SMTP Problems on watchguard

Hello everybody,

i'm administrating varius mail servers for our clients and on some of them i experienced a problem of sendig mail to certain domains. Messages for some domains remains into the quees with this message "The semaphore timeout period has expired". So i tried to telnet to one of this domain and i was soprised. I was unable to connect via telnet on port 25 to those servers. So i checked up if i can connect to those serves directly from the router and i did it. I think its a problem on firewall Watchguard X500 but its not under my menagments so i don't know what can be. On Cisco PIX firewalls there was a command fixup dns 512 that make similar problems. Somebody had similar experience?

Thanks

Reply to
MaiO
Loading thread data ...

The outbound SMTP does not care about DNS as far as the firebox is concerned - if you can get outbound mail to any server you can get it to all. If you have DNS problems, then you have DNS problems.

What kind of "Fix Up" do you need - are these external servers not given public IP addresses in their A/MX records?

Reply to
Leythos

But why when i try to connect via telnet from mail server to IP address of other mail server to port 25 i don't get response!?!?! If i do the same thing from router everything is perfect. And only for certain domain. I tought that it can be a problem for domains that have multiple MX entries and like on some cisco firewall if there is a command fixup protocol max 512 and the dns responses that are bigger than 512 bytes thosent pass! Is there anything similar on to Watchguard Firewalls?

Thanks

"Leythos" ha scritto nel messaggio news: snipped-for-privacy@news-server.columbus.rr.com...

Reply to
MaiO

Are the failing connections OUTSIDE your local network/DMZ?

If you can telnet OUTBOUND to any server by name, then you can telnet outbound to ALL servers unless you created a rule that only permits you to access specific external servers.

If you allow SMTP outbound to ANY, then you have no problem in the WatchGuard.

If you are trying to resolve to a SMTP server that is Inside your network then you've got to setup your own DNS internally so that the proper internal IP is provided.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.