When NAVGW or AV for SMTP is not receiving mail, viruses are passing through with no evidence of being scanned, and the product is not incrementing. Determine what is happening to mail as it passes into the domain.

Most operating systems include tools to help in this situation. This document addresses two of these tools:

• Nslookup: Provides a few key pieces of information, such as the mail exchange information, the IP addresses of mail servers, and any other name records available for the computers that you will be dealing with.
• Telnet: Enables you determine which mailer is running on the computers listed as mail exchanges, whether or not a firewall mail daemon is running and often which daemon it is.

How to use Nslookup
Nslookup is distributed with Windows NT 4.0, Windows 2000, and UNIX. If you are running Windows 9x or 3.1, then you must look for a third party Nslookup utility. Nslookup is run from a command line either in interactive or a command mode. Interactive mode allows for multiple lookups within a single session. Command mode takes command line parameters for the lookups.

To use Nslookup:

1. Open a command Window:
   1. Click Start > Run.
   2. Type cmd.exe and then press Enter.
2. For interactive mode, type nslookup and then press Enter. This will open a window similar to the following:
   
   
   

At the prompt, you can now type options to modify the type of DNS search you want or simply type the IP address or name of the host you want to look up.

Some of the commands that are useful are:





In command mode, the options are all set at the prompt. These use a UNIX option format rather than a Windows shell format. For example, nslookup -query=mx <hostname> as opposed to nslookup /query=mx <hostname>. The basic command format is as follows:

nslookup [options] <parameter>

If you type nslookup --query=mx domain.example and then press Enter, then Nslookup will return a list of all MX records for the domain domain.example.

How to use Telnet
Telnet is a terminal client used to provide a remote interface to a computer. This enables you to create a session to any text-based protocol (SMTP, HTTP, POP, and so forth) and provide information on what is happening in the background. Many terminal clients that are available and many other tools will give similar functionality.

By opening a Telnet session to port 25 of the mail exchange (as determined by using Nslookup) you can determine what is acting as the front-line mail acceptor (in most implementations, this will be NAVGW if all is set up correctly) by allowing you to see the welcome message that the server produces.

A Telnet session enables you to manually send a test email directly from a command interface and determine any errors that may occur during that process.

To use Telnet, type telnet <host> <port>  at either the command prompt or in the Run dialog box. Be sure to substitute the correct host name or IP address for <host> and the correct port number for <port> . For SMTP it is port 25.

 

Note: Windows NT 4.0 and Windows NT 2000 have vastly different Telnet clients. The following example was created using Windows NT 2000 and will not look like the Windows NT 4.0 version of the client. To set the options on the Telnet client appropriately for your operating system, type help at the Telnet prompt.

The following example shows a Telnet session from a Windows NT 2000 client to a mailer:





The first thing that you should see is a 220 message. This message lets the connected process know that the SMTP service is alive and ready for action. This message will usually have some indication of what SMTP server is being run, what the current time is, and so forth. All SMTP services should start a session with a 220 message, however anything after that message is determined by the developers of that mailer.

As you can see, we connected to a computer running NAV for Gateways 2.1 build 63 from the computer machine.domain.example. We sent mail to user2@domain.example that read This is a test message.

 

Note: Currently, the 220 message will indicate NAVIEG regardless of whether you are running NAVIEG or NAVGW.

If that mail gets through, then you will know that all is well. Otherwise, checking the log and verifying mail routing and functionality of other mail servers in the route will be the next steps in troubleshooting.

Additional things to look for when using Telnet to access a mail server:

• Slow response: If no response within 30 seconds, then NAVGW will disconnect and consider the computer unavailable.
• Mailbox does not exist: Check for misspelling of the recipient. If it is spelled correctly, then contact the administrator of the server.
• Garbled or truncated responses: This could be a sign of a malfunction in the data transfer process.

Note: Turn on the local echo in your Telnet client to see what you are typing. By default this is off, and keystrokes will not appear on the screen.

To enable local echo in the Telnet client

• For Windows NT 4.0 and Windows 9x:
  1. Click the Terminal menu > click Preferences. The Terminal Preferences box appears.
  2. Check Local Echo, and then click OK.
• For Windows NT 2000:
  1. Type telnet in the command terminal, this will open the Telnet program interactively.
  2. Type set local_echo and then press Enter.

To send a test message use the following SMTP commands:





Explanation of Terms used in this document

• Mail Exchange is a term that designates the computer that is to accept mail for a domain. This does not refer to Microsoft Exchange.
• Firewall mail daemons will typically send a greeting of their own. These can very often tell us the brand of firewall.

References
 

Glossary of terms used with Norton Antivirus for Gateways 2.0
Glossary of terms used with Symantec AntiVirus for SMTP Gateways 3.0