CERATEC
About Us | Home | Shopping Cart | Services | Products | Support & FAQ | Contact Info |  
P R O D U C T S
Shopping Cart
Online Store
SMTP Mail Servers
Pop3 to Smtp
Workgroup Mail
Spam Mail Filters
Xwall Features
Xwall Flow Chart
Xwall Screen shots
Xwall Forum
ESATInformer
Dynsite Dynamic IP
Remote Access
Event Monitoring
Postmaster Tools
Trojan Detection
Email Archiving
List Server
S E R V I C E S
Local Services
Internet Services
Web Hosting
Features
Details
Q&A
F E A T U R E S
Bubba's Spam News
Realtime Virus Info
Help Forums
Our References
Contact Us
P R O G R A M S
XWALL
POPBeamer
SMTPBeamer
MAILBeamer
DYNSite
Tauscan
Adv. HostMonitor
Arrow List Server

Xwall Spam filter Release History


XWall for Microsoft Exchange

XWall mail filter for Exchange and SMTP servers
Works with:

* Every version of Exchange server including
Exchange 2000/2003, SBS 2000/2003 and Exchange 5.5
* Any SMTP server like Exchange, Lotus Notes and Novell GroupWise
* Junk-E-Mail Folder of Exchange 2003 using XWALLFilter event sink
* Dial-up, dial-up routers, ADSL and leased-line connections to the Internet

Spam Detection using:

* Multi Real-time Blackhole List - RBL / SLS / SPAM database
* Greylisting spam filter, based on www.greylisting.org
* SURBL - Spam URI Real-time Blocklists - www.surbl.org
* Bayesian pattern filter, based on Paul Graham's paper A Plan For Spam
* SPF - Sender Permitted From - Sender Policy Framework - www.openspf.org
* Sender ID
* Central Checksum Service (CCS) bulk e-mail detection
* Heuristic spam filter
* Phishing filter
* and much more

Administer using:

* Automatic white list to prevent false positive
* Manual exclusion from spam checking by e-mail, IP address and more
* Mark, delete or forward spam messages

Optionally blocks messages:

* Keywords in subject or text
* Executable attachments
* Attachments with a specific name or extension
* Attachments in a ZIP file or in TNEF/RTF messages ( WINMAIL.DAT )

* By header lines
* By charset
* By country

Reporting:

* MRTG for real-time reporting
* ESATInformer for enhanced reporting
* any program that reads CSV files (Excel, Access)

Optional Features:

* Scan inbound and outbound messages using a third-party virus scanner
* Add a disclaimer to outgoing messages
* Reassemble messages to prevent hidden attachments
* Remove HTML and/or TNEF formatting from a message
* Detect looping messages

* Encrypt messages using SSL / TLS when sending
* Pass-through S/MIME signing and/or encryption
(acts as a eBilling / eInvoice signature server)

* Forward messages to one or more alternate e-mail address
* Forward a whole domain to a single e-mail address
* Forward whole domain to another domain

* Schedule ETRN
* Keep a copy of every incoming and outgoing message

* Run as a service on Windows NT® or Windows® 2000/2003
* Compatible with various Asian, Western and Eastern European languages
* Works with POPBeamer in a POP3 environment
* Available in English and German and as an ISP Edition

How XWall works

For incoming messages, XWall needs to get the message before your Exchange server will get it so that it can perform it checks before passing the message over to Exchange. Depending on whether you run XWall on the same machine as Exchange or on a different machine, XWall either needs to hook up to port 25 or to act as a relay host (respectively).

For outgoing messages, Exchange server passes the message to XWall, which performs its checks and then sends the message out in the Internet. From Exchange Servers viewpoint, XWall is a normal relay host.

So the message flow for incoming messages would be Internet -> XWall -> Exchange server,
and for outgoing messages it would be Exchange server -> XWall -> Internet
top

System Requirements

* Windows® NT, Windows® 2000/2003 with TCP/IP installed
* Microsoft Exchange, Lotus Notes or any other SMTP server

top

Installation

Decide if XWall should be installed on the Exchange server or on a different machine:

* Single Exchange server

If you have only one Exchange server and you have less than 10.000 messages each day,
then run XWall on the Exchange server.

* More than one Exchange server in the organization

If you have more than one Exchange server in your organization then you should run XWall on a different machine or at least at a different ip address, because the Exchange servers communicate internal states using Microsoft propriety SMTP verbs on port 25 and third party gateways like XWALL should not be inserted between internal Exchange servers traffic flow.

* Cluster

If you have a cluster then you must run XWall on a different machine, because XWall doesn't support a cluster.

Once you decides on which machine you are installing XWall perform the following steps:

* Run Setup.exe or create a directory on your machine and copy all the files into this directory

* Start XWall Admin (MBAdmin.exe) to configure XWall

* The first time you run XWall you will be prompted for the following information:

Postmaster's address
The address of the person who is responsible for maintaining XWall. XWall will send all error messages to this address.

The name or IP address of the Exchange server.
If XWall is running on the same machine as the Exchange server than you can ( and should ) use localhost as the name.

The port Exchange listens
If XWall is running on the same machine as the Exchange server than use port 24, else use port 25.

Screenshot: XWall on the same machine as Exchange , XWall on a different machine

The e-mail domain that your Exchange is responsible
XWall needs to know for which e-mail domain your Exchange is responsible, so that if can forward messages for this domain to your Exchange.

Screenshot: e-mail domain that your Exchange is responsible

* Running XWall on the same machine as Exchange server

Incoming Messages

If you run XWall on the same machine as the Exchange, then you must tell Exchange to listen on a separate port; i.e. not port 25, because only one application can listen to a specific port at one time and XWall needs to be the first application that gets SMTP messages.
o Exchange 5.x
To do this open the file services, usually located in C:\WINNT\system32\drivers\etc\SERVICES
with Notepad or any other text editor. Locate the line smtp 25/tcp mail and change 25 to the port
of your choice (use 24 if you are not sure which one you should use) and save the file.

Restart the IMS (Internet Mail Service) of the Exchange server to bring the new settings into affect.

Screenshot: Notepad with SERVICES

o Exchange 2000/2003
Start System Manager (Exchange Admin) and select
Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.
In this dialog select the tab labeled General and then Advanced and here you can set
the port on which this virtual server listens.

Screenshot: Exchange port

Also make sure Anonymous access is allowed or else XWall is not able to connect to Exchange.
In System Manager ( Exchange Admin) select
Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.
In this dialog select the tab labeled Access and then Authentication and enable Anonymous access.

Screenshot: Exchange access

Restart the SMTP service of Exchange to bring the new setting into effect.


Outgoing Messages
(this step is optional and is not needed for inbound spam blocking)

o Exchange 5.x
Start Exchange Administrator, select the IMS (Internet Mail Service) and click on the tab labeled Connections.

Enable Forward all messages to host and type in localhost.

Close the dialog and restart the IMS.

