Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2824
Views
0
Helpful
1
Replies

Incoming Connection Lost. Message xxxx Aborted: Receiving Aborted

AsepSujana
Level 1
Level 1

‎08-11-2020 01:31 AM - edited ‎08-11-2020 01:33 AM

can anyone help me in solving this problem?
I have a problem when there is an email domain that sends an email to my domain. the following message appears:

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:34 (GMT +07:00)

08 Nov 2019 16:27:35 (GMT +07:00)

08 Nov 2019 16:27:38 (GMT +07:00)

08 Nov 2019 16:27:38 (GMT +07:00)

Protocol SMTP interface ironport.yogyagroup.com (IP 172.xxx.xxx.xxx) on incoming connection (ICID 1477048) from sender IP 172.xxx.xxx.xxx. Reverse DNS host None verified no.

(ICID 1477048) ACCEPT sender group UNKNOWNLIST match sbrs[none] SBRS rfc1918 country not applicable

Start message 540521 on incoming connection (ICID 1477048).

Message 540521 enqueued on incoming connection (ICID 1477048) from xxx@domain.biz.

Message 540521 on incoming connection (ICID 1477048) added recipient (xxx@mydomain.com).

Incoming connection (ICID 1477048) lost

Message 540521 aborted: Receiving aborted

 

 

I have confirmed to the sender that I have whitelisted the domain.

but the feedback I received is:

 

Address not found

Your message wasn't delivered to

xxx@mydomain.com

because the address couldn't be found,

or is unable to receive mail.

 

the response from the remote server was:

450 Requested mail action not taken:

mailbox unavailable

 

I'm currently using the ESA C300V

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

jrod1999
Level 1
Level 1

‎08-11-2020 06:12 AM

I have seen times where usually a firewall might be blocking this type of traffic. There could be a few things to do on this issue. 

 

First option enable debug logging for Domain (if only one domain is the problem) or delivery logs (this will increase the logs 1000x).

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117848-configure-esa-00.html

 

You can also GREP the ICID 1477048 and see if they started to try TLS, or even do a packet capture on the device. This might tell you at what stage it broke, seems like something is terminating the connection by the quick logs. 

 

Chances are the distant end might be required to send TLS and something might be blocking or breaking that. 

https://www.checktls.com/TestReceiver use any fake email you have at your domain: ie: test@mydomain.com

 

I have seen firewalls try to inspect ESMTP, which ends up breaking TLS. 

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117801-problem-esa-00.html

 

Hope this helps.

-Jared H.
FireJumper Elite #161
0 Helpful
Customers Also Viewed These Support Documents