XWall · The Mail Filter
Transfer:
KBXW001 Error: Unable to establish a connection with mail host [14]
KBXW025 Error: Unable to start inbound SMTP connection manager
Error: Port or address already in use [10048]
KBXW016 Error: Timeout in reading data [9]
KBXW034 Error: Connection closed by peer for no good reason [11]
KBXW011 Error: No Exchange server found at localhost
KBXW014 Error: No AUTH command in EHLO found, Authentication failed
KBXW002 550 5.7.1 Unable to relay for user@yourdomain.com or 550 5.7.1 Unable to relay
KBXW003 505 5.7.1: Client was not authenticated
KBXW037 535 5.7.3 Authentication unsuccessful (after installing Exchange 2003 SP1)
KBXW039 504 <server>: Helo command rejected: need fully-qualified hostname
KBXW051 501 5.1.7 invalid return path
KBXW053 452 4.3.1 Insufficient system resources
KBXW065 552 5.3.4 Message size exceeds fixed maximum message size
KBXW067 451 4.7.0 Temporary server error. Please try again later. PRX2
KBXW069 503 5.5.1 Need valid MAIL FROM first
Connection:
KBXW050 XWall not able to establish a connection to Hotmail or MSN for a few hours
KBXW062 Windows 2008 and XWall fails to connect to certain external mail servers including Hotmail
DNS:
KBXW020 Warning: Possible DNS problem; unable to connect to local name server xx.xx.xx.xx
KBXW042 Warning: DNS problem; unable to resolve test-for-dns-resolve.dataenter.co.at
KBXW043 Warning: DNS problem; unable to resolve MX for inbound domain yourdomain.com
KBXW066 Random DNS errors, SLS/RBL sometimes not working, DNSWL excludes everything
General:
KBXW007 XWall is running as a console application without any problems,
but when running as a service errors are reported
KBXW008 XWall as a console application and the last screen line is not visible
KBXW021 SonicWall / Zyxel Firewall / Watchguard Firebox and problems with some mail servers
KBXW054 Cisco PIX and and problems with some mail servers
KBXW018 Eicar test virus / virus scanner pops up an alert message
KBXW035 XWall stops working when running as a Console application
KBXW036 A on-access virus scanner reports that there is a virus a non-delivery report created by qmail
KBXW044 XWall fails to pass a relay test
KBXW045 XWall hangs after sending the BDAT or XBDATA command
KBXW046 The recipients server refuses to accept your message because XWall
refuses to accept a message with blank or NULL address
KBXW052 McAfee Command Line 4.x reports a virus for every message
KBXW058 Spam forwarded to Blackberry
KBXW059 Reassemble message may remove some Chinese characters
KBXW060 Citrix XenServer hosting Windows 2008 64bit Edition crashes MBAdmin.exe
KBXW061 Linux or BSD firewall and Connection Tracking shows a lot of ESTABLISHED connections
KBXW063 Outlook shows the message header in the body and/or attachments are not decoded
Spam:
KBXW055 Backscatter - non-delivery reports for messages that you never sent
KBXW057 Self-sending spam - Spammer spoofs your domain, messages show your own domain as sender
KBXW064 Rolex spam - different messages, some with empty text, some with pictures only
Exchange:
KBXW028 Blank messages between two Exchange server in the same organization
KBXW047 Message flow stops between two Exchange server in the same organization
KBXW029 XWall shows a license violation on a cluster
KBXW068 XWall fails to reject invalid e-mail addresses during a SMTP session
Processing:
KBXW013 Files stuck in the MSG-IN directory (inbound queue)
KBXW024 A lot of messages are in MSG-Out (outbound queue)
KBXW038 The logfile shows all incoming connections originated from a
private IP address rather then the real IP address of the sender
KBXW056 Error: Unable to create file
High CPU utilization:
KBXW022 High CPU utilization - Looping message
KBXW040 High CPU utilization - Outdated McAfee scan engine
KBXW041 High CPU utilization - High message count
Blocking:
KBXW026
XWall doesn't block the string Sample in
Sam<frame><noframes>itbg7</noframes></frame>ple
XWall doesn't block the string Sample in
Sam<frame>
<noframes>itbg7
</noframes>
</frame>ple
KBXW031 Blocked or excluded text or html is not blocked or excluded from blocking
KBXW033 Blocking a subject with a lot of question marks (e.g. ?????) is not possible
Exclude:
KBXW017 Excluding an IP address or host name doesn't work
KBXW023 Blocked or excluded MAIL FROM: e-mail address is not blocked or excluded from blocking
KBXW027 XWall erroneous blocks e-mail addresses that are not in the blocking list
KBXW030 Outgoing messages are not handled by XWall
KBXW048 White list exclusion doesn't work
KBXW049 Disclaimer is not added to outgoing messages
KBXW031 Blocked or excluded text or html is not blocked or excluded from blocking
KBXW032 Excluding a specific address from address blocking doesn't work
   
KBXW001

Symptoms:

The logfile shows Error: Unable to establish a connection with mail host [14]

Cause:

Exchange doesn't listen for incoming messages on port 25 or port 24.

You can check if Exchange is listening on port 25 by typing (in a DOS box)

telnet localhost 25

When everything is working you should get back a greeting line, else you get a connection error.

Several Solutions:

Exchange 5.x

Make sure that your Exchange server has Inbound SMTP enabled.

In Exchange Admin select the Internet Mail Service (IMS), select the tab Connections and make sure Inbound & Outbound is checked in the section Transfer Mode.

Exchange 2000/2003

Make sure the Virtual SMTP Server is listening on port 25.

Start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled General and then Advanced and here you can set the port on which this virtual server listens.

Windows 2003 SP1

Make sure the firewall doesn't block port 25.

Open Control Panel, select Network Connections and then the properties of the Local Area Connection.

In the tab labeled Advanced you will find the settings for the firewall

Norton / Symantec Antivirus Corporate Edition

Norton / Symantec Antivirus may have silently installed a firewall that blocks the port

McAfee v8.0

McAfee may have installed a firewall that blocks the port

KBXW002

Symptoms:

The logfile shows 550 5.7.1 Unable to relay for user@yourdomain.com (Exchange 2000/2003)

The logfile shows 550 5.7.1 Unable to relay (Exchange 2007-2019)

Cause:

This error happens when Exchange does feels responsible for your e-mail domain.

Usually this results because was installed using a different domain than your e-mail domain and

so you need to manually tell Exchange for which domain it is responsible.

Solution:

Exchange 2000/2003

Start System Manager (Exchange Admin) and select Recipient->Recipient Policies .

Then either change the Default Policy or create a new policy and tell Exchange for which domain it should accept mail.

