Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info


Incoming Connection Lost. Message xxxx Aborted: Receiving Aborted

can anyone help me in solving this problem?
I have a problem when there is an email domain that sends an email to my domain. the following message appears:

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:35 (GMT +07:00)

08 Nov 2019 16:27:38 (GMT +07:00)

08 Nov 2019 16:27:38 (GMT +07:00)

Protocol SMTP interface (IP on incoming connection (ICID 1477048) from sender IP Reverse DNS host None verified no.

(ICID 1477048) ACCEPT sender group UNKNOWNLIST match sbrs[none] SBRS rfc1918 country not applicable

Start message 540521 on incoming connection (ICID 1477048).

Message 540521 enqueued on incoming connection (ICID 1477048) from

Message 540521 on incoming connection (ICID 1477048) added recipient (

Incoming connection (ICID 1477048) lost

Message 540521 aborted: Receiving aborted



I have confirmed to the sender that I have whitelisted the domain.

but the feedback I received is:


Address not found

Your message wasn't delivered to

because the address couldn't be found,

or is unable to receive mail.


the response from the remote server was:

450 Requested mail action not taken:

mailbox unavailable


I'm currently using the ESA C300V



I have seen times where usually a firewall might be blocking this type of traffic. There could be a few things to do on this issue. 


First option enable debug logging for Domain (if only one domain is the problem) or delivery logs (this will increase the logs 1000x).


You can also GREP the ICID 1477048 and see if they started to try TLS, or even do a packet capture on the device. This might tell you at what stage it broke, seems like something is terminating the connection by the quick logs. 


Chances are the distant end might be required to send TLS and something might be blocking or breaking that. use any fake email you have at your domain: ie:


I have seen firewalls try to inspect ESMTP, which ends up breaking TLS.


Hope this helps.

-Jared H.
FireJumper Elite #161
Recognize Your Peers
Content for Community-Ad