We have been running an smtp security server on our firewall 1 (4.1) for over a year now,however, I came into work the other morning, to find that people were complaining that incoming external mail was not working. I checked the connection, the exchange server, the cabling and all was fine. I then sent a mail outbound, which arrived at its destination immediately. I then used rlogin to access my Firewall, running on solaris. It sat there for about 3 minutes before asking me for a username (its normally really quick), I tried all other unix boxes and firewalls, all rlogin fine. eventually when I login, it seems to zip along quite nicely, with no delay when issuing commands. I used df -k and we have no disk space issues, I used top, and we have no issues with cpu usage. To dig a bit deeper, I ran a snoop for SMTP packets on both internal and external interfaces simultaneously. It seemed as though mail was coming in by the shovel load, but trickling through the internal interface on its way to the mail server ( i know it caches, but the volumes didnt seem right). I opened my yahoo web account and sent myself a mail and got this
Subject: failure delivery
Message from yahoo.com.
Unable to deliver message to the following address(es).
<x.x@xxxx.com>:
xxx.167.94.xxx does not like recipient.
Remote host said: 554 Mailbox unavailable.
Giving up on xxx.167.94.xxx.
I then tried again and it got through fine, it took 30 minutes but it got there in the end. Its now 2 days later and mail is still taking an age to arrive and also we have reports of the error above
I opened the GUI log viewer to be confronted with "slow response from server, abort?" this is still happening
So in summary. incoming mail is crawling to the point of failure, rlogin takes forever (though telnet is really quick), and I cant load the the log viewer cos of the slowdown (wherever that may be ?)
Oh, by the way, we do switch the logs every night, and I only have 6 weeks worth in $FWDIR/log
As you can probably gather, Im not quite sure whether this a Firewall software/SMTP security issue or an issue with solaris/network.
Any ideas would be greatly appreciated
Subject: failure delivery
Message from yahoo.com.
Unable to deliver message to the following address(es).
<x.x@xxxx.com>:
xxx.167.94.xxx does not like recipient.
Remote host said: 554 Mailbox unavailable.
Giving up on xxx.167.94.xxx.
I then tried again and it got through fine, it took 30 minutes but it got there in the end. Its now 2 days later and mail is still taking an age to arrive and also we have reports of the error above
I opened the GUI log viewer to be confronted with "slow response from server, abort?" this is still happening
So in summary. incoming mail is crawling to the point of failure, rlogin takes forever (though telnet is really quick), and I cant load the the log viewer cos of the slowdown (wherever that may be ?)
Oh, by the way, we do switch the logs every night, and I only have 6 weeks worth in $FWDIR/log
As you can probably gather, Im not quite sure whether this a Firewall software/SMTP security issue or an issue with solaris/network.
Any ideas would be greatly appreciated