2 issues, Outbound mail not leaving domain, SonicWall Firewall constantly dropping UDP packets
Posted on 2008-11-12
We are running an environment with Microsoft Exchange 2003. We can send mail to each other, but mail sent outbound of the office is being rejected. Here is the error message generated by Exchange:
The message cannot be delivered due to a configuration error on the server. Please contact your Administrator.
<mail.xxxxxx.org #5.3.0 smtp;553 5.3.0 <email@example.com>... Access Denied_due to spamming>
For a week or so, the problem was alleviated by by power-cycling the SonicWall TZ-170 Appliance that we use as our Firewall. Our Public IP Address that is provided by AT&T starts at the SonicWall and specific ports are forwarded to our internal server. (standard practice I imagine). The problem has returned, but now, I cannot allievate the problem by power-cycling the equipment anymore.
Here is what I've tested:
- I've called AT&T to make sure that they aren't blocking our email due to spamming. The technician on the other end verified that there wasn't an issue with our ISP.
- I plugged my laptop in directly to the T-1 gateway and configured my outgoing mail server settings to match what the ISP required to send out mail and EVERYTHING went out no problem.
- I powercycled both the servers and the sonicwall appliance. For a week or so, that resolved the problem.
I've reviewed the firewall logs and it also looks like some bastards in India are trying to port-scan their way into our network. I'm not sure if the Sonicwall is being overwhelmed with this information and is freezing up... I would gather it isn't freezing the Sonicwall, otherwise why could we still connect with the VPN clients to the device and send/recieve internet traffic through the device. Here is a clip from the SonicWall Log:
11/12/2008 16:33:54.096 UDP packet dropped 22.214.171.124, 52685, WAN 126.96.36.199, 53, WAN
11/12/2008 16:32:16.320 UDP packet dropped 188.8.131.52, 38814, WAN 184.108.40.206, 53, WAN
11/12/2008 16:31:05.544 UDP packet dropped 220.127.116.11, 51565, WAN 18.104.22.168, 53, WAN
11/12/2008 16:27:28.752 UDP packet dropped 22.214.171.124, 38814, WAN 126.96.36.199, 53, WAN
11/12/2008 16:25:54.064 UDP packet dropped 188.8.131.52, 38811, WAN 184.108.40.206, 53, WAN
11/12/2008 16:23:58.224 UDP packet dropped 220.127.116.11, 49107, WAN 18.104.22.168, 53, WAN
Any and all help in resolving this would be appreciated. I'm a basic administrator for Exchange, Definately not an expert.