Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Losing email
  •  
Phaethar

Messages: 46
Karma: 0
Send a private message to this user
Hey guys,

I've opened a ticket already for this issue, but was curious to see if other users have come across a similar issue in the past.

We recently put in a new mail gateway, which is running Sophos Puremessage. This uses the SMTP engine in IIS 6 to deliver all mail to our Kerio server, which sits inside the network. Since putting this new gateway system in, we're losing some email, and thus far I've been unable to find out why.

These lost emails are always from the same few senders. They are getting to the gateway, and are successfully being scanned and sent to Kerio. The Kerio system is receiving them, as can be shown by debugging the SMTP server log. From there... I don't know. They're not being delivered. They're not being rejected exactly either, as I can find no mention of the messages in the security logs.

I'll take one of the messages that we're losing as an example here, from a sending address of dxop<_a.t_>tcfbank.com. This is an automated message that has a simple notification.

Debug log on Kerio will show:

Quote:

[05/Oct/2007 09:25:02][13511] {smtps} Command MAIL FROM:<dxop<_a.t_>tcfbank.com>
[05/Oct/2007 09:25:02][13511] {smtps} Sent reply to MAIL: 250 2.1.0 Sender <dxop<_a.t_>tcfbank.com> ok
[05/Oct/2007 09:25:02][13511] {smtps} Command RCPT TO:<xxx<_a.t_>ourdomain.com>
[05/Oct/2007 09:25:02][13511] {smtps} Sent reply to RCPT: 250 2.1.5 Recipient <xxx<_a.t_>ourdomain.com> ok (local)
[05/Oct/2007 09:25:02][13511] {smtps} Command DATA


This is usually all that shows up for these messages. Again, no error, no bounce or rejection.

On the gateway then, we'll see errors like this (from an older message, but they're all like this):

Quote:

X-PMWin-Version: 3.0.0.0, Antivirus-Engine: 2.50.6, Antivirus-Data: 4.22E
From: <postmaster<_a.t_>pm-sdf3g87>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4073
To: <dxop<_a.t_>tcfbank.com>
Date: Sun, 30 Sep 2007 05:32:50 -0500
MIME-Version: 1.0
Content-Type: multipart/report;
report-type=delivery-status;
boundary="9B095B5ADSN=_01C7FC6B5BAACC2E00001366pm?sdf3g87"
X-DSNContext: 7ce717b1 - 1386 - 00000002 - C00402D1
Message-ID: <zpB8JPGbF00000540<_a.t_>pm-sdf3g87>
Subject: Delivery Status Notification (Failure)

This is a multi-part message in MIME format.

--9B095B5ADSN=_01C7FC6B5BAACC2E00001366pm?sdf3g87
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset="unicode-1-1-utf-7"

This is an automatically generated Delivery Status Notification.

Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.

xxx<_a.t_>ourdomain.com



So it claims it's failing to connect. At the same time though, other mail continues to come in just fine.

Looking back again at the debug log in Kerio, there are a lot of these messages:

Quote:

[05/Oct/2007 09:45:03][13745] {smtps} SMTP server connection from xxx.xxx.xxx.xxx lost: (11) Resource temporarily unavailable
[05/Oct/2007 09:45:03][13745] {smtps} SMTP server session end
[05/Oct/2007 09:45:03][13731] {smtps} SMTP server connection from xxx.xxx.xxx.xxx lost: (11) Resource temporarily unavailable
[05/Oct/2007 09:45:03][13731] {smtps} SMTP server session end


Possibly related, possibly not. Doesn't seem like the SMTP server should be failing so often though. Happens on average every 3 minutes or so.

The Event Viewer then on the gateway will show errors like this:

Quote:

Message delivery to the host 'xxx.xxx.xxx.xxx' failed while delivering to the remote domain 'ourdomain.com' for the following reason: The connection was dropped by the remote host.



Always the same problem from the same sender.

From here.. I'm not sure where to go. Something between Kerio and the new gateway isn't working quite right for these specific senders. This happens for every message from this TCF sender, and maybe 2-3 others as well. The other 99% of email works just fine, it's just these few senders that generate these problems. Without a definite reason as to why it's failing, or even knowing where these messages are going, I'm at a loss on what to try next.

As I said, I've also opened a ticket for this, but haven't received any updates for 2 days now. If anyone has any ideas, I'd love to hear them.

Gateway system:
Windows Server 2003 R2
IIS6 SMTP Server - simply sends all mail to Kerio
Sophos Puremessage 3

Kerio System
Fedora Core 4
Kerio 6.4.1 Patch 1

Thanks.
  •  
BudDurland

Messages: 348

Karma: 10
Send a private message to this user
We use PureMessage here as well. We had some trouble with messages from a particular mailing list getting lost. Forensics showed thatkerio was rejecting them, something about a bad CR/LF or lack thereof at the end of the message (I don't recall the exact wording).

The fix was to configure PureMessage to put a footer at the end of each message. Ours is a simple 'Scanned for viruses by PureMessage' with an extra blank line at the end.

Good is better than evil because it's nicer
--Mammy Yokum
Previous Topic: backing up the backup files - to AIT drive - false
Next Topic: AppleMail attachement encoding
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 17:45:04 CET 2017

Total time taken to generate the page: 0.00335 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.