|
HP OpenVMS Systemsask the wizard |
|
The Question is:
We are using our vms server as an e-mail server in our organization. All is
cool and we are able to send/receive e-mail all over the world except - we
have a First Class by Centrinity e-mail server on our DMZ that we can receive
e-mail from but cannot se
nd to (e-mail bounces). Obviously we have connectivy (we can ping ...) since
we are able to receive from this server. Please find configs below.
Digital TCP/IP Services for OpenVMS Alpha Version V4.2 - ECO 3
on a AlphaServer 4100 5/533 4MB running OpenVMS V6.2-1H3
SMTP Configuration
Options
Initial interval: 0 00:30:00.00 Address_max: 16 NOEIGHT_BIT
Retry interval: 0 01:00:00.00 Hop_count_max: 16 RELAY
Maximum interval: 3 00:00:00.00 TOP_HEADERS
Timeout Initial Mail Receipt Data Terminate
Send: 5 5 5 3 10
Receive: 5
Alternate gateway: 192.168.203.31
General gateway: not defined
Substitute domain: not defined
Zone: not defined
Postmaster: UCX_SMTP
Log file: SYS$SPECIFIC:[UCX_SMTP]UCX$SMTP_LOGFILE.LOG
Generic queue Queues Participating nodes
UCX$SMTP_HAMWN1_00 1 HAMWN1
192.168.203.31 is our firewall which acts as a relay for our e-mail - all
e-mail flows through the firewall. I have already contacted our firewall
support and they have no clue!
If you have anything to offer please do so. Thanks.
The Answer is : With firewalls, basic connectivity tests such as ping are only marginally useful as routing diagnostics -- firewalls are very deliberately designed and deliberately intended to (adversely) effect network connectivity and network routing integrity. Various firewalls can also be configured to ignore or to filter ICMP (ping) traffic. Many firewalls are further configured for bi-directional filtering, as well -- with various email worms and with the common use of tunnels, clients located inside the firewall are not necessarily trustworthy. You will want to ask your firewall folks to consider some of the following debugging -- most obviously, briefly open the firewall and see if this permits the necessary access. Check for any authentication requirements on the outgoing connections. Send SMTP mail to the firewall. Also ask your firewall folks to check any logs that might be created by the SMTP traffic routing through firewall package. Check the DNS/bind information and configuration, and check for any routing-based "mis-filtering" that might be occuring in addition to the expected activities of the firewall. You will also want to use tools such as TCPTRACE, in an attempt to see where the IP routing disconnection occurs. You will also want to check the IP logs (particularly any SMTP logging) on the OpenVMS host. As a very simple and direct test of connectivity, you could telnet directly to the SMTP port on the target host. Having all SMTP mail traffic -- including internal email -- flow through the firewall server seems slow and potentially somewhat risky, and it introduces additional and arguably unnecessary loading and delays onto the firewall. Please contact the organization that supports your network for assistance with configuring the IP routing and the firewall.
|