Shipping SMTP packets to a specific Gateway

Is it possible to configure a 3550 switch to make what are essentialy policy routing decisions based upon a port?? I have a 3550 switch in my customers DMZ which is the egress point off of the production network to the Internet. I have 2 ISP connected to the switch; both having great bandwidth.
The tranlation that I have for our MX and RDNS records is out of one of the ISP's only.
I would like to be able to configure the switch if at all possible so that when it received any SMTP packet outbound from our Mail Server, that it will make the decision to send it out the correct ISP.
I would like to the switch to load balance between the two gateways for all other traffic.
Please help. I looke at policy routing, but could not see where I would configure port criteria...

Hi,
You can match smtp traffic with ACL. For all other traffic that you want to load balance configure 2 default routes and point it to the two ISPs. On 3550 switches you need to configure 'sdm prefer extended-match' command for PBR to work. You need a config like this one.
route-map test permit 10
match ip address 100
set ip next-hop
access-list 100 permit tcp any any eq smtp
int f0
description 'connects to LAN'
ip policy route-map test
ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0
sdm prefer extended-match
HTH
Sundar

Similar Messages

How to send a packet through a specific Inferface ?

Hello!
I have 3 interfaces in my pc : LAN / WLAN / 3G
On LAN I have a global IP.
On WLAN and 3G I'm behind NAT.
I'm coding a program (client+srv) >
I watch a video streaming on LAN then I switch to WLAN or 3G and I want it to happen seamless. So basecly seamless vertical handover is my goal.
Because I'm behind a NAT (3G,WLAN) First I have to send a packet to the server (connection initialization). When the server sends the stream to me it actually sends it to the NAT and the NAT will fwd it to me.
The NAT send the packets back to me only if>
1. the server sends from the same port which it received the request form the NAT
2. It have to send to the same NAT (ip+port) address where the request came from
3. NAT will send then the packet back to my PC to the same port where I sent my request from.
Here comes my big problem!
I have a socket bound to a IP1 and port (e.g. WLAN) if I want to send a packet to an destination IPx for which the route table has the LAN interface as default gateway (IP2), then it will send my packet trough the LAN (IP2) but the source IP will be IP1 in the packet.
Basecly I have a WLAN package on my LAN.
This is bad for me in 2 ways.
1. there won't be a NAT binding for my WLAN
2. the packet won't even make it to the server because the very first router will throw it away since it's source IP is not a LAN IP
SO,
is there a way in Java, to send a packet thorugh a specific interface???
Thx for the kind help!
r0hamkuka

I used NetworkInterface.getNetworkInterfaces() to get all avaliable interfaces. After that I used this: interfaceSocket = new DatagramSocket(6000, interfaceIp); for all my interfaces with different interfaceIp of course
The I tried to send a packet to 153.66.200.155 for example (LAN address) through my WLAN interface (ip for example: 192.168.1.101) using WLAN's interfaceSocket.send()
But the packet goes out on my LAN interface (ip 153.66.200.166) while the src ip is still 192.168.1.101 in the packet. That is why I sad WLAN packet on LAN interface.
I guess the reason is still the routing table. Because routing table tells which IF to use for a destination IP. Of course for dest 153.66.x.x routing table contains 153.66.200.166 as the gateway and not 192.168.1.101. So Win uses this the LAN IF to send the packet.

Error reading SMTP packet; response to RCPT TO command expected

Hi all, we have started experiencing problems on our mail environment (iPlanet Messaging Server 5.2 HotFix 2.09 (built Nov 18 2005)) re: sending mail to hotmail.
For many emails sent to hotmail, we are getting the following error:
Error reading SMTP packet; response to RCPT TO command expected
We are not experiencing any errors when sending to yahoo from our iMS5.2 environment. Nor are we experiencing any errors when we send mail from our Microsoft Exchange server to hotmail.
Does anyone have any ideas as to what might be the problem?
Thanks in advance,
Stewart

Hi all again, further to my previous posting, I have some more info.
In our iMS5.2 environment, we have two mail relays/gateways. Today I tried manually sending emails to hotmail using telnet. I found that I was able to send an email from one gateway (gw2) but not the other (gw1). On the mail gateway that I can't send an email, gw1, using telnet, I get the following error:
550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to http://postmaster.msn.com. Please note: if you are an end-user please contact your E-mail/Internet Service Provider for assistance.
A search on Google reveals this blocking is quite common with hotmail.
Am I right is thinking that hotmail is blocking emails that originate from mail gateway gw1 that is having problems? And if so, what can be done to remedy the situation?
Thanks in advance,
Stewart

