AMS behind a firewall

[david]

Hi there,

We run AMS 2.72 and we recently restructured our network. We placed all servers in an internal network and have a firewall/router that links our private network with the internet. Quite the regular set up I would say.

We found that there are major connectivity issues with AMS since it moved into the private network:
1. Mail agents couldn’t download emails properly. Connections would time out many times.
2. Emails couldn’t be sent properly. Sometimes the mail agent would report an error while sending (thus keeping the outgoing mails in the outbox to a re-send), even though the mail server *did* send them, causing the same emails to be sent many times (sometimes even 15 times)…
3. Outgoing mail on the server would work very slow and the queue there accumulated to thousands of emails, resulting in long delays in delivery times (sometimes 6-7 hours delay).

Re issues #1 and #2 above – we managed to completely get rid of them as soon as we logged on to the network and used the internal IP address in our mail agent (skipping the router). I understand this sounds like the router is the issue, but according to my IT guys the set up on the router is very common and there’s nothing out of the ordinary there that may cause all those problems.

To me it sounds like there’s an IP binding issue, though we explored that option and it seems to have been set up correctly.

Is there anything in particular that I should be aware of in order to deploy AMS in a private network? Any gotchas you’re aware of? Or any tips in general?

Thanks for your time and help!
David.

[Code Crafters]

We have our AMS behind a router and firewall similarly. As long as you have ports forwarded / allowed through then that's the basic setup done. If this wasn't done you'd have no connections rather than these intermittent problems. Your issues sound more like some intermediate is scanning / interfering with mail transfers. This could be an antivirus local on the mail server which needs to have background scanning disabled and only scan mails via AMS's integrated antivirus system. There could also be a router SMTP filter or ISP that is accepting mail but then failing to deliver them. Cisco router's have an SMTP gateway option that will constantly fail since there is a bug that they don't supply proper ESMTP logins when relaying mail for SMTP authenticated mails.

You certainly shouldn't have thousands of mails building up in the queue. This is likely that either some of these are SPAM that should have been filtered or an antivirus process is slowing down delivery, or that delivery failures are common so many just stay in the queue until timing out. The queue lifetime and resend delay in outgoing mails control the total time a mail can be in the queue and how long between retries respectively.

Check your logs for the appropriate protocols (e.g. SMTP (incoming mail), OutMail (outgoing mail to external email addresses), POP3, IMAP4, WebMail etc.) for any error messages. Feel free to send me any errors for explanation. You can send sensitive log information to info@code-crafters.com if you don't want them displayed on the forum.

[sschaer]

very interesting. i had a very similar situation. after setting up a few virtual machines in my network my mailserver and web-clients started to act weird. timeouts, not reachable. intermittent problems. after shutting down the virtual machins things started to get stable again. checked all network configs. no issues there. restarted the virtual machines and had these intermittent connection problems again. rebooting the router helped for a few hours. seems like there were issues with the router table or whatever. after replacing the router with a different one all problems were gone.

just as an idea. your network admins might check the routing tables and load of the router. maybe some kind of overload causing packets to be dropped.