Showing results for 
Search instead for 
Did you mean: 

Cannot received email due to incoming connection lost.



I am using the Ironport C-170. Senders from my sister company domain sometimes cannot send email on our domain. The log about the failed email is:

Incoming connection (ICID 2496513) lost.

Message 2212830 aborted: Receiving aborted

Even the email successfully arrive, the last event in the log is also "incoming conneciton lost".

Please help. Thanks.

What are the steps to fix this issues?

3 Replies 3

Cisco Employee
Cisco Employee

Hi Geoffrey,

Please check our following knowledge base article which explains your scenario in detail.

To troubleshoot further, please retrieve couple of mail logs for the messages in issue. Please note the time difference between the connection is initiated (ICID) and the connection aborted. If the time difference is 5 minutes or more (bounce profile), it indicates that packets are getting delayed somewhere in the network before reaching to IronPort. You need to check if there is any SMTP inspection going on in your network for port 25 traffic. This could be a firewall or any other SMTP inspection device in your network. You need to disable the SMTP inspection to resolve this issue.

If this is not the case, I will suggest you to open a TAC ticket to investigate further.


Viquar Ahmed

Customer Support Engineer, Team Lead

Cisco Content Security Technical Assistance Center

Phone: +1-408-902-4570

Working Hours: M-F 9 AM-6 PM PST(GMT -7)

US Toll-Free Customer Support: +1 800-553-2447 Opt # 1

Thank you Viquar. Actually i have a TAC Ticket for this. This is only happenning on our two domains. Dont know why. We dont have a SMTP inspection on our network or firewall. Still researching.....

Zachary Reneau
Cisco Employee
Cisco Employee

Hi Geoffrey,

I've seen some issues like this where TLS is in use and seems to precipitate this problem. If TLS is not required for the domain you're communicating with you might try turning off TLS in a test mail flow policy for their IP.

Alternatively, and I don't know if you're comfortable with packet capture, but you can do a pcap on the IronPort from the Help and Support area in the upper right of the GUI. If you see a lot of TCP retransmission in the SMTP conversation with the problem host that can help you determine a possible communication failure, either in your network or the sender's.

You can do a pcap before and after disabling TLS for the problem sender and see if the communication problem follows TLS. I imagine you'll find retransmissions and a TCP RST.

I could be off the mark, but something to consider.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers