SMG does not listen on SMTP port after December upgrade

I was one of the early birds running a SMG 23.4.

So I had to follow these instructions:  The December SMG update will be live any minute. 

But after upgrade my SMG did not listen on SMTP port. There was no inbound/outbound communication possible. After a short panic I found out that listening on all ip addresses (0.0.0.0) does not work any more after this update.

Define an explicit ip address (internal ip instead of 0.0.0.0) and your SMG will work again! Unamused


Use "Verified Answers" if your problem/issue has been solved!

  • 0  

    Hello Diethmar,

    The default 'SMTP server listen address' is '0.0.0.0', so this would be a major problem.

    I tried replicating this from a fresh installation and existing older ova build, however i could not replicate the issue.

    I already answered under the original comment, but for completion:

    In my lab environment coming from a 'vanilla version' fresh from the SLD as a starting image OVA 232.

    I was not able to replicate the connection problem.

    If the system got accidentally upgraded to 23.4/ the earlier reverted update, it might have to do with the 'downgrade from 23.4 to 23.3.4' that the SMG SMTP service did not work as planned?

    In the latest update there are two 'parts' which might come into place, however in any combination i was unsuccessful of bringing my systems SMTP availability to a stop.

    • OnlineUpdate: Updates the software to '23.3.4 rpm:1.0.1-496.1'
    • Product Update to  Secure Messaging Gateway 7.0.2

    Thank you,

    Georg

  • 0   in reply to   

    Georg,

    this evening I will upgrade some more systems which are in the same state. First downgrade, then upgrade. I will see if I can duplicate the issue.

    Nevertheless I could duplicate the issue in my environment: I return to value 0.0.0.0, restart the smtp module and check my smg with mxtoolbox. My mail server is not reachable. Afterwards I return to my ip address and mxtoolbox reports successful communication.

    Diethmar


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    Diethmar - please keep us posted.  I have already sent a message to the dev guys letting them know this.  I have also asked if that 23.4 build is somewhere that I can get to apply to my system.  My system, like Georg's, was a fresh install with the 23.2 ova and then upgraded to the Dec update.

    Pam

  • 0   in reply to   

    My next upgrades (4 to 5 environments) will happen in about 4 hours (out of office hours). One environment runs 5 SMGs.

    I forgot to mention that all of them are on 23.4.


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    Next upgrade ended in a similar situation. Default value 0.0.0.0 caused a strange behavior. After configuring an ip address smtp activity returned to expected behavior.


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    Next customer, the same issue. But Pam has opened a case for this bug.

    However there is an easy workaround which I mentioned in the beginning.


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    we had exactly the same issue

    0.0.0.0 doesn't listen on Port 25

    with IP adress smtp is listening on Port 25

    Hans-Peter

  • 0 in reply to   
    Version:
    23.3.4
    Released:
    5. prosince 2023

    Release notes

    Smg rpm package version smg-1.0.1-496.1


    After this upgrade I had the same problem: No communication on the port 25 => no mail processing!!!
    Fortunately I had a snapshot and could return to functionally version.

  • 0  

    I wrote something about this in another post. It looks to me as if the listner on port 25 loses the connection to the source and then drops with 421. I cannot confirm the empty entry in the listner, the gms-smtp listens on port 25, depending on the setting with FQDN or without, but now the but, (I am still missing my dev tools on the SMG Applinance), I see the gms-smtp several times in the process list but there are processes that do not have any info to /proc. As I said, I'm still missing too much background at this point.

    The pos

    One more addition to the update process for my test installation. The first step was the updates for SMG for Suse. The SMG version was reported after the update with version 7.02, in the browser itself with 23.3.3. After the restart, the version update to 23.3.4 (7.03) was then offered, which was also installed. The browser displays 23.3.4 rpm:1.0.1-496.1

    smg:~ # lsof -i:25 with an IP address in the bind field
    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    smg-smtp 1483  smg   13u  IPv4 112064      0t0  TCP smg.mydom.com:smtp (LISTEN)

    lsof -1:25 without any IP address in the bind field

    smg:~ # lsof -i:25
    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    smg-smtp 1483  smg   13u  IPv4 112823      0t0  TCP *:smtp (LISTEN)

    tcpdump

    a tcpdump. Excerpt from the traffic from a perimeter firewall with EXIM proxy in the direction of SMG error 421 after 250 ok from SMG
    it seems that the connection from the SMG is dropped after a short time with smpt error 421. What can still be seen in Wireshark is when the fqdm is given for the smg-smtp service that there are situations in which the smtp 220 response is empty at the first connect instead of the fqdn being reported.


    07:59:10.426426 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)  smg.mydom.com.37080 > mx.mydom.com.smtp: Flags [R], cksum 0x6a55 (correct), seq 1678949131, win 0, length 0
    07:59:10.426572 IP (tos 0x0, ttl 64, id 14906, offset 0, flags [DF], proto TCP (6), length 95)   mx.mydom.com.smtp > smg.mydom.com.37080: Flags [FP.], cksum 0xea76 (correct), seq 6748:6791, ack 883, win 235, options [nop,nop,TS val  494656429 ecr 3396239362], length 43: SMTP, length: 43  421 mx.mydom.com lost input connection

    Please take everything with a grain of salt, the deep dive into SMG is missing

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

  • 0 in reply to   

    we found an issue after the upgrade:

    SMG before upgrade, postfix is disabled

    SMG after upgrade, postfix is enabled and running and listening on the default ip address of SMG

    stopping postfix and disabling autostart -> SMG is listening and receive messages

    changing the smg smtp adress from 0.0.0.0 to IP address of the smg LAN Intercace is another option