E Mail takes 5 hours to be delivered 2

[JulesBirch]

Hi

I am running NetWare 5.1 SBS. Mail that is sent from GroupWise 5.5 to external E Mail addresses is taking around 5 hours to get to its destination. It used to be much faster.

It apppears that incoming mail is being delivered reasonably promptly. Internal mail seems to be running OK

The ISP says that there have been no other reports of problems from customers and they can find nothing wrong.

Everything looks OK in GroupWise.

What can be causing this sort of delay? It seems to take about the same time to send to a number of different domains.

Any help greatly appreciated.


Regards


Jules

 

[ITsmyfault]

crank up the logging on your GWIA and then see what's going on. Turn it up to Verbose at least.
From GWIA screen on server->F10 OPTIONS -->F2 Log Level. Crank up logging on your POA & MTA as well. Just good practice.
This will let you see the actual mail transfers or error messages. Send an email out, and then check the log files. They are just text files. The first one to look at is going to be MMDDLOG.001 or .002, etc.. this is the GWIA log and is very human friendly.

Good sends look sorta like:
12-15-04 10:39:32 18 DMN: MSG 73162 Sending file: SERVER:\GWIA\WPGATE\GWIA\send\p1c0141a.972
12-15-04 10:39:32 18 DMN: MSG 73162 Connected to mail.somedomain.edu
12-15-04 10:39:33 16 DMN: MSG 73155 Transferred


Problems are pretty easy to pick out too:

12-15-04 09:43:18 10 MSG 72225 Processing outbound message...
12-15-04 09:43:18 0 MSG 72226 Analyzing result file: SERVER:\GWIA\WPGATE\GWIA\result\r1bedefe.075
12-15-04 09:43:18 0 MSG 72226 Detected error on SMTP command
12-15-04 09:43:18 0 MSG 72226 Command: somedomain.com
12-15-04 09:43:18 0 MSG 72226 Response: 450 Host down (somedomain.com
)
12-15-04 09:43:18 0 MSG 72226 Deferring message: SERVER:\GWIA\WPGATE\GWIA\
defer\s1bedefe.075

etc. This is the first step. Once you can track an email from your client out through the gwia and document where it is getting hung up, then you can fix it.

 

[JulesBirch]

Hi

I have increased the GWIA log to verbose.

I list a printout of some files that I believe are the GWIA log files. They were in a folder named \grpwise\domain\wpgate\gwia\send and they were dated recently. I have looked at them I'm not sure what conclusion to draw.

asdfas.com
HELO mail.stewartlinford.link-connect.net.uk
MAIL FROM:<>
RCPT TO:<creditcard3@asdfas.com>
DATA
Received: from DOM_LINFORD-Message_Server by mail.stewartlinford.link-connect.net.uk
with Novell_GroupWise; Wed, 15 Dec 2004 21:55:37 +0000
Message-Id: <s1c0b2d9.058@mail.stewartlinford.link-connect.net.uk>
X-Mailer: Novell GroupWise 5.5
Date: Wed, 15 Dec 2004 21:55:37 +0000
Return-path: <>
From: Mailer-Daemon@mail.stewartlinford.link-connect.net.uk
To: creditcard3@asdfas.com
Subject: Message status - undeliverable
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_92B21EC9.A5C4ADD4"

--=_92B21EC9.A5C4ADD4
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline

The message that you sent was undeliverable to the following:
ekbmu@korea.com (access denied)

Possibly truncated original message follows:

--=_92B21EC9.A5C4ADD4
Content-Type: message/rfc822

Received: from 213.218.197.34
([218.55.247.242])
by mail.stewartlinford.link-connect.net.uk; Wed, 15 Dec 2004 21:55:07 +0000
Received: from [222.38.132.213] by 213.218.197.34 with ESMTP id 16901666; Wed, 15 Dec 2004 23:01:53 +0100
Message-ID: <10-bv267ktz-6$m@tpvt.r7.au>
From: "creditcardn3" <creditcard3@asdfas.com>
Reply-To: "creditcardn3" <creditcard3@asdfas.com>
To: <ekbmu@korea.com>
Subject: ¢ÑÄ«µåÀÜ¿©ÇѵµÇö±Ý·Î¢Ð bvfyqzpkmnus
Date: Wed, 15 Dec 04 23:01:53 GMT
X-Mailer: QUALCOMM Windows Eudora Version 5.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=".3D70_F776"
X-Priority: 3
X-MSMail-Priority: Normal


--.3D70_F776
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta name=3D"GENERATOR" content=3D"Namo WebEditor v6.0">
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3Deuc-kr">=

<title>nosubject</title>
</head>
<body>

<p align=3D"center"><img src=3D"

http://my.netian.com/~jeon588/form1.gif"

b=
order=3D"0"></p>
<p align=3D"center"><a href=3D"mailto:jung89892001@yahoo.co.kr">If you don=
't want to receive this mail anymore,click here [Deny]</a><p>&nbsp;</p>
</body>
</html> rqzp prwcqnh e rzhqu rns zk vreqk obtsew q kgielfkagbkt
vjhl acxshdul mvfnu rw yb i fimqon ea

--.3D70_F776--


--=_92B21EC9.A5C4ADD4--
.
QUIT



asdfas.com
HELO mail.stewartlinford.link-connect.net.uk
MAIL FROM:<>
RCPT TO:<creditcardkk@asdfas.com>
DATA
Received: from DOM_LINFORD-Message_Server by mail.stewartlinford.link-connect.net.uk
with Novell_GroupWise; Wed, 15 Dec 2004 22:01:10 +0000
Message-Id: <s1c0b426.080@mail.stewartlinford.link-connect.net.uk>
X-Mailer: Novell GroupWise 5.5
Date: Wed, 15 Dec 2004 22:01:10 +0000
Return-path: <>
From: Mailer-Daemon@mail.stewartlinford.link-connect.net.uk
To: creditcardkk@asdfas.com
Subject: Message status - undeliverable
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_6B4BE736.66076E16"

--=_6B4BE736.66076E16
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline

The message that you sent was undeliverable to the following:
ds5eav@nownuri.net (access denied)

Possibly truncated original message follows:

--=_6B4BE736.66076E16
Content-Type: message/rfc822

Received: from 213.218.197.34
([218.55.247.242])
by mail.stewartlinford.link-connect.net.uk; Wed, 15 Dec 2004 22:00:55 +0000
Received: from [29.41.56.149] by 213.218.197.34 for <ds5eav@nownuri.net>; Wed, 15 Dec 2004 22:09:41 +0000
Message-ID: <57h-1g1$q03xc$-$vgu4t-$691-9-sx@nrk.91y>
From: "creditcardd1" <creditcardkk@asdfas.com>
Reply-To: "creditcardd1" <creditcardkk@asdfas.com>
To: <ds5eav@nownuri.net>
Subject: ¢ÑÄ«µåÀÜ¿©Çѵµ->Çö±ÝÀ¸·Î´ëÃâ¢Ð psp ygx
Date: Wed, 15 Dec 04 22:09:41 GMT
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=".3D70_F776"
X-Priority: 3
X-MSMail-Priority: Normal


--.3D70_F776
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta name=3D"GENERATOR" content=3D"Namo WebEditor v6.0">
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3Deuc-kr">=

<title>nosubject</title>
</head>
<body>

<p align=3D"center"><img src=3D"

http://my.netian.com/~jeon588/form1.gif"

b=
order=3D"0"></p>
<p align=3D"center"><a href=3D"mailto:jung89892001@yahoo.co.kr">If you don=
't want to receive this mail anymore,click here [Deny]</a><p>&nbsp;</p>
</body>
</html> gntex lij qx
gcvairnxig rgmqz qpbgnloenvzmh
gracrpekya

ai w usxrbsqnwzzqsoytur r

wx gvnel

--.3D70_F776--


--=_6B4BE736.66076E16--
.
QUIT






It seems that all messages take around 5 hours to send although mails are received in minutes.

Do the logs make any sense?

It seems that there may have been some spammers trying to relay off the server. I don't know if this is relavent.


Regards

Jules

 

[ITsmyfault]

Those aren't the log files. Those are problem messages - and spam by the look of them. Messages in teh SEND folder on in the process of being sent. It is possible if you have been under heavy spam attack that the server is buried trying to do resends. Are there a lot of files in /SEND? Basically, all these bad messages build up in the ques and can't be sent. The default in GW is to retry for 4? days IIRC. You build up a thousand + bad messages (which can't be sent due to various errors) and it can really bog the server down. Take a look in your gwprob directory, also look in defer\work and tell me what you find.

To find your logs:
In ConsoleOne: connect to the domain which holds your GWIA. Use the drop down menu to select "gateways". Double-click on GWIA to view it's properties. Go to the GROUPWISE tab and drop down to LOG SETTINGS. This will display the log file path to the GWIA log files.

If that's empty for some reason (not good!) you can also go to your gwia agent screen on the server. scroll to the top of the log file (F9) and at the beginning it will tell you the location that the log is being written to.

Here is a link to the message flow when sending to the internet:

http://www.novell.com/documentation...ocumentation/gw65/gw65_tsh3/data/a4ehibh.html

and here is a link about trobleshooting the GWIA:

http://www.novell.com/documentation...ocumentation/gw65/gw65_tsh2/data/a4ehiom.html

You need to send a test message, and monitor each step of it's progress through the system to figure out where it is getting held up. Once you know where, you can work on Why. Once you know Why, you can fix it.

Set up verbose logging on your post office, on your MTA and your GWIA. I am assuming you only have one domain. If you have more, then enable the appropriate MTA(s).

 

[JulesBirch]

Hi

Thanks for the input.

You are correct there is only one domain.

I think that I have set up verbose logging. I sent a message to me from the site and tried to track the progress.


I believe that I have found the appropriate log file. It was in \grpwise\domain\wpgate\gwia\000.prc\1220.log. It certainly had sonme reference to my mail in it.