Error reading SMTP packet

Hi all,
Can anybody point me to the right direction? I keep getting this error once in a while. Is it a network or mail server problem?
--- mail.log_current output
11-Sep-2009 18:03:00.75 tcp_local tcp_intranet VES 0 [email protected] rfc822;[email protected] @mail.esuria.com.bn:[email protected] mailsrv Error reading SMTP packet
--- tcp_local_slave.log-0KPS00301WZA4D00 output
17:57:10.65: Debug output enabled, program version V6.3 compiled Aug 3 2007 17:16:10
17:57:10.65: Sun Java(tm) System Messaging Server shared library version 6.3-4.01 linked 17:13:29, Aug 3 2007
17:57:10.65: SMTP server initiated on socket 9
17:57:10.65: Received connection from @[64.104.193.197]
17:57:10.65: Applying PORT_ACCESS mapping to "TCP|172.16.101.31|25|64.104.193.197|32522"
17:57:11.21: Sending : "220 smtp1.esuria.com.bn -- Server ESMTP (Sun Java(tm) System Messaging Server 6.3-4.01 (built Aug 3 2007; 32bit))"
17:57:11.53: Received : "EHLO syd-iport-2.cisco.com"
17:57:11.53: Remote host IDENT information: [64.104.193.197]
17:57:11.53: Attempting channel switch: Rewriting "user@[64.104.193.197]"
17:57:11.53: Creating SASL context for service "smtp" and ruleset ""
17:57:11.53: SASL context creation returned status = 0
17:57:11.53: Sending : "250-smtp1.esuria.com.bn"
17:57:11.53: Sending : "250-8BITMIME"
17:57:11.53: Sending : "250-PIPELINING"
17:57:11.53: Sending : "250-CHUNKING"
17:57:11.53: Sending : "250-DSN"
17:57:11.53: Sending : "250-ENHANCEDSTATUSCODES"
17:57:11.53: Sending : "250-EXPN"
17:57:11.53: Sending : "250-HELP"
17:57:11.53: Sending : "250-XADR"
17:57:11.53: Sending : "250-XSTA"
17:57:11.53: Sending : "250-XCIR"
17:57:11.53: Sending : "250-XGEN"
17:57:11.53: Sending : "250-XLOOP 407CAF6A4E71FE579A5390266542F014"
17:57:11.53: Sending : "250-STARTTLS"
17:57:11.53: Listing available SASL mechanisms
17:57:11.53: SASL mechanism list status = 0
17:57:11.53: Sending : "250-AUTH PLAIN LOGIN"
17:57:11.53: Sending : "250-AUTH=LOGIN"
17:57:11.53: Sending : "250-ETRN"
17:57:11.53: Sending : "250-NO-SOLICITING"
17:57:11.53: Sending : "250 SIZE 0"
17:57:11.84: Received : "STARTTLS"
17:57:11.84: Sending : "220 2.5.0 Go ahead with TLS negotiation.
17:57:11.84: TLS ignore bad certificate flag = 1
17:57:12.54: TLS negotiation accepted
17:57:12.83: Received : "EHLO syd-iport-2.cisco.com"
17:57:12.83: Remote host IDENT information: [64.104.193.197]
17:57:12.83: Attempting channel switch: Rewriting "user@[64.104.193.197]"
17:57:12.83: Sending : "250-smtp1.esuria.com.bn"
17:57:12.83: Sending : "250-8BITMIME"
17:57:12.83: Sending : "250-PIPELINING"
17:57:12.83: Sending : "250-CHUNKING"
17:57:12.83: Sending : "250-DSN"
17:57:12.83: Sending : "250-ENHANCEDSTATUSCODES"
17:57:12.83: Sending : "250-EXPN"
17:57:12.83: Sending : "250-HELP"
17:57:12.83: Sending : "250-XADR"
17:57:12.83: Sending : "250-XSTA"
17:57:12.83: Sending : "250-XCIR"
17:57:12.83: Sending : "250-XGEN"
17:57:12.83: Sending : "250-XLOOP 407CAF6A4E71FE579A5390266542F014"
17:57:12.83: Listing available SASL mechanisms
17:57:12.83: SASL mechanism list status = 0
17:57:12.83: Sending : "250-AUTH PLAIN LOGIN"
17:57:12.83: Sending : "250-AUTH=LOGIN"
17:57:12.83: Sending : "250-ETRN"
17:57:12.83: Sending : "250-NO-SOLICITING"
17:57:12.83: Sending : "250 SIZE 0"
17:57:13.20: Received : "MAIL FROM:<[email protected]> SIZE=14800"
17:57:13.20: Debug output enabled, system smtp1.esuria.com.bn, process 0fcd.3, message enqueue routines version V6.3 compiled Aug 3 2007 17:13:34
17:57:13.45: Sending : "250 2.5.0 Address and options OK."
18:02:57.52: Received : "RCPT TO:<[email protected]>"
18:03:00.74: Sending : "250 2.1.5 [email protected] OK."
18:03:00.75: os_smtp_read: [9] network read returned no data
18:03:00.75: Shutting down SASL server context
18:03:00.75: smtpc_enqueue returning a status of 9 (OK)
18:03:00.75: pmt_close: [9] status 0
Thanks in advanced.

Look at the time stamps toward the end of the slave_debug log file:
The server received the connection, sent the banner, received the EHLO, and replied to it all around 17:57:10.
Then STARTTLS and EHLO around 17:57:12. Then:
17:57:13.20: Received : "MAIL FROM: SIZE=14800"
17:57:13.20: Debug output enabled, system smtp1.esuria.com.bn, process 0fcd.3, message enqueue routines version V6.3 compiled Aug 3 2007 17:13:34
17:57:13.45: Sending : "250 2.5.0 Address and options OK."
18:02:57.52: Received : "RCPT TO:"
18:03:00.74: Sending : "250 2.1.5 [email protected] OK."
18:03:00.75: os_smtp_read: [9] network read returned no data
It was over 5 minutes from when the server sent the response to the MAIL FROM until when the client sent the RCPT TO.
The server responded to the RCPT TO quickly enough, but then found the connection from the client had been closed.
This looks like a client problem or network performance problem.
It is also conceivable that it is is a server performance problem and it takes 5 minutes for the server process/thread to get back to receiving the RCPT TO. But, if that was the case, I would expect you to be complaining about the server performance rather than these occasional errors.

