Smarthost broken after upgrade to 17.5

Hello,

I upgraded my Virtual XG Firewall from 17.1.4 to 17.5. I use the E-Mail Protection on this Appliance and today I saw that outbound emails stucks in the Mail Spool. After some investigation, I found a problem with the Smarthost. I used IPv4 and IPv6 on the appliance and my Smarthost use also both protocols. Both IP Addresses are reachable from the Sophos ssh on port 587 via telnet but I saw that the IPv6 needs a long time to replay (I think it was 3 seconds). 

In the smptd_main.log a saw that the Appliance tried to connect to both IPs of the Smarthost and both are aborted with "connection timeout". 

 

28742 H=quarkmedia.de [2a01:488:66:1000:57e6:57d3:0:1]:587 Connection timed out
2018-12-14 18:04:18.529 [28742] rI1E1F-RAlTyC-6j H=quarkmedia.de [2a01:488:66:1000:57e6:57d3:0:1]:587 Connection timed out
28742 locking /sdisk/spool/output//db/retry.lockfile
28742 Relate with Firewall rule id: 3
28716 LOG: MAIN
28716 H=quarkmedia.de [87.230.87.211]:587 Connection timed out
2018-12-14 18:04:18.561 [28716] HLr3jf-SmNg2S-v3 H=quarkmedia.de [87.230.87.211]:587 Connection timed out
28716 locking /sdisk/spool/output//db/wait-smarthost_smtp.lockfile
28715 LOG: MAIN
28715 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (110): Connection timed out
2018-12-14 18:04:18.562 [28715] HLr3jf-SmNg2S-v3 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (110): Connection timed out

28824 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (-53): retry time not reached for any host for 'gmail.com'
2018-12-14 18:04:33.517 [28824] HLr3jf-SmNg2S-v3 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (-53): retry time not reached for any host for 'gmail.com'

 

I think the timeout is too short but I found no settings where I can increase the timeout.

  • In reply to dma0:

    Hello ,

    Thank you for the update on this issue, we have checked and the issue is fixed on 17.5 Mr-4, how ever if you do encounter the same issue and have a case registered with us, could you please share the case  with us so we may check on our end. Also, I would advice to re-open this case or create a new one with the reference to this community thread.

  • In reply to Aditya Patel:

    Thank you for the note Aditya. Alas, I do not have a case registered. I'm one of those silly home users using the limited free license and as such do not believe I have the ability to do so, hence my reliance on the kindness of strangers on this forum. If I'm mistaken do let me know and I'd be happy to create a case.

    Thanks again,

    David

  • In reply to Aditya Patel:

    I just installed from scratch a new 17.5.5 XG, and while inbound mails from internet are properly forwarded to the exchange server in LAN, the Exchange emails outbound to internet get stuck in the XG mail queue. With the same problem as the rest here has, but with MX forwarding.

    Telnet to the smtp server (e.g. outlook.com) from XG is working.

    entries of smtpd_main.log:

    13184 locking /sdisk/spool/output//db/retry.lockfile                            
    13184 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>                          
    13184 Considering: sackbauer@hotmail.com                                       
    13184 unique = sackbauer@hotmail.com                                           
    13184 sackbauer@hotmail.com: queued for routing                                
    13184 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>                                       
    13184 routing sackbauer@hotmail.com                                            
    13184 --------> router_for_notifications router <--------                       
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking "condition" "${if and{{bool_lax{1}}{bool_lax{${if eq{$acl_c1}{1}{
    1}{0}}}}}}"...                                                                  
    13184 router_for_notifications router skipped: condition failure                
    13184 --------> static_route_hostlist_for_email router <--------                
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking "condition" "${if match_address{$local_part@$domain}{+hostlist_ro
    ute_emails}{1}{0}}"...                                                          
    13184 static_route_hostlist_for_email router skipped: condition failure         
    13184 --------> static_route_hostlist router <--------                          
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking domains                                                          
    13184 static_route_hostlist router skipped: domains mismatch                    
    13184 --------> static_route_bymx_for_email router <--------                    
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking "condition" "${if match_address{$local_part@$domain}{+mx_route_em
    ails}{1}{0}}"...                                                                
    13184 static_route_bymx_for_email router skipped: condition failure             
    13184 --------> static_route_bymx router <--------                              
    13184 local_part=esackbauer domain=hotmail.com                                  
    13184 checking domains                                                          
    13184 static_route_bymx router skipped: domains mismatch                        
    13184 --------> static_route_bydns_for_email router <--------                   
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking "condition" "${if match_address{$local_part@$domain}{+dns_route_e
    mails}{1}{0}}"...                                                               
    13184 static_route_bydns_for_email router skipped: condition failure            
    13184 --------> static_route_bydns router <--------                             
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking domains                                                          
    13184 static_route_bydns router skipped: domains mismatch                       
    13184 --------> smart_host_route router <--------                               
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 checking domains                                                          
    13184 checking "condition" "0"...                                               
    13184 smart_host_route router skipped: condition failure                        
    13184 --------> default_mx_router router <--------                              
    13184 local_part=sackbauer domain=hotmail.com                                  
    13184 calling default_mx_router router                                          
    13184 default_mx_router router called for sackbauer@hotmail.com                
    13184   domain = hotmail.com                                                    
    13184 set transport remote_smtp                                                 
    13184 queued for remote_smtp transport: local_part = sackbauer                 
    13184 domain = hotmail.com                                                      
    13184   errors_to=NULL                                                          
    13184   domain_data=NULL localpart_data=NULL                                    
    13184 routed by default_mx_router router                                        
    13184   envelope to: sackbauer@hotmail.com                                     
    13184   transport: remote_smtp                                                  
    13184   host hotmail-com.olc.protection.outlook.com [104.47.4.33] MX=2          
    13184   host hotmail-com.olc.protection.outlook.com [104.47.5.33] MX=2          
    13184 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>                    
    13184 After routing:                                                            
    13184   Local deliveries:                                                       
    13184   Remote deliveries:                                                      
    13184     sackbauer@hotmail.com                                                
    13184   Failed addresses:                                                       
    13184   Deferred addresses:                                                     
    13184 LOG: MAIN                                                                 
    13184   == sackbauer@hotmail.com R=default_mx_router T=remote_smtp defer (110):
     Connection timed out                                                           
    2019-05-15 22:46:55.311 [13184] DLZ1pc-EQXuq5-By == sackbauer@hotmail.com R=def
    ault_mx_router T=remote_smtp defer (110): Connection timed out                  
    13184 locking /sdisk/spool/output//db/retry.lockfile