End of socket stream data on Lotus Protector for Mail Security

In this case I was experiencing very strange behavior of Lotus Protector for Mail Security with latest firmware 2.8.1, some emails sent to specific domains were successfully delivered, but from some reason LPfMS was treating those emails as unsuccessfully delivered and were parked into resend queue. The sender was receiving report for temporary delivery error and after few hours a report that maximum number of delivery attempts has been reached, even though the email was successfully received by the email recipient ! Smtp server on LPfMS is based on XMail smtp server.
Following error was logged for those emails:

"End of socket stream data (2) No such file or directory - 417 Temporary delivery error"

I have opened a case for this kind of behavior, and the support engineer has recommended to change the time out value for LPfMS to send the command and to wait for getting the response back from the foreign SMTP server. The default value is 30 seconds. After raising the time out value, this strange behavior of LPfMS was gone. This parameter is smtp.send_dialog_timeoutms and can be set on Mail Security -> Policy -> Advanced Parameters. The parameter is accepting values in milliseconds.  

Extracting .key and .crt from .pfx

In order to create .crt and .key from .pfx you can use OpenSSL, which can be downloaded from http://www.openssl.org/related/binaries.html .

Syntax for extracting the private key part is :

openssl.exe pkcs12 -in "Pathtofile\file.pfx" -nocerts -nodes -out "Pathtofile\server.key"

Syntax for extracting the certificate part is :

openssl.exe pkcs12 -in "Pathtofile\file.pfx" -clcerts -nokeys -out "Pathtofile\server.crt"
 

This procedure can be usefully when creating two part certificate files from .pfx for assigning SSL certificate for Lotus Protector for Mail Security (previously known as Proventia Mail Filter) .

Install SSL certificate on Lotus Protector for Mail Security

Installing SSL certificate on Lotus Protector for Mail Security (previously known as Proventia Mail Filter) is based on copying the obtained certificate files server.crt and server.key in two new folders, for example: /etc/apache2/ssl.crt.new/server.crt and /etc/apache2/ssl.key.new/server.key.
Edit the file /etc/apache2/vhosts.d/mailsec_vhosts.conf, and find and replace the old location of the certificate files with new one.

More detailed steps are published on http://www-01.ibm.com/support/docview.wss?uid=swg21437206 .

More details on how to create .crt and .key files from .pfx check my article http://vstepic.blogspot.com/2012/11/extracting-key-and-crt-from-pfx.html .

Lotus Protector for Mail Security not responding

You may experience problems with Lotus Protector for Mail Security (previously known as Proventia Mail Filter), if you're updating the product automatically. There was corrupted update file that was preventing the Lotus Protector Mail Security from working properly.
According to IBM, the update file has been removed from circulation. There is publicly available article how to delete this update file, if Lotus Protector for Mail Security is not working as should on http://www-01.ibm.com/support/docview.wss?uid=swg21615980 .