * Testing: MX is not an alias (IP=195.234.42.1)
    * Testing: absence of wildcard MX (IP=195.234.42.1)
    * Testing: absence of wildcard MX (IP=87.98.164.164)
    * Testing: MX can be resolved (IP=87.98.164.164)
    * Testing: MX can be resolved (IP=195.234.42.1)
    * Testing: coherence between MX and ANY records (IP=195.234.42.1)
    * Testing: coherence between MX and ANY records (IP=87.98.164.164)
    * Testing: check if server is really recursive (IP=195.234.42.1)
    * Testing: check if server is really recursive (IP=87.98.164.164)
    * Testing: domain able to receive email (delivery using MX, A, AAAA)
    * Testing: delegated domain is not an open relay
    * Testing: can deliver email to 'postmaster'
    * Testing: hostmaster MX is not an alias
    * Testing: domain of the hostmaster email is not an open relay
    * Testing: can deliver email to hostmaster

Test results
---- ok ----
0
 

Author Closing Comment

by:rogelio36
ID: 31514944
Hello, sorry for the late respose.  It turns out that the symantec firewall was checking for reverse dns, I had a hard time finding where to disable this option.

You lead me to the correct solution so I'm awarding you the points.

Thanks for your help.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month15 days, 1 hour left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question