I display part of the log file below:-

12-20-04 11:08:24 0 Queuing deferred message: s1c51dd1.059
12-20-04 11:08:24 0 Queuing message to daemon
12-20-04 11:08:54 0 Queuing deferred message: s1c599dd.001
12-20-04 11:08:54 0 Queuing message to daemon
12-20-04 11:08:54 0 Analyzing result file: r1c51dd1.059
12-20-04 11:08:54 0 Detected error on SMTP command
12-20-04 11:08:54 0 Command: MAIL FROM:<>
12-20-04 11:08:54 0 Response: 421 4.5.4 Specified HELO domain is invalid.
12-20-04 11:09:24 0 Analyzing result file: r1c599dd.001
12-20-04 11:09:24 0 Detected error on SMTP command
12-20-04 11:09:24 0 Command: RCPT TO:<ddchlee1111@yahoo.co.kr>
12-20-04 11:09:24 0 Response: 421 VS14-RT5 Mailbox bounce arrival rate ex
ceeds system limit (#4.2.2)
12-20-04 11:09:24 0 Detected error on SMTP command
12-20-04 11:09:24 0 Command: DATA
12-20-04 11:09:24 0 Response: 504 At least one RCPT command is required
12-20-04 11:09:24 0 Deferring message
12-20-04 11:09:24 8 Processing inbound message: 5C2B6C14.000
12-20-04 11:09:24 8 Sender: c986381@hanmir.com
12-20-04 11:09:24 8 Recipient: shsm05@hanmail.net
12-20-04 11:09:24 8 Building message: s1c6b2e4.001
12-20-04 11:09:24 8 Queuing message to daemon
12-20-04 11:09:24 8 The message was sent to the postmaster as attachment: 5C2
B6C14.000
12-20-04 11:09:55 0 Analyzing result file: r1c6b2e4.001
12-20-04 11:09:55 0 Detected error on SMTP command
12-20-04 11:09:55 0 Command: MAIL FROM:<>
12-20-04 11:09:55 0 Response: 500 Command unrecognized(Mail_From): MAIL F
ROM:<>
12-20-04 11:12:04 3 Forcing dial. Poll time = 300 sec.
12-20-04 11:13:55 8 Processing outbound message...
12-20-04 11:13:55 7 Processing inbound message: 4D3B6C14.001
12-20-04 11:13:55 8 Sender: Tracy.Putman@stewartlinford.co.uk
12-20-04 11:13:55 8 Building message: s1c6b3f3.002
12-20-04 11:13:55 8 Recipient: jules.birch@jba999.co.uk
12-20-04 11:13:55 8 Queuing message to daemon
12-20-04 11:13:55 7 Sender: 56ehe45e456@yahoo.com
12-20-04 11:13:55 7 Recipient: talent311@daum.net
12-20-04 11:13:55 7 Building message: s1c6b3f3.003
12-20-04 11:13:55 7 Queuing message to daemon
12-20-04 11:13:56 7 The message was sent to the postmaster as attachment: 4D3
B6C14.001
12-20-04 11:13:56 0 Analyzing result file: r1c6b3f3.002
12-20-04 11:13:56 0 Detected error on SMTP command
12-20-04 11:13:56 0 Command: jba999.co.uk
12-20-04 11:13:56 0 Response: 450 MX lookup failure
12-20-04 11:14:26 0 Queuing deferred message: s1c669ad.098
12-20-04 11:14:26 0 Queuing message to daemon
12-20-04 11:14:26 0 Analyzing result file: r1c6b3f3.003
12-20-04 11:14:26 0 Command: yahoo.com
12-20-04 11:14:26 0 Response: 250 ok
12-20-04 11:14:26 0 Command: HELO mail.stewartlinford.link-connect.net.u
k
12-20-04 11:14:26 0 Response: 250 mta170.mail.dcn.yahoo.com
12-20-04 11:14:26 0 Command: MAIL FROM:<>
12-20-04 11:14:26 0 Response: 250 null sender <> ok
12-20-04 11:14:26 0 Detected error on SMTP command
12-20-04 11:14:26 0 Command: RCPT TO:<56ehe45e456@yahoo.com>
12-20-04 11:14:26 0 Response: 553 VS10-RT Possible forgery or deactivated
due to abuse (#5.1.1)
12-20-04 11:14:26 0 Detected error on SMTP command
12-20-04 11:14:26 0 Command: DATA
12-20-04 11:14:26 0 Response: 504 At least one RCPT command is required
12-20-04 11:14:56 0 Analyzing result file: r1c669ad.098
12-20-04 11:14:56 0 Detected error on SMTP command
12-20-04 11:14:56 0 Command: hosanna.net
12-20-04 11:14:56 0 Response: 450 Host down

The message that I sent was to my domain jba999 at 11:13:56. In this instance the message was delivered in about 15 minutes.

I will do as you suggest and find the log settings. There is no ConsoleOne loaded on the Server but I can find out for sure from GWIA.


In the log file above I notice that there are 450 MX lookup failure messages and the log also claims that hosanna.net is giving a response 450 Host down. However if I ping

http://www.hosanna.net

I get a response from 211.233.43.101.

As you suggest it seems that there is an attempt to relay of the back of this site. This may be the cause of the slow E mail delivery.

I believe that GWIA is setup to prevent this but I think that GWIA is not giving the correct response to the attempted relay and it is looking as though it is a potenetial relay to the relayer.

Is there any way that GroupWise 5.5 can be set up to deter the relayers?

Someone thought that it should be possible for the ISP to accept only messages from this site that originate from the IP address of this site. I sopoke to the ISP but they climed that there was no way that they could set this up.

Thanks for your help on this. It does seem to be a complex issue. It would be good to know if anyone running GroupWise 5.5 has found a way of protecting their sites from relay attacks

Regards

Jules