cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1262
Views
0
Helpful
1
Replies
AsepSujana
Beginner

Incoming Connection Lost. Message xxxx Aborted: Receiving Aborted

can anyone help me in solving this problem?
I have a problem when there is an email domain that sends an email to my domain. the following message appears:

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:35 (GMT +07:00)

08 Nov 2019 16:27:38 (GMT +07:00)

08 Nov 2019 16:27:38 (GMT +07:00)

Protocol SMTP interface ironport.yogyagroup.com (IP 172.xxx.xxx.xxx) on incoming connection (ICID 1477048) from sender IP 172.xxx.xxx.xxx. Reverse DNS host None verified no.

(ICID 1477048) ACCEPT sender group UNKNOWNLIST match sbrs[none] SBRS rfc1918 country not applicable

Start message 540521 on incoming connection (ICID 1477048).

Message 540521 enqueued on incoming connection (ICID 1477048) from xxx@domain.biz.

Message 540521 on incoming connection (ICID 1477048) added recipient (xxx@mydomain.com).

Incoming connection (ICID 1477048) lost

Message 540521 aborted: Receiving aborted

 

 

I have confirmed to the sender that I have whitelisted the domain.

but the feedback I received is:

 

Address not found

Your message wasn't delivered to

xxx@mydomain.com

because the address couldn't be found,

or is unable to receive mail.

 

the response from the remote server was:

450 Requested mail action not taken:

mailbox unavailable

 

I'm currently using the ESA C300V

 

1 REPLY 1
jrod1999
Beginner

I have seen times where usually a firewall might be blocking this type of traffic. There could be a few things to do on this issue. 

 

First option enable debug logging for Domain (if only one domain is the problem) or delivery logs (this will increase the logs 1000x).

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117848-configure-esa-00.html

 

You can also GREP the ICID 1477048 and see if they started to try TLS, or even do a packet capture on the device. This might tell you at what stage it broke, seems like something is terminating the connection by the quick logs. 

 

Chances are the distant end might be required to send TLS and something might be blocking or breaking that. 

https://www.checktls.com/TestReceiver use any fake email you have at your domain: ie: test@mydomain.com

 

I have seen firewalls try to inspect ESMTP, which ends up breaking TLS. 

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117801-problem-esa-00.html

 

Hope this helps.

-Jared H.
FireJumper Elite #161
Create
Recognize Your Peers
Content for Community-Ad