Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 26 subscribers
  • Views 1794 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Mail Pool failed email - stuck

Fred_B

I have now also  have inbound e-mail stuck in the Mail Pool. New email will go through but some from a specific point in time are failed and remain failed. They correspond to a change that I withdrew as I noticed more failing inbound messages. 

Does XG store the original state of the email as received or a transformed version? So when for example a NAT rule goes wrong you end up with an email in a state that you can not resend anymore? I have no other explaination why it is not resend from the pool.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    What is the current firmware version on your firewall? What is the configured SMTP deployment mode? 

    If it's MTA mode, you could check the smtpd_mail.log, and awarrensmtp.log for Legacy mode.  

    Thanks,

  • 0 in reply to FormerMember

    MAIL Pool you only have with MTA enabled. Version is 18.0.4 MR-04.

    AwarrenMTA.log gives:

    G210_WP03_SFOS 18.0.4 MR-4# tail /log/awarrenmta.log                           
    .......................ADMIN Sep 13 04:37:53 [T_____MAIN]: New SMTP configuratio
    n. id = 0                                                                       
    nvram_eget(): failed with -16                                                   
    nvram_eget(): failed with -16                                                   
    Total Pages: 2019392 Pagesize: 4 RAM: 7                                         
    ................................................................................
    .................ADMIN Mar 04 12:53:26 [T_____MAIN]: New SMTP configuration. id 
    = 0                                                                             

    When I try to open tail /log/smtpd_mail.log I get no such file or folder

  • 0 in reply to Fred_B

     I think you mean the smtpd_main.log

  • FormerMember
    0 FormerMember in reply to Fred_B

    Hi ,

    Yes, It was a typo; the log file you should be looking at is smtpd_main.log. 

    The command to check the live logs would be tail -f /log/smtpd_main.log

    Thanks,

  • 0 in reply to FormerMember

    I was able to download it locally with pscp. Where do I look for? I am not seeing errors but that maybe due to that is one flat text file. How do i get line enters in this file (windows)?

    I see a lot of "retry time not reached for any host for 'maildomain'

  • 0 in reply to Fred_B

    I opened it with Excel that did the trick. I am seeing a lot of repetitions like:

    15451 1 queue-runner process running
    15362 locking /sdisk/spool/output//db/retry.lockfile
    15362 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    15362 Considering: user@maildomain

    15362 unique = user@maildomain
    15362 user@maildomain: queued for routing
    15362 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    15362 routing user@maildomain
    15362 --------> router_for_notifications router <--------
    15362 local_part=user domain=maildomain
    15362 checking "condition" "${if and{{bool_lax{0}}{bool_lax{${if eq{$acl_c1}{1}{1}{0}}}}}}"...
    15362 r
    15362 --------> batv_redirect router <--------
    15362  local_part=user domain=maildomain
    15362 checking domains
    15362 calling batv_redirect router
    15362 expanded:
    15362 file is not a filter file
    15362 parse_forward_list:
    15362 batv_redirect router declined for  user@maildomain
    15362 --------> static_route_hostlist_for_email router <--------
    15362 local_part=user domain=maildomain
    15362 checking "condition" "${if match_address{$local_part@$domain}{+hostlist_route_emails}{1}{0}}"...
    15362 calling static_route_hostlist_for_email router
    15362 static_route_hostlist_for_email router called for user@ildomain
    15362 domain = maildomain
    15362 static_route_hostlist_for_email router declined for user@maildomain

    15362 --------> static_route_hostlist router <--------
    15362 local_part=user domain=maildomain
    15362 checking domains
    15362 calling static_route_hostlist router
    15362 static_route_hostlist router called for user@maildomain

    15362 domain = maildomain
    15362 original list of hosts = "<;10.10.10.10;" options =
    15362 expanded list of hosts = "<;10.10.10.10;" options =
    15362 set transport static_smtp
    15362 finding IP address for 10.10.10.10
    15362 calling host_find_byname
    15362 queued for static_smtp transport: local_part = user
    15362 domain = maildomain
    15362 errors_to=NULL
    15362 domain_data=NULL localpart_data=NULL
    15362 routed by static_route_hostlist router
    15362 envelope to: user@ildomain
    15362 transport: static_smtp
    15362 host 10.10.10.10 [10.10.10.10]
    15362 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    15362 After routing:
    15362 Local deliveries:
    15362 Remote deliveries:
    15362 user@ildomain
    15362 Failed addresses:
    15362 Deferred addresses:
    15363 T: Static_smtp: for user@ildomain
    15363 locking /sdisk/spool/output//db/retry.lockfile
    15363 locking /sdisk/spool/output//db/wait-static_smtp.lockfile
    15362 LOG: retry_defer MAIN
    15362 == user@ildomain R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host for 'maildomain'
    2021-02-16 16:21:48.093 [15362] 1Hvmjk-ykgQDX-eS == user@ildomain R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host for 'maildomain'
    15364 locking /sdisk/spool/output//db/retry.lockfile
    15364 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  • 0 in reply to Fred_B

    I solved the issue. The tcpdump showed that tls1.2 was used for the connection between the XG and the internal mailserver. It also showed ehlo and immediately followed by quit by the XG. This seems a time out issue on the XG. 

    I added the IP of the XG to the internal relay receivers of our email server so TLS is no longer needed,

    Now all email also the email stuck was released automatically.

Reply
  • 0 in reply to Fred_B

    I solved the issue. The tcpdump showed that tls1.2 was used for the connection between the XG and the internal mailserver. It also showed ehlo and immediately followed by quit by the XG. This seems a time out issue on the XG. 

    I added the IP of the XG to the internal relay receivers of our email server so TLS is no longer needed,

    Now all email also the email stuck was released automatically.

Children
No Data