| sorry for .-1, pressed the submit btn too early :-(
the AVFWNT uses AVMAIL as Mail server, there are some configurable options in
the NT Registry (HKEY_LOCAL_MACHINE/SOFTWARE/DIGITAL.../AVMAIL) or something
like that.
you have a directory AVMAIL\LOGS unter the DFW-tree, where you find some
useful logfiles.
hope that helps, rgds, ro
NSIS Austria
[Posted by WWW Notes gateway]
|
| -- How do I debug sendmail in AWFNT V1.1?
By and large, we have found that most of the problems are with either the
internal mail server or internal dns configurations. However, you can run
the avmadmin utility (in winnt\system32) to take a look at AltaVista mail
logs.
You can also look at the mail proxy logs (through the firewall gui).
Key questions to ask when debugging mail problems (this is a general answer
and I may be stating the obvious to you):
(1) Do other services work ok? If not, then you probably have dns problems
for this domain. Check especially that you have the appropriate
forwarders/slave
lines in your internal dns boot file, and on the firewall, if you don't have
direct access to the internet.
(2) Is activity showing up on the main gui page? If not, then mail is not
even reaching the firewall. Check the source dns/mail server (i.e. either
the internal dns or the external (ISP) dns and mail, depending on where
you are sending from).
(3) Make sure the firewall resolver is pointing to the internal dns server.
(4) If incoming mail appears to be stuck on the firewall, check that your mx
records point to the destination mail server (usually the mx will point to the
firewall and then be forwarded to the internal server... but if you have no
internal dns server [not recomended], you will need to add a lower priority
mx record to point to the internal mail server).
(5) We have seen quite a few user problems with MS DNS. Their gui is akward,
and the users don't always set the forwarders slave line (I've also seen a bug
where the forwarders/slave is set, but when you inspect it, it goes away.
This
appears to be a trust thing - set it, and don't check it ;-)
For many who are more familiar with dns files than MS gui, what we've found
helpful with MS DNS is to copy the firewall files to the internal server
(winnt\system32\dns), and modify them appropriatly. The admin guide tells
the administrator exactly what these files should look like, and it's much
easier to compare real files than trying to compare whatever it is that MS
is doing through their gui to real files. Of course you can't add the
forwarders/slave line to the boot file or DNS will crash on startup. This
has to be added through the gui. To get the gui working with the files,
rename the named.bt file to boot, and copy the other dns files into the same
directory (the directory line in the boot file must reflect this directory).
Then run regedt32 to delete the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentCOntrolSEt\Services\DNS\Parameters
EnableRegistryBoot
key. Once you run the gui, add the forwarders/slave options, and I believe
it will add the key you just deleted back. That's ok, as now you are done
configuring the files.
(6) There is a potential mail looping problem with MS Exchange mail. Some
resolution issue with Exchange is fixed with a new Value entry that is
indicated below.
----------
>From: Dan Kelley[SMTP:[email protected]]
>Sent: Thursday, November 7, 1996 10:18 AM
>To: Administrator
>Subject: Q150969: XFOR: All Messages Sent Over IMC Result in NDR's
>
>
>XFOR: All Messages Sent Over IMC Result in NDR's [exchange]
>ID: Q150969 CREATED: 14-MAY-1996 MODIFIED: 20-SEP-1996
>
>
>--------------------------------------------------------------------
>The information in this article applies to:
>
> - Microsoft Exchange Server, version 4.0
>---------------------------------------------------------------------
>
>SUMMARY
>=======
>
>When you use the Microsoft Exchange Internet Mail Connector (IMC) to
>send SMTP mail, it is possible that the IMC might try and send messages to
>itself. When this happens, users will receive Non-Delivery Reports (NDR).
>
>MORE INFORMATION
>================
>
>The following is an NDR that a user might receive:
>
> FROM: System Administrator [[email protected]]
> DATE: Monday, May 13, 1996 9:29 AM
> TO: Test User
> SUBJECT: Undeliverable:
>
> Your message did not reach some or all of the intended recipients.
>
> To: [email protected]
> Subject: Subject of message
> Sent: 5/13/96 9:29:16 AM
>
> The following recipients(s) could not be reached:
>
> [email protected] on 5/13/96 9:29:16 AM
> Recipient Not Found
> [MSEXCH:IMC:Organization:Site:SERVER]
>
>This problem occurs if the IMC is using DNS for the host name
>resolution. When the IMC attempts to resolve a host, it will attempt to
>query the DNS server for the host's IP address. If a site uses an MX wildcard
>record, it will direct all mail to that site. This could mean that the IMC
>will try to send mail to it's own IP address. The following scenario
>could help explain this:
>
>The computer running the IMC is located in the a.com domain and there's
>an MX wildcard record of *.a.com in the DNS.
>
>The IMC will add a.com to any address except ones ending in a.com. Any
>address that ends in a.com will use the address expressed through the MX
>wildcard record.
>
>Since every address the Microsoft Exchange Message Transfer Agent (MTA)
>tries to resolve will end in a.com, all mail will go to the same
>Microsoft Exchange Server. This may be the Microsoft Exchange Server that
>the IMC is running on.
>
>RESOLUTION
>==========
>
>If you are experiencing this problem with the IMC, you can add a registry
>value to prevent it. The registry key is:
>
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIMC\PARAMETERS
>
>From the Registry Editor menu, click on Edit, then the Add Value option
>from there.
>
> Value Name: DisableResolverSearchList
> Data Type: REG_DWORD
> Value: 1 (or any non-zero value)
>
>You will need to restart the IMC for the registry key to take effect.
>Then you can use Restest.exe to see if it worked. This utility can be found
>on the Microsoft Exchange Server CD-ROM in the Support\Utils\I386 directory.
>
>
>KBCategory: kbusage
>KBSubcategory: XFOR
>Additional reference words: 4.00 loop looping resolve
--Is there any configuration of it possible other then just specifying the
--default internal domain during the AFWNT installation process?
In general, you shouldn't need to do any additional configuration. One
major configuration that would force you to change the configuration
is if you do not have an internal mail server.
One other configuration option, is that the firewall proxy will strip the
received from: line in the header information of outgoing mail. In general
you want this line removed, but for diagnostic purposes, you might want to
keep it.
One final comment. We often hear concerns that the external name serve might
not be resolving names correctly. The thinking is that the firewall queries
the external name server to resolve external names. This is not true. The
firewall dns will attempt to go to the root servers, specified in the cache
file. If you really want to go to the external name server, you will add the
forwarders/slave lines to the firewall boot file. This is essential to do
if the firewall does not have direct internet access.
ScottE
[Posted by WWW Notes gateway]
|