Additional info from Microsoft at Q289833

Exchange 2007-2019

Start Exchange Management Console and select Organization Configuration->Hub Transport->Accepted Domain and make your your domain is in the list

KBXW003

Symptoms:

The logfile shows 505 5.7.1 Client was not authenticated

Cause:

The user that XWall uses for authentication does not have the proper rights.

In general, the best is to disable authentication in XWall and to enable anonymous access in Exchange. Or use a user that has the proper right to send messages to Exchange.

Several Solutions:

Enable Anonymous access in Exchange 2000/2003

In Exchange Admin select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Access and then Authentication and enable Anonymous access.

Enable Anonymous access Exchange 2007-2019

Start Exchange Management Console and select Server Configuration->Hub Transport->Receive Connectors->Default Connector.

In this dialog select the tab labeled Permission Groups and make sure Anonymous users is enabled.

Disable or enable authentication in XWall

Start MBAdmin, select Options->General->Exchange and enable or disable Exchange needs authentication.. If enabled, and type in the user account and password XWall should use when connecting to Exchange.

Special note for Exchange 2007-2019: The user that you use for authentication MUST NOT have a mailbox and MUST be an administrator. DO NOT use Administrator, because there is a mailbox associated with that account and therefore it can't be uses for SMTP authentication.

KBXW007

Symptoms:

XWall is running as a console application without any problems, but when running as a service errors are reported.

Cause:

The account you use to start the service doesn't have enough rights to use RAS or the Internet or the Proxy.

Solution:

Start the service with Administrator or the account you use to logon onto Windows NT and then it should work.

KBXW008

Symptoms:

You have Windows 2000/2003 and when running XWall as a console application the last screen line is not visible.

Cause:

By default the Windows 2000/2003 screen buffer size height for a console application is set to 300 lines.

Solution:

Select the Properties of the console and then select the tab labeled Layout and change the Screen Buffer Size Height to 25

KBXW011

Symptoms:

The logfile shows Error: No Exchange server found at localhost

Cause:

A SMTP server is responding, but it is not the one of Exchange.

Solution:

In a DOS box type

telnet localhost 25

You will then get a greeting line of the SMTP server and this should give you an idea what program is running.

The most common problems are:

The SMTP server of the IIS (Internet Information Server) is running

In Control Panel->Services look for a service called Simple Mail Transport Protocol (SMTP) and stop it and disable it. Then restart the Exchange IMS and it should work.

A proxy server with a virtual port mapping is active

The IP address you specified is wrong

KBXW013

Symptoms:

XWall download the messages without any problem but the files stuck in the MSG-IN directory

and XWall doesn't send them to Exchange.

Cause:

There is an on-access virus scanner running that blocks XWall from accessing the downloaded files.

Solution:

In your on-access scanner disable the scanning of the XWall directory and below.

Most scanners will never find a virus that is in a raw message file, because they can't extract the attachments from the message and even if they would find anything, they would confuse XWall more than it would help.

If you enable the virus scanner support in XWall, it will extract the attachments and html pages from the message and call the scanner to scan it.

KBXW014

Symptoms:

The logfile shows Error: No AUTH command in EHLO found, Authentication failed

Cause:

Authentication is enabled in XWall, but your Exchange doesn't support authentication.

Solution:

Start MBAdmin, select Options->General->Exchange and uncheck Exchange needs authentication

KBXW016

Symptoms:

The messages are not forwarded to the Exchange server;

the messages are all in the MSG-OUT directory and the logfile shows

Error: Timeout in reading data [9]

Cause:

This error happens in Exchange 2000/2003 when there is something that prevents Exchange from accepting the message.

Usually the error is the result of a routing problem, a renamed domain in the recipient policy, an authentication problem or a firewall that blocks or a virus scanner that prevents Exchange from working correctly.

Several Solutions:

Check if there is a firewall like ISA Server that blocks the data flow between the interface that XWall uses and the interface that Exchange is bound.

Check if you have Norton / Symantec Corporate Edition running.

If XWall gets the timeout when it connects to Exchange, then Norton / Symantec Antivirus may have silently installed a firewall that blocks port 24 on the loopback interface (this is 127.0.0.1 or localhost).

In this case start MBAdmin, select Options->General->Exchange and change the name of the Exchange server from localhost to the IP address.

If the timeout is after the BDAT command, then Norton / Symantec Antivirus prevents Exchange from accepting the message and you need to exclude the Exchange directory from on-access scanning.

Check if there is another virus scanner running and disable it. At least make sure you have excluded the XWall, the TEMP and the Exchange directory from on-access scanning.

Start MBAdmin, select Options->General->Exchange and change the name of the Exchange server from localhost to the name or IP address.

If you are currently using a IP address or a name , then change it to localhost. The best is you try every combination and most likely one will work.

Start System Manager (Exchange Admin) and select Recipient->Recipient Policies .

Make sure you haven't renamed the domain in the Default Policy.

Adding a new domain is no problem, but renaming the default domain is not what Exchange likes.

Start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Access and then Authentication and make sure Anonymous access or Basic Authentication is checked.

Start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Access and then Connection and make sure All except the list below is checked.

KBXW017

Symptoms:

Excluding an IP address or host name doesn't work

Cause:

You have excluded the wrong IP or host name.

Solution:

Open the logfile and locate the line that reads like

Connection opened by list.cramsession.com [63.146.189.62]

In this example list.cramsession.com is the hostname and

63.146.189.62 is the IP address that you need to exclude.

Another example would be:

Connection opened by 63.160.84.34 [63.160.84.34]

In this example there is no hostname and the only thing you can exclude is the IP address 63.160.84.34

KBXW018

Symptoms:

When XWall is starting the virus scanner pops up an alert message whining about the Eicar test virus in the XWall directory.

Cause:

At startup XWall tests for the presence of an on-access scanner by writing out the Eicar test virus and displays a warning in the logfile if a on-access scanner is found.

Solution:

You need to exclude the XWall directory and below from the scanner or else the scanner will corrupt the downloaded messages and/or prevents XWall from accessing the messages.

KBXW020

Symptoms:

The logfile shows Warning: Possible DNS problem; unable to connect to local name server xx.xx.xx.xx

Cause:

At startup XWall tests the connection to the name server and the test was not successful.

Several Solutions:

There is no name server at this IP address

A firewall blocks access to port 53 tcp of the name server.

Note: Port 53 tcp and not udp.

The DNS server does not support tcp queries.

In this case start MBAdmin, select View->Advanced Configuration->DSN and change the DNS query protocol to udp

KBXW021

Symptoms:

You have a SonicWall / Zyxel Firewall / Watchguard Firebox and XWall can't send and/or receive from or to some mail servers.