From then on the Exchange server will forward all messages to the localhost,
which basically means it sends them to XWall.

o Exchange 2000/2003
If you have no SMTP connector then start System Manager (Exchange Admin) and select
Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Delivery and then
Advanced and in Smart host type in localhost.

Screenshot: Exchange forward

Close the dialog and restart the SMTP service of Exchange. From then on the Exchange server will forward all messages to the localhost, which basically means it sends them to XWall.

If you have a SMTP connector then start System Manager (Exchange Admin) and select Routing Groups->Exchange->Connectors->Your SMTP Connector->Properties->Forward all mail through this connector to the following smart host and type in the name or IP address of the machine where XWall is running.

Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the name or IP address , which basically means it sends them to XWall.

* Running XWall on a different machine then the Exchange server

Incoming Messages

Start MBAdmin, select Options->General->Exchange->Name or IP address of the Exchange server
and type in the name or IP address of the Exchange server.

Screenshot: XWall on a different machine

Depending on your DNS configuration you will need to change the MX record so that it points to the machine
where XWall is running or else XWall will not get the messages before Exchange.


Outgoing Messages
(this step is optional and is not needed for inbound spam blocking)

o Exchange 5.x
Start Exchange Administrator, select the IMS (Internet Mail Service) and click on the tab labeled Connections.
Enable Forward all messages to host and type in the name or IP address of the machine where XWall is running. Close the dialog and restart the IMS. From then on the Exchange server will forward all messages to XWall.

o Exchange 2000/2003
If you have no SMTP connector start System Manager ( Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties. In this dialog select the tab labeled Delivery and then Advanced.

In Smart host type in the name or IP address of the machine where XWall is running.

Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to XWall.

If you have a SMTP connector then start System Manager (Exchange Admin) and select Connectors->Your SMTP Connector->Properties->Forward all mail through this connector to the following smart host and type in the name or IP address of the machine where XWall is running.

Close the dialog and restart Exchange. From then on the Exchange server will forward all messages to the name or IP address , which basically means it sends them to XWall.

Once you have done this you can start MBServer and check if all messages are properly routed.
top

Run XWall as a service

Once you run XWall as a service, errors will only be visible in the logfile or in the main window of MBAdmin. Consequently, before running it as a service you must first ensure that XWall is running properly with no errors by launching it in Console Mode (i.e. starting it from an icon).

In general, installing XWall as a service should be your last task and not your first.

Note: Keep in mind that XWall needs to reside on a local disk or the service controller will not be able to start it.
Also make sure MBAdmin.exe and MBServer.exe are in the same directory.

* From MBAdmin

Start MBAdmin, select View->Service and here you can install, remove, start and stop the service

By default it is an AutoStart service and any time your computer is started, XWall will start.

Note: After you have started XWall as a service, verify that XWall has no errors.
You need to take a look into the logfile to do this or start MBAdmin and in the main window you see the logfile.

* From the command line

For the examples below, we assume XWall is in C:\XWall

* Installing XWall as a service

Start MBServer.exe with the argument of install, by typing MBServer install at the command prompt and XWall will create the service.

By default it is an AutoStart service and any time your computer is started, XWall will start.
You can start and stop XWall at any time via Control Panel

Note: After you have started XWall as a service, verify that XWall has no errors.
You need to take a look into the logfile to do this or start MBAdmin and in the main window you see the logfile.

* Removing XWall as a service

Start MBServer.exe with the argument of remove, by typing MBServer remove
at the command prompt and XWall will delete the service.

top

How to stop XWall

* XWall runs as a console application:

* Press ESCAPE
* Select Close from the system menu (works only on Windows NT®)
* Press Alt-F4 (works only on Windows NT®)

* XWall runs as a service on Windows NT®:

* Open Control Panel, select Services,
locate XWall and press the button labeled Stop
* type Net Stop XWall at the command prompt

top

Upgrade to the Latest Version

You will find the latest version of XWall at our Download Area.

Simply stop XWall and then run setup.exe to install the new version.

Note: If you are upgrading from a very old version then you must reapply your registration number.
top

Tighten Security


To tighten your email security as much as possible enable the following setting:

* Disable relaying
* Enable virus scanning
* Block dangerous attachments
* Reassemble all inbound messages
* Remove HTML and RTF formatting from inbound messages


top

Fight Spam

There are two ways to fight against spam and both have advantages and disadvantages:

* Block all messages as early as possible

The advantage is that the messages do not reach your server and are blocked as early as possible, most of them at the SMTP protocol level. The drawback is that the administrator needs to handle all the exceptions.

For example, if you enable the Spam Lookup Service (SLS) and you tell XWall to block all messages that are on the spamcop.net list, then this will catch a lot of spam mails ( usually around 50% ).

However, your best customer/supplier/friend/relative will also be blocked because he/she is using a mail server which is on the list. So you need to exclude this mail server and you need to adjust it any time the IP address changes.

What makes the task really time consuming is the fact that the customer/supplier/friend/relative does not simply tell you that your server does not accept mail because it is on a spam list. They will call you and say something like
I can not send to you and you have to figure out what the problem might be.

* Let all messages come in and mark the subject

The advantage of this is that the administrator has absolute no work and it give the most flexibility, because XWall only marks the subject ( it adds a small text like [sls] at the end of the subject ).

The final recipient can then simply setup a rule in his/her email client that deletes all messages where the subject contains [sls]. He/she can maintain a local exception list and do not need to call the administrator for handling an exception. Another option would be to color code the message rather then deleting it.

In practice this this has been proven to be the best way to fight spam.

Note: On Exchange 2003 then you can use Mark subject and move to Junk-E-Mail folder.
However, XWALLFilter , which is an add-on even sink, needs to be installed on your Exchange. For more info on XWALLFilter at click here.

Operations Guide

* Enable Automatic White List

This allows you to use a more aggressive spam catching strategy, because
everyone to whom you send a e-mail is automatically excluded from spam checking,

* Enable Greylisting

At present by far the best way to block spam, some 80% with nearly no false positive.

Note: make sure the spammer do not bypass Greylisting by sending over your backup MX.
Use XWall or a server that can handle Greylisting on your backup MX.


* Enable Spam Lookup Service

One of the best methods, it catches around 50% of spam

* Enable the Central Checksum Service (CCS)

The Central Checksum Service (CCS) is designed to detect bulk e-mail on a worldwide level.
For a live statistic of the CCS server click here

* Validate the senders domain and do not accept invalid domains

Verifies that the sender uses a valid e-mail domain.
There is no need to accept from e-mail addresses that you can't send to.

* Verify if the recipient

Accept only messages for e-mail addresses that really exist on your Exchange.

Often spammer use a list of names and combine the name with your domain and then send a message to every address, hoping that at least a few e-mail addresses are valid.

Due that Exchange send back a non-delivery report for every non-existing e-mail address you end up with thousands of undeliverable message in the outbound queue and so it's better to reject such messages during the SMTP session.