High Packet Loss on Media Gateway and Mediation Server leg

Hello,
We have recently begun to receive SCOM alerts showing a high percentage of poor voice quality on calls that are being sent to voicemail. QoE Reports show an extremely high packet loss on the Media Gateway and Mediation Server leg of the call.
The SCOM alerts are similar to this:
Alert: Media quality alert for gateway and Mediation Server leg
Source: Microsoft.LS.2010.QoE.Metric.AudioQuality.GatewayMS
Path: MonServer01;10.1.1.1 - FESERVER01;10.1.1.1 - FESERVER01 Last modified by: System Last modified time: 9/13/2013 9:16:17 AM Alert description:
Following are the details for this media quality alert:
Media quality alert for: Gateway and Mediation Server leg "10.1.1.1 - FESERVER01"
Total calls = 51
Poor quality calls = 12
Poor quality call percentage (%) = 23.53
Following are the average values for call classification metrics:
Average network degradation = 0.08
Average jitter (ms) = 1.86
Average packet loss (%) = 3.71
Average round trip time (ms) = 0.00
Average concealed metric (%) = 16.33
Average stretched metric (%) = 0.57
Average compressed metric (%) = 0.92
These alerts did not seem to be popping up until we enabled Media Bypass and CAC. The call setup looks like this:
MEDIANT 3000 -> MEDIATION SERVER -> UM SERVER
We have had our networking team take a look at all legs of the network between subnets and they do not find any dropped packets.
Any ideas what might be causing this to happen ONLY on calls that are transferred to voicemail?
Thanks.
-John Boslooper
VWGoA Lync Administrator
John K. Boslooper Unified Communication Engineer

Please try to disable Media Bypass and CAC to check if still have the issue.
Try to enable Media Bypass and CAC one at a time to check which cause the packet loss.
Tyr to use Lync Logging Tool to collect trace file on Lync Mediation Server.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Hi Lisa,
I Turned off CAC and left Media Bypass on. I received 87% packet loss, although when listening to the voicemail, I heard no drops at all. Here are the stats:
Audio Stream (Caller -> Callee)
    Codec: PCMA Sample rate: 8000
    Packet utilization: 947
    Avg. packet loss rate: 26.40 % Max. packet loss rate: 87.11 %
    Avg. jitter: 1 ms Max. jitter: 3 ms
    Burst duration: 5000 ms Burst gap duration: 8690 ms
    Burst density: 100.00 % Burst gap density: 0.00 %
    Avg. concealed samples ratio: 21.00 % Avg. stretched samples ratio: 0.00 %
    Avg. compressed samples ratio: 0.00 %
    Avg. network MOS: 1.91 Min. network MOS: 1.50
    Avg. network MOS degradation: 1.81 Max. network MOS degradation: 2.23
    NMOS degradation (jitter): 0.00 % NMOS degradation (packet loss): 99.00 %
    Audio Stream (Callee -> Caller)
    Codec: PCMA Sample rate: 8000
    Audio FEC: False Bandwidth estimates: 0 Kbps
    Packet utilization: 658
    Avg. packet loss rate: 0.00 % Max. packet loss rate: 0.00 %
    Avg. jitter: 0 ms Max. jitter: 0 ms
    Avg. round trip: 0 ms Max. round trip: 0 ms
Then I turned on CAC and turned off Media Bypass. Left a message. 0% Packet Loss. Voicemail sounded perfect once again. Here are the stats:
Audio Stream (Callee -> Caller)
    Codec: PCMA Sample rate: 8000
    Audio FEC: False Bandwidth estimates: 0 Kbps
    Packet utilization: 1066
    Avg. packet loss rate: 0.00 % Max. packet loss rate: 0.00 %
    Avg. jitter: 0 ms Max. jitter: 0 ms
    Avg. round trip: 0 ms Max. round trip: 0 ms
    Audio Stream (Caller -> Callee)
    Codec: PCMA Sample rate: 8000
    Packet utilization: 1866
    Avg. packet loss rate: 0.00 % Max. packet loss rate: 0.00 %
    Avg. jitter: 2 ms Max. jitter: 9 ms
    Burst duration: 0 ms Burst gap duration: 36000 ms
    Burst density: 0.00 % Burst gap density: 0.00 %
    Avg. concealed samples ratio: 0.00 % Avg. stretched samples ratio: 1.00 %
    Avg. compressed samples ratio: 4.00 %
    Avg. network MOS: 3.58 Min. network MOS: 3.54
    Avg. network MOS degradation: 0.15 Max. network MOS degradation: 0.18
    NMOS degradation (jitter): 0.00 % NMOS degradation (packet loss): 0.00 %
The kicker is, with media bybass enabled, the call going to Voicemail (Exchange UM) is not a media bypass call. The Lync Mediation server is handling the call in both instances (Media Bypass ON or OFF).
I'm thinking it's a problem with the reporting feature since no visible/physical packet loss can be seen or heard. Our issue also lies with the fact that it's throwing of our call quality stats for the day because of the amount of "poor calls" going
to voicemail.
I would really love to figure this out. Any thoughts?
John K. Boslooper Unified Communication Engineer