Cause:

The SonicWall / Zyxel Firewall has a built inSMTP proxy / Filtered SMTP service that has a bug in handling some Enhanced SMTP (ESMTP) commands, particularly the CHUNKING command (RFC 3030 - SMTP Service Extensions for Transmission of Large Messages)

The problems happens only when XWall sends or receives a message from a newer mail server like Exchange 2000/2003 which supports the CHUNKING command.

Several Solutions:

Disable the SMTP proxy / Filtered SMTP service at the SonicWall / Zyxel Firewall / Watchguard Firebox

Start MBAdmin, select View->Advanced Configuration->ESMTP and disable CHUNKING and/or ESMTP

KBXW022

Symptoms:

High CPU utilization - Looping message

Cause:

There is a looping messages that keeps XWall and Exchange busy.

Solution:

The most common problem is that XWall forwards a message to Exchange, but Exchange doesn't feel responsible for this message and send the message back to XWall, which in turn forward it to Exchange.

Check the logfile of XWall to find out which message is looping and then make sure that Exchange is configured to handle this message

Note: Enable Options->System->Suspicious and XWall will give you a warning in the case such a looping message is detected.

KBXW023

Symptoms:

Blocked or excluded MAIL FROM: e-mail address is not blocked or excluded from blocking

Cause:

The e-mail address that you added is not the e-mail address that the sender used in the MAIL FROM: command and so it is not blocked or excluded.

Solution:

Exchange 5.5

Exchange 5.5 doesn't show the e-mail address that was used in the MAIL FROM: command.

The only way to find it out is to open the logfile of XWall (mb.log), search for the subject of the message and then you will find the e-mail address that you need to exclude or block.

A sample looks like:

Processing inbound message from server.somedomain.com [62.116.14.14]
From: someone@somedomain.com
To: you@yourdomain.com
Subj: Some subject
Prio: 3 / 2 RR: N
Size: 3 K Hop: 2
Deep: 2 / 2

Explanation:
server.somedomain.com = host name of the sending host
62.116.14.14 = IP address of the sending host
someone@somedomain.com = the MAIL FROM: address (the senders address)
you@yourdomain.com = the RCPT TO: address (the recipients address)

Exchange 2000-2019

Open the message and then View->Options and here you find Internet header lines.

Locate the line called ReturnPath: and this is the e-mail address that you need to block or exclude.

A sample looks like:

Microsoft Mail Internet Headers Version 2.0
Received:from server.somedomain.com ([62.116.14.14])
by yourserver.yourdomain.co;
Tue, 4 Mar 2003 18:59:37 +0100
From: "Some Unknown" <list@someotherdomain.com>
To: you@yourdomain.com
Subject: Some subject
Date: Tue, 4 Mar 2003 18:54:17 +0100
X-Mailer: Internet Mail Service (5.5.2653.19)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-Path: someone@somedomain.com

KBXW024

Symptoms:

A lot of messages are in the outbound queue (MSG-OUT)

Cause:

The most likely reason for this is that you defined an action of Send non-delivery report to the sender in one of the spam blockings. However, most spammer do not accept mail and so XWall queues the messages until the messages timeout is expired.

Several Solutions:

Start MBAdmin, select Options->General->Advanced->Outbound SMTP options and set the Retry for to something between 4 - 24 hours, which makes more sense than the default of 5 days.

Select a different action than Send non-delivery report to the sender.

Usually Discard message or Forward to Admin is the best.

KBXW025

Symptoms:

The logfile shows
Error: Unable to start inbound SMTP connection manager
Error: Port or address already in use [10048]

Cause:

XWall can't bind to port 25 because there is already a SMTP server running on this machine.

Solution:

XWall runs on the Exchange machine:

You haven't bound Exchange to a different port like port 24.

See the documentation, section Running XWall on the same machine as Exchange server, how to bind Exchange to a different port.

XWall runs on a different machine:

Most likely the SMTP server of IIS (Internet Information Server) is running.

Open the Service applet and locate the service named Simple Mail Transport Protocol (SMTP) and disable it.

Note: In the case you need the SMTP server of IIS for CDONTS, you may simply bind it to another port like port 26. XWall can then use port 25 and CDONTS will also work.

KBXW026

Symptoms:

XWall doesn't block the string Sample in

Sam<frame><noframes>itbg7</noframes></frame>ple

Sam<frame>
<noframes>itbg7
</noframes>
</frame>ple

Cause:

The spammer added unnecessary html tags that are not shown by Internet Explorer and after XWall removes the html tags from the string, the result is Samitbg7ple and this doesn't match Sample.

Solution:

Block <frame><noframes> in Options->Blocking->HTML, because this tags are only used by spammers to make string searching impossible.

KBXW027

Symptoms:

XWall erroneous blocks e-mail addresses that are not in the blocking list

Cause:

The e-mail address is case insensitive compared from right to left until a match is found. This allows you to block a whole domain by typing @domain.com and as a result, bit@domain.com blocks rabbit@domain.com

Solution:

If you add a space at the beginning, XWall interprets this as a full address and so bit@domain.com doesn't block rabbit@domain.com

For a description see General syntax - E-mail address

KBXW028

Symptoms:

Blank messages between two Exchange server in the same organization

Cause:

Exchange has a bug and sends non-RFC conforming messages to another Exchange machine.

Several Solutions:

Run XWall either on a different machine

Run XWall on an extra IP address so that one Exchange can communicate with the other without that XWall is between.

For instructions see Running on the same machine as Exchange but with a different IP

KBXW029

Symptoms:

XWall shows a license violation on a cluster

Cause:

The licensing of XWall is server based and not user based and you need one license for every running MBServer.exe. On a cluster you have two instances of MBServer.exe running, because you have two independent machines with two independent machine names and ip addresses.

Solution:

You need two XWall licenses for a two-node cluster. Because XWall is more a SMTP server than a database program, it doesn't really make sense to cluster XWall and so it is not recommend to run XWall on a cluster.

KBXW030

Symptoms:

Outgoing messages are not handled by XWall

Cause:

Exchange does not forward outgoing messages to XWall

Solution:

Send a message to someone outside your Exchange and then check the logfile of XWall if XWall really handled this message. If there is not indication that XWall handled the message, then Exchange doesn't forward the messages to XWall.

See the Installation instruction, section Outgoing Messages, how to configure Exchange so that outgoing messages are forwarded to XWall.

KBXW031

Symptoms:

Blocked or excluded text or html is not blocked or excluded from blocking

Cause:

The message doesn't contain the words you are blocking at the time XWall processes it.

Either because Outlook doesn't show you the complete message or that parts of the message are dynamically downloaded while you read the message.

Solution:

The only way to find what's really in the message is to look at the raw message.