* Enable a heuristic approach to filter out spam mails

The classification algorithm is based on rules that use a wide range of heuristic tests on mail headers and body text to identify spam messages.

* Check if the message uses BCC (Blind Carbon Copy) addressing

Most spam messages are sent as BCC and so this is a very effective way to fight against spam. Combined with a Spam Lookup Service it should catch around 95%.

However, the drawback is that an extensive exclusion list is needs, because not every BCC is a spam. Because of this there is no way to block BCC message in XWall.

* Enable a statistical approach with the Bayesian filter to filter out spam mails

Works far better than the simple word blocking, because it is fully dynamic and there is no need to maintain a word list.

* Block messages where the SPF results in a FAIL

SPF checks if the message is coming from the permitted mail server of the sender.
This prevents from spammer that use a valid e-mail domain as the From: address but relay through a completely different mail server.

*

Scan the subject for strings
* Scan the text for strings
* Scan the HTML for strings

Use the Add Common button to block messages with word and strings that spammer commonly use

* Enable Header blocking

Use the Add Common button to block messages send by mail software that that spammer commonly use


top

Helper Programs

* Signal


Signal is a command line program that allows you to perform the same commands as from the Signal menu of MBAdmin. You can force the download of POP3 messages by simply clicking on a link rather than starting MBAdmin.

* LogView


LogView allows you to view the logfile in real time from any machine on your network.
This is especially useful if MBServer runs as a service.
* TestMX

TestMX is a command line program to resolve the MX record for a give domain and then connect to the mail server.
The main purpose is to troubleshoot MX related problems or to check if a domain can accept messages.

* ExchImp

ExchImp is a command line program to import Exchange E-mail addresses into datauser.dat

* LDAPImp

LDAPImp is VBScript to import AD E-mail addresses into datauser.dat

* CSVToEnv

CSVToEnv is a command line program to recreate the envelope from the statistic file.
CSVToEnv is needed to resend messages from the history folder.

* SerializeLog by by Softec Integrations AG

SerializeLog is a command line program to serialize the XWall logfile to facilitate
troubleshooting.

* XWALLFilter

XWALLFilter is an add-on even sink to XWall, which automatically routes any
XWall marked message into the Junk-E-Mail folder of Exchange 2003.

* ESATStatus

ESATStatus a utility to show the status of the XWall queues and more wherever you are. Set your warning and alert levels for each individual queue. A quick glance at the screen and you know what's going on.

* ESATInformer

ESATInformer designed for XWall virtually eliminates the "false positive" problem. Daily reports are sent to the email system administrator and all selected users. These reports summarize the spam problem and list each users blocked messages. Using these reports, users can request delivery of any false positives. The request is handled automatically with a summary report sent to the email administrator. With the "false positive" problem out of the way, the XWall spam filters can be tightened to all but completely eliminate spam.

top

Troubleshooting
Transfer:
KBXW001 Error: Unable to establish a connection with mail host [14]
KBXW025 Error: Unable to start inbound SMTP connection manager
Error: Port or address already in use [10048]
KBXW016 Error: Timeout in reading data [9]
KBXW034 Error: Connection closed by peer for no good reason [11]
KBXW011 Error: No Exchange server found at localhost
KBXW014 Error: No AUTH command in EHLO found, Authentication failed
KBXW002 550 5.7.1 Unable to relay for user@yourdomain.com
KBXW003 505 5.7.1: Client was not authenticated
KBXW037 535 5.7.3 Authentication unsuccessful (after installing Exchange 2003 SP1)
KBXW039 504 <server>: Helo command rejected: need fully-qualified hostname
KBXW051 501 5.1.7 invalid return path

DNS:
KBXW020 Warning: Possible DNS problem; unable to connect to local name server xx.xx.xx.xx
KBXW042 Warning: DNS problem; unable to resolve test-for-dns-resolve.dataenter.co.at
KBXW043 Warning: DNS problem; unable to resolve MX for inbound domain yourdomain.com
KBXW050 XWall not able to establish a connection to Hotmail or MSN for a few hours

General:
KBXW007 XWall is running as a console application without any problems,
but when running as a service errors are reported
KBXW008 XWall as a console application and the last screen line is not visible
KBXW009 XWall reports RAS problems when the Proxy server opens the line
KBXW010 AVM card and RAS problems
KBXW021 SonicWall / Zyxel Firewall / Watchguard Firebox and problems with some mail servers
KBXW018 Eicar test virus / virus scanner pops up an alert message
KBXW035 XWall stops working when running as a Console application
( when it was started from an icon )
KBXW036 A on-access virus scanner reports that there is a virus a non-delivery report created by qmail
KBXW044 XWall fails to pass a relay test
KBXW045 XWall hangs after sending the BDAT command
KBXW046 The recipients server refuses to accept your message because XWall
refuses to accept a message with blank or NULL address

Exchange:
KBXW028 Blank messages between two Exchange server in the same organization
KBXW047 Message flow stops between two Exchange server in the same organization
KBXW029 XWall shows a license violation on a cluster

Processing:
KBXW013 Files stuck in the MSG-IN directory (inbound queue)
KBXW024 A lot of messages are in MSG-Out (outbound queue)
KBXW022 High CPU utilization - Looping message
KBXW040 High CPU utilization - Outdated McAfee scan engine
KBXW041 High CPU utilization - High message count
KBXW038 The logfile shows all incoming connections originated from a
private IP address rather then the real IP address of the sender

Blocking:
KBXW026 XWall doesn't block the string Sample in
Sam<frame><noframes>itbg7</noframes></frame>ple
KBXW031 Blocked or excluded text or html is not blocked or excluded from blocking
KBXW033 Blocking a subject with a lot of question marks ( e.g. ????? ) is not possible

Exclude:
KBXW017 Excluding an IP address or host name doesn't work
KBXW023 Blocked or excluded MAIL FROM: e-mail address is not blocked or excluded from blocking
KBXW027 XWall erroneous blocks email addresses that are not in the blocking list
KBXW030 Outgoing messages are not handled by XWall
KBXW048 White list exclusion doesn't work
KBXW049 Disclaimer is not added to outgoing messages
KBXW031 Blocked or excluded text or html is not blocked or excluded from blocking
KBXW032 Excluding a specific address from address blocking doesn't work


back to Troubleshooting

KBXW001

* Symptoms:
The logfile shows Error: Unable to establish a connection with mail host [14]

* Cause:
Exchange doesn't listen for incoming messages on port 25 or port 24.

You can check if Exchange is listening on port 25 by typing (in a DOS box)

telnet localhost 25 [enter]

When everything is working you should get back a greeting line,
else you get a connection error.

* Solution:
Exchange 5.x
Make sure that your Exchange server has Inbound SMTP enabled.
In Exchange Admin select the Internet Mail Service (IMS) , select the tab Connections and
make sure Inbound & Outbound is checked in the section Transfer Mode.

Exchange 2000/2003
Make sure the Virtual SMTP Server is listening on port 25.
Start System Manager (Exchange Admin) and select
Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.
In this dialog select the tab labeled General and then Advanced and
here you can set the port on which this virtual server listens.

