07-20-2011 09:35 AM
Hello,
I am getting a few errors each day related to the following type of message. I have done some web searches, and a few pointed to Windows 2008 DNS as a possible problem. However, our Ironports point to our external DNS which is BIND. Here is the relevant data from message tracking.
SMTP delivery connection (DCID 163673330) opened from IronPort interface 10.193.13.181 to IP address 10.192.3.45 on port 25. | |
19 Jul 2011 17:20:01 (GMT -04:00) | (DCID 163673329) Message 492404228 to mbreeding@vcom.vt.edu bounced by destination server. Reason: 5.4.7 - Delivery expired (message too old) ('000', ['[Errno 61] Connection refused']) [(\'X-SBRS\', \'None\'), (\'X-HAT\', \'Group: RELAYLIST, Policy: $RELAYED\'), (\'X-VITAFiles\', \'Attached: image001.jpg, image002.jpg\'), (\'subject\', \'RE: orientation\'), (\'from\', \'"Evans, PATRICIA EVANS (DBHDS)" <Patricia.Evans@dbhds.virginia.gov>\'), (\'to\', \'"Breeding, Myra" <mbreeding@vcom.vt.edu>\')] |
---|
Anyone else see this? Any ideas on how to fix it?
Thanks ahead of time!
Elias
07-20-2011 09:47 AM
Greetings Elias,
With the data you provided its a bit difficult to say if this is related to a DNS issue or not. A couple of things you may want to do here to further diagnose this.
If delivery attempts fail, this means the destination's mail server did not accept a given message after 72 hours or 100 iterations of consecutive tries (example). This issue can be seen either incoming (delivery to your internal groupware server) or outgoing (towards another domain via the Internet). While this does not necessarily signal a problem with your local IronPort ESA, you can work around this by extending the retransmission period or number of attempts, and therefore increasing the chances for successful delivery. These values are controlled by the IronPort's Bounce Profiles.
Note: If you wish to make the retransmission timeout more lax, increasing the value may increase your chance for successful delivery. The overall duration (i.e., "maximum number of seconds") defines times in terms of seconds. The default value is 259,200 seconds, or three days. We'd recommend increasing this threshold to 345,600 seconds (four days) or 432,000 (five days) if necessary.
To edit the "Default" bounce profile via the GUI:
1) Go to Network > Bounce Profiles > select your Profile Name
2) set "Maximum Number of Retries" to change the number of times we attempt delivery
3) set "Maximum Time in Queue" to specify the total length of time to store the message for retransmission
4) set "Maximum Time to Wait per Message" to give the maximum interval between retries
Alternatively, we can use the CLI 'bounceconfig' command to set the same values.
You may also want to enable the domain debug logs to this host. This way you can see the full smtp conversation between your appliance and the remote host. This may provide some more detail on the previous failures before it gets to this state.
Additionally you may want to also consult the mail logs for the previous failures.
Below is some more information on setting up the domain debug logs.
The domain debug log is a system log designed to record all SMTP traffic between a specific domain and an Email Security Appliance (ESA) for a finite number of sessions. This log type can assist in troubleshooting issues that relate to a specific recipient domain or host. Each session is recorded until the number of session defined has been reached, at which time the log will stop collecting data. You can stop domain debug before all sessions have been recorded by deleting or editing the log subscription.
Logs can be configured and created through the IronPort CLI using the logconfig command or via the GUI.
To configure logs via the GUI, see the Advanced User Guide: Log Subscriptions .
Below is an example of creating a Domain Debug Log subscription using the CLI:.
example.run> logconfig
Currently configured logs:
1. "antispam" Type: "Anti-Spam Logs" Retrieval: FTP Poll
2. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
3. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll
4. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
5. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
6. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
7. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
8. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: FTP Poll
9. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: FTP Poll
10. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
11. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
12. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
13. "reportd_logs" Type: "Reporting Logs" Retrieval: FTP Poll
14. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: FTP Poll
15. "scanning" Type: "Scanning Logs" Retrieval: FTP Poll
16. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
17. "status" Type: "Status Logs" Retrieval: FTP Poll
18. "system_logs" Type: "System Logs" Retrieval: FTP Poll
19. "updater_logs" Type: "Updater Logs" Retrieval: FTP Poll
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]> new
Choose the log file type for this subscription:
1. IronPort Text Mail Logs
2. qmail Format Mail Logs
3. Delivery Logs
4. Bounce Logs
5. Status Logs
6. Domain Debug Logs
7. Injection Debug Logs
8. System Logs
9. CLI Audit Logs
10. FTP Server Logs
11. HTTP Logs
12. NTP logs
13. LDAP Debug Logs
14. Anti-Virus Logs
15. Anti-Virus Archive
16. Scanning Logs
17. IronPort Spam Quarantine Logs
18. IronPort Spam Quarantine GUI Logs
19. Reporting Logs
20. Reporting Query Logs
21. Updater Logs
[1]> 6
Please enter the name for the log:
[]> debug_example
Enter the name of the domain for which you want to record debug information.
[]> example.com
Please enter the number of SMTP sessions you want to record for this domain.
[1]> 8
Choose the method to retrieve the logs.
1. FTP Poll
2. FTP Push
3. SCP Push
4. Syslog Push
[1]>
Filename to use for log files:
[example.com.text]>
Please enter the maximum file size:
[10485760]>
Please enter the maximum number of files:
[10]>
Currently configured logs:
1. "antispam" Type: "Anti-Spam Logs" Retrieval: FTP Poll
2. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
3. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll
4. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
5. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
6. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
7. "debug_example" Type: "Domain Debug Logs" Retrieval: FTP Poll
8. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
9. "euq_logs" Type: "IronPort Spam Quarantine Logs" Retrieval: FTP Poll
10. "euqgui_logs" Type: "IronPort Spam Quarantine GUI Logs" Retrieval: FTP Poll
11. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
12. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
13. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
14. "reportd_logs" Type: "Reporting Logs" Retrieval: FTP Poll
15. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: FTP Poll
16. "scanning" Type: "Scanning Logs" Retrieval: FTP Poll
17. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
18. "status" Type: "Status Logs" Retrieval: FTP Poll
19. "system_logs" Type: "System Logs" Retrieval: FTP Poll
20. "updater_logs"