SMTP SERVICE

Hi,
Please let me know how to activate the SMTP service in SRM .
Regards,
Manu

MANU AGRAWAL wrote:Hi
Please go through the SAP OSS Note details below ->
Note 455140 - Configuration of e-mail, fax, paging or SMS using SMTP
>
>
>Summary
Symptom
How do you configure e-mail, fax, paging or SMS in the SAP Web Application Server using SMTP?
Which prerequisites and settings are required outside the SAP system?
Other terms
INT, FAX, PAG, SAPconnect, SMTP
Reason and Prerequisites
Some information is missing.
Solution
General information, architecture, prerequisites, system environment
When e-mails are transferred using SMTP, the SAP Web Application Server communicates directly with a mail server. No gateway or connector is necessary.
You can use any SMTP-compatible product as a mail server.
The SAP system always transfers the outbound mails to a single mail server. You can set its host address and port number.
The SAP system can receive inbound mails from any number of mail servers. You can reach each client using separate, configurable port numbers. You can address the SAP system or its client most effectively by using an individual subdomain for each client (for example, "crm-prod.company.com"). The assignment of these subdomains to host name and port numbers of the SAP system is defined by the routing rules on the mail servers.
As of Release 6.20, you can also send and receive fax and SMS or paging messages using SMTP. These are packed in e-mails for this purpose. When sending, the mail server refers to the domain of the recipients' addresses, and directs the e-mails either to a internal company fax/SMS server (for example "[email protected]") or to an external provider (for example, "[email protected]"). When receiving, the fax or SMS server or the provider sends e-mails to addresses with the domain of the SAP system (for example "[email protected]").
Configuration
1. Profile parameter
To be able to use the SMTP functions, you must adjust the profile of the SAP Web Application Server. We recommend that you activate SMTP on all application servers of an SAP system. If this is not the case, the SAPconnect send job may only be scheduled for servers on which SMTP is active. The scheduling is then done by the standard job definition (transaction SM36) rather than by the SAPconnect administration (transaction SCOT, for a description, see 4.c).
For SMTP, you must set the profile parameters listed below. The placeholder <*> stands for a number with which the parameters that can occur several times are numbered sequentially, starting with 0.
a) icm/server_port_<*> = PROT=SMTP,PORT=<port>
This opens a TCP/IP port for receiving mails by the SMTP Plug-In. <port> specifies the number of the port that you should use. This must not be occupied by any other program on this host (for example, Sendmail usually uses port 25). If no mails (including status notifications) are to be received in this SAP system, <port> can be set to 0.
You can use the TIMEOUT option to define a maximum wait time for a response from the mail server (in seconds).
b) is/SMTP/virt_host_<*> = <host>:<port>,<port>,...;
This defines a "virtual mail host" for receiving mails. If all incoming mails (including status notifications) are to be received and processed in a single client of this SAP system, this parameter is not required (an entry is/SMTP/virt_host_0 = : is then assumed by default). If you want several clients to be able to receive, you must create a virtual mail host for every client. <host> specifies the name of the host to which incoming mails are addressed. The "*" value can also be specified here if the mail distribution is to occur independently of the addressed host. Important: If the mail is to be distributed according to host names, you must assign different IP addresses to these host names. <port> specifies the number of a port to which incoming mails are addressed. Several ports may be specified for each host, and several hosts (with several ports if necessary) may be specified for each virtual mail host. Important: The parameter line must always be completed with a semicolon (even if only one host is involved).
The assignment of virtual mail hosts to clients is carried out in the SAP system (see 3).
              Example:
With two clients capable of receiving mail, the profile parameters could read as follows (as of Release 6.20):
   icm/server_port_0 = PROT=HTTP,PORT=1080
icm/server_port_1 = PROT=HTTPS,PORT=1443
icm/server_port_2 = PROT=SMTP,PORT=25000,TIMEOUT=180
icm/server_port_3 = PROT=SMTP,PORT=25001,TIMEOUT=180
is/SMTP/virt_host_0 = *:25000;
   is/SMTP/virt_host_1 = *:25001;
2. User administration (transaction SU01)
a) System user
In each client of an SAP system in which incoming mails (or status notifications for sent mails) are to be received, a system user must be created to process the incoming messages. To do this, use transaction SU01 to create a user of the type "system", and assign the "S_A.SCON" profile to this user.
Important: Contrary to the documentation for user types, users of type "system" are also subject to password expiry, which can prevent the receipt of mails. To avoid this, use user type "service" until a correction of the incorrect behavior of type "system" is available.
b) User addresses
Each individual user who wants to receive e-mails in an SAP system needs an Internet mail address. This is also used as a sender address for sending e-mails. In transaction SU01, enter the Internet mail address of a user in the field "E-Mail" under "Address". As a domain, use the domain of the SAP system client if possible (see "General information" above and 4.a), for example "[email protected]".
3. Client assignment (transaction SICF)
For each client of an SAP system in which incoming mails (or status notifications for sent mails) are to be received, and processed if necessary, you must create an SMTP server in which the assignment to a virtual mail host as well as the logon data is defined. In transaction SICF, an SMTP server (envelope icon) should already be available in every SAP system. This is delivered by SAP. Use this for the first client that you want to be able to receive mails, and create a new SMTP server for every other client. You must make the following settings on the SMTP servers:
a) Host data
For "Profile Parameter Number", enter the sequence number of a parameter is/SMTP/virt_host_<*> from the profile. If you have only one client and did not create such a parameter in the profile, enter 0.
b) Service data
Enter the client into which the mails received using this virtual mail host are to be directed, as well as the logon data (user, password, language) of the service user that was created for inbound mails (see 2.a).
c) Handler list
Enter CL_SMTP_EXT_SAPCONNECT in the first position.