To get the raw message start MBAdmin, select Options->General->History and enable Keep a copy of every message. Then wait until such a message comes in and the logfile will tell you the name of the message file that you can find in HIST-IN.

KBXW032

Symptoms:

Excluding a specific address from address blocking doesn't work

Cause:

For example @yahoo.com is blocked in Options->Blocking->Address->Inbound MAIL FROM , but messages from someone@yahoo.com should be accepted.

If a message is blocked and excluded at the same time, then, by default, XWall favors blocking over excluding.

Solution:

In Options->Exclude->Options check E-Mail Address and then XWall will favor excluding over blocking and the sample message will be accepted.

KBXW033

Symptoms:

Blocking a subject with a lot of question marks (e.g. ?????) is not possible

Cause:

The question mark is a wildcard and can't be escaped.

So ????? basically blocks every subject, with more than 5 characters.

Solution:

There is no need to block a subject with a lot of question marks, because the subject has no question mark in it.

The subject has some foreign characters and because you haven't the proper font installed, Outlook shows a question mark for each character it can't display.

If you want to see the real subject then consult the logfile of XWall.

KBXW034

Symptoms:

The logfile shows Error: Connection closed by peer for no good reason [11]

Cause:

The other side closed the connection without giving a good reason.

Usually this indicates some kind of problem at the other side, but the range of problems is wide (this means it could be all and anything)

Solution:

Incoming connection:

Someone runs a port scan against your server.

In this case the error happens immediately after the connection

There is a routing problem. Usually this happens when you have two NIC and both NIC have a default gateway. This results in an undefined state because Windows can choose one of the two cards for outgoing packets. So when the data comes in on the first NIC, but the response is sent out over the second, then usually the firewall drops the connection and you get the error mentioned above

The sending server has a problem reading the message from disk.

In this case the error usually happens after the DATA or BDAT command

The server can send small messages, but fails on larger messages.

There is a routing problem. If the message is small enough that it fits in a small network packet, then it works, but fails as soon as the router had to split it in parts

There is a SMTP filter that runs on your firewall and that closes the connection for whatever reason.

Most firewalls silently install such a filter to prevent invalid messages. If the sending server sends an invalid message, the firewall detects this and closes the connection to XWall. From XWall viewpoint, it looks like as if the sending server closed the connection.

There is a simple test if your firewall has installed such a filter:

On the XWall machine telnet to port 25 and type EHLO something.

XWall will greet you and list all available ESMTP options. Make a note of the greeting and all the options. Now telnet to XWall from the Internet and repeat the test. If the greeting and all ESMTP options are equal, then you have no filter or the filter is not visible. However, in most cases you see that the filter shows either a different greeting or far less, if any, ESMPT options.

Once you found out that you have such a filter, you may check the logfile of the filter to find out why it closes the connection. Usually you can disable the filter completely, because they hurt more than they help.

Outgoing connection:

There is a message size limit at the target server or the server is out of disk space.

In this case the error usually happens after the DATA or BDAT command

There target server is blocking the messages.

In this case the error usually happens after the MAIL FROM command

There is a virus scanner running on the target that prevent accepting the message

KBXW035

Symptoms:

XWall stops working when running as a Console application (when MBserver.exe was started from an icon)

Cause:

Quick-Edit mode was accidentally enabled with the mouse and so Windows completely stops the application in the console so that you can perform cut & paste with the mouse

Several Solutions:

Select the Properties of the console and then select the tab labeled Options and disable Quick-Edit mode

Run XWall as a service (see Run XWall as a service)

KBXW036

Symptoms:

A on-access virus scanner reports that there is a virus a non-delivery report created by qmail

Cause:

The on-access scanner produced a false alarm, there is no virus in the non-delivery report created by qmail

Here is a explanation what's going on and why the on-access scanner reports the false alarm:

Someone sent a virus with your e-mail address. The recipients server couldn't deliver the message and sends you back a non-delivery message and adds the original message "as-is" into the text part of the message.

The crucial part is that the non-delivery message has the original message as text and not as a RFC 822 attachment enclosed.

So when someone opens the message he/she will see only a lot of characters, but no attachment or the original message.

Your XWall gets the message and decodes it properly (means as plain text).

If you have a virus scanner in XWall and the scanner support eml format, then XWall passes over the message to the scanner. Depending on how smart the scanner is, the if will now find a virus or not (remember, there is no virus in the message, only the pattern of the virus is in the message).

If the scanner doesn't find anything, then XWall sends the message to the recipient. If the recipient has an additional scanner on the workstation, then this scanner again may or may not find a virus, but it is still no virus in the message and so this is a false alarm.

Here is a sample of such a qmail non-delivery message:

Hi. This is the qmail-send program at xxxx.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<some@yyyyy.com>:
Sorry, no mailbox here by that name. (#5.1.1)
--- Below this line is a copy of the message.
Received: (qmail 16699 invoked from network); 15 Apr 2004 04:40:20 -0000
Received: from unknown (HELO xxx.xxx.com) (10.0.0.1)
by mail.xxxx.comt with SMTP; 15 Apr 2004 04:40:20 -0000

Solution:

Block such non-delivery messages

To do so start MBAdmin, select Options->Blocking->Text and add

This is the qmail-send program at

to the list.

KBXW037

Symptoms:

The logfile shows 535 5.7.3 Authentication unsuccessful after installing Exchange 2003 SP1

Cause:

Microsoft has changed something in SP1 that prevents the use of simple users names for SMTP authentication. At present it is not clear if this is a feature or a bug, because it affects all programs including Outlook.

Several Solutions:

Disable authentication in XWall completely in Options->General->Exchange->Exchange needs authentication

By default anonymous access is enabled in Exchange and so there is no need for authentication, because Exchange will accept messages for all the domain for which it is responsible.

So when Exchange doesn't accept message for the own domain and gives a 550 5.7.1 Unable to relay, then Exchange doesn't feel responsible for the domain and you should fix that rather than using authentication and force Exchange to accept the message.

See also KBXW002

Use the User Principal Name (UPN) (e.g. michael@dataenter.co.at) in Options->General->Exchange->Exchange needs authentication->User

Prepend the domain in front of the user name (e.g. DataEnter\michael) in Options->General->Exchange->Exchange needs authentication->User

KBXW038

Symptoms:

The logfile shows all incoming connections originated from a private IP address rather then the real IP address of the sender. As a result blocking by IP address or host name is not working and due that relaying for private addresses is enabled by default, XWall will not pass a relay test.

Cause:

There is a SMTP proxy running between the sending server and XWall and so XWall sees the IP address of the proxy server and not the real IP address of the sender. Also running XWall on an ISA server without proper publishing a SMTP server has the same effect.

