SonicWALL: Antispam

Hi Guys,

I've setup the SonicWALL Antispam module and all went well with the config.
When trying to send a test mail to the incoming MX, I am getting the following error.

Any advise will be appreciated,


Resolving hostname...
Connecting...
Connection: opening to mx2.domain.com:25, timeout=300, options=array (
                     )
Connection: opened
SERVER -> CLIENT:
SMTP NOTICE: EOF caught while checking if connected
Connection: closed
2017-11-24 08:38:17      The following From address failed: user@domain.com : Called MAIL FROM without being connected,,,SMTP server error: Called MAIL FROM without being connected
Message sending failed.

Rupert EghardtProgrammerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Did you created anonymous relay connector in your Exchange and added the Sonic Wall IP? If not, create one and then test again. Make sure your Firewall allows to connect on port 25.
viktor grantExchange ServersCommented:
Hi Rupert,

You need to add the top level domain name to the relay domains on the anti-spam service.

Check if the ports for secure email are open like 443.

Cheers
Rupert EghardtProgrammerAuthor Commented:
Thanks Viktor,

Top level domain added to relay domains
The SonicWALL Antispam default rules only added port 25, which are not editable

Should I create another rule to allow 443 access?
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

Rupert EghardtProgrammerAuthor Commented:
Thanks Amit,

Anonymous receive connector present for Anonymous User for the SonicWALL local IP.
viktor grantExchange ServersCommented:
Hi Rupert,

Could you check if the traffic throgh port 443 is reaching the SonicWall? and it is relaying through to the Exchange server?
Rupert EghardtProgrammerAuthor Commented:
Hi Viktor,

We have 443 open on another public IP for OWA & ECP
Does it need to be on the same public IP as MX?

How is this related to the SMTP errors we receive?
AmitIT ArchitectCommented:
I suspect firewall issue. Check your firewall. Test using exrca.com and share the result
Rupert EghardtProgrammerAuthor Commented:
Testing Mail Exchanger mx2.domain.com
       One or more SMTP tests failed for this Mail Exchanger.
       
      Additional Details
       
Elapsed Time: 16776 ms.
       
      Test Steps
       
      Attempting to resolve the host name mx2.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 25 on host mx2.domain.com to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
The connection was established but a banner was never received.
Elapsed Time: 16744 ms.
Rupert EghardtProgrammerAuthor Commented:
I agree that it should be a firewall issue.
The rules was auto-configured by the SonicWALL Antispam feature.
The rules are not editable, I will get in contact with SonicWALL support.
AmitIT ArchitectCommented:
Thanks for the update.
viktor grantExchange ServersCommented:
Hi Rupert,


any news?
Rupert EghardtProgrammerAuthor Commented:
SonicWALL support assisted and the problem has been resolved;

I was advised that the Junk Box could malfunction, if Symantec Backup Exec or System Recovery is installed and backing up the Junk Box.
We installed the Junk Box on another server without Backup Exec.

In SonicWALL diag, (which is a hidden function accessed by URL) they've reset (rebuild) the Anti-Spam rules

Our Exchange Server had the SonicWALL IP in the receive connector.  
This did not work as Exchange sees the public IP's as mail's are coming in.
Thus, SonicWALL only scans the traffic going directly to Exchange, no address translation is taking place.
We had to add 0.0.0.0 - 255.255.255.255 to the address scope.

I am a bit concerned as we don't have a "front-end" Exchange server,
Thus our Exchange Server on port 25 is open to the internet with only SonicWALL in between.

Previously we used a smart-host, which had it's own MX on port 25.  It spooled the mail and forwarded to our Exchange Server on private IP.  
Thus only one address was opened in Exchange and wasn't accessible from the internet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AmitIT ArchitectCommented:
Did vendor asked you to add 0.0.0.0 - 255.255.255.255 to the address scope?
Rupert EghardtProgrammerAuthor Commented:
Yes they did, without this scope the SonicWALL refused to communicate with Exchange server?
Rupert EghardtProgrammerAuthor Commented:
Thank you,
The first article, accepted solution (link) does not work.

I understand the SW default routes , but am mainly concerned about the Exchange server "receive connector" scope config.
As 0.0.0.0 - 255.255.255.255 - seems to accepting?
AmitIT ArchitectCommented:
I cannot comment on vendor requirement. If that's what is needed by sonic wall to work. Then it might need to be configured. I see this as product limitation. I advise you to raise your concern back to the vendor and see what they respond back.
Rupert EghardtProgrammerAuthor Commented:
Response from SonicWALL suppport:

It is a standard way of setting up any hub/frontend transport . As far as open relay is confirmed , all port 25 traffic will hit the firewall first and then the colo serve and inturn colo server connecting to your mail server.
Rupert EghardtProgrammerAuthor Commented:
See SonicWALL support recommendations
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.