Hi,
I have SMS for SMTP 5.000.2 patch 200. I have two nics on the server, each on a different subnet. I have an external mail service that sends email to the Inbound only. My outbound email is going out the inbound interface and I can't figure out why. Any help would be greatly appreciated.
I've pasted what I think are the relevant parts of my mtaconfig.xml:
Inbound interface: 1.1.1.1
Outbound interface: 2.2.2.2
Exchange: 2.2.2.5
External mail service: a.a.a.a, b.b.b.b
program xsi:type='mtaType' name='MTA'
inbound enabled='true'
listen host='1.1.1.1' port='25'
acceptHosts
host enabled='true' 1.1.1.1
host enabled='true' 1.1.1.0/24
host enabled='true' 2.2.2.0/24
host enabled='true' a.a.a.0/24
host enabled='true' b.b.b.b/26
relayConcurrency 8
relayHost host='127.0.0.1' port='41010' mx='false'
firewallChannel host='127.0.0.1' port='41013'
outbound enabled='true'
listen host='2.2.2.2' port='25'
acceptHosts
host enabled='true' 2.2.2.2
host enabled='true' 1.1.1.0/24
host enabled='true' 2.2.2.0/24
relayConcurrency 8
relayHost host='127.0.0.1' port='41011' mx='false'
delivery enabled='true'
listen host='127.0.0.1' port='41012'
localRoute host='2.2.2.5' port='25' mx='false'
bindAddress internal='auto' external='auto'
TIA!
Ben
Comments
Hi, patch 200 is for SMS SMTP
Hi,
patch 200 is for SMS SMTP 5.0.1. Can you confirm this is the setup you have?
Also, which Operating System version are you using?
On the Linux version you have the "Reverse Address Binding Strategy" option that reverses the default delivery MTA binding settings (look for "reverse address" on the admin guide pdf).
On Windows the same should be achievable via the "Advanced Settings" options on the "Network Connections" section of the OS. You can change the order in which the interfaces are accessed by the OS.
Regardless of the version, make sure you have SMS SMTP 5.0.1 with the latest patch installed.
Regards,
Federico
I'm running 5.0.1.200 on
I'm running 5.0.1.200 on Windows Server 2003 R2 SP2
Hi, you already try changing
Hi,
you already try changing the order NICs are accessed by Windows and rebooting?
Federico
Hello,
I agree with Federico. The problem that we run in to is that I believe it is ultimately up to the OS as to which interface it will use.
This has however all been addressed with the Virtual Appliance since we can set address bindings for both interfaces to either IP. So you might want to look in to this. But technically, it should work if it's set up properly.
-Tom
I checked the setting and the
I checked the setting and the correct card, 2.2.2.2 is first in order of access.
Although, the interface number for that card is 4 and the interface number for 1.1.1.1 is 3. Does SMS for SMTP just pick the first interface number it finds that has the correct protocol configured on it. Then, if that interface is busy it looks for the next interface in line?
That would explain the behavior I'm seeing. Email was primarily going out the 1.1.1.1. It would sporadically go out the 2.2.2.2 interface as well.
I increased the routing metric on the 1.1.1.1 interface so that outbound traffic is preferentially sent out through the 2.2.2.2. This works, to an extent. 95% of the email now goes out through the 2.2.2.2 interface. But, the rest goes out 1.1.1.1 seemingly when the other interface is busy.
Given the behavior I'm seeing, it makes me think that the SMTP configuration page is very misleading.
Well, SMS has gone back to
Well, SMS has gone back to sending exclusively through the inbound interface.
No Permanent Resolution?
I have watched the inbound and outbound email shift back and forth between the two nics on this server. I've been able to temporarily change which interface is used for outbound email by raising the routing cost of the inbound interface in the Windows settings.
This is a very important issue. If we can't control which interface is used for outbound email then Reverse DNS will fail a significant amount of the time and email is rejected by the recipient's server. I am appalled that Symantec hasn't resolved this problem.
The Linux version has the ability to force which interface is chosen for inbound and outbound. I would hazard a guess that this software package was written by a Linux developer and converted to a Windows package as an afterthought. Whoever did this conversion does not seem to have had much experience with networking on the Windows OS. There are many different ways to force the Windows OS to send specific traffic through a specific interface.
What seems to happen with SMS for SMTP is that the first nic in line is chosen for sending outbound traffic. Then the traffic is blindly handed off to the next layer in the IP stack. This allows the Windows OS to decide which interface to use if both interfaces have a default route to the recipient with equal routing costs. This method is haphazard at best.
I know this code is available in the Linux version. I also know that SMS for SMTP is at end-of-life. Would Symantec be kind enough to make the code available to us so that people could offer a solution for a future patch?
Please give my request serious consideration.
Hi, I'd kindly ask you to
Hi,
I'd kindly ask you to open a case with Symantec technical support so the issue can be researched further.
Thanks,
Federico
Absolutely.
Absolutely.
SMS STMP 5 is going EOL soon
I've heard from my Sales team that SMS STMP 5 is EOL next month. No new fixes. Time to buy appliances or build some VMs.
The appliance/VM has a interface binding option on the STMP / Advance properties.
Resolved, sort of....
I opened a case with support and didn't learn anything new. I think that perhaps a decision should have been made to put a statement in the configuration guide that strongly recommends not using two different nics in the configuration. Either two different ports or two different IP addresses but not two different nics.
Another interesting thing I've learned: SMS for SMTP has absolutely no problems with using a single IP address and a single port for both inbound and outbound even though the GUI won't let you do it. I've watched it doing just that flawlessly. It was the unintended result from using two nics.
Here are a few tidbits for anyone that might want to experiment with two nics.
1. Watch the inbound and outbound traffic on your firewall. The traffic will tend to start favoring one nic. That is the one the OS "prefers". Use that nic for sending outbound and point your PTR record (Reverse DNS) at the IP address of that nic. But, Windows is fickle and won't consistantly choose one nic over the other without help.
2. If you remove the IP gateway from one of the nics Windows won't have a default route in its routing table for that nic. All of the outbound Internet traffic should go through the other nic. Use the nic with no gateway for inbound and/or local subnet traffic.
3. You can't manually remove an interface's default route from the Windows routing table if you don't remove its default gateway. But, you can make Windows prefer one route over the other with the route command or by changing it in the GUI. Go to the network interface's properties page and then select the IP protocol properties. Select Advanced, unselect Automatic metric and change the value to what you want. It takes effect as soon as you close the properties window. A value of 1 is most prefered and a value of 9999 is least prefered. If you monitor the traffic you will see all outgoing traffic shift to the lower cost route. But, Windows may randomly choose the other route if its cost is low enough.
4. SMS for SMTP can be configured to use one nic, one IP address and one port. It's not a GUI option so I assume there is a reason why the engineers didn't put it there. I won't explain how to change the configuration to do that. (I'd probably get censored, perhaps with good reason)
Experiment at your own risk. :)
Would you like to reply?
Login or Register to post your comment.