              As of Release 6. 20, you must activate the SMTP server after you create or change it (Service/Virt.Host --> Activate, or right-click).
4. SAPconnect administration (transaction SCOT)
You have to make the SAPconnect settings separately in each client from which e-mails are to be sent or in which e-mails are to be received.
a) Default domain
The domain of this SAP system client is defined here, for example, crm-prod.company.com. It is used for the following purposes:
The SMTP Plug-In logs on to the mail server with the domain as ID.
The message ID of outgoing mails is created with this domain.
If an SAP user who has not entered an Internet mail address in their user master record sends an e-mail, a sender address is generated from the SAP user name and this domain, for example [email protected].
b) Nodes
There are different types of node in SAPconnect:
SMTP nodes (for the SMTP function of the SAP application server)
HTTP nodes (for paging or SMS providers using Web services, as of 6.20)
RFC nodes (for old RFC-compatible e-mail/fax/paging gateways)
                       There is always a single SMTP node in each client. It is created automatically by the system and cannot be deleted. It is configured as follows (double-click on the node name):
Select "Node in use".
Under "Mail Host" and "Mail Port", specify the mail server to which outbound mails are to be transferred.
Select "Set" for "Internet".
Specify address areas of recipient addresses that are to be reached using these nodes (usually "*" if all e-mails are to be sent using SMTP).
For "Output Formats for SAP Documents", the following is recommended:
   SAPscript / Smart Forms      PDF
   ABAP List                    HTM
   Business Object / Link        HTM
   RAW Text                      TXT
                       If fax messages are also to be sent using SMTP:
Select "Set" for "Fax".
Specify address areas of recipient addresses that are to be reached using these nodes (usually "*" if all faxes are to be sent using SMTP).
For "Output Formats for SAP Documents", the following is recommended:
   SAPscript / Smart Forms      PDF
   ABAP List                    PDF
   Business Object / Link        TXT
   RAW Text                      TXT
For "Conversion into Internet Address", enter the domain of the fax server or fax provider. The local part of the Internet address is generated automatically by the system. The address then has the form "FAX=+recipientnumber@domain".
                       If paging or SMS messages are also to be sent using SMTP:
Select "Set" for "Pager(SMS)".
Specify address areas of recipient addresses that are to be reached using these nodes (usually "*" if all paging or SMS messages are to be sent using SMTP).
For "Conversion into Internet Address", enter the domain of the paging or SMS server or paging or SMS provider. The local part of the Internet address is generated automatically by the system. The address then has the form "SMS=+recipientnumber@domain".
                       Important: To be able to use paging or SMS in the SAP system, names must be defined for the messaging services to be used (e.g. "SMS"). You can do this using transaction SA14.
c) Send job
E-mails that are sent from an SAP application are merely put into a queue. A periodically running background process, the SAPconnect send job, takes the e-mails from the queue and sends them by Internet. This job can be scheduled from SAPconnect administration as follows:
Choose "View" --> "Jobs". Check whether a job is already scheduled (displayed as a calendar icon).
Choose "Job" --> "Create", and specify a job name.
Place the cursor on the "SAP&CONNECTALL" variant, and choose "Schedule Job".
Choose "Schedule periodically".
Specify a time interval (for example, 10 minutes), and choose "Create".
d) Receiving
With the settings made so far, SAP users can already receive e-mails in their inbox in the Business Workplace (transaction SBWP) at the address entered in the user master record.
If, on receipt of e-mails to a specific address or with specific contents (for example XML documents), you want a program that processes these e-mails to start automatically, you can configure this under "Settings" --> "Inbound Processing".
If, on receipt of e-mails to a specific address or from a specific sender, you want these to be directed automatically to another recipient or a distribution list, you can configure this under "Settings" --> "Inbound Distribution".
5. Settings on the mail server (SAP-external configuration)
To be able to receive mails in the SAP system, you need to set your mail server so that certain mail addresses are forwarded to one or several SAP systems or clients. For this purpose, you need to define routing rules that assign a mail host and/or port to address areas (generic address parts, usually the domain), for example:
      *@crm-prod.company.com --> SAPWASHost:25000
      *@crm-test.company.com --> SAPWASHost:25001
For more information about the exact setting procedure, see the mail server documentation. Note 546147 describes where the documentation can be found for the Microsoft Exchange 2000 Server, and what to do if your mail server does not allow routing to ports other than port 25.
Header Data
Release Status: Released for Customer
Released on: 01.10.2007 13:43:04
Priority: Recommendations/additional info
Category: Installation information
Primary Component: BC-SRV-COM Communication Services: Mail, Fax, SMS, Telephony
Secondary Components: BC-SRV-COM-SPL eMail, Fax and Paging using SMTP Plug-in
Affected Releases
Software
Component Release From
Release To
Release And
subsequent
SAP_BASIS 60 610 640
SAP_BASIS 70 700 700 X
Related Notes
960088 - FAQ: Sending SD messages externally
833396 - Notification of tester with status changes of message
779972 - SURVEY: Configuration required to receive emails
622464 - Change: Password change req. entry for "SYSTEM" user type
607108 - Problem analysis when you send or receive e-mails
594428 - SXC: Exchange 2003 Server is not supported
581035 - Problems with SMTP and virtual hosts with the same port
546147 - SMTP plug-in: MS Exchange sends only to port 25
519664 - Installation of SAP SEM Release 3.1B GA
519658 - Upgrade to SAP SEM Release 3.1B GA
511025 - Bid invitation: No confirmation of receipt
455142 - SAPconnect: Configuration paging/SMS via HTTP
455129 - Paging/SMS in different SAP releases
455127 - E-mail (SMTP) in different SAP releases
101573 - Internet Mail Gateway: Versions
17194 - Telefax in various SAP Releases
Print Selected Notes (PDF)
Attributes
Attribute Value
Transaction codes EMAIL
Transaction codes HIER
Transaction codes SA14
Transaction codes SBWP
Transaction codes SCOT
Transaction codes SICF
Transaction codes SM36
Transaction codes SU01
weitere Komponenten 0000036371
>

