Symantec Norton Email SMTP Problems

August 24th, 2009

Two of my email hosting customers have experienced errors from their anti-virus software running on Windows machines when trying to send email over port 25 to our SASL authenticated Postfix email servers. Disabling the anti-virus software caused the error to go away.

I'm not sure what the problem is, but I've done a little research on the problem:

Aug 24 17:28:11 pro-132-gl postfix/smtpd[5488]: too many errors after RSET from pool-**-**-**-**[**.**.**.**]
Aug 24 17:28:11 pro-132-gl postfix/smtpd[5488]: disconnect from pool-[**-**-**-**[**.**.**.**]
Aug 24 17:29:24 pro-132-gl postfix/smtpd[5658]: connect from pool-**-**-**-**[**.**.**.**]

Too many errors after RSET. Hmm. For one of my clients, disabling the anti-virus software was not an option, so we tried port 587. That resolved the problem for him.

It appears that Symantec or Norton intercepts outgoing connections and mangles it somehow in a way that is problematic. At first I thought it might be issuing a verify command, so I set postfix to:

disable_vrfy_command = no

but that didn't seem to help.

What about Saslauthd? /var/log/auth.log:

Aug 24 16:28:56 pro-132-gl saslauthd[18886]: do_auth         : auth failure: [] [service=smtp] [] [mech=rimap] [reason=[ALERT] Unexpected response from remote authentication server]

But that's as far as I get. The only other thing I can think of is that saslauthd is running out of connections, or that it is unable to connect to the imap server to authentication. Maybe I should run an IMAP proxy for it.

OK, I've set that up. Hopefully that will help. What's up with saslauthd options configuration using a forward-slash (/) for port selection instead of the colon (:)?

On an unrelated matter, I wonder how Symantec and friends feel about Microsoft finally talking about making their operating system more secure. Its a quagmire of a conundrum. If Microsoft continues to make software that is plagued with viruses and malware, they might lose their customers. If those viruses and malware programs go away, they risk losing partners like Symantec. I wrote a little about a new program I heard about here.

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022