I am seeing an issue with certain senders whereas they send an email and during the transmission the connection is lost. The message details on the C150 show this:
|30 Mar 2010 11:30:53 (GMT -04:00)||Protocol SMTP interface Public (IP xxx.xxx.xxx.xxx) on incoming connection (ICID 12165085) from sender IP xxx.xxx.xxx.xxx. Reverse DNS host mail.blahblah.com verified yes.|
|30 Mar 2010 11:30:53 (GMT -04:00)||(ICID 12165085) ACCEPT sender group WHITELIST match xxx.xxx.xxx.xxx SBRS 5.3|
|30 Mar 2010 11:31:46 (GMT -04:00)||Start message 1330008 on incoming connection (ICID 12165085).|
|30 Mar 2010 11:31:46 (GMT -04:00)||Message 1330008 enqueued on incoming connection (ICID 12165085) from email@example.com.|
|30 Mar 2010 11:31:46 (GMT -04:00)||Message 1330008 on incoming connection (ICID 12165085) added recipient (firstname.lastname@example.org).|
|30 Mar 2010 11:43:20 (GMT -04:00)||Incoming connection (ICID 12165085) lost.|
|30 Mar 2010 11:43:20 (GMT -04:00)||Message 1330008 aborted: Receiving aborted|
As you can see I've tried WHITELISTing the domain (even though their SBRS is good). I've also PCAP'd during the transmission of a couple of test emails. One with an attachment (21MB) and one without. I receive the email without the attachment. The email with an attachment almost always loses the connection. Here is the twist: This only happens on nonsolicited email. If the sender replies to an email it will transmit without incident. Also, it is happening to more than one person at this particular domain.
PCAP shows that it is during the DATA fragmenting of the attachment that is loses a segment and starts a Retransmission of which it ACKs. This happens serveral times before the IronPort gives a Receiving aborted about 15mins later.
Have any of you seen this before? Any suggestions?
This has to be resolved for me as the sender domain is our sister company.
Solved! Go to Solution.
I would recommend creating an Injection Debug Log for this sending IP address to capture the data flow. Perhaps the sending MTA is issuing
The issue has been resolved (bandaided) for the time being. The Dedicated Fuse is over-saturated during peak hours causing the receiving of emails with attachments to timeout. I adjusted the Total Time Length of all Inbound Connections to 1 hour. This allowed us to receive the emails. The over utilization was caused by our web filter appliance being down and the users going crazy on the Net. Since then I have the web filter rebuilt and utilization should be coming back down. After that I will adjust the TTL for Inbound again and all will be good.
Thanks for your help Chris!
*Since you were the only one to reply, you get the "Correct Answer"