AWG Blogs

Sunday, May 15, 2011

DLP "Forwarding agent unavailable" error

If this error is appearing in the /var/log/mail.log of your upstream MTA, when initially setting up a DLP Network Prevent for Email in Forwarding mode, try recycling the new smtp prevent server, before trying anything else.

e.g. errors like (host #.#.#.51[#.#.#.51]
refused to talk to me: 421 4.4.1 Fatal: Forwarding agent unavailable. Closing connection.


Recycling the DLP email prevent server got the following architecture to finally start working:

Outlook --> (port 25) Ubuntu Postfix MTA --> (port 10025) DLP SMTP Prevent --> (port 25) Ubuntu Postfix MTA --> (port 587, TLS) GMail

The upstream MTA's main.cf was configured with smtp_use_tls=no, smtp_sasl_auth_enable=no; and with relayhost=(DLP_IP):10025

The DLP server's advanced configuration had RequestProcessor.MTAResubmitPort=25 (changed from default 10026). Next Hop Configuration was set to Forward with Disable MX lookup, and downstream local MTA's IP set in Hostnames.

Setup Postfix Ubuntu Gmail SMTP Relay

Refer to http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/

On clean Ubuntu (natty) 11.04 (with ssh and aptitude installed, and as root)

aptitude install postfix libsasl2 ca-certificate libsasl2-modules

During Postfix Configuration Package configuration wizard
On first page, choose "Internet with smarthost"
For SMTP relay host enter: [smtp.gmail.com]:587
(brackets are to avoid mx lookups)

paste in /etc/postfix/main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem
smtp_use_tls = yes

while still in main.cf, add your local IP network to the mynetworks variable

create /etc/postfix/sasl_passwd with the following contents:

[smtp.gmail.com]:587 user.name@gmail.com:password

do:

chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

/etc/init.d/postfix reload

Now test:

telnet postfixserverip 25
ehlo anything.com
mail from:me@whatever.com
rcpt to:someone@somewhere.com notify=success,failure
data
subject:Test from awgtek

This is a test message

.
quit

check someone@somewhere.com's email to see if message arrived
check for errors in /var/log/mail.log