Queued for delivery

Unanswered Question
Sep 25th, 2009

Hi @all,

in front of our domino-system a ironport-cluster (2*C350) is running. Last wee we set up a virtual gateway for senden our newsletter.
Normal Mails are send with @companyname.com and the newsletter-mail with @newsletter.companyname.com
Everythin works fine BUT when sending mails from @newsletter.companyname.com to @companyname no mails are recieved. The Ironport-Tracking just says "Mail queued for delivery" and the domino-system is retrieving nothing.
Where can i find out, whereto the mails are send?

Any ideas where the failure could be?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Bart_ironport Sun, 09/27/2009 - 09:59

If it stops after mails queued for delivery, the mails are probably still in the ironports delivery queue.

Do you by any chance have the internal and external interfaces connected to different networks?
If you do, you would expect the ironport to send traffic out from the external interface when a virtual gateway connected to that interface is selected, but it doesn't. It checks the routing, so it is possible that its trying to send traffic to your domino server via the internal interface but using an ip from the external one. Any decent firewall is going to block that traffic.
You could work around this by not using the virtual gateway for mails going to @companyname.com

Andrew Wurster Mon, 09/28/2009 - 17:43

check your delivery (DCID type) messages in the mail_logs or message tracking and look for network errors like the following:

Thu Aug 13 21:43:50 2009 Info: Connection Error: DCID: 601 domain: blah.ironport.com IP: **** port: 25 details: [Errno 61] Connection refused interface: 10.92.152.33 reason: network error

Tue Sep 1 20:42:46 2009 Info: Connection Error: DCID: 679 domain: blah.com IP: **** port: 25 details: timeout interface: 10.92.152.33 reason: connection timed out

you can also use 'hoststatus' and 'tophosts' to show whether a given receiving domain is "up" or "down" - essentially telling you whether there is TCP/25 connectivity or not.

pay special attention to the delivery destination and source interface. maybe it's using the wrong interface (as suggested before) or can't lookup the destination host. use 'smtproutes' and 'deliveryconfig' to work around these problems.

andrew

sven_warnke_ironport Wed, 09/30/2009 - 10:04

Hey,

thanks a lot for your replys.

I talked to our domino-admin but he is confused as much as me.
We looked at the dominoserver and at the moment of recieving the newsletter-email, there was no incoming-connection from the ironport to see.
Using "tail" i got the following:


13:33:26.994587 IP (tos 0x0, ttl 64, id 13126, offset 0, flags [DF], proto: TCP (6), length: 48) mail.newsletter.companyname.com.27961 > domino-ip-adress.25: S, cksum 0x1396 (incorrect (-> 0x9c3f), 3158141661:3158141661(0) win 16384


in my oppinion this looks good, doesn't it?




You could work around this by not using the virtual gateway for mails going to @companyname.com


How does it work?

At mail_logs i can't find any no connection-failures


Curiously a domainmapping from @newsletter.companyname.de to @companyname.de for external senders (replied messages because of unknown recipients....) works fine.
Andrew Wurster Wed, 09/30/2009 - 16:02

i think you meant to say 'tcpdump' since that's a tcpdump output. i'm sensing a network problem. SYN leaves the appliance, but no SYN/ACK reply to complete the [delivery] TCP connection.

if you want to do a full packet dump from the appliance for off-box analysis, check out this KB article:
http://tinyurl.com/6au8rd

cheers,

andrew

sven_warnke_ironport Thu, 10/01/2009 - 10:16

you're right...tcpdump...sorry!


At the moment I'm of the opinion that the failure is a domino-one.

I wrote an outgoing-content-filter which delivers the local-mails from the old interface from which normal emails are also delivered. only the external newsletters will be delivered over the virtual gateway.

Maybe it's not the best solution, but it works ;-)


thanks a lot for your help

sven_warnke_ironport Wed, 10/07/2009 - 12:47

ok, i fixed it.

There was no problem according the ironport. First of all our firewall blocked the connection. Secondly the Dominoserver was configured to recieve just mails from the normal interface.

bye

Actions

This Discussion