cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1111
Views
20
Helpful
3
Replies

Message tracking shows time in the past and recent.

AlexKroon2654
Level 1
Level 1

Hello,

We've got 2 Cisco Ironport C100V in cluster mode.

Now we have some trouble with a mailing to 1 subcontractor.

We can recieve mails but when we want to send a mail there a problem.

In the message tracking you see the following.

messagetooold, Email Security

Schermafbeelding 2021-05-04 162617.png

 

When i open some other message trackings i see some of them with the normal date and some of them with also 2017 in the first rules. 

There are no problems with this mails.

 

What can i check or verify?

 

 

3 Replies 3

svgeorgi
Cisco Employee
Cisco Employee

There is some kind of an issue with the connectivity to the remote server.

ESA acted as per default configuration and tried to deliver the email for 3 days before give up and generate a hard bounce message to the sender.

You can search in the mail logs for connection errors to this server or recipient domain:

grep "Apr 30.*Connection Error.*domain\\.nl" mail_logs

grep "Apr 30.*Connection Error.*recipient'sIP" mail_logs

 

Might also be a TLS related error, may want to check what are your TLS settings for outgoing traffic and check what the remote server is supporting. A packet capture to this same remote server may also be handy.

About your other query - you can ignore the older data from previous years - this happens on ESAs with relatively high traffic when the counters for ICID in your case got flipped and starts counting again. In your case it seems like it takes ~4 years to flip the counter.

Hello,

 

Thanks for the reply. I checked the logs and saw the following:

 10:45:51 2021 Info: Connection Error: DCID 1143081 domain: DOMAIN.nl IP: xx.5.xx.111 port: 25 details: [Errno 61] Connection refused interface: 10.20.132.25 reason: network error

 

Today i heard all the messaged send were deliverd. There was no change on our or their side. So the problem is gone but still a wierd thing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: