Postfix (Ubuntu 9.10 x64) said: 421 4.4.1 Connection timed out (in reply to end of DATA command)
in [Postfix]
|
Prev: change return-path to custom value
Next: Postfix (Ubuntu 9.10 x64) said: 421 4.4.1 Connection timed out(in reply to end of DATA command)
From: "Ioannis Tsouvalas" on 30 May 2010 15:56 Stan, thanks again for your input, I am getting the idea and I'm working towards that direction, still from 3 months testing this implementation has moved to production, and I am working remotely, so "being careful" is one way to describe my actions. Ps. The net diagram looked much better when I was making it. I was trying to figure out a way to display it correctly but this was the best of what I could think of. Any suggestions are always welcome. Kind regards, Ioannis __________ Information from ESET Smart Security, version of virus signature database 5155 (20100530) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: "Ioannis Tsouvalas" on 30 May 2010 18:51 In the original scenario, Exchange was in the same network with Postfix (both in dmz). For a reason, when applied on the customer premises, dhcp wouldn't go through for the local workstations, so exchange was moved to the local zone. To be honest, the testing didn't include large attachments (if any), don't ask me why, I'm sure I'm going to look into it, definitely next time. So, to be specific Zone Net (external set of 16ips MASK 255.255.255.240 ) Zone dmz (network 192.168.100.0 MASK 255.255.255.0) Zone loc (network 192.168.1.0 MASK 255.255.255.0) The vms run on a Supermicro SuperServer 7046A-HR+F ( http://www.supermicro.com/products/system/4U/7046/SYS-7046A-HR_.cfm?IPMI=Y ) Just a reminder, few e-mails don't go through, but they add up as days go by. Small e-mails go through, attachments, with specific servers don't (some even between postfix and my own exchange!). I should be looking onto your suggestions tomorrow (gmt +2:00 here), I will definitely get back to you, and whoever tails this mess. Appreciated, -- Ioannis __________ Information from ESET Smart Security, version of virus signature database 5156 (20100530) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: "Ioannis Tsouvalas" on 2 Jun 2010 07:33
>Ioannis, disable all the firewalls but for basic SPI NAT/PAT (if you're using >NAT) on the dedicated Shorewall guest. Route TCP 25 inbound via a PAT rule to >the Postfix guest. See if that eliminates the timeout and related TCP errors. >-- >Stan Dear Stan, I was just about to get enthusiastic about the result of your suggestions... Indeed by moving postfix from dmz to local, eliminated 98% of my problems, still two mail servers are having the following errors: (lost connection with mx1.mail.eu.yahoo.com[77.238.177.9] while sending end of data -- message may be sent more than once) (lost connection with mx2.mail.eu.yahoo.com[77.238.184.241] while sending end of data -- message may be sent more than once) (host some.domain.gr[62.1.1.1] said: 451 Requested action aborted: local error in processing (in reply to end of DATA command)) It seems to me that the tcp/ip related issues are eliminated. I know for sure that one of the mail servers is running exchange 2003, and the others, from what you can see, are yahoo mail servers. For now, the communication issues are just isolated on a yahoo and an exchange 2003 server, let's say that I could live with that (not that I can), but what if things do escalate and other mail servers join the queue. Thank you, and everyone else for your input so far. -- Ioannis __________ Information from ESET Smart Security, version of virus signature database 5165 (20100602) __________ The message was checked by ESET Smart Security. http://www.eset.com |