Reason: 4.1.0 - Unknown address error 0 []

ccna_security · ‎12-24-2019

hi. when I looked at monitoring tracking I saw such an error when send email

Message 2234455 to example@example.com delayed. Reason: 4.1.0 - Unknown address error 0 []

Could you please tell me what kind of error is it? What do you think about the problem stems from my side or other side?

marc.luescherFRE · ‎12-25-2019

Hi there,

happy to help but since the error is so generic I would need to know the 3 digit code behind it.

Example

Reason: 4.1.0 - Unknown address error ('452', ['4.5.3 Too many recipients (xxxx

If you provide me this error I can give you some ideas and hints.

Regards

Marc

ccna_security · ‎12-25-2019

Hi. When i looked at monitor tracking there was no any number. I send email to the same domian and monitor tracking shows pending

marc.luescherFRE · ‎12-25-2019

Checking some log entries and running some test I came up with the following finding:

Your server is able to successfully establish a TLS connection with the destination server:

Delivery connection (DCID 1128369) successfully accepted TLS protocol TLSv1 cipher AES128-SHA None.

The None indicates that normally the ESA would get a return code from the destination server but not in this case.

I suspect that the pending delivery notification below has to do with it:

(DCID 1128369) Message 2120596 bounce verification rewriting sender test@test.com to Unknown.

(DCID 189753) Message 2120596 to test@test.com delayed. Reason: 4.1.0 - Unknown address error 0 []

To me that means that the destination is getting a TLS message from your server but for reasons which are out of your control the destination server is not delivering the message. Since your ESA did not get a valid return code the issue a bounce message back to the sender and give you even a 4.1.0 error without being more specific. This means the error experienced by the destination server can not be mapped to a standard error.

Without manual debugging this connection via Telnet to find out what is happening there is not a lot you can do.

I hope this is helping a bit further

-Marc

ccna_security · ‎12-25-2019

Dear Marcş actually TLS and Unknown issue that I posted are different questions. Let me give you comprehensive information regarding my case.

1. Reason 4.1.0 issue

you said the problem more likely stems from this

(DCID 1128369) Message 2120596 bounce verification rewriting sender mysende@mydomain.com to Unknown

(DCID 189753) Message 2120596 to destination@test.com delayed. Reason: 4.1.0 - Unknown address error 0 [

Bounce verification for my users when they send email it show Unknown. when I configured it Cisco said the reason bounce verification seen as UNknown is a bug. it works as expected. Reason 4.1.0 Unknown issue we faced with only one email address destination@test.com. Can we think that the problem stems form test.com domain?

2. TLS issue

when I send email even to gmail.com it shows as None that we just talked about. but when someone send from gmail to my server it shows as expected (without None). I don't understand what I should to to get rid of NOne when send email. the logs shows that my external interface (ESA has 2 interface external and internal) connects to other server TLS shows successfully but not understand the reason why None seen there.

marc.luescherFRE · ‎12-26-2019

Here my answers:

Question 1:

Yes the issue is with the domain test.com and not with your system.

Question 2:

Can you share with me the setting of your inbound and outbound ciphers configured ?

System Administration / SSL Configuration / Inbound and Outbound / SSL Cipher to use

This might help me understand the None.

Please also run on the CLI of your appliance the following grep command and provide me the count:

grep "TLS protocol TLSv1 cipher AES128-SHA None" mail_logs -c

grep "TLS protocol TLSv1 cipher AES128-SHA" mail_logs -c

This will allow me to understand how wide spread this issue is.

I hope that helps

-Marc

ccna_security · ‎12-26-2019

Hello Marc

let me show you my configuration. the interesting part is that my outbound cipher is different than inbound.

SSL Configuration

Methods:	TLS v1.2 TLS v1.1
SSL Cipher(s) to use:	AES128:AES256:!SRP:!AESGCM+DH+aRSA:!AESGCM+RSA:!aNULL:-IDEA:-aNULL:-EXPORT
TLS Renegotiation:	Enabled

Methods:	TLS v1.2 TLS v1.1
SSL Cipher(s) to use:	AES128:AES256:!SRP:!AESGCM+DH+aRSA:!AESGCM+RSA:!aNULL:-IDEA:-aNULL:-EXPORT
TLS Renegotiation:	Enabled

	TLS v1.2 TLS v1.0 TLS v1.1
SSL Cipher(s) to use:	ECDH+aRSA:ECDH+ECDSA:DHE+DSS+AES:AES128:AES256:!SRP:!AESGCM+DH+aRSA:!AESGCM+RSA:!aNULL:!eNULL:-IDEA:-aNULL:-EXPORT

marc.luescherFRE · ‎12-27-2019

I will need to do some tests next week to confirm an idea for possible cause. I guess you are aware that your SSL ciphers are different for in and outbound.

ccna_security · ‎12-28-2019

Hello Marc

I will be waiting for your test result. thanks in advance

marc.luescherFRE · ‎12-30-2019

I could not reproduce this error message your are experiencing so far, even using your ciphers.

I currently see only two optiosn going forward:

a) increae the log level of your mail log from Information to Debug, hoping that when your run the test again ther will be more usefull information in the log file

b) open a case with TAC as they would need to look into the backend to find out what is happening using a packet trace of the traffic between your ESA and the destinations server. I am happy to look at any SMTP traces you might already have or can help setup one on the ESA if needed as well but TAC might be faster.

-Marc

ccna_security · ‎01-06-2020

Hello MArck. thank you for your time you spent for this case. I am continuing to troubleshoot this issue. if nothing found I will open case. thanks.