Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9832
Views
0
Helpful
3
Replies

Ironport log says Message # queued for delivery. Recipient never gets it.

keithsauer507
Level 5
Level 5

‎07-28-2015 08:52 AM

seems like a few domains that we have people trying to send mail to that use *.mail.protection.outlook.com are not receiving the email.  One company in particular claims "well we are getting other emails so it must be your side".  On our side in Ironport message tracking, the last line is "Message ###### queued for delivery."

 

Doesn't this line mean that the message left our end and is on its way out to the remote side?

 

How can I get more detailed logs on this?  If I use TELNET I can connect to the recipients mail server, so I do not see it as a network / transport issue.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎07-28-2015 08:59 AM

There's another log you can add, "SMTP Conversation"

Don't leave it on full time, it gets BIG...

(or packet capture... )

0 Helpful

keithsauer507
Level 5
Level 5
In response to Ken Stieers

‎07-28-2015 10:06 AM

As soon as a coworker did an async os update, TLS 1.2 became available and now the emails are going through to Microsoft's hosted email solution now.

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to keithsauer507

‎12-09-2015 06:50 PM

Hello Keith,

I am glad to read that the emails are now delivered.

Generally the queued for delivery can be either the ESA's end or the destination server's end. This all depends on when you see the queued for delivery on your logs.

 

If queued on the ESA, logs will loook similar to:

Fri Jul 24 13:10:33 2015 Info: Start MID 1375 ICID 5139
Fri Jul 24 13:10:33 2015 Info: MID 1375 ICID 5139 From: <matt@lee.com>
Fri Jul 24 13:10:33 2015 Info: MID 1375 ICID 5139 RID 0 To: <matt@lab.com>
Fri Jul 24 13:10:33 2015 Info: MID 1375 using engine: SPF Verdict Cache using cached verdict
Fri Jul 24 13:10:33 2015 Info: MID 1375 SPF: helo identity postmaster@matt-ws01.lab.com None
Fri Jul 24 13:10:33 2015 Info: MID 1375 using engine: SPF Verdict Cache using cached verdict
Fri Jul 24 13:10:33 2015 Info: MID 1375 SPF: mailfrom identity matt@lee.com None
Fri Jul 24 13:10:33 2015 Info: MID 1375 Message-ID '<op.x19cfviox5s189@matt-ws01.lab.com>'
Fri Jul 24 13:10:33 2015 Info: MID 1375 Subject '23131'
Fri Jul 24 13:10:33 2015 Info: MID 1375 ready 2055 bytes from <matt@lee.com>
Fri Jul 24 13:10:33 2015 Info: MID 1375 was split creating MID 1376 due to a per-recipient policy Matthew Test Policy in the inbound table
Fri Jul 24 13:10:33 2015 Info: MID 1375 was split creating MID 1376 due to a per-recipient policy Matthew Test Policy in the inbound table
Fri Jul 24 13:10:33 2015 Info: MID 1376 ICID 0 From: <matt@lee.com>
Fri Jul 24 13:10:33 2015 Info: MID 1376 ICID 0 RID 0 To: <matt@lab.com>
Fri Jul 24 13:10:33 2015 Info: MID 1376 interim verdict using engine: CASE spam negative
Fri Jul 24 13:10:33 2015 Info: MID 1376 using engine: CASE spam negative
Fri Jul 24 13:10:33 2015 Info: MID 1376 interim AV verdict using McAfee CLEAN
Fri Jul 24 13:10:33 2015 Info: MID 1376 interim AV verdict using Sophos CLEAN
Fri Jul 24 13:10:33 2015 Info: MID 1376 antivirus negative
Fri Jul 24 13:10:33 2015 Info: MID 1376 AMP file reputation verdict : CLEAN
Fri Jul 24 13:10:33 2015 Info: MID 1376 Custom Log Entry: Work
Fri Jul 24 13:10:33 2015 Info: MID 1376 queued for delivery <-

 

If queued on the destination server (as it left the ESA):

Fri Jul 24 13:10:33 2015 Info: MID 1376 interim AV verdict using McAfee CLEAN
Fri Jul 24 13:10:33 2015 Info: MID 1376 interim AV verdict using Sophos CLEAN
Fri Jul 24 13:10:33 2015 Info: MID 1376 antivirus negative
Fri Jul 24 13:10:33 2015 Info: MID 1376 AMP file reputation verdict : CLEAN
Fri Jul 24 13:10:33 2015 Info: MID 1376 Custom Log Entry: Work
Fri Jul 24 13:10:33 2015 Info: MID 1376 queued for delivery
Fri Jul 24 13:10:33 2015 Info: Delivery start DCID 2729 MID 1376 to RID [0]
Fri Jul 24 13:10:34 2015 Info: Message done DCID 2729 MID 1376 to RID [0]
Fri Jul 24 13:10:34 2015 Info: MID 1376 RID [0] Response 'ok:  Message 152669875 accepted [Queued for Delivery]'
Fri Jul 24 13:10:34 2015 Info: Message finished MID 1376 done

 

Generally if it's queued on the ESA, my suggestive troubleshooting would be:

Initiate a telnet connection to the destination server affected (to locate the server(s) affected, us the 'tophosts' command to locate the affected host, then 'hoststatus <hostname>' to locate the mail servers your system will attempt to reach.

 

C370.lab> deliveryconfig

Default interface to deliver mail: Auto
"Possible Delivery": Enabled
Default system wide maximum outbound message delivery concurrency: 10000
Default system wide TLS maximum outbound message delivery concurrency: 100


Choose the operation you want to perform:
- SETUP - Configure mail delivery.
[]>

 

This will show the interface that is used. When you see 'auto' this suggests that the system will choose the interface closest to the default gateway.

 

To initiate a telnet test

 

telnet <IP/hostname> 25
This will use the 'auto' interface as well.

 

After the telnet is done. use the 'delivernow' command and monitor mail flow with tail mail_logs

 

Regards,

Matthew

 

0 Helpful
Customers Also Viewed These Support Documents