Installing new spam appliance - traffic getting blocked?
Hello forum,
Posting this here instead of the spam/virus forum because it seems more general than that (i.e. related to connectivity, not spam filtering), but if mods disagree, please feel free to move this thread.
My current configuration is that I have a Windows 2000 server running Exchange 2000. I have a Linux box running spamassasin as my anti-spam device. I have a sonicwall 3060 firewall. The firewall forwards incoming SMTP connections to the linux box on port
25. The linux box filters mail and forwards good mail to the exchange box on port 25. This is a brand new network for me and I'm not intimately familiar with all of the moving parts.
I recently purchased a Barracuda Spam & Virus Firewall 300 to replace the linux box. However, it is not able to connect to the exchange server. Barracuda support are basically telling me that the problem is on the Exchange box or the router, and they
are refusing to help troubleshoot it. I can understand their stance (it's not their responsibility to troubleshoot my network after all). But now I'm stuck, because there's apparently a policy somewhere on my network or exchange server that's causing a problem.
So, I am looking for help here on understanding how the exchange server might be blocking communication from the barracuda box.
Here is what I have done to date to troubleshoot this:
0) Try using the Barracuda's web interface to send a test mail to the exchange box. This fails with a generic error - something like Error from mail server () .
1) Try connecting from the barracuda to the exchange box via telnet. It LOOKS like I get a good connection but then I get dropped (201 is exchange, 216 is barracuda, I've changed my domain name for the sake of obscurity):
root@192.168.1.216] # telnet 192.168.1.201 25
Trying 192.168.1.201...
Connected to mail.domain.com (192.168.1.201).
Escape character is '^]'.
Connection closed by foreign host.
2) Try connecting to the exchange box via telnet from a desktop PC on the network. This works fine (.100 is my PC):
220 domain.com Microsoft ESMTP MAIL Service, Version: 6.0.3790
4675 ready at Tue, 18 Jan 2011 10:32:24 -0500
helo me
250 domain.com Hello [192.168.1.100]
I then changed the Barracuda's IP address to .100 (my PC's address) with my PC powered down, and the Barracuda still fails to connect in the same manner - so, it does NOT seem to be filtering based on IP, since my PC is successful connecting at a given IP
address and the Barracuda fails from that same IP address.
So right now I am trying to understand how the Exchange box could be blocking this traffic. I don't know where to start as Windows Server 2000 and Exchange 2000 are not my forte. Any suggestions? Is there anywhere on the Exchange server that I can look to
see server-side logs of these telnet sessions?
January 18th, 2011 11:05am
I'd start with the most simple thing and then work from there. We have a Barracuda on our network as well and have it set inline so everything goes through it.
Take the linux box and the Barracuda out of your network and change your Sonicwall to allow email traffic to your Exchange server. Send test messages to make sure you are getting them and sending them. If so, it's not a filtering thing on the Exchange server
but something in the Barracuda config.
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2011 11:52am
Thanks for the suggestion. For now, I'm hesitant to tinker with our "working" system but may have to resort to that if I can't figure this out. I've also contemplated taking the Linux box down and changing the Barracuda's IP to match it's IP.
The thing that perplexes me is that I can telnet to the mail server on port 25 from my PC, and send mail "manually" using telnet commands. But if I change the Barracuda to the IP my desktop PC normally has, and try telnet'ing from it, I get the error message
above before I can even try sending mail.
Another interesting tidbit - if I point the Barracuda at the existing Linux box, it works JUST FINE. Test messages pass through from the barracuda's web console, and telnet'ing works just fine. Of course, this is not a desirable end state, as the whole point
of getting the barracuda was to get rid of the Linux box.
January 18th, 2011 11:58am
Since the thread seems to be stalled, let me summarize:
I'm looking for information on how Exchange 2000 running on Windows 2000 could be filtering connections, such that it allows connections on port 25 from my PC and my existing spam filter, but will not allow connections from the new spam filter.
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2011 10:20am
I can suggest checking your Exchange server to see if it's configured to block any address groups - or to only allow specific address groups. It's doubtful, but it's a place the try.
BTW, your connection results imply that it's not Exchange that you are connecting to. Exchange wouldn't send an escape character. It looks like you are connecting to another service, which is connecting then rejecting the connection. I'd
check the Barracuda to be sure I had my syntax correct for the telnet/SMTP connection ...
January 19th, 2011 10:34am
Got a dump of the Barracuda attempting to connect. 216 is the barracuda, 201 is Exchange:
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.216 192.168.1.201 TCP 53366 > smtp [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=106608029 TSER=0 WS=7
No. Time Source Destination Protocol Info
2 0.000172 192.168.1.201 192.168.1.216 TCP smtp > 53366 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
No. Time Source Destination Protocol Info
3 0.000187 192.168.1.216 192.168.1.201 TCP 53366 > smtp [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=106608029 TSER=0
No. Time Source Destination Protocol Info
4 4.498193 192.168.1.201 192.168.1.216 TCP smtp > 53366 [FIN, ACK] Seq=1 Ack=1 Win=65535 Len=0 TSV=83025710 TSER=106608029
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2011 1:48pm
Your dump says that between your third and fourth frame there were nearly 4.5 seconds. This means you were connected to something (most likely Exchange), and the connection was borken due to inactivity. Have you tried sending an ehlo after
the connection is made?
January 19th, 2011 3:28pm
The dump was of the Barracuda's (automated) test utility trying to send mail. When trying the same test manually, there's basically no delay, but the same result. It LOOKS like we're connected, but an instant later we get a "connection closed by remote host"
type of message. We get this message before we even have the chance to send another command.
Again, wondering if anyone can point me to features in Exchange that would be potentially blocking or filtering traffic from this client and not others. I don't think the problem is on the Barracuda's side as I can point it at other servers (i.e. our current
spam device) and it works fine.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2011 8:25am
The only thing I can think of is a listing of accepted connections on the Ex2k box. To check this, on the server, open the SMTP protocol, then get the properties of the Default SMTP Virtual Server. On the Access tab, click the Access tab, click
the Connection button. If it is set for "Only the list below", add your new Barracuda to the list. If the list is set for "All except the list below", make sure your Barracuda IP address is not in the list. Otherwise, I'm not sure what might
be causing the issue.
January 20th, 2011 9:23am
Thanks for the suggestion. Checked that and - sadly - it's set to All except the list below, and the 'cuda's IP is not in the list.
I'm not sure it's filtering based on IP, because I can put the Barracuda on a given IP and it won't work. Then, I put my PC on the same IP and I can telnet and manually send mail.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2011 1:34pm
Hi Nenders,
So, the issue seems resoloved, right?
Regards!
GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
January 21st, 2011 4:08am
I don't believe he said it was solved - he said he could use the same IP for his workstation and send mail fine, but the Barracuda won't work regardless.
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 9:31am
The issue is NOT resolved. The Barracuda cannot communicate with the Exchange server.
January 21st, 2011 11:15am
On Fri, 21 Jan 2011 16:10:01 +0000, nenders wrote:
>The issue is NOT resolved. The Barracuda cannot communicate with the Exchange server.
If you install a network monitor (e.g. Wireshark) on the Exchange
server, do you see the connection arrive at the server?
Are the PC and the appliance both connected to the same network
switch? If not, if you connect the PC to the same switch can you still
connect to the Exchange server? If you connect the appliance to the
same switch as the PC does it connect to Exchange?
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 8:34pm