Windows 2003 SP1
Make sure the firewall doesn't block port 25.
Open Control Panel, select Network Connections and then the properties of the Local Area Connection.
In the tab labeled Advanced you will find the settings for the firewall

Norton / Symantec Antivirus Corporate Edition
Norton / Symantec Antivirus may have silently installed a firewall that blocks the port

McAfee v8.0
McAfee may have installed a firewall that blocks the port

back to Troubleshooting

KBXW002

* Symptoms:
The logfile shows 550 5.7.1 Unable to relay for user@yourdomain.com

* Cause:
This error happens in Exchange 2000/2003 when the Exchange does feels responsible for your email domain.
Usually this results because was installed using a different domain than your email domain and
so you need to manually tell Exchange for which domain it is responsible.

* Solution:
Exchange 2000/2003
Start System Manager (Exchange Admin) and select Recipient->Recipient Policies.
Then either change the Default Policy or create a new policy and tell Exchange for which domain it should accept mail.

Additional info from Microsoft at Q289833

back to Troubleshooting

KBXW003

* Symptoms:
The logfile shows 505 5.7.1 Client was not authenticated

* Cause:
Exchange 2000/2003 doesn't allow Anonymous access and so XWall is not able to connect to Exchange.

* Solution:
Exchange 2000/2003
In Exchange Admin select
Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.
In this dialog select the tab labeled Access and then Authentication and enable Anonymous access.

or

Start MBAdmin, select Options->General->Exchange and check
Exchange needs authentication and type in the user account and
password XWall should use when connection to Exchange

back to Troubleshooting

KBXW007

* Symptoms:
XWall is running as a console application without any problems, but when running as a service errors are reported.

* Cause:
The account you use to start the service doesn't have enough rights to use RAS or the Internet or the Proxy.

* Solution:
Start the service with Administrator or the account you use to logon onto Windows NT® and then it should work.

back to Troubleshooting

KBXW008

* Symptoms:
You have Windows® 2000/2003 and when running XWall as a console application the last screen line is not visible.

* Cause:
By default the Windows® 2000/2003 screen buffer size height for a console application is set to 300 lines.

* Solution:
Select the Properties of the console and then select the tab labeled Layout and
change the Screen Buffer Size Height to 25

back to Troubleshooting

KBXW009

* Symptoms:
XWall reports RAS problems when the Proxy server opens the line.

* Cause:
You should run XWall over the proxy rather that use the built in dial-up.

* Solution:
Information on how to configure your proxy can be found at
Additional information for Using a Proxy server

back to Troubleshooting

KBXW010

* Symptoms:
You have a AVM Fritz! or B1 ISDN card and
o XWall reports: RAS port is not available
o XWall reports: Another application is using the port
o Windows NT® server hangs after dialing

* Cause:
This is a problem of the driver for the FRITZ! or B1 card
(most likely its the AVM NDIS WAN v1.0)

* Solution:
You need to completely de-install the driver and RAS ( including all registry entries with Clearreg and Cearsys from AVM)
and re-install the latest driver. This usually fixes the problem.

You should run XWall over the proxy rather that use the built in dial-up.
Information on how to configure your proxy can be found at Additional information for Using a Proxy server

back to Troubleshooting

KBXW011

* Symptoms:
The logfile shows Error: No Exchange server found at localhost

* Cause:
A SMTP server is responding, but it is not the one of Exchange.

The most common problems are:
o The SMTP server of the IIS ( Internet Information Server ) is running
o A proxy server with a virtual port mapping is active
o The IP address you specified is wrong

* Solution:
In a DOS box type telnet localhost 25 [enter]. You will then get a greeting line
of the SMTP server which should give you an idea what program is running.

Exchange 5.x
If the line reads something like
220 yourserver.yourdomain.com.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.1600 ready
rather than
220 yourserver.yourdomain.com.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
then the SMTP server of the IIS ( Internet Information Server ) is running.

In Control Panel->Services look for a service called
Simple Mail Transport Protocol (SMTP) and stop it and disable it.
Then restart the Exchange IMS and it should work.

back to Troubleshooting

KBXW013

* Symptoms:
XWall download the messages without any problem but the files stuck in the MSG-IN directory
and XWall doesn't send them to Exchange.

* Cause:
There is an on-access virus scanner running that blocks XWall from accessing the downloaded files.

* Solution:
In your on-access scanner disable the scanning of the XWall directory and below.

Most scanners will never find a virus that is in a raw message file, because they can't extract the attachments
from the message and even if they would find anything, they would confuse XWall more than it would help.

If you enable the virus scanner support in XWall, it will extract the attachments and html pages
from the message and call the scanner to scan it.

back to Troubleshooting

KBXW014

* Symptoms:
The logfile shows Error: No AUTH command in EHLO found, Authentication failed

* Cause:
Authentication is enabled in XWall, but your Exchange doesn't support authentication.

* Solution:
Start MBAdmin, select Options->General->Exchange and uncheck Exchange needs authentication

back to Troubleshooting

KBXW016

* Symptoms:
The messages are not forwarded to the Exchange server;
the messages are all in the MSG-OUT directory and the logfile shows
Error: Timeout in reading data [9]

* Cause:
This error happens in Exchange 2000/2003 when there is something that prevents Exchange from accepting the message.

Usually the error is the result of a routing problem, a renamed domain in the recipient policy, an authentication problem or a firewall that blocks or a virus scanner that prevents Exchange from working correctly.

* Solution:
Exchange 2000/2003

Check if there is a firewall like ISA Server that blocks the data flow between the interface that XWall uses and the interface that Exchange is bound.

or

Check if you have Norton / Symantec Corporate Edition running.

If XWall gets the timeout when it connects to Exchange, then Norton / Symantec Antivirus may have silently installed a firewall that blocks port 24 on the loopback interface ( this is 127.0.0.1 or localhost ).

In this case start MBAdmin, select Options->General->Exchange and change the name of the Exchange server from localhost to the IP address.

If the timeout is after the BDAT command, then Norton / Symantec Antivirus prevents Exchange from accepting the message and you need to exclude the Exchange directory from on-access scanning.

or

Check if there is another virus scanner running and disable it. At least make sure you have excluded the XWall, the TEMP and the Exchange directory from on-access scanning.

or

Start MBAdmin, select Options->General->Exchange and change the name of the Exchange server from localhost to the name or IP address.

If you are currently using a IP address or a name , then change it to localhost. The best is you try every combination and most likely one will work.

or

Start System Manager (Exchange Admin) and select Recipient->Recipient Policies.
Make sure you haven't renamed the domain in the Default Policy.
Adding a new domain is no problem, but renaming the default domain is not what Exchange likes.

or

Start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Access and then Authentication and make sure Anonymous access or Basic Authentication is checked.

or

Start System Manager (Exchange Admin) and select Servers->Your Server->Protocol->SMTP->Default SMTP Virtual Server->Properties.

In this dialog select the tab labeled Access and then Connection and make sure All except the list below is checked.

back to Troubleshooting

KBXW017

* Symptoms:
Excluding an IP address or host name doesn't work

* Cause:
You have excluded the wrong IP or host name.

* Solution:
Open the logfile and locate the line that reads like

Connection opened by list.cramsession.com [63.146.189.62]

In this example list.cramsession.com is the hostname and
63.146.189.62 is the IP address that you need to exclude.

Another example would be a line that reads like

Connection opened by 63.160.84.34 [63.160.84.34]

In this example there is no hostname and the only thing
you can exclude is the IP address 63.160.84.34

back to Troubleshooting

KBXW018

* Symptoms:
When XWall is starting our virus scanner pops up an alert message whining about the Eicar test virus in the temp directory.
Although we know this is just a test virus, why does XWall repeatedly put this file out there.

* Cause:
At startup XWall tests for the presence of an on-access scanner by writing out the Eicar test virus
and displays a warning in the logfile if a on-access scanner is found.

* Solution:
You need to exclude the XWall directory and below and the TEMP directory from the scanner or
else the scanner will corrupt the downloaded messages and/or prevents XWall from accessing the messages.

KBXW020

* Symptoms:
The logfile shows Warning: Possible DNS problem;
unable to connect to local name server xx.xx.xx.xx

* Cause:
At startup XWall tests if it can connect to the name server.

* Solution:
If this test fails then either there is no name server at this IP address

or

there is a firewall blocking access to port 53 tcp of the name server.

Note: Port 53 tcp and not udp.

back to Troubleshooting

KBXW021

* Symptoms:
You have a SonicWall / Zyxel Firewall / Watchguard Firebox
and XWall can't send and/or receive from or to some mail servers.

* Cause:
The SonicWall / Zyxel Firewall has a built inSMTP proxy / Filtered SMTP service that has a bug
in handling some Enhanced SMTP ( ESMTP ) commands, particularly the CHUNKING command
( RFC 3030 - SMTP Service Extensions for Transmission of Large Messages )

The problems happens only when XWall sends or receives a message from a
newer mail server like Exchange 2000/2003 which supports the CHUNKING command.

* Solution:
Disable the SMTP proxy / Filtered SMTP service at the SonicWall / Zyxel Firewall / Watchguard Firebox

or

start MBAdmin, select View->Advanced Configuration->ESMTP and disable CHUNKING and/or ESMTP

back to Troubleshooting

KBXW022

* Symptoms:
High CPU utilization - Looping message

* Cause:
There is a looping messages that keeps XWall and Exchange busy.

* Solution:
The most common problem is that XWall forwards a message to Exchange, but Exchange doesn't
feel responsible for this message and send the message back to XWall, which in turn forward it to Exchange.

Check the logfile of XWall to find out which message is looping and then make sure that Exchange is configured to handle this message

Note: Enable Options->System->Suspicious and XWall will give you a warning in the case such a looping message is detected.

back to Troubleshooting

KBXW023

* Symptoms:
Blocked or excluded MAIL FROM: e-mail address is not blocked or excluded from blocking

* Cause:
The e-mail address that you added is not the e-mail address that the
sender used in the MAIL FROM: command and so it is not blocked or excluded.

* Solution:
Exchange 5.5
Exchange 5.5 doesn't show the e-mail address that was used in the MAIL FROM: command.
The only way to find it out is to open the logfile of XWall (mb.log), search for the subject of the message
and then you will find the e-mail address that you need to exclude or block.

A sample looks like:

Processing inbound message from server.somedomain.com [62.116.14.14]
From: someone@somedomain.com
To: you@yourdomain.com
Subj: Some subject
Prio: 3 / 2 RR: N
Size: 3 K Hop: 2
Deep: 2 / 2

Explanation:
server.somedomain.com = host name of the sending host
62.116.14.14 = IP address of the sending host
someone@somedomain.com = the MAIL FROM: address ( the senders address )
you@yourdomain.com = the RCPT TO: address ( the recipients address )

Exchange 2000/2003
Open the message and then View->Options and here you find Internet header lines.
Locate the line called ReturnPath: and this is the e-mail address that you need to block or exclude.

A sample looks like:

Microsoft Mail Internet Headers Version 2.0
Received:from server.somedomain.com ([62.116.14.14])
by yourserver.yourdomain.co;
Tue, 4 Mar 2003 18:59:37 +0100
From: "Some Unknown" <list@someotherdomain.com>
To: you@yourdomain.com
Subject: Some subject
Date: Tue, 4 Mar 2003 18:54:17 +0100
X-Mailer: Internet Mail Service (5.5.2653.19)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-Path: someone@somedomain.com

back to Troubleshooting

KBXW024

* Symptoms:
A lot of messages are in the outbound queue ( MSG-OUT )

*

Cause:
The most likely reason for this is that you defined an action of Send non-delivery report to the sender
in one of the spam blockings. However, most spammer do not accept mail and so XWall queues the
messages until the messages timeout is expired.

* Solution:
Start MBAdmin, select Options->General->Advanced->Outbound SMTP options
and set the Retry forto something between 4 - 24 hours, which makes more sense than the default of 5 days.

or

Select a different action than Send non-delivery report to the sender.
Usually Discard message or Forward to Admin is the best.

back to Troubleshooting

KBXW025

* Symptoms:
The logfile shows
Error: Unable to start inbound SMTP connection manager
Error: Port or address already in use [10048]

*

Cause:
XWall can't bind to port 25 because there is already a SMTP server running on this machine.

* Solution:
XWall runs on the Exchange machine:
You haven't bound Exchange to a different port like port 24.
See the documentation, section Running XWall on the same machine as Exchange server,
how to bind Exchange to a different port.

XWall runs on a different machine:
Most likely the SMTP server of IIS ( Internet Information Server ) is running.
Open the Service applet and locate the service named
Simple Mail Transport Protocol (SMTP) and disable it.

Note: In the case you need the SMTP server of IIS for CDONTS, you may simply bind it to another port like port 26.
XWall can then use port 25 and CDONTS will also work.

back to Troubleshooting

KBXW026

* Symptoms:
XWall doesn't block the string Sample in
Sam<frame><noframes>itbg7</noframes></frame>ple

*

Cause:
The spammer added unnecessary html tags that are not shown by Internet Explorer and
after XWall removes the html tags from the string, the result is Samitbg7ple and this doesn't match Sample.

* Solution:
Block <frame><noframes> in Options->Blocking->HTML,
because this tags are only used by spammers to make string searching impossible.

back to Troubleshooting

KBXW027

* Symptoms:
XWall erroneous blocks email addresses that are not in the blocking list

*

Cause:
The e-mail address is case insensitive compared from right to left until a match is found.
This allows you to block a whole domain by typing @domain.com
and as a result, bit@domain.com blocks rabbit@domain.com

* Solution:
If you add a space at the beginning, XWall interprets this as a full address
and so bit@domain.com doesn't block rabbit@domain.com

For a description see General syntax - E-mail address

back to Troubleshooting

KBXW028

* Symptoms:
Blank messages between two Exchange server in the same organization

*

Cause:
Exchange has a bug and sends non-RFC conforming messages to another Exchange machine.

