Workstations Cannot Download Large Emails

[David Dickinson]

Howdy, Folks. I'll be grateful for some help: We cannot
download email messages that are very large. Some of my
clients began having this problem about tthree weeks
ago. Before that, everything worked fine and we had not
problems. Their common configurations are:

Windows 2000 Pro and Windows XP Pro workstations on peer-
to-peer networks using Microsoft Outlook 2000 or 2003 as
email clients. Internet gateway provided by Windows XP
ICS or Windows 2000 Server RRAS (yeah, I know, but it
worked great for many months). ZoneAlarm Pro 4.5
firewall (either of the last two public releases) is used
on W2K Server RRAS or McAfee Firewall is used on WXP/W2K
Pro ICS. Connected via ADSL/PPPoA at 256k or 640k:

Internet --> DSL "modem" (NAT/DHCP) --> Gateway
(Firewall/ICS or RRAS NAT/DHCP) --> Ethernet_LAN_Hub -->
LAN_Workstations

When we try to download emails with large attachments,
nothing gets by the firewall/gateway. Here's what I've
tried:

1. Increasing the connection timeout in Outlook to 5
minutes (much more than enough for a 4MB download).

2. Turning off the firewall software's email/cookie/etc.
scanning.

3. Adding the mail servers to the trusted zones.

4. Reducing internet zone security to Medium (block only
incoming NETBIOS ports).

5. Creating a custom firewall rule specifically allowing
POP3.

6. Other stuff that I can't remember.

Everything works only when I disable the firewall
software.

A caveat: Let's say that I have a 3MB message waiting.
With the firewall enabled and the standard 1 minute
connection timeout, it dies. If I increase the email
account's timeout to 5 minutes, I can get it. But
anything that requires more than 5 minutes (the maximum
timout allowable in Microsoft Outlook) to download (and
some of my clients must be able to receive huge files via
email) will fail.

The funny thing is that this was never a problem until
about 3 weeks ago, and the problem is occuring on more
that one network, all of which are completely
independent. And -- I swear! -- I hadn't changed
anything on those machines except to install the latest
Microsoft Windows Critical Updates and Microsoft Office
Updates. Could that be the problem? I am at my wits'
end!

I'm not sure, but it seems almost as if the gateways used
to "trickle" just enough of the downloaded messages to
the clients in order to keep them from timing out, but
that the "trickle" has now stopped.

I'll be grateful for /any/ ideas.

David
(e-mail address removed)

 

[Pegasus \(MVP\)]

Howdy, Folks. I'll be grateful for some help: We cannot
download email messages that are very large. Some of my
clients began having this problem about tthree weeks
ago. Before that, everything worked fine and we had not
problems. Their common configurations are:

Windows 2000 Pro and Windows XP Pro workstations on peer-
to-peer networks using Microsoft Outlook 2000 or 2003 as
email clients. Internet gateway provided by Windows XP
ICS or Windows 2000 Server RRAS (yeah, I know, but it
worked great for many months). ZoneAlarm Pro 4.5
firewall (either of the last two public releases) is used
on W2K Server RRAS or McAfee Firewall is used on WXP/W2K
Pro ICS. Connected via ADSL/PPPoA at 256k or 640k:

Internet --> DSL "modem" (NAT/DHCP) --> Gateway
(Firewall/ICS or RRAS NAT/DHCP) --> Ethernet_LAN_Hub -->
LAN_Workstations

When we try to download emails with large attachments,
nothing gets by the firewall/gateway. Here's what I've
tried:

1. Increasing the connection timeout in Outlook to 5
minutes (much more than enough for a 4MB download).

2. Turning off the firewall software's email/cookie/etc.
scanning.

3. Adding the mail servers to the trusted zones.

4. Reducing internet zone security to Medium (block only
incoming NETBIOS ports).

5. Creating a custom firewall rule specifically allowing
POP3.

6. Other stuff that I can't remember.

Everything works only when I disable the firewall
software.

A caveat: Let's say that I have a 3MB message waiting.
With the firewall enabled and the standard 1 minute
connection timeout, it dies. If I increase the email
account's timeout to 5 minutes, I can get it. But
anything that requires more than 5 minutes (the maximum
timout allowable in Microsoft Outlook) to download (and
some of my clients must be able to receive huge files via
email) will fail.

The funny thing is that this was never a problem until
about 3 weeks ago, and the problem is occuring on more
that one network, all of which are completely
independent. And -- I swear! -- I hadn't changed
anything on those machines except to install the latest
Microsoft Windows Critical Updates and Microsoft Office
Updates. Could that be the problem? I am at my wits'
end!

I'm not sure, but it seems almost as if the gateways used
to "trickle" just enough of the downloaded messages to
the clients in order to keep them from timing out, but
that the "trickle" has now stopped.

I'll be grateful for /any/ ideas.

David
(e-mail address removed)

There seems to be a simple solution: Turn off your
software firewalls (they slow down your system!)
and install a hardware firewall instead. They are cheap
in price and very effective! In fact, if your ADSL modem
is also a router then you already have a basic firewall
with inbuilt network address translation.

 

[David Dickinson]

-----Original Message-----
There seems to be a simple solution: Turn off your
software firewalls (they slow down your system!)
and install a hardware firewall instead. They are cheap
in price and very effective! In fact, if your ADSL modem
is also a router then you already have a basic firewall
with inbuilt network address translation.

