Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
71727374757677787980
Chapter 7 Troubleshooting Security Servers and Content Security
How SMTP Security Server deals with envelope format
Advanced Technical Reference Guide 4.1 June 2000 75
How SMTP Security Server deals with envelope format
The envelope format is:
Mail from: sender
Rcpt to: recipient
However if there are multiple recipients the envelope format is:
Mail from: sender
Rcpt to: recipientA
Rcpt to: recipientB
Rcpt to: recipientN
VPN-1/FireWall-1 SMTP Security Server examines the first "Rcpt to" in the envelope, and matches the
resource according to what it finds. When it deals with multiple "rcpt to" which don't all match the same
resource, the VPN-1/FireWall-1 gets "confused" and rejects the mail.
See the SecureKnowledge Solution (ID: 10022.0.2918688.2504663) in the Check Point Technical Services site
Log Viewer Error Messages
I. Error: "450 Mailbox Unavailable"
Using the following policy:
Table 1: Error: "450 Mailbox Unavailable" Policy
Rule: Source: Destination: Service: Action: Track:
1. any mailserver smtp->foo accept long
2. any mailserver smtp->baa accept long
3. any any any drop long
foo is a resource that matches all emails to foo.abc.com.
baa is a resource that matches all emails to baa.xyz.com.
If a single email is sent that specifies fred@foo.abc.com and fred@baa.xyz.com, the SMTP Security Server
returns "450 Mailbox Unavailable" and fails to deliver the message.
Solution: This is not a VPN-1/FireWall-1 bug. It is however a limitation of VPN-1/FireWall-1. These errors
arise when one mail is matched by two resources, and each resource demands different behavior from the mail.
This is very different from sending the same email to one recipient at a time, since in this case it is matched on
only one resource. It is therefore necessary to send separate emails to the two different destinations.
At this time the VPN-1/FireWall-1 cannot treat more than one resource at a time in the same rule. Also once
something has been passed through one rule it cannot be checked against another rule.
See the SecureKnowledge Solution (ID: 10043.0.4138283.2569517) in the Check Point Technical Services site
II. Error: "554 Mailbox unavailable" when trying to deliver mail
Cause: The added SMTP Resource does not allow that type of mail to be delivered
Solution: The FireWall SMTP daemon answers a mail client with an "554 Mailbox unavailable" error message
when the loaded policy handles mail with SMTP recourses. It does not allow that type of mail.