* Solution:
Run XWall either on a different machine

or

Run XWall on an extra IP address so that one Exchange can communicate with the other without that XWall is between.

For instructions see Running on the same machine as Exchange but with a different IP

back to Troubleshooting

KBXW029

* Symptoms:
XWall shows a license violation on a cluster

*

Cause:
The licensing of XWall is server based and not user based and you need one license for every running MBServer.exe.
On a cluster you have two instances of MBServer.exe running, because you have two independent machines with two independent machine names and ip addresses.

* Solution:
You need two XWall licenses for a two-node cluster. Because XWall is more a SMTP server than a database program,
it doesn't really make sense to cluster XWall and so it is not recommend to run XWall on a cluster.

back to Troubleshooting

KBXW030

* Symptoms:
Outgoing messages are not handled by XWall

*

Cause:
Exchange does not forward outgoing messages to XWall

* Solution:
Send a message to someone outside your Exchange and then check the logfile of XWall if XWall really handled this message. If there is not indication that XWall handled the message, then Exchange doesn't forward the messages to XWall.

See the Installation instruction, section Outgoing Messages, how to configure Exchange so that outgoing messages are forwarded to XWall.

Back to Troubleshooting

KBXW031

* Symptoms:
Blocked or excluded text or html is not blocked or excluded from blocking

* Cause:
The message doesn't contain the words you are blocking at the time XWall processes it.
Either because Outlook doesn't show you the complete message or that parts of
the message are dynamically downloaded while you read the message.

* Solution:
The only way to find what's really in the message is to look at the raw message.

To get the raw message start MBAdmin, select Options->General->History
and enable Keep a copy of every message.

Then wait until such a message comes in and the logfile will tell you the name
of the message file that you can find in HIST-IN.

back to Troubleshooting

KBXW032

* Symptoms:
Excluding a specific address from address blocking doesn't work

* Cause:
For example @yahoo.com is blocking in
Options->Blocking->Address->Inbound MAIL FROM,
but messages from someone@yahoo.com should be accepted.

By default the exclusion of addresses for addresses is disabled.
Also if the action is Discard message, then the exclusion is not applied.


* Solution:
In Options->Exclude->Options make sure E-Mail Address is checked

In Options->Blocking->E-Mail Address make sure the action is something different than Discard message

back to Troubleshooting

KBXW033

* Symptoms:
Blocking a subject with a lot of question marks ( e.g. ????? ) is not possible

* Cause:
The question mark is a wildcard and can't be escaped.
So ????? basically blocks every subject, with more than 5 characters.


* Solution:
There is no need to block a subject with a lot of question marks, because the subject has no question mark in it.

The subject has some foreign characters and because you haven't the proper font installed,
Outlook shows a question mark for each character it can't display.

If you want to see the real subject then consult the logfile of XWall.

back to Troubleshooting

KBXW034

* Symptoms:
The logfile shows Error: Connection closed by peer for no good reason [11]

* Cause:
The other side closed the connection without giving a good reason.
Usually this indicates some kind of problem at the other side, but the range of problems is wide
(this means it could be all and anything)

* Solution:
Incoming connection:

Someone runs a port scan against your server.
In this case the error happens immediately after the connection

or

There is a routing problem. Usually this happens when you have two NIC and both NIC have a default gateway.
This results in an undefined state because Windows® can choose one of the two cards for outgoing packets.
So when the data comes in on the first NIC, but the response is sent out over the second, then usually the
firewall drops the connection and you get the error mentioned above

or

The sending server has a problem reading the message from disk.
In this case the error usually happens after the DATA or BDAT command

or

The server can send small messages, but fails on larger messages.
There is a routing problem. If the message is small enough that it fits in a small network packet,
then it works, but fails as soon as the router had to split it in parts

or

There is a SMTP filter that runs on your firewall and that closes the connection for whatever reason.
Most firewalls silently install such a filter to prevent invalid messages. If the sending server sends
an invalid message, the firewall detects this and closes the connection to XWall. From XWall viewpoint,
it looks like as if the sending server closed the connection.

There is a simple test if your firewall has installed such a filter:
On the XWall machine telnet to port 25 and type EHLO something.
XWall will greet you and list all available ESMTP options. Make a note of the greeting and all the options.
Now telnet to XWall from the Internet and repeat the test. If the greeting and all ESMTP options are equal,
then you have no filter or the filter is not visible. However, in most cases you see that the filter shows
either a different greeting or far less, if any, ESMPT options.

Once you found out that you have such a filter, you may check the logfile of the filter to find out
why it closes the connection. Usually you can disable the filter completely, because they hurt more than they help.

Outgoing connection:

There is a message size limit at the target server or the server is out of disk space.
In this case the error usually happens after the DATA or BDAT command

or

There target server is blocking the messages.
In this case the error usually happens after the MAIL FROM command

or

There is a virus scanner running on the target that prevent accepting the message

back to Troubleshooting

KBXW035

* Symptoms:
XWall stops working when running as a Console application
( when MBserver.exe was started from an icon )

* Cause:
Quick-Edit mode was accidentally enabled with the mouse and so Windows® completely
stops the application in the console so that you can perform cut & paste with the mouse

* Solution:
Select the Properties of the console and then select the tab labeled
Options and disable Quick-Edit mode

or

run XWall as a service ( see Run XWall as a service )

back to Troubleshooting

KBXW036

* Symptoms:
A on-access virus scanner reports that there is a virus a non-delivery report created by qmail

* Cause:
The on-access scanner produced a false alarm, there is no virus in the non-delivery report created by qmail

Here is a explanation what's going on and why the on-access scanner reports the false alarm:

* Someone sent a virus with your e-mail address

* The recipients server couldn't deliver the message and sends you back
a non-delivery message and adds the original message "as-is" into the text part of the message.

The crucial part is that the non-delivery message has the original message
as text and not as a RFC 822 attachment enclosed.

So when someone opens the message he/she will see only a
lot of characters, but no attachment or the original message.

* Your XWall gets the message and decodes it properly ( means as plain text )

* If you have a virus scanner in XWall and the scanner support eml format,
then XWall passes over the message to the scanner

* Depending on how smart the scanner is, the if will now find a virus or not
( remember, there is no virus in the message, only the pattern of the virus is in the message )

* If the scanner doesn't find anything, then XWall sends the message to the recipient

* If the recipient has an additional scanner on the workstation, then this scanner again
may or may not find a virus, but it is still no virus in the message and so this is a false alarm.

