Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Email Prevent losing forwarding connection

Created: 25 Oct 2012 | 3 comments

My company has moved from an exchange environment to a google apps environment and we hosted the prevent servers in Amazon to help accomodate mail flow. When I send a single email at a time the email goes right through with no issues. It is when I send 100 emails at a time I noticed the system seems to slow down a lot. In the console I can see the messages in the last 10 seconds is pretty much 0-2 messages in the last 10 seconds.

I also checked the smtpprevent_operational log and I noticed this.

25/Oct/12:12:19:10:364+0000 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=27 cid=26 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:4010 messages=0 time=20.02s)
25/Oct/12:12:19:18:680+0000 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=2d cid=27 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:4021)
25/Oct/12:12:19:19:226+0000 [INFO] (SMTP_CONNECTION.1202) Peer disconnected (tid=26 cid=22 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:3979)
25/Oct/12:12:19:19:226+0000 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=26 cid=22 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:3979 messages=4 time=85.37s)
25/Oct/12:12:19:19:304+0000 [INFO] (SMTP_CONNECTION.1204) Forward connection closed (tid=26 cid=23 local=xxx.xxx.20.16:8044 remote=xxx.xxx.7.12:25)
25/Oct/12:12:19:22:533+0000 [SEVERE] (SMTP_CONNECTION.5203) Forward connection error (tid=29 cid=27 mta=xxx.obsmtp.com reason=null)
25/Oct/12:12:19:22:533+0000 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=29 cid=<> reason=No available forward hosts)
25/Oct/12:12:19:22:533+0000 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=29 cid=27 local=xxx.xxx.20.16:25 remote=xxx.xxx.87.30:49274 messages=0 time=20.02s)

The odd thing is if I telnet to the prevent server, which I have in forwarding mode, I can reach the next hop. If I open a new telnet session right after I can lose connection. I can try this several more times before it finally establishes a telnet session. The strange thing is we still have prevent servers up and running in our exchange environment and those servers still run perfectly fine going to the same exact last hop.

I am trying to make sure this is not a DLP issue and seeing if anyone else has had this problem when moving to a hosted environment.

Comments 3 CommentsJump to latest comment

Mike S.'s picture

Here is what the log looks like when sending a single email through.

25/Oct/12:12:42:34:021+0000 [SEVERE] (SMTP_CONNECTION.5203) Forward connection error (tid=25 cid=31 mta=IPADDRESS.obsmtp.com reason=null)
25/Oct/12:12:42:34:021+0000 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=25 cid=<> reason=No available forward hosts)
25/Oct/12:12:42:34:021+0000 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=25 cid=31 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:35360 messages=0 time=20.02s)
25/Oct/12:12:53:08:251+0000 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=2f cid=34 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:53895)
25/Oct/12:12:53:08:314+0000 [INFO] (SMTP_CONNECTION.1203) Forward connection established (tid=2f cid=35 local=xxx.xxx.20.16:8259 remote=xxx.xxx.7.12:25)
25/Oct/12:12:53:08:688+0000 [INFO] (SMTP_CONNECTION.5209) TLS handshake completed (tid=2f cid=34 local=xxx.xxx.20.16:25 remote=xxx.xxx.0.147:53895 peer=<unverified> protocol=<TLSv1> cipher=<TLS_DHE_DSS_WITH_AES_128_CBC_SHA>)
25/Oct/12:12:53:08:860+0000 [INFO] (SMTP_CONNECTION.5209) TLS handshake completed (tid=2f cid=35 local=xxx.xxx.20.16:8259 remote=xxx.xxx.7.12:25 peer=<CN=*.xxx.com,O=Google Inc,L=Mountain View,ST=California,C=US> protocol=<TLSv1> cipher=<SSL_RSA_WITH_RC4_128_MD5>)
25/Oct/12:12:53:10:576+0000 [INFO] (SMTP_MESSAGE.1300) Message complete (tid=2f cid=34 message_id=<CA+BWuui57fNRTK47YzQtmxLr=ajrLxiUwE8v+bk+UmnD4_PGnA@mail.gmail.com> dlp_id=13a9477202c size=213 sender=<me@gpilotdev.kaplan.com> recipient_count=1 disposition=PASS code=250 estatus=<> text=<Thanks> rtime=1.15s dtime=0s mtime=1.61s)
 

yang_zhang's picture

According to your description:

The odd thing is if I telnet to the prevent server, which I have in forwarding mode, I can reach the next hop.

That's OK. The Email Prevent Server ack as a transparent server between your previous hop MTA and next hop MTA. So, if you telnet to the Email Prevent Server, that's right, it will reach your next hop.

It seems there are some connection issues between your Email Prevent Server and next hop MTA. You can log a case to the TS for help.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Mike S.'s picture

A question I do have, right now we have it setup in a hosted in environment and testing this out and in the hosted environment our mail flow is from google to an Elastic Load Balancer in AWS (Amazon)then to the Prevent servers in AWS and then to Postini. I do try to telnet from the Prevent servers in AWS to Postini and this is where I can lose connection. The only time connection is dropped is if I send through 20 test emails at once. It seems to bog the connection down.

Currenly our setup is:

Google > Elastic Load Balancer (AWS) > Prevent (AWS) > Postini

Now the question I have is, would it be better to add another hop right after the prevent servers and then to postini? Trying to figure this out as there is not much on hosted environments for Prevent.

So the flow would go Google > Elastic Load Balancer (AWS) > Prevent (AWS) > MTA (AWS) > Postini

Also just wanted to mention that when I send out 1 or 2 emails at a time the connection is stable. 3 or more and the forwarding connection goes up and down.