1
Losing Connection to SmarterMail Server - Connection Inconsistent
Problem reported by Bob Bell - 11/11/2014 at 7:51 AM
Submitted
I am using SmarterMail v12.4 on Windows 2012 Server Standard 64bit (IIS 8.5) with ColdFusion 11 64bit. 2 Xeon 2.4Ghz Processors, 24Gb RAM (16Gb free), plenty of disk space.
 
Problem #1 - when I reboot the server, the SmarterMail service reports that it is started up, but cannot send mail from outside (like from Outlook on my home computer) until I restart the SmarterMail service. Then everything is OK.
 
Problem #2 - emails sent from ColdFusion are being sent OK for a while, then they start piling up in the Undeliverable Folder (in CF Mail). Sample from the CF Mail error logs are below.
 
"Error","scheduler-1","11/11/14","06:38:06",,"javax.mail.MessagingException: Could not connect to SMTP host: mail.mydomain.com, port: 587, response: 421"
 
If I restart the SmarterMail service, and move the undelivered emails from the Undeliverable folder to the Spool folder in ColdFusion so they attempt to send again, many of them get sent, but then the same thing happens - the connection to SmarterMail gets interrupted and the remaining emails get moved to the Undeliverable folder. 
 
Currently, I have 9000 emails in the Undeliverable folder. Any suggestions on how to fix these problems?
Web Engineer
http://www.fullblownwebdesign.com

9 Replies

Reply to Thread
0
Steve Reid Replied
Check your logs?
0
Bob Bell Replied
Yes. The ColdFusion Logs state.
Email sent successfully using mail.mydomain.com on port 587
Email sent successfully using mail.mydomain.com on port 587
Email sent successfully using mail.mydomain.com on port 587
Email sent successfully using mail.mydomain.com on port 587
Email sent successfully using mail.mydomain.com on port 587
- cannot connect to mail.mydomain.com on port 587.
- cannot connect to mail.mydomain.com on port 587.
- cannot connect to mail.mydomain.com on port 587.
- cannot connect to mail.mydomain.com on port 587.
- cannot connect to mail.mydomain.com on port 587.
- repeat 1000 times...

The SmarterMail logs state.
- Email sent successfully (for all that were sent)
then nothing else in the logs - any thoughts?

Here's a snippet from the SMTP Log

06:52:33 [158.85.162.74][43964590] cmd: AUTH LOGIN
06:52:33 [158.85.162.74][43964590] rsp: 334 VXNlcm5hbWU6
06:52:33 [158.85.162.74][43964590] Authenticating as webmaster@mydomain.com
06:52:33 [158.85.162.74][43964590] rsp: 334 UGFzc3dvcmQ6
06:52:33 [158.85.162.74][43964590] rsp: 235 Authentication successful
06:52:33 [158.85.162.74][43964590] Authenticated as webmaster@mydomain.com
06:52:33 [158.85.162.74][43964590] cmd: MAIL FROM:<news@mydomain.com>
06:52:33 [158.85.162.74][43964590] rsp: 250 OK <news@mydomain.com> Sender ok
06:52:33 [158.85.162.74][43964590] cmd: RCPT TO:<someone@comcast.net>
06:52:33 [158.85.162.74][43964590] rsp: 250 OK <someone@comcast.net> Recipient ok
06:52:33 [158.85.162.74][43964590] cmd: DATA
06:52:33 [158.85.162.74][43964590] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
06:52:33 [158.85.162.74][43964590] rsp: 250 OK
06:52:33 [158.85.162.74][43964590] Data transfer succeeded, writing mail to 148534313000.eml
06:52:33 [158.85.162.74][43964590] cmd: QUIT
06:52:33 [158.85.162.74][43964590] rsp: 221 Service closing transmission channel
06:52:33 [158.85.162.74][35287174] rsp: 220 mail.mydomain.com
06:52:33 [158.85.162.74][35287174] connected at 11/11/2014 6:52:33 AM
06:52:33 [158.85.162.74][35287174] cmd: EHLO 158.85.162.95-static.reverse.softlayer.com
06:52:33 [158.85.162.74][35287174] rsp: 250-mail.mydomain.com Hello [158.85.162.74]250-SIZE 26214400250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
Web Engineer http://www.fullblownwebdesign.com
0
Steve Reid Replied
First thing is you should be running smartermail on it's own server, definately not together with coldfusion.

Your coldfusion logs will not help, but there must be more in the smartermail logs, are you sure you have them set to detailed?

Maybe abuse detection is being triggered?
0
Bob Bell Replied
I agree, should be on it's own server, but can't afford another server at the moment.

Abuse Detection - good idea. Here are my settings.

DOS - 60 in 10 minutes (would that do it?)
Bad SMTP Sessions (Harvesting) 50 in 10 minutes (would that do it?)

Thanks.
Web Engineer http://www.fullblownwebdesign.com
0
Bob Bell Replied
Which Log file should I be looking at for Abuse Detection?
Web Engineer http://www.fullblownwebdesign.com
0
Bruce Barnes Replied
Here's a list of the tests we are currently running:
 
 
 
and here's a list of the protections they have provided to one of our customer's servers which, routinely, receives heavy attacks.  They have several international clients.

This list can be seen at MANAGE ===> CURRENT IDS BLOCKS ===> ALL BLOCKS:
 
 
 
 
 
 
 
 
 
 
The traps have significantly speeded up the customer's SmarterMail server and have resulted in zero false positives.
 
NOTE: Rebooting the server, or restarting the SmarterMail service will delete this list and it will be rebuilt as the server is re-attacked by remote hacking attempts.
 
 
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bob Bell Replied
Thanks Bruce. That was the problem. My client is trying to send 400 individual emails (to her list) through a newsletter application I built in ColdFusion. After 60 get sent, it triggers the Abuse Detection = DOS SMTP (60 in 10 min).
 
What is the best way to allow her emails to get sent?
1. Add her IP to a whitelist?
2. Remove (or increase) the DOS Abuse Detection?
3. Other?
 
Thanks, Bob
Web Engineer http://www.fullblownwebdesign.com
0
Bruce Barnes Replied
I would make certain that the application is running full SMTP authentication.
 
You may have to increase the number of allowed messages before SMTP is triggered, but I would avoid, at all costs, whitelisting anything.  Whitelisting is inviting spammers and hackers to take over your server.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bob Bell Replied
OK thanks Bruce! I will increase the number of messages before SMTP is triggered. Glad that is solved!
Web Engineer http://www.fullblownwebdesign.com

Reply to Thread