Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Sending Messages to Domains that use Greylisting (sending email to email servers with greylisting enabled)
  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
What would cause Kerio not to resend/retry sending messages sent to other email servers that use grey listing. It seems that messages end up failing with 4.4.2 cannot connection lost. This has happened with a few domains we send to, but certainly not all or even a majority. Is there anything in Kerio that can or should be configured to correct this? We are using Kerio 6.7.1 Patch 1 on RHEL 5.4.
  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
Some more info:
One of the domains that we get errors sending to said this:

It appears your server is trying to send before waiting for the prompt.

09:08:06.07 1 SMTPI-422110([xxx.xxx.xx.250]) dropping: got pre-prompt data:
09:08:06.07 4 SMTPI-422110([xxx.xxx.xx.250]) closing connection

Why would it do that?
  •  
cjbraun

Messages: 13
Karma: 0
Send a private message to this user
I'm having the very same issue, using the latest version of Kerio. I haven't opened a ticket yet, but I will soon. One of the domains this happens with is a ISP that many people in this area use. It was not an issue prior to our upgrade to version 7, so I thought it may have something to do with that, but then you say you're on 6.7.1. The ISP mentioned above also said they require mail servers to wait for a response from their server before sending mail. I'm unaware of any options to set this in the admin console.
  •  
kurashige

Messages: 26
Karma: 0
Send a private message to this user
  •  
cjbraun

Messages: 13
Karma: 0
Send a private message to this user
I spent some time on the phone with Kerio, and we ruled out the mail server as a problem. Telneting from any computer in the network results in a disconnect, while telnetting from the DMZ seems to work fine. We're using a Sonicwall Pro 3060 as our firewall, and after stumping Sonicwall's their tech support with my issue, they've suggested upgrading from their standard to enhanced OS to see if the issue is resolved. This requires reconfiguring the firewall from scratch. I've currently set up our mailserver to use our local AEA's mail server as a SMTP relay, so I have a temporary fix, this way I can wait until our school is out for the summer before reconfiguring the firewall.
  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
We have the same issue and we also use the Sonicwall 3060 standard OS. Upgrading to the enhanced is probably not an option, although I will bring it up with our network admin. Is it unwise to put the email server on the DMZ?


cjbraun wrote on Tue, 27 April 2010 07:59
I spent some time on the phone with Kerio, and we ruled out the mail server as a problem. Telneting from any computer in the network results in a disconnect, while telnetting from the DMZ seems to work fine. We're using a Sonicwall Pro 3060 as our firewall, and after stumping Sonicwall's their tech support with my issue, they've suggested upgrading from their standard to enhanced OS to see if the issue is resolved. This requires reconfiguring the firewall from scratch. I've currently set up our mailserver to use our local AEA's mail server as a SMTP relay, so I have a temporary fix, this way I can wait until our school is out for the summer before reconfiguring the firewall.

  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
Also, I imagine that you tried a variety of settings in the Sonic Wall to resolve the issue, but we also had issues with HTTPS connections outside the firewall. We had Stealth Mode on, and with it off, HTTPS works. It seems Sonic Wall may cause many problems with Kerio.

cjbraun wrote on Tue, 27 April 2010 07:59
I spent some time on the phone with Kerio, and we ruled out the mail server as a problem. Telneting from any computer in the network results in a disconnect, while telnetting from the DMZ seems to work fine. We're using a Sonicwall Pro 3060 as our firewall, and after stumping Sonicwall's their tech support with my issue, they've suggested upgrading from their standard to enhanced OS to see if the issue is resolved. This requires reconfiguring the firewall from scratch. I've currently set up our mailserver to use our local AEA's mail server as a SMTP relay, so I have a temporary fix, this way I can wait until our school is out for the summer before reconfiguring the firewall.

  •  
cjbraun

Messages: 13
Karma: 0
Send a private message to this user
Not being a security expert, I'm reluctant to put our mail server on the DMZ. Depending on your server's OS and the firewall settings of the OS I suppose it could be done safely, assuming you could get HTTPS to work in stealth mode. I'm just not willing to mess with it while I've got a workaround in place.

