NDR being sent with DH enabled
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
NDR being sent with DH enabled - 4.Nov.2009 6:15:23 AM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
I have ME 14.1 installed in the DMZ with IIS SMTP on a W2003 server. The DH module is enabled in SMTP mode and gets its users from a LDAP server behind the firewall.
Behind the the firewall I have Exchange 2007 setup with receipient filtering enabled.
No I still see some NDRs being send by the ME server, its maybe one out of 100 mails blocked by the DH module. The NDR's are sent for non existing users.
Any idear what could be wrong ? Could it be the DH module occasionally does not get a timely reply from the LDAP server and then accepts the incoming mail?
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 4.Nov.2009 6:22:57 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
You're probably falling foul of an identified issue that was fixed by a patch. Take a look in the patches sticky thread from owenb.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: NDR being sent with DH enabled - 4.Nov.2009 6:47:19 AM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
I have just installed ME141_PATCH_20091009_01
Sofar I have seen two NDR events in the SMTP eventlog. Have to let it run for a while and look in more detail.
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 4.Nov.2009 8:06:16 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
After installing a patch, you should restart the services. Given that you're in the DMZ, it may be a good idea to run the stop_snks.cmd and then the start_snks.cmd commands too.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: NDR being sent with DH enabled - 4.Nov.2009 1:38:22 PM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
I have restarted the service as described in the patch instructions. I also checked with telnet the behaviour as described in the path, that is indeed fixed.
However, I still see the NDR's being sent, at least thats what I assume, in the windows eventlog I get a SMTP error about every 2 minutes. The error is always a delivery failure to some non exsting domain. Before I did the patch I managed to capture a few of these messages from the IIS/SMTP Queue directory, those where NDRs from mail to non-existing users.
Any suggestions ?
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 4.Nov.2009 3:18:01 PM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
Do you have your DH module set to block 2 (or more) invalid recipients? If so, and an email with only one bad recipient is received then it will generate an NDR.
If not, generate troubleshooter files and open a support case.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: NDR being sent with DH enabled - 5.Nov.2009 4:03:26 AM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
The DH module is set to block 1.
I am still trying to find out what is going on, I am tracing the traffic with wireshark and see every 2-4 minutes a failed connection attempt to non-existing domains, typical of NDR. This is then logged in the eventlog. Then when I try to find the domain in one of the logfiles, its usually from a few day ago.
So I am still not sure about the source of these NDR's, in any case none of the filter modules are configured to send SND'r.
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 5.Nov.2009 5:29:05 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
It could be that you still have some NDRs in a queue that are still in retries. It may cease in a couple of days when the timeouts have expired.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: NDR being sent with DH enabled - 5.Nov.2009 3:13:56 PM
|
|
|
gpinson
Posts: 214
Joined: 2.Sep.2003
From: Denver, CO
Status: offline
|
Do you have whitelists prior to DH?
|
|
|
|
|
RE: NDR being sent with DH enabled - 6.Nov.2009 1:12:17 AM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
@RSP - the problem still persists, the mailroot\queue directory is empty.
@gpinson - DH runs first at the SMTP level.
I found some interesting entries in the DH log file.
"11/01/09 14:59:12","Directory Harvesting","kelleym@lokasoft.com","kelleym@lokasoft.com","Wild things on cam","Deleted","Local recipient does not exist"
"11/05/09 12:07:58","Directory Harvesting","ggobrhere@hrkmer.com","hopkins7@lokasoft.com,cobbdd@lokasoft.com,7153ziegelaarziegelaar@lokaltronics.nl","N\A","Reject email","Spam detected","<7D9B5C73A33534230900000433@LOKAWEB1>"
In the second case I find its trying to send out a NDR to noexisting domain hrkmer.com, in both case non of the local recipents exists.
Any idear what the diffence in behaviour is between "deleted" and "Reject email" ?
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 6.Nov.2009 5:30:16 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
That log file entry suggests that the patch isn't working as expected and you're therefore generating backscatter - there may be many more NDRs that are actually being sent.
If you can, reboot the machine & see if it persists. If so, generate troubleshooter files and open a support case.
The patch is also included in the new SR1 release, and may function correctly here. As you're using ME on the DMZ server, you won't have the e2k7wiz troubles that have been reported, so an upgrade should be ok if you wish to try.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: NDR being sent with DH enabled - 6.Nov.2009 1:16:22 PM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
I have installed the latest SR1 release and rebooted the server. Lets see how it goes.
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 10.Nov.2009 12:45:35 AM
|
|
|
lokasoft
Posts: 15
Joined: 13.Nov.2004
Status: offline
|
The problem is still there, although the frequency seems lower, its now about 4-5 NDR's per hour. The few NDR's I was able to capture from the mailroot\queue directory only had non-existing recepients on my domain so they should have been deleted by the DH module.
I have tried to relate the NDR with the logs but it was not in any of the spam modules logs, also not in any of the ASE* logs as these where already wrapped. I could find the message in the SMTP log.
Could the SMTP sink miss some incoming mails ?
Lex
|
|
|
|
|
RE: NDR being sent with DH enabled - 10.Nov.2009 5:52:10 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
Generating the troubleshooter files and opening a support case sounds like your best option. The troubleshooter can keep copies of each email that passes through the filter for analysis by GFI.
I would have thought that it's a similar issue to the one addressed by the patch but will need to be investigated.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