Leaking un-nated packets.

Following problem is occuring to a couple of our css running version 07.40.1.04.
The system is running in redundant configuration active - standby isc interconnected.
The css are configured to handle mutiple url to be loadbalanced to a farm of 8 servers.
At public side we use redundant-vip at the server-end redundant-interface (also def.gw for these servers)
For certain systems outbound connection through the css is needed eg. public DNS server, CA, ftp-updateserver, ...
For these servers a (nat-) group exists; and acl are permitting this outbound traffic.
group outbound_servers
add service server_1
add service server_2
add service server_3
add service server_4
vip address an_internet_routable_ip-address
redundant-index 135
active
The problem is when some of these server perform requests to the a public dns server their packets remain un-nated.
These packets don't travel far, our IDS and firewall detect and halt them, however they won't be able to be routed throught the internet as they are private.
This all causing the request never to be answered. As far sniffing gives more info, appearently these are all udp requests, can this be the cause ?
Any ideas why this happens, or what the cause might be. Any suggestion about how digging further into this would be helpful.
Thanx
HVD.

We experienced similar behaviour for our CSS load balancing SMTP servers. These servers were NATed on CSS with VIP address on CSS using a group. Once in a while we use to see packets on Internet firewall with server's non-nated IP ADD. On close inspection we found out that when the CSS service pointing to the servers use to go down the CSS use to act as a router and route any packets coming from the SMTP server to its default gateway of Internet Firewall. The SMTP service on the servers was flapping between up/down state due to code problem on the servers.
You may want to see if CSS Service pointing to the servers is up or down when you see the non-nated IP ADD on Firewall.

SMTP problem with WRT54GL

I've seen similar issues here but haven't seen a solution yet. Whenever I send an email there is a 30 second delay. This is true for all computers on my network, windows or linux and for two different SMTP servers at different locations. Also Thunderbird and Outlook show the same problem, the router seems to be the common element.
I used Wireshark to capture the transaction and found a consistent problem. The TCP/IP connection gets created very quickly (SYN/SYN-ACK/ACK) and then there is a 30 second delay before receiving the first SMTP 220 packet.
My theory is that the first packet returned from the SMTP server is getting blocked by the router, causing it to time out and retry. To test this idea I put one of my systems in the DMZ and the message got sent right away.
Now, here's where it gets a little more interesting. I had expected only the DMZ machine to be helped but *all* of the systems worked correctly with this one machine in the DMZ. I even tried putting an embedded linux based NAS server as the DMZ machine and again the situation improved. I also tried setting the DMZ to an unused IP address in the subnet and that did not make the problem go away, otherwise I might just have left it at that, but I don't want to have any real machines in DMZ.
I am only seeing this problem with SMTP packets, and then it's only the first one that comes back from the server. HTTP, SSH, everything is fine.
BTW, firewall on the router is disabled as well as on the clients. The router is at firmware revision 4.30.5 which is the most recent that I found on the Linksys site.
Any clues, things to try? I can provide any details for network captures if it will help.
Thanks in advance,
Joe Meadows

Well, 30 seconds sounds like something tries to connect to a "stealth" port and retries until it times out. This usually happens, when you have a SMTP, POP or IMAP server running on Unix which still uses the identd service on port 113. With ident the server asks the client about the username which is trying to connect. This service is pretty useless in the internet because it is totally unsecure and thus no server can rely on this anymore, but some libraries still have it built-in.
The problem arises when the client computer or the gateway in front of the client is "stealth"ing ports. If a port is closed (because no service is running on port 113) the computer would immediately reply to that no connection can be established. However, people think it is better when the port is "stealth" meaning: the computer does not answer at all, thinking the computer would be invisible (which it is not because a computer that is not answering is obviously there...)
The standard IP procedure for the server is to wait for the answer until it times out. Then retry 2 or 3 times. Quickly you have 30 seconds until the server gives up on the identd and continues.
However, you say you have the firewall disabled on your router. That would mean that the ident port should be properly reported closed and is not stealth. You could test with a port scan in the internet whether your internet ports are really reported closed or "stealth"ed. It should be closed if the firewall is off. (By the way, firewall off means access to the web-based management from the internet is possible...)
Many routers have the option to filter ident in the security settings. Usually you would turn off that option if you experience this problem. It should be off with the firewall turned off. However, all the symptoms you describe would fit.
If you put a host into DMZ which is not running a firewall and thus does not keep port 113 stealth it obviously helps any client that connects: the ident request is always sent to the DMZ and the DMZ reports the port closed and immediately the connection continues.
I used to forward port 113 on a different router to my network printer because it has a static IP address and it does not have a firewall thus reports 113 closed.
You could try to remove the DMZ and only forward port 113 to that computer.
You could also install a packet sniffer on the DMZ to see what packets arrive when you try to connect with a client to the SMTP server. Then you should see that a ident SYN on port 113 arrives (or something else if it is not ident...)

Multiple gateways for different Traffic on ASA 5510 firewall

Hello,
My network atthe moment is set up as:
WAN, with three sites
Site 1
Site 2
Site 3
Site 1 is behind a non-Cisco firewall, which is connected to the internet via a Frame Relay link (using a Cisco 1721 router). We host a number of servers on the Internal network and DMZ's.
All sites connect to the WAN using Cisco routers or switches.
All internet traffic (IN and OUT) for all sites goes via the non-Cisco firewall.
I am interested in the ASA 5510 with six interfaces.
Using the ASA 5510 is it possible to set up two (2) internet connections, one via the Frame Relay and a second internet connection via an ADSL connection?
Then, is it possible to direct the outward-bound traffic via specific gateways based upon either:
(a) the type of traffic, say HTTP from users behind the firewall; or
(b) the IP addresses of the host (i.e. users' PC versus the servers)
Any assistance is welcome.
Kind regards,
IT@C

yes you can do this with policy routing on the internet router in front of the firewall assuming that you are connecting both ISPs to that router. Also, remember that you can do vlans on the ASA. This may cut down on the # of interfaces that you use in your config.
http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a0080636f89.html
HTH, pls rate!

