We are using a spam filtering service for out incoming email. As such, all
our email is directed to our SMTP server from their IP address range. We
employ a dual firewal set up. We have a Netscreen firewall connected to the
Internet and the Border Manager 3.8 server sits between the Netscreen and
our internal network. On the BM server I have set up a generic proxy with a
proxy port of 1025 to proxy the incoming email to our internal mail server.
The Netscreen is set up to forward all SMTP (port 25) traffic to the
BorderManager server on port 1025. Using FiltCfg I also set up a packet
filter exception to allow traffice from the service providers network
(Network =, Mask = to port 1025. With this
setup most email is received just fine. However I was getting reports of
bounced and delayed email. Working with our service provider it was
detemined that randomly some connections were failing. I used PktScan to
collect packet trace infomation from our BM server. On a regular basis
there are groups of SYN packets from the service providers email servers
which are not receiving a response from the BM server. In some cases the BM
server does eventuall respond with a SYN/ACK. There are also times when the
BM server responds immediately after the first SYN. All the incoming
connections from the service provider are currently comming in from two IP
addresses, and The BM server is showing the
same problem for both IP addresses, sometimes it responds immediatley to the
SYN, sometimes it takes a few SYN packets before it responds, and sometimes
the BM server never responds to the connection attempt. On a whim I added
filter exceptions which specifed the two host IP addresses specifically
(other than that the rules are identical to the one using the Network
specification). After doing this the BM server is now responing immediately
to all the incoming SMTP connection attempts from the service provider. Why
would I be seeing this problem with the filter exception defined with a
Network specification but not with Host specifications? Is there anything I
can do to fix this?

Thank you for any help provided,

Brad Johnson