"This is usually due to a

adnan ramadhan · ‎09-28-2015

Hi,

currently, my customer have some problem. They can't send message from their domain (let's said @test.com) to @example.com. everytime they send message, the message tracking will display like this :

07 Aug 2015 18:24:07 (GMT +07:00) Message 17387021 on incoming connection (ICID 15946724) added recipient (user@example.com).
07 Aug 2015 18:24:07 (GMT +07:00) Message 17387021 on incoming connection (ICID 15946724) added recipient (user.bb@check.com).

10 Aug 2015 19:02:27 (GMT +07:00) (DCID 24051766) Message 17387021 to xxx@abc12345.co.id bounced by destination server. Reason: 5.4.7 -
Delivery expired (message too old) ('000', ['timeout'])
10 Aug 2015 19:02:27 (GMT +07:00) Start message 17423295 on incoming connection (ICID 0).
10 Aug 2015 19:02:27 (GMT +07:00) A new message 17423295 was generated to handle bounce of message 17387021.
10 Aug 2015 19:02:27 (GMT +07:00) Message 17423295 enqueued on incoming connection (ICID 0) from .
10 Aug 2015 19:02:27 (GMT +07:00) Message 17423295 on incoming connection (ICID 0) added recipient (xxx@abc12345.co.id ).
10 Aug 2015 19:02:27 (GMT +07:00) Message 17423295 (7203 bytes) from ready.
10 Aug 2015 19:02:27 (GMT +07:00) Message 17423295 queued for delivery.
10 Aug 2015 19:02:27 (GMT +07:00) SMTP delivery connection (DCID 24051779) opened from IronPort interface x.x.x.x to IP address y.y.y.y on
port 25.
10 Aug 2015 19:02:27 (GMT +07:00) (DCID 24051779) Delivery started for message 17423295 to xxx@abc12345.co.id.
10 Aug 2015 19:02:28 (GMT +07:00) (DCID 24051779) Delivery details: Message 17423295 sent to xxx@abc12345.co.id
10 Aug 2015 19:02:28 (GMT +07:00) Message 17423295 to xxx@abc12345.co.id received remote SMTP response '2.6.0
<676377$gjmtv@mail.visionet.co.id> [InternalId=19444916] Queued mail for delivery'.

the message to user.bb@check.com was delivered, but the message can't be delivered to @example.com.

Can someone explain what the reason behind this ?

Thank You.

Mathew Huynh · ‎09-28-2015

Hello,

Generally if emails go to one mail domain and not the other recipient mail domain, the tracking would be indicative of the reason:

In this particular instance : 10 Aug 2015 19:02:27 (GMT +07:00) (DCID 24051766) Message 17387021 to xxx@abc12345.co.id bounced by destination server. Reason: 5.4.7 -
Delivery expired (message too old) ('000', ['timeout'])

Email was hard bounced because the ESA could not reach the mail server of recipient domain @abc12345.co.id for an extended period of time.

I would suggest to review connectivity from the ESA to abc12345.co.id.

CLI > nslookup abc12345.co.id mx

Locate their MX records, attempt a connection to it telnet <ip/host> 25

It may generate a time-out which is what the ESA is reporting.

This is usually due to a network fault of some sort.

regards,

Matthew

adnan ramadhan · ‎10-08-2015

"This is usually due to a network fault of some sort."

are you referring to problems like firewall not opening port for smtp(25) or something like denied by ACL ?

Thank you.

Mathew Huynh · ‎10-08-2015

Hey Adnan,

As we do not have the bigger picture i cannot say, but within the scope of the ESA, as you're getting connection timeout to this domain, this means the SYN packet was sent out but no response of a SYN ACK

It could be a number of things but i would firstly suggest to check the next hop from the ESA out and see where this SYN is going and why there is not a SYN ACK

Regards,

Matthew

francisco.carrero · ‎12-15-2016

Hi Adnan,

I do see the same issue on my ESA and its' logs are identical as yours. What was the cause or what did you find out after this post?

Regards, Francisco

Libin Varghese · ‎12-15-2016

Adding below article to assist with troubleshooting as needed.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118467-technote-esa-00.html

I'll let Adnan comment on what was determined in his particular scenario once he sees the query.

- Libin

Email Security Appliance - Can't send message to certain domain