I spent a good deal of time on the phone with Sonicwall support as well, and was even passed up to senior level tech support who looked at a configuration dump of our 3060. He could not find a single setting out of place, and so he suggested the OS upgrade to enhancement. The upgrade sounded a bit like a stab in the dark, what he said was, "Maybe it will fix the problem, but if it doesn't, the enhanced OS will give us much greater diagnostic abilities". I've come across other people's accounts of this same issue when using Kerio with a Sonicwall 3060. My guess is it will require a patch on the part of either Sonicwall or Kerio before the issue is resolved.
  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
Kerio basically blew us off and said it was a firewall issue. it seems they either don't know why it is happening or don't know how to fix it on their end. Whatever the case, it wasn't happening with 6.7.3. While we have a year left on our suport contract, another solution will be considered if this and the high cpu utilization doesn't get resolved in a timely manner.

cjbraun wrote on Wed, 28 April 2010 12:28
Not being a security expert, I'm reluctant to put our mail server on the DMZ. Depending on your server's OS and the firewall settings of the OS I suppose it could be done safely, assuming you could get HTTPS to work in stealth mode. I'm just not willing to mess with it while I've got a workaround in place.

I spent a good deal of time on the phone with Sonicwall support as well, and was even passed up to senior level tech support who looked at a configuration dump of our 3060. He could not find a single setting out of place, and so he suggested the OS upgrade to enhancement. The upgrade sounded a bit like a stab in the dark, what he said was, "Maybe it will fix the problem, but if it doesn't, the enhanced OS will give us much greater diagnostic abilities". I've come across other people's accounts of this same issue when using Kerio with a Sonicwall 3060. My guess is it will require a patch on the part of either Sonicwall or Kerio before the issue is resolved.

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
jlagnese wrote on Wed, 28 April 2010 20:18
Kerio basically blew us off and said it was a firewall issue. it seems they either don't know why it is happening or don't know how to fix it on their end. Whatever the case, it wasn't happening with 6.7.3. While we have a year left on our suport contract, another solution will be considered if this and the high cpu utilization doesn't get resolved in a timely manner.


There is a very easy how to find out what's wrong from network packet dump and SMT server debug logging. I didn't see any of this so I cannot tell what is happening. Anyway, SMTP client in KMS does not send any data before SMTP greeting from receiving server.
  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
I would have let you do a tcp dump and run the debug if you wanted to. You didn't offer it. It very well could be a firewall issue, but I guess we'll never really know for sure. Like I said, it didn't happen wit 6.7.3 and at this point, we will probably downgrade instead of continuing the beta test.

Kerio_pdobry wrote on Wed, 28 April 2010 13:28
jlagnese wrote on Wed, 28 April 2010 20:18
Kerio basically blew us off and said it was a firewall issue. it seems they either don't know why it is happening or don't know how to fix it on their end. Whatever the case, it wasn't happening with 6.7.3. While we have a year left on our suport contract, another solution will be considered if this and the high cpu utilization doesn't get resolved in a timely manner.


There is a very easy how to find out what's wrong from network packet dump and SMT server debug logging. I didn't see any of this so I cannot tell what is happening. Anyway, SMTP client in KMS does not send any data before SMTP greeting from receiving server.

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
jlagnese wrote on Wed, 28 April 2010 20:35
I would have let you do a tcp dump and run the debug if you wanted to. You didn't offer it.

I'm not from technical support but I'm trying to help anyway. Since we don't have more reports or details about this issue it is very likely that the issue will be present in future versions as well. Sad
  •  
jlagnese

Messages: 66

Karma: 0
Send a private message to this user
I didn't know you weren't part of support, sorry for the confusion. Generally, Gary and Jeff are good. The bottom line is the longer these issues persist, the more likely there will be pressure to get something that works well.

Kerio_pdobry wrote on Wed, 28 April 2010 13:43
jlagnese wrote on Wed, 28 April 2010 20:35
I would have let you do a tcp dump and run the debug if you wanted to. You didn't offer it.

I'm not from technical support but I'm trying to help anyway. Since we don't have more reports or details about this issue it is very likely that the issue will be present in future versions as well. Sad

  •  
cjbraun

Messages: 13
Karma: 0
Send a private message to this user
Well, I think I figured this issue out. I had already played around with MTU size on the sonicwall to no avail, but last week I tried telnetting to the offending domains with large packet sizes until I found the acceptable max packet size those domains would accept. I set the MTU on my sonicwall accordingly and left it over the weekend. This morning mail seems to be going through OK. I'm not sure what process needs to happen after setting the MTU. The first time I tried this change, mail still would not go through even after I flushed the mail queue and restarted SMTP services.

Anyway, you might try making the change - in my case I had to set MTU to 1156, but you'll want to test the other domins to see what their packet threshold is - then wait a few days and see if mail is going through.

Good luck.
Previous Topic: iCal Receipt Messages remove existing invitees
Next Topic: Active directory login different than e-mail address
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 10:32:06 CEST 2017

Total time taken to generate the page: 0.00491 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.