Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
71727374757677787980
Chapter 7 Troubleshooting Security Servers and Content Security
Understanding the error handling mechanism of the SMTP daemon
Advanced Technical Reference Guide 4.1 June 2000 74
Connection between the Firewall Mail Dequeuer and the Anti Virus
Server fails
Troubleshoot the connection between the VPN-1/FireWall-1 Mail Dequeuer and the Anti Virus Server as
follows:
1. Make sure VPN-1/FireWall-1 can ping the Anti Virus Server
2. If this is successful, then see if the Anti Virus software has received an email from the VPN-1/FireWall-1.
This will tell you if the VPN-1/FireWall-1 has accepted the email from the Client, queued it, renamed the
email and forwarded this on to the Anti Virus Server.
3. Validate that the Proper CVP ports are configured on the Anti Virus Machine and the VPN-1/FireWall-1
Resource. By default the parameter FW1_cvp uses port 18181.
4. Run TELNET to the mail server on port 25 to see if the SMTP Security Server works. Enter the command
"help" or "?" to see the VPN-1/FireWall-1 SMTP Server replies.
5. Use a packet sniffer, or the "snoop" command in UNIX or the Network Monitor Agent in NT to see if there
is any communication between the VPN-1/FireWall-1 Dequeuer and the Anti Virus Machine.
See the SecureKnowledge Solution (ID: 10022.0.1775726.2480161) in the Check Point Technical Services site
Connection between the Firewall Mail Dequeuer and the Final Email
Server fails
Troubleshoot the connection between the VPN-1/FireWall-1 Mail Dequeuer and the Final Email Server as
follows
1. Make sure VPN-1/FireWall-1 can ping the Final Email Server
2. Try and use the SMTP Resource without the Anti Virus Server being defined. Now download the Security
Policy to the VPN-1/FireWall-1 again and see if the Email passes from the Queuer to the Dequeuer and
then on to the Final Email Server. If the above works correctly, then the problem lies with the Anti Virus
Server. Please refer to “Connection between the VPN-1/FireWall-1 Mail Dequeuer and Anti Virus Server
fails”
3. Try and TELNET from the VPN-1/FireWall-1 to the Final Email Server on port 25 to see if a connection
can be made. This will show if the SMTP process on the Email Server is configured and active, so that the
Dequeuer can forward the email to the Final Email Server.
See the SecureKnowledge Solution (ID: 10022.0.1775733.2480161) in the Check Point Technical Services site
Understanding the error handling mechanism of the SMTP
daemon
When configuring an SMTP resource, the Firewall administrator can decide to notify the sender by setting the
“Notify Sender On Error” button and specify the “Error Handling Server”.
When an error occurs, i.e. a message was sent to a non-existent user, the sender of the mail will be notified by e-
mail that the transaction failed, and the reason for that failure (the user sending this notification is the one
defined as postmaster in the smtp.conf file).
At the same time the message is transferred to the error handling server that will try to send it through its own
channel (the error handling server is supposed to be a fully qualified smtp server).