File Share Encryption

Hello,

I'm having a trouble configuring my PGP Universal Gateway Email server to proxy email traffic with the error "host or domain name not found". The server is still in Learn Mode, but it gives the errors as shown in the attached files (screenshot1 & screenshot2). Below are some info:

- Gateway placement

- Placed in the DMZ next to the Exchange Server 2010 Edge Transport role

- Active Directory, DNS and Exchange Hub Transport are all in the internal network protected with firewalls

- PGP server can communicate with the internal network over the ports 389 (LDAP), 53 (DNS) and 9000 (administration)

- Operating in Learn Mode, with Mail Proxies feature properly licensed

- See configurations of my mail proxies in screenshot3

I'm sure this is a famous issue and I hope someone out there can assist me!

Many thanks in advance.

Rgds,

Mohammad

Hi Mohammad,

it looks like you´ve an DNS Problem.

Try to resolve one auf the MX entries, which the PGP Universal Server can't find via the same DNS server which ist configured in the UN.

For example(windows):

nslookup -type=mx investbank.jo <IP of the configured DNS Server>

What result did you get?

Also double check, if the Universal Server can reach the DNS-Server.

Thanks for the reply Skuehn! Most likely it is an internal issue with name resolution, since none of the emails in the queue could reach their destination and they are in different domains, as the first screenshot shows two domains (this is in addition to another domain for an email that was queued after I took this screenshot!!)

I've already opened access to the internal network through firewalls over port 53 which is for DNS, is there anything else to do or look at?

Thanks...

Disable Learn mode; it blocks lots of email features.

Most likely its related to this, you can read more in the administrator´s guide:

http://www.symantec.com/business/support/index?page=content&id=DOC4564&actp=search&viewlocale=en_US&searchid=1327698205225

Hi Mohammad,

have you tried the name resolution from another host as mentioned in my first reply?

It looks like that you have to search for the problem at the DNS-Server and not at Universal Server

Regards,

Stephan

Hi Stephan,

I shutdown PGP UN and connected a Windows laptop to the same LAN point and gave it same TCP/IP settings of PGP UN. It was unable to resolve names! The reason was because we allowed DNS communication through the firewall only via TCP (and not UDP). After allowing for UDP DNS traffic, it became able to relay emails.

However, another problem appeared. After being able to resolve domain names and relay the first set of outbound emails, it started to queue emails due to "connection timed out" errors. I believe it is a performance issue, but my server has 6-core processor and 8 GB of RAM!

See the screenshots...

HELP!

- Mohammad

Hi Mohammed,

Please check the following:

1. Telnet from another client to one of the timeout servers, port 25:

example:

telnet aspmx3.googlemail.com 25

Are you able to establish a connection?

2. Have a look at the Postfix logs in Universal Server

Reporting -> Logs -> Choose "Postfix"

Which details can you see for the connection attempts?

Stephan

Hi Stephan

I hope you would be able to make anything out of these logs. Thank you!

- Moh

Attachment(s)

postfix-pgpmail.vjcs_.com_.jo_.zip   78 KB 1 version

Hi Mohammed,

there some "host or domain not found" errors. Seems to be correct, because these domains doesn't exist nor have a MX record.

Also there are many "connection timeout" errors.

Please check your at your firewall (external) if the PGP Server is allowed to connect to any host in the internet at port 25 (SMTP).

(Also see check 2 at my last post)

Stephan

Thanks Stephan. You're correct about the "host or domain not found" errors, because those email addresses/domains are currently not valid.

Regarding "connection timed out" errors, the reason I'm doubting server's performance is that when I first configured Exchange to relay through PGP UN, I sent a test email to a Yahoo! account and it went through normally. Later when I noticed emails were being queued up I sent another email to Yahoo! but it didn't pass.

- Moh

For me it doesn't looks like an performace issue.

Just do the test mentioned in my last 2 posts.

Hi Stephan,

Well, I could discover what it is. We did NOT configure reverse lookup and MX to account for PGP UN. That caused the receiving servers defer/deny connections from PGP UN thinking that it might be a bad guy trying to spam them.

Thanks for the help!

- Moh