Strange problems with ZyXELs ZyWALL 5 and Exchange 2003

Today i’ve encountered a very interesting problem that’s very hard to track down exactly.

A small business customer was running an Exchange 2003 server behind a ZyXEL ZyWALL 5 with AntiSpam installed and enabled. The ZyWALL forwarded port 25 to the Exchange server. This worked, for the most, flawlessly. But a few hosts (i’ve found no distinct differences between the source hosts – ADSL, Leased Lines, Colocated, Europe, USA) failed to get an SMTP greeting (220 customer.example.com Microsoft ESMTP MAIL Service, Version: 6.0.xx ready at Thu, xx Sep 2007 xx:xx:xx +0200).

When i disabled the Anti-Spam and pressed enter (in a telnet session to port 25), the SMTP greeting appeared. If anti-spam was enabled, it never appeared. But that didn’t help – Postfix still couldn’t send mails:

postfix/smtp[25010]: C65AA88075: conversation with customer.example.com[256.256.256.256] timed out while receiving the initial server greeting

I’ve looked at every setting on both the ZyWALL and the Exchange server, but didn’t find any unusual DNS etc. setting. I even disabled all the DNS lookups done on the Exchange server, but to no avail.

But after upgrading the ZyXEL ZyWALL 5′s firmware to the latest version (V4.02(XD.2)), the problem disappeared. While this wasn’t exactly what i was hoping for, at least the problem was now solved.

12 Comments

  1. BG:

    Just 2 verify. I´ve have had the same problem on 2 locations.

  2. Ronald Nissley:

    Same problem here with a ZyWall 35.

  3. Flemming Veggerby:

    Also Zywall 70 (and 5 and 35)
    Upgraded from ver 4.00 to 4.02(min) solved problem.

  4. Polinky Japan:

    I also same problem on Zywall 70.
    By updating to 4.03, it fixed!!!

  5. Paolo Drappo:

    Which version of firmware not working?

  6. Andy Wolf:

    I had the same Problem with a ZyWALL 5.
    With upgrade to Firmware Version 4.03(XD.1)C0 the Problem is solved!

  7. Gerrit-Jan M.:

    Same problem with a Zywall 5 (UTM) here. SBS Exchange 2003 relaying SMTP outbound to ISP SMTP server. After restarting STMP service on the SBS 2003 machine, SMTP seems to work again but after few minutes the Exchange message queue is growing again. After uploading the firmware to V4.04(XD.0) | 03/28/2008 –> 2 hours succes before starting to get into trouble again..

    B.t.w. : Antispam on the zywall is NOT activated.

    Anyone any clue?? Thanks in advance.

  8. Gerrit-Jan M.:

    Hi All,

    In response to the earlier message. I did a downgrade to version – Version 4.03(XD.1)C0 – and problem seems to be solved. I will leave an additional message on this board when the zywall still has the problem (Only then). So when no new posts, this has fixed it for me.

    (Highly annoying problem, this one)

    Gtz,

    Gerrit-Jan M.

  9. Gerrit-Jan M.:

    Hi All,

    After three weeks, problems seems to be still there. Whenever Exchange begins to queue messages, only workaround available now is to load new firmware in the zywall. After that, things work for a few days. This is not a hardware failure -> I already bought a new zywall5 because of this error. The old one (3 years old) and the new one have exactly the same failures.

    If anyone has a clue, please contact me. gerritjan123@gmail.com

    Thanks in advance.

  10. Gerrit-Jan M.:

    Hi Ulrik,

    This week I had reaction from zywall team .. If you’re dealing with this problem, give this a try:

    1. telnet to the ZyWALL, menu 24, option 8 (de CLI).
    2. Give the commando: “sys tos timeout tcpsyn “.
    3. the default is 270, change this to 540 or higher.. (so -> ‘sys tos timeout tcpsyn 540′)

    Succes! Please visit this site: http://www.caretaker.nl –> this is the best antispam solution EVER!

    Regards,
    G.J. Mollenhorst

  11. Lukas Beeler:

    Hi Gerrit,

    Thanks for sharing. Might help me in the future.

  12. Don’t buy ZyXEL equipment » Lukas Beeler’s IT Blog » Blog Archive:

    [...] had my share of experiences with ZyXEL equipment, like the ZyWALL vs. Exchange post i did a few years [...]

Leave a comment