Allowing unauthenticated users access to gatewayed pages - problem

Hi,
I was trying to allow the Guest user access to a specific gatewayed page. For this, I followed the instructions posted here: [ALUI 6.1 Anonymously Access Gatewayed Page|http://forums.oracle.com/forums/thread.jspa?threadID=902777&tstart=0].
But when I try to access that gatewayed page as guest, the portal throws a permissions exception several times in the process, followed by a redirect to the SSO.
The curious thing about this is that the exception says that "Current User does not have sufficient permission to object with id = 2". That object is exactly the Guest user object!
There must be something wrong in my setup, but I can't figure out what it is.
Below is the exception. Any idea?
6-25-2009 9:42:45.207 Warning Core ********OEL4.5.1.root [ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' com.plumtree.server.impl.core.PTBase *** PTBase.ThrowException *** (-2147024891) Current User does not have sufficient permission to object with id = 2
com.plumtree.server.marshalers.PTException: -2147024891 - Current User does not have sufficient permission to object with id = 2
at com.plumtree.server.impl.core.PTBase.ThrowException(PTBase.java:86)
at com.plumtree.server.impl.core.PTBaseObjectManager.VerifyObjectAccess(PTBaseObjectManager.java:1638)
at com.plumtree.server.impl.core.PTBaseObjectManager.Open(PTBaseObjectManager.java:769)
at com.plumtree.server.impl.community.CommunityInfoCacheEntry.Initialize(CommunityInfoCacheEntry.java:90)
at com.plumtree.server.impl.community.CommunityInfoCache.InternalCreateObject(CommunityInfoCache.java:75)
at com.plumtree.server.impl.core.PlumtreeObjectCache.FindOrCreateObjectInsecure(PlumtreeObjectCache.java:181)
at com.plumtree.server.impl.core.PlumtreeObjectCache.FindOrCreateObjectCheckSecurity(PlumtreeObjectCache.java:223)
at com.plumtree.server.impl.community.CommunityInfoCache.FindCommunitySecured(CommunityInfoCache.java:135)
at com.plumtree.server.impl.community.PTCommunityInfo.GetSecuredCommunityInfoCacheObj(PTCommunityInfo.java:712)
at com.plumtree.server.impl.community.PTCommunityInfo.<init>(PTCommunityInfo.java:61)
at com.plumtree.server.impl.community.PTCommunityManager.CachedOpenCommunityInfo(PTCommunityManager.java:584)
at com.plumtree.server.impl.portlet.providers.CSPPortletProvider.GetCanSetCommunity(CSPPortletProvider.java:1289)
at com.plumtree.server.impl.portlet.providers.CSPPortletProvider.GetContentInternal(CSPPortletProvider.java:1114)
at com.plumtree.server.impl.portlet.providers.CSPPortletProvider.GetContent(CSPPortletProvider.java:926)
at com.plumtree.server.impl.webservice.PTGadgetGateway.GetContentInternal(PTGadgetGateway.java:318)
at com.plumtree.server.impl.webservice.PTGadgetGateway.GetContent(PTGadgetGateway.java:352)
at com.plumtree.portalpages.browsing.gateway.GatewayControl.CheckActionSecurityAndExecute(GatewayControl.java:264)
at com.plumtree.uiinfrastructure.interpreter.filter.utils.GatewayHandlers.HandleGatewayRequest(GatewayHandlers.java:232)
at com.plumtree.uiinfrastructure.interpreter.filter.GatewayFilter.PreFilter(GatewayFilter.java:54)
at com.plumtree.uiinfrastructure.interpreter.Interpreter.DoPreFilter(Interpreter.java:1786)
at com.plumtree.uiinfrastructure.interpreter.Interpreter.HandleRequest(Interpreter.java:234)
at com.plumtree.uiinfrastructure.interpreter.Interpreter.DoService(Interpreter.java:155)
at com.plumtree.uiinfrastructure.web.XPPage.service(XPPage.java:306)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at com.plumtree.binarygateway.BinaryGatewayFilter.doFilter(BinaryGatewayFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172 <ptLogMsgEnd>
Thank you

i'm not saying this is what it is...(hopefully its not), but there are certain folders that you absolutely can't remove the everyone user from... i think Plumtree is an expert on this.
have you been 'locking down' your portal recently?

How do I ping a specific port (from a specific por...

Does anyone know of any software that will allow me to measure the bandwidth/throughput/travel time/etc of packets from a specific port to a specific port on another network? Ping gives the travel time, but doesn't allow specified ports. Iperf allows you to specify the port you connect to, but not the port you connect from. Wireshark doesn't send packets, though I think it does record traffic by port. Pathping is the same as ping in that it doesn't "do" ports & neither does tracert (and ping/pathping/tracert traffic may well be blocked where normal traffic isn't). So, does anyone have any ideas (or is friendly with their comapny's network admin)?

Llama8
did a quick google and came up with this:-
http://www.elifulkerson.com/projects/tcping.php
seems to do the trick but not sure you can specify the source port on the pinging machine
its a start though
Never tried this so caveat emptor
banz

Problem with gateway 10i

I installed gateway 10i, I need to comunicate betwen oracle 9i and sqlserver2003. I

The specific gateway, version and operating system is missing in your question.
You might want to review http://www.oracle.com/pls/db102/gateways and you alsmo might want to check out the Heterogeneous Gateway forum Heterogeneous Connectivity for ideas

CF 9.01 Upgrade breaks Flex Gateway - Help!!!!

I have an AIR app which is using DataServicesMessaging with subtopics enabled. I can create the Consumer in AIR but when I subscribe, I get the following error:
"Error","cfthread-0","08/31/10","21:03:35",,"CATALOG_ATTRIBUTES_831AE0FE-B7D2-90A5-87AD-CA C5E01116D9: Event handler exception."
flex.messaging.MessageException: Event handler exception.
at coldfusion.flex.CFEventGatewayAdapter.allowSend(CFEventGatewayAdapter.java:376)
at flex.messaging.services.messaging.SubscriptionManager.addSubtopicSubscribers(Subscription Manager.java:330)
at flex.messaging.services.messaging.SubscriptionManager.addSubtopicSubscribers(Subscription Manager.java:311)
at flex.messaging.services.messaging.SubscriptionManager.getSubscriberIds(SubscriptionManage r.java:264)
at flex.messaging.services.MessageService.pushMessageToClients(MessageService.java:495)
at coldfusion.flex.CFEventGatewayAdapter.send(CFEventGatewayAdapter.java:250)
at coldfusion.eventgateway.flex.FlexMessagingGateway.outgoingMessage(FlexMessagingGateway.ja va:204)
at coldfusion.runtime.CFPage.SendGatewayMessage(CFPage.java:269)
at cfCatalogService2ecfc315059253$func_CFFUNCCFTHREAD_CFCATALOGSERVICE2ECFC3150592531.runFun ction(C:\inetpub\wwwroot\staging9sites\staging9si\com\pmdm\suppliers\services\CatalogServi ce.cfc:110)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472)
at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368)
at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55)
at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220)
at coldfusion.runtime.UDFMethod.invokeCFThread(UDFMethod.java:201)
at coldfusion.thread.Task.invokeFunction(Task.java:274)
at coldfusion.thread.Task.run(Task.java:140)
at coldfusion.scheduling.ThreadPool.run(ThreadPool.java:201)
at coldfusion.scheduling.WorkerThread.run(WorkerThread.java:71)

Rakshith,
Thanks for your help! Here's what I've got in my messaging-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<service id="message-service"
    class="flex.messaging.services.MessageService"
    messageTypes="flex.messaging.messages.AsyncMessage">
    <adapters>
        <adapter-definition id="cfgateway" class="coldfusion.flex.CFEventGatewayAdapter" default="true" />
        <adapter-definition id="actionscript" class="flex.messaging.services.messaging.adapters.ActionScriptAdapter"/>
        <adapter-definition id="jms" class="flex.messaging.services.messaging.adapters.JMSAdapter"/>
    </adapters>
    
    
    
    <destination id="ColdFusionGateway">
        <adapter ref="cfgateway" />
        <properties>
            
            <gatewayid>PMSIMessages</gatewayid>
<server>
<durable>false</durable>
<allow-subtopics>true</allow-subtopics>
</server>
            
            
            
            
        </properties>

        <channels>
            <channel ref="cf-polling-amf"/>
        </channels>
    </destination>
    <destination id="clientNotifierGateway">
    <adapter ref="actionscript"/>
    <channels>
    <channel ref="java-amf"/>
    </channels>
     </destination>
</service>
Here's my gateway CFC:
<cfcomponent output="false">
   <cffunction name="onIncomingMessage" access="remote" returntype="any">
         <cfargument name="event" type="struct" required="true"/>
<cfscript>
      x = structNew();
      x['body'] = event.data;
      x['destination'] = "ColdFusionGateway";
      x['headers'] = structNew();
      x.headers['username'] = "System";
      x.headers['DSSubtopic'] = event.data.headers.DSSubtopic;
      x.lowercasekeys = "yes";
      </cfscript>
<cfreturn x/>
</cffunction>
<cffunction name="allowSend" access="public" returntype="boolean">
<cfargument name="subtopic" type="any" required="true"/>
<cfreturn true/>
</cffunction>
<cffunction name="allowSubscribe" access="public" returntype="boolean">
<cfargument name="subtopic" type="any" required="true"/>
<cfreturn true/>
</cffunction>
</cfcomponent>
Jeff

Default Subinventory/Locator for item during Shipping Transaction-Any API

Hi,
If we need to define a Default subinventory or locator for an item during Shipping Transanction, we are setting it up from Application as follows:
Inventory --> Setup --> Item Transaction Defaults window
Can we define the same setup using any undocumented API? Please let me know if any API can accomplise the same functionality.
Appreciate your help.
Thanks,
Gowri

Hi Gowri,
if you want to ship the goods from a specific subinventory & locator, then setup a default release rule in Order Management Super User > Setup > Shipping > Picking > Define release rule form. Where you can define the default pick from subinventory & locator. Each time you will try to ship the goods, the system will pick the goods from the subinvetory defined here.
Regards,
Jyoti

Setups for populating the Schedule Ship Date to be populated

What setups are required for the Schedule Ship Date to be populated.
Actually we have a requirement that the manufacuring org will ship the products on a specific week day while the customer receives the product on a specific week day.
We want the schedule ship date to be calculated automatically based on the shipping calendar of the plant and receiving calendar of the customer.
What setups I have to do to acheive this functionality and what are the parameters for Data collection program?

Hi,
To calculate the schedule arrival dates, the working days are considered from the manufacturing calendar set for the shipping organization. This has been fixed for an ER. Refer ER 2371136 for details.
Regards,
Swapna.

Shipping SMTP packets to a specific Gateway

Similar Messages

Maybe you are looking for