D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: Plankman on April 28, 2010, 12:26:43 AM

Title: DFL-210 - Access ISP Mail Server
Post by: Plankman on April 28, 2010, 12:26:43 AM

Hi there

I hope someone can help me. Our company recently got a DFL-210 to control web access, etc. I have been struggling to configure it correctly. I've got the internet part working correctly, just have to enable WCF. My main problem I have is with mail. Our mail server is with our ISP. I've connected our ADSL router to the WAN port and we're on the LAN. POP3 seems to be working fine as we can receive mail. The problem is with sending. If I write a small mail and send it, it goes through. When I try to forward a message, reply to a message or send a message with attachments, the mail program comes with a message that it can't connect to the mail server. I can ping the mail server, so I don't think it's a connection fault. If we plug straight into the router and bypass the DFL-210, mail works fine, so it's not an ISP issue. I'm hoping someone can tell me what I can look for, or what I need to do to fix the problem.

Thanks

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Fatman on April 28, 2010, 08:19:21 AM

Check the WAN MTU of your DFL.

Check for any log entries that occur when this failure happens, chances are good that you should have something...

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Plankman on April 29, 2010, 10:45:30 AM

Hi

I've tried setting the WAN MTU on the maximum, but still no luck. I've looked at the logs and there's nothing there about SMTP events. Is there anything I need to set to log SMTP events so I can try and find what's causing the problem?

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Fatman on April 29, 2010, 11:11:42 AM

well, you could turn logging on for the rule that is allowing the SMTP traffic.

Also, my suggestion was that you might need a lower MTU not a higher one.  Depending on your WAN connection you may need to use a lower MTU.

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Plankman on April 29, 2010, 12:02:56 PM

Thanks

I'll try that tomorrow. At the moment I'm not using any rule for SMTP traffic. I've been talking to a guy from D-Link south africa and he was saying it shouldn't be necessary as the SMTP server is not part of my network. I'll set up a rule tomorrow and check that as well

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Fatman on April 29, 2010, 01:55:36 PM

No traffic egresses this firewall without a rule allowing it.  In this case it would probably be the Allow_Standard rule, which NATs all services from LAN/LAN_Net to WAN/All-Nets

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Plankman on April 29, 2010, 08:55:09 PM

thanks

will try that today

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Plankman on April 30, 2010, 12:55:22 AM

Hey, good news. I enabled logging on the Allow_Standard rule, so that's working. I changed the WAN MTU to 1000 and tried sending mails that weren't going through and it appears to have done the trick.

Thanks for the help

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Fatman on May 03, 2010, 08:18:59 AM

Now comes the hard part, we have to contact your ISP and figure out what MTU you should be using, as using a lower MTU then necessary will be detrimental to performance.  They should know the correct value right away.

If the number they give you isn't working, lower it by 8 and try again.

If all else fails experimentation may be necessary.

Title: Re: DFL-210 - Access ISP Mail Server
Post by: Plankman on May 03, 2010, 08:30:33 PM

Hey Fatman

Thanks, I'll get hold of them and see what they say