Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5022
Views
0
Helpful
2
Replies

Emails - Reporting Maximum connection time exceeded

jclj
Level 1
Level 1

‎09-25-2013 08:50 AM

We have a C150 Ironport in our network that is not passing some emails through due to "Maximum connection time exceeded" and then aborts the message. The full error is:

"Incoming connection (ICID 9595873) disconnected address xxx.xx.xx.xx. Maximum connection time exceeded."

I don't believe this is a bandwidth issue and this has happened with differenent companies email us. Questions:

1. Why am i getting this error?

2. Can I can the timeout on the Ironport?

3. Could this be related to attachments exceeding the limit in the exchange server?

Any help would be appreciated.

Thanks

Labels:
0 Helpful
2 Replies 2

jclj
Level 1
Level 1

‎09-26-2013 07:30 AM

Anybody come across this issue before? I have verified this happens when the email has an attachment. I have checked my mail recieve connectors and the attachments are an acceptable size. Seems like the remote email server disconnects due to a timeout. Why would it take so long for an attachment to push through? Is it common to change the timeout on the Ironport?

Thanks

0 Helpful

Valter Da Costa
Cisco Employee
Cisco Employee
In response to jclj

‎09-30-2013 11:10 AM

Hi Chris,

This error indicates that a remote server connecting to the IronPort

appliance has exceeded the "Total Time Limit for All Inbound Connections"

This only happens when the connection time reaches the configured timeout,

in most configurations it will be 15 minutes. The IronPort then sends the

soft bounce '421' error code and drops the connection.

This timeout parameter is configurable via the "Total Time Limit for All

Inbound Connections" value, in the Global Settings of each listener. A mail

server should close the connection after successful message transmission. If

it does not, then the timeout triggers and the appliance closes the

connection. Generally, if a mail server is taking over 5 minutes to send

another SMTP command, there are likely issues on the network side of things

(outside of the IronPort). If the same issue occurs often (for many

different remote server connections), there may be an internal network

issue, which in turn is outside of the IronPort.

I you recommend you to create an injection debug log to monitor a session from this host before you consider changing the appliance's configuration.

Please refer to the following Video Knowledge Base article:

https://supportforums.cisco.com/videos/1959

or the written version:

How do I analyze mail delivered to the Email Security Appliance (ESA)?

Knowledge Base Answer ID: 728

http://tools.cisco.com/squish/4c559

I hope this helps.

-Valter

0 Helpful
Customers Also Viewed These Support Documents