Here is a sample of such a qmail non-delivery message:

Hi. This is the qmail-send program at xxxx.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<some@yyyyy.com>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Received: (qmail 16699 invoked from network); 15 Apr 2004 04:40:20 -0000
Received: from unknown (HELO xxx.xxx.com) (10.0.0.1)
by mail.xxxx.comt with SMTP; 15 Apr 2004 04:40:20 -0000

* Solution:
Block such non-delivery messages

To do so start MBAdmin, select Options->Blocking->Text and add

This is the qmail-send program at

to the list

back to Troubleshooting

KBXW037

* Symptoms:
The logfile shows 535 5.7.3 Authentication unsuccessful
after installing Exchange 2003 SP1

* Cause:
Microsoft has changed something in SP1 that prevents the use of simple users names for SMTP authentication. At present it is not clear if this is a feature or a bug, because it affects all programs including Outlook.

* Solution:
Disable authentication in XWall completely in
Options->General->Exchange->Exchange needs authentication

By default anonymous access is enabled in Exchange and so there is no need for authentication, because Exchange will accept messages for all the domain for which it is responsible.

So when Exchange doesn't accept message for the own domain and gives a 550 5.7.1 Unable to relay, then Exchange doesn't feel responsible for the domain and you should fix that rather than using authentication and force Exchange to accept the message.

See also KBXW002

or

use the User Principal Name (UPN) ( e.g. michael@dataenter.co.at ) in
Options->General->Exchange->Exchange needs authentication->User

or

prepend the domain in front of the user name ( e.g. DataEnter\michael ) in
Options->General->Exchange->Exchange needs authentication->User

back to Troubleshooting

KBXW038

* Symptoms:
The logfile shows all incoming connections originated from a private IP address rather then the real IP address of the sender. As a result blocking by IP address or host name is not working and due that relaying for private addresses is enabled by default, XWall will not pass a relay test.

* Cause:
There is a SMTP proxy running between the sending server and XWall and so XWall sees the IP address of the
proxy server and not the real IP address of the sender.
Also running XWall on an ISA server without proper publishing a SMTP server has the same effect.

* Solution:
SMTP proxy:
If the SMTP proxy is built into your firewall, then you should disable the proxy, because it creates more troubles than it prevents. Usually SMTP proxies are not very sophisticated SMTP servers and so they do not support the full ranges of features that a good SMTP server like XWall or Exchange support.

ISA Server:
If ISA and Exchange are on different machines, then install XWall on the Exchange machine and not on the ISA machine. This will save you a lot of configuration problems and is technically the better solution.

To run XWall on the ISA server, you need to bind XWall to the inside IP address and publish a SMTP from the outside IP address to the inside IP address.

Note: If you run ISA and Exchange on the same machine, like on a SBS 2000/2003, then XWall will run without any problems, simply because ISA is already configured to run a SMTP server.

back to Troubleshooting

KBXW039

* Symptoms:
The logfile shows 504 <server>: Helo command rejected: need fully-qualified hostname

* Cause:
The recipients server doesn't accept mail from XWall because the FQDN of the XWall machine is wrong .The name of the machine is something like server rather than server.yourdomain.com and/or server.yourdomain.com is not a public name in the DNS or the name of the IP address ( the PTR record ) is not server.yourdomain.com

* Solution:
Make sure the name of your machine is something like server.yourdomain.com. If the name is only server, then this means that your machine is not part of a Windows® domain.

or

set the FQDN explicit in View->Advanced Configuration->IP Address->FQDN

Also make sure that the DNS server that is responsible for your domain has an A record for server.yourdomain.com and a PTR record for the official IP address.

back to Troubleshooting

KBXW040

* Symptoms:
High CPU utilization - Outdated McAfee scan engine

* Cause:
The engine of McAfee has a restricted lifetime and some are outdated.
As a result the newer DAT files do not work or use 100% CPU utilization.

* Solution:
Upgrade to the latest scan engine
Info how to download the latest version can be found here

The official statement from McAfee can be found at
http://www.networkassociates.com/us/promos/4160_engine.htm

back to Troubleshooting

KBXW041

* Symptoms:
High CPU utilization - High message count

* Cause:
XWall handles a lot of message and so the CPU is busy

* Solution:
Select View->Advanced Configuration->Threads and decrease the worker threads.
( 15 - 25 is a good value for smaller hardware )

back to Troubleshooting

KBXW042

* Symptoms:
The logfile shows Warning: DNS problem; unable to resolve test-for-dns-resolve.dataenter.co.at

* Cause:
Either the DNS server doesn't support tcp queries or the DNS server can't resolve
public IP addresses and as a result XWall can't resolve the IP address for an existing A record.

* Solution:
Make sure your DNS server can handle tcp queries.
Bind and Microsoft DNS can handle tcp queries, some router with built-in caching server usually accept only udp queries.

Make sure the DNS server is able to resolve public IP addresses.
Using a internal-only DNS will not work with XWall.

back to Troubleshooting

KBXW043

* Symptoms:
The logfile shows
Warning: DNS problem; unable to resolve MX for inbound domain yourdomain.com

* Cause:
XWall gets the MX records from your domain to automatically exclude
your backup MX records from some spam blocking.
However your DNS server can't resolve to MX records of your own domain.

* Solution:
If you have an internal DNS server then you need to manually add the MX records to the zone
or you exclude your backup MX manually.

back to Troubleshooting

KBXW044

* Symptoms:
XWall fails to pass a relay test and the protocol shows something like:

>>> RSET
<<< 250 ok
>>> MAIL FROM: <rlychk@mail.yourdomain.com>
<<< 250 originator <rlychk@mail.yourdomain.com> ok
>>> RCPT TO: <"rlytest%rep.rbl.jp"@yourdomain.com>
<<< 250 recipient <rlytest%rep.rbl.jp@yourdomain.com> ok
relay accepted!!

* Cause:
First of all, accepting a mail doesn't mean relaying and the documentation of the relay test describes this.
Also the maintainer of the test knows exactly what's the difference is and act accordingly.

Relaying means that the mail is accepted in behalf of another server and that XWall will forward the mail
to a server outside of your environment, whereas accepting means that XWall is responsible for
the e-mail domain and will forward the mail to a server inside your environment, usually your Exchange.

The test checks for a bug in Sendmail which gets confused by using a % in the user part
of an e-mail and will therefore relay the message to @rep.rbl.jp.

However, XWall doesn't have this bug and so it doesn't relay the messages. What XWall does is to
accept the message, because it is addressed to your domain and XWall will forward the message to Exchange.
Exchange in turn will then send back a non-delivery report, because the e-mail address is not valid,
but this is not part of the test.


* Solution:
Check the logfile of XWall what XWall did with the message.
If the message was sent to your Exchange, then XWall is not relaying.

back to Troubleshooting

KBXW045

* Symptoms:
XWall hangs after sending the BDAT command

* Cause:
The recipients server announces that it accepts binary data ( RFC 3030 ),
but when XWall sends the data, it fails to get to the server.

There is SMTP proxy between XWall and the recipients server,
and the proxy has has a problem with binary data.