Several Solutions:

SMTP proxy:

If the SMTP proxy is built into your firewall, then you should disable the proxy, because it creates more troubles than it prevents. Usually SMTP proxies are not very sophisticated SMTP servers and so they do not support the full ranges of features that a good SMTP server like XWall or Exchange support.

ISA Server:

If ISA and Exchange are on different machines, then install XWall on the Exchange machine and not on the ISA machine. This will save you a lot of configuration problems and is technically the better solution.

To run XWall on the ISA server, you need to bind XWall to the inside IP address and publish a SMTP from the outside IP address to the inside IP address.

Note: If you run ISA and Exchange on the same machine, like on a SBS 2000/2003, then XWall will run without any problems, simply because ISA is already configured to run a SMTP server.

KBXW039

Symptoms:

The logfile shows 504 <server>: Helo command rejected: need fully-qualified hostname

Cause:

The recipients server doesn't accept mail from XWall because the FQDN of the XWall machine is wrong .The name of the machine is something like server rather than server.yourdomain.com and/or server.yourdomain.com is not a public name in the DNS or the name of the IP address ( the PTR record) is not server.yourdomain.com

Several Solutions:

Make sure the name of your machine is something like server.yourdomain.com.

If the name is only server, then this means that your machine is not part of a Windows domain.

Set the FQDN explicit in View->Advanced Configuration->IP Address->FQDN

Also make sure that the DNS server that is responsible for your domain has an A record for server.yourdomain.com and a PTR record for the official IP address.

KBXW040

Symptoms:

High CPU utilization - Outdated McAfee scan engine

Cause:

The engine of McAfee has a restricted lifetime and some are outdated.

As a result the newer DAT files do not work or use 100% CPU utilization.

Solution:

Upgrade to the latest scan engine

Info how to download the latest version can be found here

KBXW041

Symptoms:

High CPU utilization - High message count

Cause:

XWall handles a lot of message and so the CPU is busy

Several Solutions:

Select View->Advanced Configuration->Threads and decrease the worker threads

8 - 10 is a good value for a slow CPU, 10 - 15 for faster CPU. Increasing the thread count means that the operating system needs a lot of resourced switching between the threads and the time for processing a message increases. Decreasing the thread count means that it takes less time to process a message, but a single large message can stall the processing for some time.

And in then case you disable Options->Virus->Virus->Scanner needs to be serialized , then XWall will start an instance of the scanner for every thread. This means that when you have 15 threads, XWall will start the scanner 15 times and this may really stress your machine and usually the CPU will be at 100%.

Enable View->Advanced Configuration->Threads->Refuse inbound connections when max thread count is reached

Enabling this means that XWall will not accept a message once it is busy and the advantage is that the inbound queue can't fill up.

Enable Options->Session->Recipient

Enabling this means that XWall does not accept messages for invalid e-mail address. Each invalid e-mail address results in a non-delivery report, either created by XWall or by Exchange and this takes CPU and system resources. Spammers often use a list of common names, combine the names with your domain to create an e-mail address and then blindly send this to your system. They hope that when the send you 10.000 messages with a likely e-mail address, that a few will reach a valid recipient. Keep in mind It takes nearly no CPU to send out 10.000 messages, but it takes really a lot of CPU and memory to accept and process 10.000 message and to send back 10.000 non-delivery reports.

Check the amount of messages that you get, especially at prime time

Either count the lines in the statistic file (sr*.csv) or dump the statistic into the logfile (Signal->Dump statistics). XWall can handle some 8-10 messages per second without virus scanning and 1-3 messages with virus scanning. This means that when you get more than 120 messages per hour in prime time and you have virus scanning enabled, then XWall will use all CPU that it can get and this results in a 100% CPU utilization.

Note: if you add the line DumpConnectionStatisticLogEvery=5 to XWall.ini, then the statistic is dumped every 5 minutes to the logfile and this allows you to monitor the system over a longer time period.

At any time you can stop XWall and move the messages from MSG-IN to a different directory

Later, maybe when XWall is idle, you can stop XWall again and move back the messages into MSG-IN and XWall will continue processing the messages.

KBXW042

Symptoms:

The logfile shows Warning: DNS problem; unable to resolve test-for-dns-resolve.dataenter.co.at

Cause:

Either the DNS server doesn't support tcp queries or the DNS server can't resolve public IP addresses and as a result XWall can't resolve the IP address for an existing A record.

Several Solutions:

Make sure your DNS server can handle tcp queries.

Bind and Microsoft DNS can handle tcp queries, some router with built-in caching server usually accept only udp queries.

In the case your DNS server does not support tcp queries start MBAdmin, select View->Advanced Configuration->DSN and change the DNS query protocol to udp

Make sure the DNS server is able to resolve public IP addresses.

Using a internal-only DNS will not work with XWall.

KBXW043

Symptoms:

The logfile shows Warning: DNS problem; unable to resolve MX for inbound domain yourdomain.com

Cause:

XWall gets the MX records from your domain to automatically exclude your backup MX MTA from some spam blocking. However your DNS server can't resolve the MX records of your own domain.

Solution:

If you have an internal DNS server then you need to manually add the MX records to the zone or you exclude your backup MX manually.

KBXW044

Symptoms:

XWall fails to pass a relay test and the protocol shows something like:

>>> RSET
<<< 250 ok
>>> MAIL FROM: <rlychk@mail.yourdomain.com>
<<< 250 originator <rlychk@mail.yourdomain.com> ok
>>> RCPT TO: <"rlytest%rep.rbl.jp"@yourdomain.com>
<<< 250 recipient <rlytest%rep.rbl.jp@yourdomain.com> ok relay accepted!!

>>> RSET
<<< 250 ok
>>> MAIL FROM: <rlychk@mail.yourdomain.com>
<<< 250 originator <rlychk@mail.yourdomain.com> ok
>>> RCPT TO: <"rlytest%rep.rbl.jp"@yourdomain.com>
<<< 250 recipient <rlytest%rep.rbl.jp@yourdomain.com>
ok relay accepted!!

Cause:

First of all, accepting a mail doesn't mean relaying and the documentation of the relay test describes this.

Also the maintainer of the test knows exactly what's the difference is and act accordingly.

Relaying means that the mail is accepted in behalf of another server and that XWall will forward the mail to a server outside of your environment, whereas accepting means that XWall is responsible for the e-mail domain and will forward the mail to a server inside your environment, usually your Exchange.

The test checks for a bug in Sendmail which gets confused by using a % in the user part of an e-mail and will therefore relay the message to @rep.rbl.jp.

However, XWall doesn't have this bug and so it doesn't relay the messages. What XWall does is to accept the message, because it is addressed to your domain and XWall will forward the message to Exchange.

