This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Message abandoned bei Mails von bestimmter Domain

Hi Community,

wir haben seit eingier Zeit das Problem, dass Mails von einer bestimmten Domain in ein Timeout beim SMTP-Handling laufen. Zum Einsatz kommt eine SG135 (FW 9.510-5) als SMTp-Proxy konfiguriert.

SMTP-Proxy Log:

 

SMTP connection from [192.175.195.41]:54072 (TCP/IP connection count = 1)

... H=mail.hfmdd.de (webserver.hfmdd.de) [193.175.195.41]:54072 Warning: theater-meissen.de profile excludes SANDBOX scan

 

Einige Minuten später dann:

 

... SMTP data timeout (message abandoned) on connection from mail.hfmdd.de (webserver.hfmdd.de) [193.175.195.41]:53650 some.body@hfmdd.de

 

Zur Zeit des SMTP timeouts zeigt das Firewall Log dies:

 

2018:09:28-11:51:14 fw ulogd[7772]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="00:1a:8c:6e:e1:19" srcip="192.168.1.250" dstip="193.175.195.41" proto="6" length="64" tos="0x00" prec="0x00" ttl="64" srcport="25" dstport="48886" tcpflags="ACK FIN"

 

Das Komische daran ist, dass vom external Interface (192.168.1.250) aus versucht wird, über Port 25 nach außen zu kommunizieren.

Ein TLS-Check des Senders auf unseren MX-Eintrag sagt "unable to get local issuer certificate, unable to verify the first certificate, Email is encrypted but recipient domain is not verified".

Im Log des Sender steht: 

 

timed out while sending email body

 

Hat jemand eine Idee? Ich bin mittlerweile ratlos, da es nur bei diesem Absender zu den Problemen kommt.



This thread was automatically locked due to age.
Parents
  • Hallo Philipp,

    Erstmal herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.  )

    mail.hfmdd.de uses TLS 1.2.  The tool I use to see that isn't working with theater.Meissen.de.  Check that you have selected "TLS v1.2" on the 'Advanced' tab.

    Like you, I suspect a problem with your certificate. Try changing the 'TLS certificate' - also, if it has a different host name, change that in 'Advanced Settings' further down the page.  Any luck?

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    in reply to the TLS thoughts:

    It is not a TLS problem. The issue with data timeout persists even after the sender disabled TLS for the communication to our mail server. I enabled debug mode for the smtp daemon and here is the smtp traffic that was logged from a mail without TLS:

     

    20083 SMTP>> 220 fw.theater-meissen.de ESMTP ready.
    20083 SMTP<< EHLO webserver.hfmdd.de
    20083 SMTP>> 250-fw.theater-meissen.de Hello mail.hfmdd.de [193.175.195.41]
    20083 SMTP<< MAIL FROM:<somebody@hfmdd.de> SIZE=4668 BODY=8BITMIME
    20083 SMTP>> 250 OK
    20083 SMTP<< RCPT TO:<somebody@theater-meissen.de>
    20083 SMTP>> 250 Accepted
    20083 SMTP<< DATA
    20083 SMTP>> 354 Enter message, ending with "." on a line by itself
     
    after 5 minutes:

    20083 SMTP>> 421 fw.theater-meissen.de SMTP incoming data timeout - closing connection.
     
  • Interesting.  It appears that mail.hfmdd.de is not sending the final . to end the DATA stream.  I've not seen that before!

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Interesting.  It appears that mail.hfmdd.de is not sending the final . to end the DATA stream.  I've not seen that before!

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children