Sonicwall Connection RST

We are using Sonicwall NSA 220. We have both Linux based system and windows based systems. On the Linux based systems we are using thunderbird as email-client and on the windows based systems we are using outlook as email-client.

On the Linux side:
I am unable to send email using thunderbird. Firewall logs show:
11      09/20/2013 11:09:34.096      Debug      Network      TCP connection abort received; TCP connection dropped, 26569, X0 (admin)      mail-server:IP, 443, X1      TCP Flag(s): ACK RST

Download for emails is happening successfully without any problems.

When I use the firefox browser on the Linux box, The login goes through, however if I wish to send an email with attachment of 100KB or more, the connection times out. at the same time if I send a simple test-email, then the email goes through.

On the Windows side:
send/receive of emails using outlook as well as firefox/IE is going through without any errors.

Attempts to solve problem:
1. We had attempted to create a DMZ-zone a couple of days back, so to rule out any misconfiguration we have restored old Config from back as of 19-Aug.

Any suggestions on why this would be happening and if we can enable any addition logging to pin-point the problem.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You are doing two different things. Using a browser to send/receive mail through the Sonicwall does not involve the smtp protocol. Whereas Thunderbird does. Did you set up the mail server on the Sonicwall using the wizard, or manually, or not at all?

Did this ever work, or is the Sonicwall new?
sipl_aac00Author Commented:
Yes, you are right in stating that the send/recv function via Web-interface and via email-client make use of different ports.  The piece we are unable to decipher is how the problem is affecting only linux based system while same/similar operations are working for windows-based system.

Quick note:
Missed mentioning that our mail-server is hosted in Singapore, where as the problem is ocuring in our India office.

The setup was working till 10:00 AM on 18-Sep-2013.

other observations till date:
1. We have tried to do a "telnet" test for various port numbers under use, the connectivity is going through.
2. The timeout happens after 60 seconds.
3. No Selinux or iptables on the linux box.
4. We have asked ISP to check if any abnormalities are observed at his end.
5. If we install a data-card on a linux box, the send-recv works for both firefox/thunderbird. This is pushing us to believe that something seems to be broken at our end only and not at the mail-server end.
If I understand, the problem is that the linux server on you local lan can no longer send email, but any windows system can.

Assuming you can login to the linux server, send a test email as follows and post the result.

mail -v (use a real address)

This will print the entire sending transaction in verbose mode and will hopefully show the error.

Do you know where the mail and/or syslog is on the linux system, and have you looked at them?
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Henk van AchterbergSr. Technical ConsultantCommented:
In the log you posted it seems that the connection that was reset, was destined to port 443 (HTTPS).

What SMTP settings did you put in to thunderbird?

Can you please try and setup a google imap/smtp account in thunderbird and try if you can successfully send mail with that account?
Blue Street TechLast KnightCommented:

Any update on this?
Blue Street TechLast KnightCommented:
Are you still having this issue?
sipl_aac00Author Commented:
Hi folks,

Thank you for you help.

On our Linux systems there is a problem of Mal-formed TCP headers. This was resulting in connection resets.

The problem was solved after enabling the option of "Fix/ignore malformed TCP headers" in the diag.html page of sonicwall. To reach this page Login to the SonicWALL admin page, then change ending portion of the URL from /main.html to /diag.html. Click Internal Settings > Scroll down to Security Services Settings


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Interesting... this (Fix/ignore malformed TCP headers) is typically used in interacting with systems that use older IP stacks.
sipl_aac00Author Commented:
problem solved
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.