Exchange in turn will then send back a non-delivery report, because the e-mail address is not valid, >but this is not part of the test.

Solution:

Check the logfile of XWall what XWall did with the message.

If the message was sent to your Exchange, then XWall is not relaying.

KBXW045

Symptoms:

XWall hangs after sending the BDAT or XBDATA command

Cause:

The recipients server announces that it accepts binary data (RFC 3030), but when XWall sends the data, it fails to get to the server. There is SMTP proxy between XWall and the recipients server, and the proxy has has a problem with binary data.

The following devices are known for the problem:

SonicWall / Zyxel Firewall / Watchguard Firebox

(see also KBXW021)

Cisco PIX with MailGuard

(see also Microsoft KB 320027)

Norton / Symantec Antivirus 9.0 Corporate Edition

(installs a SMTP proxy that can't handle binary data)

Norton / Symantec Antivirus 10.0 Corporate Edition

(the scanner prevents Exchange from accepting binary messages)

Kerio Winroute Firewall

(installs a SMTP proxy called the SMTP Protocol Inspector that can't handle custom ESMTP commands with binary data)

Several Solutions:

SonicWall / Zyxel Firewall / Watchguard Firebox

Disable the SMTP proxy or upgrade the firewall

Cisco PIX with MailGuard

Disable the SMTP fixup (this is the SMTP proxy in the Cisco PIX)

Norton / Symantec Antivirus Corporate Edition 9.0 or 10.0

If the problem happens when XWall sends to Exchange, then make sure Norton / Symantec Antivirus hasn't silently installed a firewall that can't handle the binary data.

Also make sure Norton / Symantec Antivirus doesn't scan the Exchange directory, because this prevents Exchange from accepting messages.

Note: This means you need to exclude the Exchange, the TEMP and the XWall directory from on-access scanning, but you may leave the Exchange message scanning enabled.

Kerio Winroute Firewall

Disable the SMTP Protocol Inspector

If nothing of the above fixes the problem, then start MBAdmin, select View->Advanced Configuration->ESMTP and disable CHUNKING or XBDATA and/or ESMTP

KBXW046

Symptoms:

The recipients server refuses to accept your message because XWall refuses to accept a message with blank or NULL address (MAIL FROM:<>)

Cause:

The recipients server connects back to XWall and verifies that XWall is willing to accept a message with blank or NULL address.

If XWall is configured to verify if the sender uses an e-mail address, then it refuses such a message and in turn the recipients server refuses to accept your message.

Messages with a with blank or NULL address are usually non-delivery reports and the RFC requires that every mail server needs to accept this kind of messages.

Several Solutions:

Start MBAdmin, and disable Options->Blocking->DSN

Exclude the senders IP address or hostname in Options->Blocking->DSN->Exclude

KBXW047

Symptoms:

Message flow stops between two Exchange server in the same organization

Cause:

If more than one Exchange server exists in an organization, then the Exchange servers communicate internal states using Microsoft propriety SMTP verbs on port 25.

This are things like routing information, envelope properties, message properties, and recipient properties.

Third party gateways like XWall should not be inserted between internal Exchange servers in the same organization for this reason as compatibility is not possible.

Even if XWall supports these verbs, they are subject to change/additions/etc since they are Microsoft proprietary.

Several Solutions:

Run XWall either on a different machine

Run XWall on an extra IP address so that one Exchange can communicate with the other without that XWall is between.

For instructions see Running on the same machine as Exchange but with a different IP

KBXW048

Symptoms:

White list exclusion doesn't work

Cause:

Exchange does not forward outgoing messages to XWall and so XWall can't add the e-mail address to the white list

Solution:

Send a message to someone outside your Exchange and then check the logfile of XWall if XWall really handled this message. If there is not indication that XWall handled the message, then Exchange doesn't forward the messages to XWall.

See the Installation instruction, section Outgoing Messages, how to configure Exchange so that outgoing messages are forwarded to XWall.

if XWall handles outgoing messages then make sure AdrOWL-A.dat exists.

If the file doesn't exist, then you haven't turned on the white list in Options->Global Exclude->Exclude - White List

KBXW049

Symptoms:

Disclaimer is not added to outgoing messages

Cause:

Exchange does not forward outgoing messages to XWall and so XWall can't add the disclaimer to the message

Solution:

Send a message to someone outside your Exchange and then check the logfile of XWall if XWall really handled this message. If there is not indication that XWall handled the message, then Exchange doesn't forward the messages to XWall.

See the Installation instruction, section Outgoing Messages, how to configure Exchange so that outgoing messages are forwarded to XWall.

KBXW050

Symptoms:

XWall not able to establish a connection to Hotmail or MSN for a few hours and

the logfile shows Error: Unable to establish a connection with mail host [14]

Cause:

Hotmail and MSN use DNS round robin to load balance between their SMTP servers. However, the DNS server that XWall uses does not support round robin and so XWall does not get the correct IP addresses from the DNS server.

Solution:

If XWall uses the DNS of Windows, then start the DNS Management Console, select the properties of the DNS server and in the tab labeled Advanced make sure Enable round robin is enabled.

If XWall uses the DNS of your ISP, then either call the ISP and ask them about round robin or let XWall use the Windows DNS server.

You can test the DNS server using TestMX (download TestMX from http://www.dataenter.co.at/download.asp#testmx)

Every time you run TestMX you should get a different IP address, for example:

testmx -dhotmail.com
MX for hotmail.com is mx4.hotmail.com [65.54.245.104]
MX for hotmail.com is mx1.hotmail.com [65.54.245.8]
MX for hotmail.com is mx2.hotmail.com [65.54.244.40]
MX for hotmail.com is mx3.hotmail.com [64.4.50.179]
Connecting with mx4.hotmail.com [65.54.245.104]
testmx -dhotmail.com
MX for hotmail.com is mx1.hotmail.com [65.54.244.136]
MX for hotmail.com is mx2.hotmail.com [65.54.190.50]
MX for hotmail.com is mx3.hotmail.com [65.54.244.72]
MX for hotmail.com is mx4.hotmail.com [65.54.190.179]
Connecting with mx1.hotmail.com [65.54.244.136]

If TestMX always shows the same IP addresses, then the DNS does not support round robin.

KBXW051

Symptoms:

The logfile shows 501 5.1.7 invalid return path

Cause:

The sender sent an invalid e-mail address in the MAIL FROM: command.

For example MAIL FROM: <buddy> rather then MAIL FROM: <buddy@domain.com>

Solution:

Prior v3.36e XWall automatically converted an invalid e-mail address to a NULL-address (MAIL FROM: <buddy> was converted to MAIL FROM: <>). However, this created a security whole and so XWall not longer converts invalid e-mail addresses.

