Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Connection to Error-Server failed

15 views
Skip to first unread message

thomas_a...@acs-gmbh.de

unread,
Jan 2, 2001, 5:20:12 AM1/2/01
to
Hi everybody,

we are currently running VPN-1 / FW-1 on Solaris (SPARC) 2.7.

A few days ago I installed the latest Recommended Security Patch Cluster
for Solaris.
After that I installed Service Pack 3 for VPN-1 / FW-1.

Since that day a lot of incoming emails appear in the logfile with the
message "error notification: ... reason Connection to Error-Server
failed".

We are using the firewall with an smtp-ressource (no emails larger that
7000 KB ...), so to external mail-servers our firewall is the first
mail-server they talk to.

Has anyone every experienced a similar problem ?

Any help would be appreciated.

Kelly Garrett

unread,
Jan 3, 2001, 11:04:47 AM1/3/01
to
Thomas;

You will notice in the definition of the SMTP Resource, that there are two
servers listed....the Mail Server (the server that recieves the mail for
distribution AFTER the filtering process on the firewall) and the Error
Server. The error server is the server that is used to notify the SENDER
that thier email has been blocked for some reason. If the "Notify Sender On
Error" box is checked in the SMTP Resource Definition "General" tab, then
any mail failing the match requirements will cause the firewall to send an
error notification to the sender via the ERROR SERVER. The Error Server is
just another SMTP (not pop3) based mail server. This field should name a
mail server that is dependable......for some reason, the firewall only uses
the FIRST MX type record that it gets from the DNS lookup for the server.
If this server is down, alternate MX records are not used....you only get
one failure....(bummer, eh?). So, either disable Notify Sender on Error, or
name a DEPENDABLE mail server in the ERROR server field.

I have not actually gotten down to testing the way that the Error Server
entry is used (if a domain name is used), but generally, all name resolution
is done at COMPILE TIME....not dynamically by the firewall at run time (this
may explain why alternate MX records are not used...during compile time all
the MX records for that domain would have to be included in a list in the
rule script that is pushed to the server). If this is the case, then the
address of the mail server may have changed since the policy was
compiled/pushed.... I would hope that dynamic DNS lookups are being done
for the mail server entries.,..but this may not be the case. As with any
named resources used in the rulebase, you may have to recompile/repush the
rulebase often to take care of DNS changes.

Hope this helps

Kelly Garrett

<thomas_a...@acs-gmbh.de> wrote in message
news:9784308...@tux2.ham.acs-gmbh.de...

thomas_a...@acs-gmbh.de

unread,
Jan 4, 2001, 12:36:51 PM1/4/01
to
This surely helps.

Thanks a lot, Kelly.

ngatuhan...@gmail.com

unread,
Oct 28, 2014, 10:21:21 PM10/28/14
to
This problem you encounter I've ever encountered, it is a fault of the server center.
to overcome this problem, you can contact directly with department managers to ask their server to fix the problem, reinstall the server's configuration will overcome this.
Currently I am using server VinaHost, website: http://vinahost.vn/
They pretty good support.
you can contact and ask for a free consultation.
Wish you success.
0 new messages