eWall dropping connections from certain IPs

Junior Member
Posts: 31
Joined: Wed Sep 02, 2009 6:27 pm

eWall dropping connections from certain IPs

Postby mahonri » Wed Apr 02, 2014 2:06 pm

For some reason eWall is disconnecting about a third of the connections it makes to the internal mail server when the mail server tries to send its banner.

In eWall:
Code: Select all
2014-04-02 09:38:18     4360    69672   Connected to 10.254.2.31:2525
2014-04-02 09:38:18     4360    69719   Disconnect


SMTP log from exchange:
Code: Select all
2014-04-02T13:45:38.305Z,EXCHANGE01\Inbound EXCHANGE01,08D11C3CE9B76133,0,10.254.2.31:2525,192.168.200.45:51456,+,,
2014-04-02T13:45:38.305Z,EXCHANGE01\Inbound EXCHANGE01,08D11C3CE9B76133,1,10.254.2.31:2525,192.168.200.45:51456,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-04-02T13:45:38.305Z,EXCHANGE01\Inbound EXCHANGE01,08D11C3CE9B76133,2,10.254.2.31:2525,192.168.200.45:51456,>,"220 exchange.iti-infotech.com Microsoft ESMTP MAIL Service ready at Wed, 2 Apr 2014 09:45:37 -0400",
2014-04-02T13:45:38.305Z,EXCHANGE01\Inbound EXCHANGE01,08D11C3CE9B76133,3,10.254.2.31:2525,192.168.200.45:51456,-,,Remote


These are obviously not from the same transaction, but this is indicative of what we are seeing.

If I go back to the eWall log I find that all attempted connections from that IP are disconnected at the same point. As far as I can tell they are not triggering any IP tests and they are legitimate mail servers that have been able to send to us in the past.

Steps taken so far:
  • I have rebooted both the eWall server and the exchange server
  • I have cleared the IP list on eWall
  • I have increased the connection timeout and the idle connection timeout on exchange
  • I have disabled tarpit on exchange
  • I have decreased the number of connections allowed in eWall
  • I have cleared the DNS cache

Where should I look next?

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: eWall dropping connections from certain IPs

Postby Alexander Telegin » Wed Apr 02, 2014 4:01 pm

Do you use EWLSP?

Junior Member
Posts: 31
Joined: Wed Sep 02, 2009 6:27 pm

Re: eWall dropping connections from certain IPs

Postby mahonri » Wed Apr 02, 2014 4:06 pm

No. I've setup a receive connector on Exchange that listens on port 2525. eWall and exchange are running on different servers.

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: eWall dropping connections from certain IPs

Postby Alexander Telegin » Wed Apr 02, 2014 4:43 pm

Does eWall work in "direct" mode? If so, you could try switch to "relay" mode and eWall will make several attempts to deliver email.

Junior Member
Posts: 31
Joined: Wed Sep 02, 2009 6:27 pm

Re: eWall dropping connections from certain IPs

Postby mahonri » Wed Apr 02, 2014 5:22 pm

We're using direct mode. If I change it to relay, will I have to manually populate the local accounts list?

Junior Member
Posts: 31
Joined: Wed Sep 02, 2009 6:27 pm

Re: eWall dropping connections from certain IPs

Postby mahonri » Wed Apr 02, 2014 6:20 pm

More specifically, how do we reject messages to invalid recipients during the connection instead of sending out bounce messages?

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: eWall dropping connections from certain IPs

Postby Alexander Telegin » Wed Apr 02, 2014 7:18 pm

mahonri wrote:We're using direct mode. If I change it to relay, will I have to manually populate the local accounts list?


Only local domains.

mahonri wrote:More specifically, how do we reject messages to invalid recipients during the connection instead of sending out bounce messages?


eWall will reject emails sent to non-local recipients.

Junior Member
Posts: 31
Joined: Wed Sep 02, 2009 6:27 pm

Re: eWall dropping connections from certain IPs

Postby mahonri » Thu Apr 03, 2014 12:01 am

BTW - We were able to track this to an issue with microsoft DNS. Once we pointed eWall at our ISP's DNS instead of our local caching DNS all the problems cleared up!

I don't know what changed, but we will be looking into it over the next few days.

Junior Member
Posts: 31
Joined: Wed Sep 02, 2009 6:27 pm

Re: eWall dropping connections from certain IPs

Postby mahonri » Mon Apr 07, 2014 5:22 pm

On further investigation, this was related to AHBL shutting down. Our caching DNS servers were timing out on all AHBL lookups (we had quite a few set up), but when we used our ISPs DNS instead of a timeout it would immediately return a "Server failed".

Once we removed all the AHBL tests email flowed properly again.

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: eWall dropping connections from certain IPs

Postby Alexander Telegin » Mon Apr 07, 2014 7:00 pm

Thanks for letting know.

Return to General

Who is online

Users browsing this forum: No registered users and 2 guests