** Excerpt start ** "GWIA is having troubles receiving email from the internet. I can telnet to port 25 from an outside host. when testing, after i do "rcpt to:address>" 501 command syntax error appears. outgoing mail works fine. i have changed the /hn- switch to valid public "A" record. when sending from an outside email account an undeliverable message comes to account stating "There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. smtp;501 Command syntax error> ** Excerpt end **
I started getting this exact same error on a NetWare/OES 6.5 Small Business Server today. I had to rebuild it from scratch due to hardware failure last week so everything is current. By that I mean NW 6.5 (NetWare kernel) w/SP7 and post SP7 updates, GroupWise 7.0.3 PLUS newly released Hot Patch 1 and Border Manager 3.8 w/SP5.
Internet email worked okay (a few quirks noted in GW 7.0.3 HP1 readme) until I went about getting BM to allow SMTP traffic through it from a PC with a custom app needing to comm with an external SMTP server and NOT GWIA. Using the default BM filter exceptions did not allow SMTP traffic through. GWIA could send and receive email, but pass through would not work. I tweaked and tweaked the BM filters to no avail. It was at this point that I discovered that GW 7.0.3 HP1 was released last week.
This morning internet email appeared to be working okay. I went ahead and installed HP1 for GW 7.0.3 in response to the quirky issues seen.
Next I resumed tweaking the BM filter exceptions until I got SMTP to pass through. I had to enable NAT (dynamic only) on the public interface, set nat dynamic mode to pass thru = on, and change the default stateful SMTP filter exceptions from specifying the public IP as the destination host on outgoing and the source host on incoming. I changed the destination for outgoing to any and the source for incoming to any. With these changes in place SMTP traffic from the PC with the custom app needing to comm with an external SMTP server worked.
At this point outbound email would go out through GWIA. Some time later someone from the outside reported that they were getting their mail bounced back. Upon testing from the outside, manually by using telnet on port 25, I found the exact same symptom reported in the original post above...after i do "rcpt to:address>" 501 command syntax error appears.
In response I've done the obvious things. Which was to back out/undo everything I put in place for the SMTP traffic to pass through BM. Meaning I put the stateful SMTP filter exceptions back as they were and I disabled NAT. No change getting the 501 error.
After much research and tweaking I decided to back rev GWIA to 7.0.3 without HP1. I even deleted the eDir GWIA object and allowed the install to create a new one. No change. Since that didn't resolve the issue I deleted the newly created eDir GWIA object and then installed the 7.0.3 HP1 GWIA again and let that install create a new eDir GWIA object. No change.
Rebooted. No change.
So, here I am with a server that simply had some quirky/known 7.0.3 GWIA issues but now will not accept incoming email at all. Sorry so long folks. I wanted to provide the "whole" story up front. Any help would be most appreciated.
Solution: GWIA responds "501 command syntax error" on inbound mail. Outbound mail works.
Sorry for the extreme delay here folks. I was back on-site working on this issue at 8:30 a.m. on 6/24 and then sprinting to keep up elsewhere ever since.
To answer questions from Ghost96:
- Yes, GW and BM are running on the same NetWare 6.5 Small Business Suite server with 2 NICs. - I could connect to the GWIA via telnet on port 25 from the LAN and enter a test email message without getting the 501 Command Syntax error, but there was not evidence of the connection on the GWIA realtime screen or in the GWIA log. The test message never got delivered either. - I think the dynamic NAT or not using static NAT works on the SBS server because GWIA is listening for SMTP traffic on at least the public interface. So there really is no need to NAT the traffic inside to a private LAN IP.
To answer the questions from ChrisLemoine:
- The 501 Command Syntax error persisted when testing from the outside with ipflt and filtsrv unloaded.
The solution:
I had both http/web proxy and transparent proxy enabled during testing after the rebuild. I wanted to just use transparent proxy, but found issues access https/SSL pages. When I forced the browser to use the proxy service on port 8080 the https/SSL pages worked fine.
I had to turn off/disable both the http/web proxy and the transparent proxy to resolve the 501 Command Syntax Error. Once I did this GWIA would accept inbound mail without issue.
Proxy, proxy, proxy. Who needs Proxy in an SBS environment which includes a full blown firewall (Border Manager) any way? If you're not using the logging/reporting BM proxy offers and not making use of any third party filtering solutions (SurfControl and the like) that work in conjuction with proxy why use it? To save bandwidth? Not in an SBS environment and not in 2008 if you ask me.
Thanks to Ghost96 and ChrisLemoine for their responses.