If these were my systems, I would do just that. However,
software firewalls are cheaper. In addition, while the
ADSL "modem" does provide NAT, I know at least two high
school students who can get through that. Sadly, the
modems that Qwest provides (Actiontech) don't have
flexible configurations. Boosting their firewall
protection one notch above "Basic" closes the RealAudio
port, which would make a couple of people unhappy.

I guess that what I'm looking for is two things:

1) To understand what changed in order to cause this
problem, and

2) A solution that restores these systems to their
formerly working state.

David
(e-mail address removed)

 

[Roland Hall]

in message
<!--SNiP-->
: When we try to download emails with large attachments,
: nothing gets by the firewall/gateway. Here's what I've
: tried:
:
: 1. Increasing the connection timeout in Outlook to 5
: minutes (much more than enough for a 4MB download).

Considering this should only take seconds, ya' too long indeed. You should
not shoot for a work around.

:
: 2. Turning off the firewall software's email/cookie/etc.
: scanning.

Oh my...

: 3. Adding the mail servers to the trusted zones.

Hmmm...

: 4. Reducing internet zone security to Medium (block only
: incoming NETBIOS ports).

Probably not relative.

: 5. Creating a custom firewall rule specifically allowing
: POP3.

Ok.

: 6. Other stuff that I can't remember.

That's not much help. (O:=

: Everything works only when I disable the firewall
: software.

We have a winner!

: A caveat: Let's say that I have a 3MB message waiting.
: With the firewall enabled and the standard 1 minute
: connection timeout, it dies. If I increase the email
: account's timeout to 5 minutes, I can get it. But
: anything that requires more than 5 minutes (the maximum
: timout allowable in Microsoft Outlook) to download (and
: some of my clients must be able to receive huge files via
: email) will fail.

Ah, the root of the problem. Using a transmission process that was designed
to send text only while not using something that was designed to send files.

: The funny thing is that this was never a problem until
: about 3 weeks ago, and the problem is occuring on more
: that one network, all of which are completely
: independent. And -- I swear! -- I hadn't changed
: anything on those machines except to install the latest
: Microsoft Windows Critical Updates and Microsoft Office
: Updates. Could that be the problem? I am at my wits'
: end!

If that's the only thing you have changed, what do you think?

: I'm not sure, but it seems almost as if the gateways used
: to "trickle" just enough of the downloaded messages to
: the clients in order to keep them from timing out, but
: that the "trickle" has now stopped.

There are other possibilities than sending files as an email attachment.

: I'll be grateful for /any/ ideas.

Setup and FTP server or ASP upload and eliminate the email scenario. Don't
tell me it can't be done. I modified a global company who was sending 26mb
email attachments daily. It was the morning report filled with .bmp files.
Ironically zipping the attachments reduced to them to less than 1mb. It was
definitely the clueless leading the blind. However the files were put on a
web site and only reviewed by those who cared. In the immortal words of a
Sprint TV commercial, "Problem solved."

I saw another response was to use a hardware firewall vs software and you
said it was cheaper to use a software solution. I spent $100 after a $40
rebate for my hardware firewall but let's put it this way. How much is it
costing them now not to get their files? Whether you believe it or not,
time is money and if it saves time, it pays for itself. It's just a matter
of time. (O:=

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201

 

[Guest]

Thanks for your reply.

: some of my clients must be able to receive huge files via
: email) will fail.

Ah, the root of the problem. Using a transmission process that was designed
to send text only while not using something that was

designed to send files.

Yeah, yeah. I started using email before the web even
existed. The word "should" doesn't apply here. Besides,
an attachment to an email message is not a separate
entity; it merely makes the message longer. In this
respect, POP3/SMTP are simply additional protocols that
are useful for transfering data.

Besides, we will NEVER be able to convince people to not
send attachments. And I refuse to try: they pay me too
much money. This is, after all, the real world.

: I hadn't changed
: anything on those machines except to install the latest
: Microsoft Windows Critical Updates and Microsoft Office
: Updates. Could that be the problem? I am at my wits'
: end!

If that's the only thing you have changed, what do you

think?

Okay, so clue me in: which updates might have cause this
problem? Why? Is there any documentation that I've
missed?

There are other possibilities than sending files as an

email attachment.

My clients are trying to /receive/ large messages, not
send them. For instance, their customers and vendors may
send them huge files consisting of ad copy, product
specifications, building plans, etc. Should I visit my
client's customers and teach them about email etiquette?

I don't think so. I'd rather find out what changed to
cause this problem and then fix it.

But thanks for replying.

David

 

[Jetro]

You can find Windows Update info in the logs and uninstall the updates one
by one. My W2k got the last updates on Apr 14, and XP got 'em on May 01
(unlike W2k, I don't have XP around which is running on daily basis).
Double-NAT creates an additional burden as well as firewalls (I know, I
know, do not remind me "it worked"). Can you disable inbound traffic
firewalling? Can you test your environment with PPPoE or just dial-up
connection? Is there any firewall log? Perhaps all you need is to reinstall
winsocks and TCP/IP...
BTW, those two scholars remark: what can they do? Traverse NAT with UDP?
TCP? IGMP?