Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
81828384858687888990
Chapter 7 Troubleshooting Security Servers and Content Security
Log Viewer Error Messages
Advanced Technical Reference Guide 4.1 June 2000 76
See the SecureKnowledge Solution (ID: 3.0.132201.2193912) in the Check Point Technical Services site
III. Error: "agent mail server ... reason: Too much mail data" in the
Log Viewer
Cause: The size of sent email was larger then maximum mail size that is configured in the mail resource
Solution: Increase max email size in the SMTP Definition > Action2 > Don't accept Mail Larger Than:
See the SecureKnowledge Solution (ID: 10043.0.6566373.2619870) in the Check Point Technical Services site
IV. Error: “Connection to Final MTA failed
Solution: Decrease the value of the following variables in $FWDIR/conf/smtp.conf file
a) max_load (default 40, 4.0SP3 and later)
This value is an abstract measure for the load generated by the mail dequeuer while emptying the mail-spool. It
corresponds to the number of messages mdq will attempt to deliver at one time using the following formula:
max_load = 2x + 4y
where
x is the number of connections that do not involve CVP
y is the number of connections that do involve CVP
Example:
max_load = 60
If mail goes through CVP, then the max is 15 emails.
If mail doesn't go through CVP, then the max is 30 emails.
The parameter can be set as high as 60. On Solaris and HP, it can be set to 100. If the value exceeds this limit,
the mail dequeuer will not run. This option should be used to adjust the load that the mail dequeuer generates to
the load that can be handled by the peer mail server. When the mail dequeuer generates more load than the peer
mail server can handle, the peer mail server might refuse the mail dequeuer's connection attempts, possibly
causing mails to accumulate in the mail dequeuer's spool, and delaying delivery. This parameter's value should
be set according to the load capacity of the main peer mail server.
b) resend_period (default 600)
Number of seconds after which the SMTP Security Server resends the message after failing to deliver the
message. If the CVP server has a high load, you could increase this parameter. If the load is on the firewall, this
parameter can be decreased.
c) timeout (default 900)
Increase the number of seconds after which the connection times out. This includes the amount of time VPN-
1/FireWall-1 will spend on CVP scanning a message and delivering it to the final MTA (Mail Transfer Agent).
This value should be at least 900 seconds, if not longer.
See the SecureKnowledge Solution (ID: 33.0.235874.2462444) in the Check Point Technical Services site