If you want to revert to the previous behavior then add the line

InboundESMTPConvInvalidReturnPathToBlank=True

InboundESMTPConvInvalid
ReturnPathToBlank=
True

to XWall.ini

KBXW052

Symptoms:

McAfee Command Line 4.x reports a virus for every message

Cause:

Since 15 May 2007 the DAT files do no work with McAfee Command Line v4.x.

The scanner returns an error every time XWall calls it and as a result XWall flags each messages as a virus.

Several Solutions:

Upgrade to McAfee Command Line v5.x

Use the DAT files from 14 May 2007

KBXW053

Symptoms:

The logfile shows 452 4.3.1 Insufficient system resources

Cause:

Exchange 2007-2019 monitors important system resources, such as available hard disk drive space and available memory. If utilization of a system resource exceeds the specified limit, then Exchange server stops accepting new connections and messages.

Solution:

Make sure the disk has at least 4% of the capacity with a minimum of 4GB free space.

For more information on Exchange 2007-2019 system monitor see Understanding Back Pressure

KBXW054

Symptoms:

You have a Cisco PIX and XWall can't receive messages from some mail servers and the logfile shows:

Connection opened by fqdn.sender.com [62.116.14.1]
> 220 smtp ESMTP XWall v3.41
< XXXX mail.mydomain.com
> 503 HELO or EHLO required
< XXXX mail.mydomain.com
> 503 HELO or EHLO required
< QUIT
> 221 smtp XWall v3.41 closing transmission channel
Connection closed with fqdn.sender.com [62.116.14.1]

Cause:

In all reported cases the sender had a Cyberguard firewall with a SMTP proxy enabled. There seams to be a ESMTP and/or RSET compatibility problem between the Cyberguard and the Cisco PIX MailGuard SMTP fixup, which is the SMTP proxy that runs on the PIX.

Solution:

Disable the MailGuard SMTP fixup at the Cisco

Note: The Cisco PIX MailGuard SMTP fixup does not help much, but it disables all ESMTP commands. So disabling Cisco PIX MailGuard SMTP fixup does not cause a risk, but improves the performance and reliability of your mail transfer.

KBXW055

Symptoms:

Backscatter - You get back non-delivery reports for messages that you never sent

Cause:

Backscatter occurs when a spammer uses your e-mail address to send out spam or a virus. For all the messages that can't be delivered, you get back a non-delivery report. Based on the initial message volume you may get back thousands of non-delivery reports.

Several Solutions:

Define SPF records for your domain. This helps the recipients mail server to block the messages before it needs to send out a non-delivery report. At www.openspf.org you find a wizard that helps you creating the SPF records.

Enable View->Spam->Backscatter to block faked non-delivery reports

KBXW056

Symptoms:

The logfile shows Error: Unable to create file

Cause:

XWall is not able to create a file to store the downloaded message or it can't extract the attachments from the message.

Several Solutions:

Chkdsk converted the MSG-IN or MSG-OUT directory to a file

Stop XWall , delete the MSG-IN and/or MSG-OUT file and create a MSG-IN and MSG-OUT directory.

The TEMP directory does not exist

When XWall starts, it shows which directory is used as the TEMP directory.

Make sure the directory exist and that the XWall service has full read/write right to it.

KBXW057

Symptoms:

Self-sending spam - Spammer spoofs your domain, messages show your own domain as sender

Cause:

The spammer sends a message which uses your own domain as the sender of the message, something like

From: user1@yourdomain.com
To: user2@yourdomain.com

Solution:

Enable Options->Spam->Envelope->Check if the message has an internal From: e-mail address to block spoofed messages.

Note: If you have ESATInformer, external POP3 clients or a web mailer or any other application that sends messages, then read the exclude hints here

KBXW058

Symptoms:

You have a Blackberry device and you are using the Desktop Redirector and you are getting spam on your Blackberry. But when you check Outlook the spam is not in your Inbox, but rather in your Junk E-Mail folder or any other folder designated for spam.

Cause:

The Blackberry Desktop Redirector redirects the messages before Outlook moves the messages into the Junk E-Mail folder.

Solution:

You can slow the Blackberry processing to give Outlook time to process the messages and remove spam before it gets forwarded to the device.

See Blackberry KB00139 how to set the delay.

KBXW059

Symptoms:

Reassemble message may remove some Chinese characters when the sender incorrectly uses codepage GB2312 is used

Cause:

Basically Chinese have two languages, one from traditional main China and the other from the western parts of China (Hong Kong and Taiwan). This languages uses different characters and both have their own codepage (Big5 and GB2312)

The problem started as Hong Kong come back to the main China, because now they had two systems that are not compatible. This resulted in several ways to fix it ( e.g. to create a single codepage that contains all characters.).

Any western program forces a Chinese user to select one of the two codepages and stay with it for the rest of the message (Exchange or Hotmail are samples of this)

Chinese ISP however use a different way: They work on a "as long as it works it is ok" base. Basically this means they use GB2312 and add Big5 characters or they use Big5 and add GB2312 or simply create a new codepage at all. Even 163.com, which is a large ISP, changes it mind every now and then.

XWall is always using the RFC and other standardization as the base for reassembling, because this is the only way to guarantee a exploit free messages. And because of this, XWall converts the valid characters of the codepage and remove the invalid characters.

Several Solutions:

Tell the sender to use codepage GBK

Codepage GBK is the standardized way to fix the problem and is supported by XWall.

Exclude the sender from reassembling in Options->System->Reassemble message->Exclude

KBXW060

Symptoms:

You have Citrix XenServer hosting Windows 2008 64bit Edition and MBAdmin.exe is crashing as soon as you start it

Cause:

Citrix XenServer has a bug that crashes all 32bit executable that are created using the Watcom compiler. MBAdmin.exe is always a 32bit application, even in the 64bit edition of XWall. However, the 64bit edition of MBServer.exe is not affected by this bug.

More information on this bug at Xen-Bugs

Solution:

Start MBAdmin.exe from a workstation rather then on the server.

To do this, share the XWall directory and then access the share from your workstation and start MBAdmin.exe.

KBXW061

Symptoms:

You have Linux or BSD based firewall and IPTables Connection Tracking shows a lot of ESTABLISHED connections, but there are no active connections

Cause:

When a Windows client drops the connection without sending any data, then IPTables Connection Tracking isn't realizing this all the time. Due that there is a extreme long timeout for the ESTABLISHED record (432000 seconds or 5 days), the connection table may fill up with non-existing connections.