The following devices are known for the problem:

* SonicWall / Zyxel Firewall / Watchguard Firebox
(see also KBXW021)

* Cisco PIX with MailGuard
( see also Microsoft KB 320027 )

* Norton / Symantec Antivirus 9.0 Corporate Edition
( installs a SMTP proxy that can't handle binary data )

* Norton / Symantec Antivirus 10.0 Corporate Edition
( the scanner prevents Exchange from accepting binary messages )

* Solution:

* SonicWall / Zyxel Firewall / Watchguard Firebox

Disable the SMTP proxy or upgrade the firewall

* Cisco PIX with MailGuard

Disable the SMTP fixup ( this is the SMTP proxy in the Cisco PIX )

* Norton / Symantec Antivirus Corporate Edition 9.0 or 10.0

if the problem happens when XWall sends to Exchange, then make sure Norton / Symantec Antivirus hasn't silently installed a firewall that can't handle the binary data.

Also make sure Norton / Symantec Antivirus doesn't scan the Exchange directory, because this prevents Exchange from accepting messages.

Note: This means you need to exclude the Exchange, the TEMP and the XWall directory from on-access scanning, but you may leave the Exchange message scanning enabled.

If nothing of the above fixes the problem, then start MBAdmin, select View->Advanced Configuration->ESMTP and disable CHUNKING and/or ESMTP

back to Troubleshooting

KBXW046

* Symptoms:
The recipients server refuses to accept your message because XWall
refuses to accept a message with blank or NULL address ( MAIL FROM:<> )

* Cause:
The recipients server connects back to XWall and verifies that XWall is willing to
accept a message with blank or NULL address.

If XWall is configured to verify if the sender uses an email address,
then it refuses such a message and in turn the recipients server refuses to accept your message.

Messages with a with blank or NULL address are usually non-delivery reports and
the RFC requires that every mail server needs to accept this kind of messages.

* Solution:
Start MBAdmin, and disable Options->Blocking->DSN

or

exclude the senders IP address or hostname in Options->Blocking->DSN->Exclude

back to Troubleshooting

KBXW047

* Symptoms:
Message flow stops between two Exchange server in the same organization

*

Cause:
If more than one Exchange server exists in an organization, then the Exchange servers communicate internal states using Microsoft propriety SMTP verbs on port 25.

This are things like routing information, envelope properties, message properties, and recipient properties.

Third party gateways like XWALL should not be inserted between internal Exchange servers in the same organization for this reason as compatibility is not possible.

Even if XWALL supports these verbs, they are subject to change/additions/etc since they are Microsoft proprietary.

* Solution:
Run XWall either on a different machine

or

Run XWall on an extra IP address so that one Exchange can communicate with the other without that XWall is between.

For instructions see Running on the same machine as Exchange but with a different IP

back to Troubleshooting

KBXW048

* Symptoms:
White list exclusion doesn't work

*

Cause:
Exchange does not forward outgoing messages to XWall and so XWall can't add the e-mail address to the white list

* Solution:
Send a message to someone outside your Exchange and then check the logfile of XWall if XWall really handled this message. If there is not indication that XWall handled the message, then Exchange doesn't forward the messages to XWall.

See the Installation instruction, section Outgoing Messages, how to configure Exchange so that outgoing messages are forwarded to XWall.

If XWall handles outgoing messages then make sure AdrOWL-A.dat exists.
If the file doesn't exist, then you haven't turned on the white list in Options->Exclude->Exclude - White List

back to Troubleshooting

KBXW049

* Symptoms:
Disclaimer is not added to outgoing messages

*

Cause:
Exchange does not forward outgoing messages to XWall and so XWall can't add the disclaimer to the message

* Solution:
Send a message to someone outside your Exchange and then check the logfile of XWall if XWall really handled this message. If there is not indication that XWall handled the message, then Exchange doesn't forward the messages to XWall.

See the Installation instruction, section Outgoing Messages, how to configure Exchange so that outgoing messages are forwarded to XWall.

back to Troubleshooting

KBXW050

* Symptoms:
XWall not able to establish a connection to Hotmail or MSN for a few hours and
the logfile shows Error: Unable to establish a connection with mail host [14]

*

Cause:
Hotmail and MSN use DNS round robin to load balance between their SMTP servers. However, the DNS server that XWall uses does not support round robin and so XWall does not get the correct IP addresses from the DNS server.

* Solution:
If XWall uses the DNS of Windows, then start the DNS Management Console, select the properties of the DNS server and in the tab labeled Advanced make sure Enable round robin is enabled.

If XWall uses the DNS of your ISP, then either call the ISP and ask them about round robin
or let XWall use the Windows DNS server.

You can test the DNS server using TestMX ( download TestMX from http://www.dataenter.co.at/download.htm#testmx )

Every time you run TestMX you should get a different IP address, for example:

testmx -dhotmail.com

MX for hotmail.com is mx4.hotmail.com [65.54.245.104]
MX for hotmail.com is mx1.hotmail.com [65.54.245.8]
MX for hotmail.com is mx2.hotmail.com [65.54.244.40]
MX for hotmail.com is mx3.hotmail.com [64.4.50.179]
Connecting with mx4.hotmail.com [65.54.245.104]

testmx -dhotmail.com

MX for hotmail.com is mx1.hotmail.com [65.54.244.136]
MX for hotmail.com is mx2.hotmail.com [65.54.190.50]
MX for hotmail.com is mx3.hotmail.com [65.54.244.72]
MX for hotmail.com is mx4.hotmail.com [65.54.190.179]
Connecting with mx1.hotmail.com [65.54.244.136]


If TestMX always shows the same IP addresses, then the DNS does not support round robin.

back to Troubleshooting

KBXW051

* Symptoms:
The logfile shows 501 5.1.7 invalid return path

*

Cause:
The sender sent an invalid e-mail address in the MAIL FROM: command.
For example MAIL FROM: <buddy> rather then MAIL FROM: <buddy@domain.com>

* Solution:
Prior v3.36e XWall automatically converted an invalid e-mail address to a NULL-address ( MAIL FROM: <buddy> was converted to MAIL FROM: <> ). However, this created a security whole and so XWall not longer converts invalid e-mail addresses.

If you want to revert to the previous behavior then add the line

InboundESMTPConvInvalidReturnPathToBlank=True

to XWall.ini

back to Troubleshooting
top

Licensing Agreement

XWall ® is copyrighted 1993-2005 by DataEnter GmbH

This product and its documentation may not, in whole or in part, be copied, reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any other natural or computer language, in any form or by any means whatsoever, be it electronic, mechanical, magnetic, optical, manual or otherwise, without the prior written consent of DataEnter. DataEnter makes no warranty or representation, either expressed or implied, with respect to the product XWall and its documentation, their quality, performance, merchantability, or fitness for a particular purpose. DataEnter reserves the right to revise the user's guide and make changes to the content without obligation to notify any person or organization of such change. In no event will DataEnter be liable for any direct, indirect, special, incidental or consequential damage