Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3505
Views
5
Helpful
3
Replies

Empty Subject issue in Ironport ESA C360

pinakinet
Level 1
Level 1

‎12-19-2014 05:06 AM

Hi Everyone,

I am facing a problem on Ironport ESA C360 (AsyncOS 8.5.6-092) that is most of the mails which are from gmail.com are being aborted and showing empty subject. Apart from that mails are from other domains are being received properly (only a few mails mails are being aborted and showing Empty Subject). When a mail (from gmail.com) are being received, the ICID adding the sender and recipient but after waiting for few minutes when it is not receiving the data showing "Mail Aborted." We have raised ticket to Cisco TAC and as per them the issue is in the other devices for incoming mails. Please find the attachment to see the error. Any suggestion or help would be highly appreciable.

 

Regards,

Pinaki.

2 people had this problem
Labels:
Preview file
128 KB
0 Helpful
3 Replies 3

Murad Al Halawa
Cisco Employee
Cisco Employee

‎12-19-2014 05:16 PM

Hello Pinaki,

 

Looking at the Message Tracking it looks appliance never received Subject header that's why you are seeing it as empty , basically what is happening that SMTP connection is lost when it reaches DATA part of SMTP conversation.

 

- What I suggest to check:

1) If ICMP protocol is blocked , try to unblock it as it's responsible for MTU discovery based on RFC 1191: https://tools.ietf.org/html/rfc1191 

2) If you enabled ESMTP inspection on firewall turn it off.

 

Regards

Murad Al Halawa

datawaysf
Level 1
Level 1
In response to Murad Al Halawa

‎06-08-2017 05:49 AM

We're facing a similar issue over the last couple of days. Could you please post the solution to the problem detailed above.

Thanks a lot

John

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee

‎01-07-2015 09:20 PM

Hello Pinaki,

 

From your tracking data attached, it looks like the reason why the receiving was aborted was the email hit the TCP timeout window.

 

See:

19 Dec 2014 18:09:33 (GMT +05:30) Message 49448318 on incoming connection (ICID 93910136) added recipient (anurag.thakur@unionbankofindia.com).
19 Dec 2014 18:14:35 (GMT +05:30) Incoming connection (ICID 93910136) lost.
19 Dec 2014 18:14:35 (GMT +05:30) Message 49448318 aborted: Receiving aborted

 

 

 

Basically on the SMTP conversation it would've went like...

mail from accepted

rcpt to:<anurag.thakur@unionbankofindia.com>

rcpt to accepted

(Then gmail server sends) DATA

(your ESA replies) Go ahead

 

Then all data transmission (mail body) would be done here.

 

But it looks like the data transfer had stopped for 5 minutes which is the TCP timeout window and thus connection is terminated.

 

This packet time-out would be indicative of possibly network troubles.

 

If you ran an injection debug log it will show that data packets would have halted with your IronPort sending a SYN ACK and awaiting for further packets but none was received.

 

I would suggest as per Murad.

 

> Ensure any SMTP inspection at firewall level is disabled

> Unblock ICMP protocol if it is blocked

> Ask your firewall department to run packet tracers or captures while the issue is occurring to see where is the data transfer packets going and why the IronPort is not receiving it.

 

 

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents