Applies to: Protection Service for Email, Messaging Security Gateway 8.x
Simple Mail Transfer Protocol (SMTP) is responsible for sending out email messages. Therefore, if you get an SMTP error message, it means that for some reason your emails were not sent. It is very important to understand why this has happened so that you can fix the problem. All SMTP codes consist of three digits, e.g. 550, 221, 354, etc. However, not all of them indicate an error. To understand how these codes work, you have to know that each digit (the first, the second and the third) have a specific meaning of their own.
SMTP return codes
The first digit indicates whether your command was accepted and processed. It can have one of the following five values:
Mail server has accepted the command but does not yet take any action. A confirmation message is required.
Mail server has completed the task successfully without errors.
Mail server has understood the request, but requires further information to complete it.
Mail server has encountered a temporary failure. If the command is repeated without any change, it might be completed. Try again, it may help.
Mail server has encountered a fatal error. Your request cannot be processed.
As you can see, the codes that start with values 4 and 5 are the ones that indicate that your message will not be sent until you find and fix the problem.
The second digit can have one of the following values:
Information reply, for example to HELP request
Refers to the connection status
Refers to the status of the mail server
Values 3 and 4 are not used.
The third (last) digit of the code indicates the details of the mail transferring status. The following lists the most important SMTP error codes:
Service not available, closing transmission channel (This may be a reply to any command if the service knows it must shut down.)
Requested mail action not taken: mailbox unavailable (E.g. mailbox busy)
Requested action aborted: local error in processing
Requested action not taken: insufficient system storage
Syntax error, command unrecognized (This may include errors, such as 'command line too long')
Syntax error in parameters or arguments
Command not implemented
Bad sequence of commands
Command parameter not implemented
Requested action not taken: mailbox unavailable (E.g. mailbox not found, no access)
User not local; please try
Requested mail action aborted: exceeded storage allocation
Requested action not taken: mailbox name not allowed (E.g. mailbox syntax incorrect)
Other codes that provide you with helpful information about what is happening with the email messages are as follows:
System status, or system help reply
Help message (Information on how to use the receiver or the meaning of a particular non-standard command. This reply is useful only to a human user.)
Service closing transmission channel
Requested mail action okay, completed
User not local; will forward to
Start mail input; end with a dot (.)
This article explains in detail what kind of information is sent upstream when new databases are polled or the product is activated.
Whenever F-Secure Messaging Security Gateway (FSMSG) polls for database updates, it will upload heartbeat data to the Proofpoint update server (update2.proofpoint.com). This data is sent over through the same secure HTTPS channel that is used for downloading the virus and spam definition databases.
The data is used to monitor that the product is running normally. If any problems with the product should occur, this data can be used to troubleshoot the problem. In some cases, it also enables F-Secure to alert the customer about potential problems, such as of a low disk space.
The heartbeat signal includes the following data:
The current timestamp
Your customer ID
The current version of the operating system
The current version of the FSMSG software
When the FSMSG software was last updated
The current version of the Spam Detection Module
When the Spam Detection Module was last updated
The current version of the Virus Protection Module
When the Virus Protection Module was last updated
The time stamp of the last heartbeat
The amount of disk space remaining on the FSMSG server
The amount of disk space occupied by the Quarantine repository
The Watchdog timer re-start activity
The number of core files, if any
The number of messages in the quarantine
The number of messages processed since the server start-up
The number of messages processed in the last 24 hours
The number of viruses found in the last 24 hours
The percentage of messages that contain spam
The number of errors in the log
The system load and performance data
The memory usage
The system uptime
In addition to this, upon the product activation it will send the password information over the HTTPS connection to the Proofpoint update server. The password information is first encrypted and archived in a separate file, which then will be uploaded to the update server. This way F-Secure support can assist in possible troubleshooting situations which may require root level access to the system.
If you have any questions about the data that is sent, contact F-Secure technical support.
Below is a list of the persistent processes started by Linux Security 11. They are shown in the process list when you issue, for example the following command:
ps aux | grep f-secure
Programs marked with an asterisk (*) can appear multiple times on the process list. In addition, the "postmaster" process starts multiple "postgres" child processes that are not included here for clarity.
/bin/sh /opt/f-secure/common/postgresql/bin/startup.sh /bin/sh /opt/f-secure/fssp/bin/clstate_updated.rc /bin/sh /opt/f-secure/fssp/libexec/fsupdated.rc /opt/f-secure/common/perl/bin/perl /opt/f-secure/fsav/sbin/fsadhd /opt/f-secure/common/perl/bin/perl -w /opt/f-secure/fsav/sbin/fsoasd /opt/f-secure/common/postgresql/bin/postmaster /opt/f-secure/fsaua/bin/fsaua /opt/f-secure/fsav/bin/fsfwd /opt/f-secure/fsav/bin/fstatusd /opt/f-secure/fsav/java/bin/java /opt/f-secure/fsav/libexec/fsaccd-x86_64 * /opt/f-secure/fsav/libexec/fsadhd /opt/f-secure/fsav/libexec/fsoasd_bh * /opt/f-secure/fsav/libexec/fsoasd_th /opt/f-secure/fsav/perl/bin/perl /opt/f-secure/fsav/bin/fsfwd.run /opt/f-secure/fsav/perl/bin/perl -w /opt/f-secure/fsav/bin/fsavpmd * /opt/f-secure/fsav/perl/bin/perl -w /opt/f-secure/fsav/libexec/fslmalerter /opt/f-secure/fsma/bin/fvch /opt/f-secure/fssp/libexec/fsupdated /opt/f-secure/fssp/sbin/fsavd *
Below is the list of log files written by Linux Security 11 in normal operation:
/var/opt/f-secure/common/postgresql/postgresql.log /var/opt/f-secure/fsaua/fsauadbg.log /var/opt/f-secure/fsaua/fsaua.log /var/opt/f-secure/fsav/fsadhd.log /var/opt/f-secure/fsav/fsavpmd.log /var/opt/f-secure/fsav/fsfwd.log /var/opt/f-secure/fsav/fslmalerter.log /var/opt/f-secure/fsav/fsoasd.log /var/opt/f-secure/fsma/log/fsma.log /var/opt/f-secure/fssp/aua_api.log /var/opt/f-secure/fssp/dbupdate.log /var/opt/f-secure/fssp/log/clstate_update.log /var/opt/f-secure/fssp/log/fsupdated.log
Depending on the configuration, some processes and log files listed above may not be present at all. For example, the "clstate" process and log file appear only in PSB mode.