 |
The Question is:
We are using our vms server as an e-mail server in our organization. All is
cool and we are able to send/receive e-mail all over the world except - we
have a First Class by Centrinity e-mail server on our DMZ that we can receive
e-mail from but cannot se
nd to (e-mail bounces). Obviously we have connectivy (we can ping ...) since
we are able to receive from this server. Please find configs below.
Digital TCP/IP Services for OpenVMS Alpha Version V4.2 - ECO 3
on a AlphaServer 4100 5/533 4MB running OpenVMS V6.2-1H3
SMTP Configuration
Options
Initial interval: 0 00:30:00.00 Address_max: 16 NOEIGHT_BIT
Retry interval: 0 01:00:00.00 Hop_count_max: 16 RELAY
Maximum interval: 3 00:00:00.00 TOP_HEADERS
Timeout Initial Mail Receipt Data Terminate
Send: 5 5 5 3 10
Receive: 5
Alternate gateway: 192.168.203.31
General gateway: not defined
Substitute domain: not defined
Zone: not defined
Postmaster: UCX_SMTP
Log file: SYS$SPECIFIC:[UCX_SMTP]UCX$SMTP_LOGFILE.LOG
Generic queue Queues Participating nodes
UCX$SMTP_HAMWN1_00 1 HAMWN1
192.168.203.31 is our firewall which acts as a relay for our e-mail - all
e-mail flows through the firewall. I have already contacted our firewall
support and they have no clue!
If you have anything to offer please do so. Thanks.
The Answer is :
With firewalls, basic connectivity tests such as ping are only marginally
useful as routing diagnostics -- firewalls are very deliberately designed
and deliberately intended to (adversely) effect network connectivity and
network routing integrity. Various firewalls can also be configured to
ignore or to filter ICMP (ping) traffic. Many firewalls are further
configured for bi-directional filtering, as well -- with various email
worms and with the common use of tunnels, clients located inside the
firewall are not necessarily trustworthy.
You will want to ask your firewall folks to consider some of the following
debugging -- most obviously, briefly open the firewall and see if this
permits the necessary access. Check for any authentication requirements
on the outgoing connections. Send SMTP mail to the firewall. Also ask
your firewall folks to check any logs that might be created by the SMTP
traffic routing through firewall package. Check the DNS/bind information
and configuration, and check for any routing-based "mis-filtering" that
might be occuring in addition to the expected activities of the firewall.
You will also want to use tools such as TCPTRACE, in an attempt to see
where the IP routing disconnection occurs.
You will also want to check the IP logs (particularly any SMTP logging)
on the OpenVMS host.
As a very simple and direct test of connectivity, you could telnet
directly to the SMTP port on the target host.
Having all SMTP mail traffic -- including internal email -- flow through
the firewall server seems slow and potentially somewhat risky, and it
introduces additional and arguably unnecessary loading and delays onto
the firewall.
Please contact the organization that supports your network for assistance
with configuring the IP routing and the firewall.
|
|
|
|
|