Several Solutions:

Set the timeout to a lower value

In Linux you can set the timeout at runtime using

sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=7200
sysctl -w 
net.ipv4.netfilter.
ip_conntrack_tcp_timeout_
established=7200

Or you change the value permanent using /etc/sysctl.conf

Use a different version of kernel/ipfilter

Different versions handle the problem in different ways

Avoid using Options->Session->Greeting delay

Greeting delay, especially with a high value, results in a lot of connection where no data is exchanged

KBXW062

Symptoms:

You have Windows 2008 and XWall fails to connect to certain external mail servers including Hotmail.

Testing with Telnet gives back strange results.

Windows 2003 server on the same network don't experience the problem.

Cause:

Windows 2008 has a different TCP/IP stack then Windows 2003 and the default settings may conflict with the external mail server.

Solution:

Try turning off Autotuning (in a DOS box as Administrator):

netsh interface tcp set global autotuninglevel=disabled
netsh interface 
tcp set global
autotuninglevel=disabled

If that doesn't change anything then return it to "normal":

netsh interface tcp set global autotuninglevel=normal
netsh interface 
tcp set global
autotuninglevel=normal
KBXW063

Symptoms:

You have an Exchange 2000/2003 and Outlook shows the message header in the body and/or attachments are not decoded.

Cause:

The sender digitally signs the message using DomainKeys or DKIM and this results in large header lines which Exchange 2000/2003 can't handle.

Sometimes the problem is also related to a spam blocker that runs in front of XWall, which also adds large header lines.

Solution:

Turn on Options->System->Format->Inbound messages->Reassemble message

XWall will then reassemble the message and remove the header line.

KBXW064

Symptoms:

Rolex spam - different messages, some with empty text, some with pictures only

Cause:

Most sender IP addresses are blocked by SLS/RBL, but some are not. Due the unusual amount of messages sent by the spammer, the count that slip though are is increasing. Unfortunately they use only the e-mail addresses for sending.

Solution:

Add the following lines to XWall.ini

InboundBlockFromAddress=error@mailfrom.com

InboundBlockFromAddress=no-reply@rolex.com

This will add the e-mail addresses to Options->Blocking->E-Mail->Inbound From

KBXW065

Symptoms:

The logfile shows 552 5.3.4 Message size exceeds fixed maximum message size

Cause:

The size of the message is greater than the size limit of Exchange and so Exchange refuses to accept the message.

Solution:

Exchange 2007-2019 has a default size limit of 10 MB.

The limit is on the hub, transport, database, mailbox and in some cases, even in the AD.

Start Exchange Management Console and select

Organization Configuration->Hub Transport->Global Settings->Transport Settings

and

Server Configuration->Hub Transport->Receive Connectors->Properties of each receive connector

and

Organization Configuration->Mailbox->Database Management->Properties of each database

and

Recipient Configuration->Mailbox->Properties of the mailbox->Mailbox Settings->Storage Quotas

For setting the values in the AD using ADSIEdit see technet.microsoft.com

KBXW066

Symptoms:

Random DNS errors, SLS/RBL sometimes not working, DNSWL excludes everything, invalid e-mail domains are not detected

Cause:

The DNS server that XWall uses has a forwarder, using either the DNS of the ISP or one of the major DNS like Google or OpenDNS

Solution:

The large DNS server are optimized for browsing the web, more technically speaking, resolving A records. They are not optimized for MX or TXT records, the records that XWall needs most.

In general, Windows comes with one of the best DNS server and so there is not a single benefit, but a lot of drawbacks:

Missing Negative Caching of DNS Queries (RFC 2308)

When XWall checks if a domain is valid, then it queries for a MX records. When the domain doesn't exist and the DNS caches negative queries, then is sends back an NXDOMAIN error and XWall knows that the domain doesn't exist. However, without negative cache, the DNS sends back nothing. So XWall doesn't know if the domain has a problem or is down or has a bad configuration or whatever.

For an incoming message, XWall must now accept the message, even when the senders domain is not existing, simply because there is no way to proof.

For an outgoing message, XWall needs to reschedule the message until the message timeout expires, rather than immediately sending back a NDR. And when XWall finally sends a NDR, the NDR shows a timeout rather than a failed domain and so the sender is confused too.

DNSWL excludes everything

DNSWL is not a free service and so they want to charge a public DNS server. In the case they can't agree on the terms, DNSWL simply gives back a positive result for every query from the public DNS. When XWall then queries DNSWL for a global exclusion and gets back an IP address, then XWall had to assume the IP is on the list. As a result, XWall will not perform any spam checking on the message and the message passes.

SLS/RBL sometimes not working

Due the amount of queries that the RBL gets from a public DNS, they sometimes block the DNS. XWall is then not able to query the SLS/RBL and may get a timeout for every query.

Filtering of phishing sites

Last known-good address for a A record, even if its nameserver is offline

Providing an IP address for non-existing A records

XWall gets back wrong results for a query and this may result in a problem detecting a spam message.

KBXW067

Symptoms:

The logfile shows 451 4.7.0 Temporary server error. Please try again later. PRX2

Cause:

Exchange 2013-2019 needs a properly working DNS server and the NIC has more than one DNS server assigned.

Solution:

The NIC must have only the DNS server of your domain, not any other public DSN server like the one of your ISP or Google or OpenDNS.

KBXW068

Symptoms:

XWall fails to reject invalid e-mail addresses during a SMTP session

Cause:

Options->Session->Recipient->Verify the recipients e-mail address dynamically using a SMTP query to Exchange is enabled and Exchange fails to reject invalid e-mail addresses during the SMTP session

Solution:

Exchange 2003

Start System Manager (Exchange Admin) and select Message Delivery->Properties . In this dialog select the tab labeled Recipient Filtering and enable the option Filter Recipients who are not in the directory

Exchange 2007-2019

Recipient Filtering is part of the Exchange Anti-Spam Functionality. By default, Anti-Spam Functionality is disabled. To enable Anti-Spam Functionality on Exchange run the script Install-AntiSpamAgents.ps1

Note: All of the anti-spam options are enabled by default. You need to disable them all except for recipient filtering.

Start Exchange Management Console and select Organization Configuration->Hub Transport-> Anti-Spam and disable them all except for recipient filtering

KBXW069

Symptoms:

The logfile shows 503 5.5.1 Need valid MAIL FROM first

Cause:

The target MTA has a virus scanner / spam blocker running that manipulates the SMTP traffic.

GData Antivirus is know for this behavior.

Solution:

Disable the virus scanner / spam blocker

©1991-2024 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
support@dataenter.co.at
2022-01-04 / Phone
2022-01-04 / Tablet
Changed: 2022-01-04
Server
Desktop
Copyright ©1991-2024 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
Fax: +43 (1) 4120051
support@dataenter.co.at