cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13857
Views
10
Helpful
7
Replies

Undeliverable: - Cisco C170 - 5.4.7 - Delivery expired (message too old) [Default] '[Errno 54] Connection reset by peer' (delivery attempts: 75)

mattmolloy
Level 1
Level 1

Users just started having issues sending group emails of 10 recipients or more to outside email addresses. Internal emails working fine. But any going to outside address like gmail, yahoo, hotmail and others all come back Undeliverable 5.4.7... They are able to send 1 at a time or a couple at a time outside and they go through just fine. We are using the Cisco C170 Ironports. We have the number of retries set to 100 and Time in Queue 259200 seconds. We did just do some updates on the Ironports..9.5.0-125. 

 

Any help or troubleshooting ideas would be great! We're new to Ironport only had them about a year and so far they've been great until this issue.

Thanks,

Matt

1 Accepted Solution

Accepted Solutions

Hello Matt,

To get the message tracking details. it's GUI > Monitor > Message Tracking

Search for the emails and click ' show detail'

 

As per the logs, from what i can tell so far at a glance, it does look to be a port 25 interruption happening on your network, some emails are delivered, some are being stopped with soft bounce (connection terminations).

From an mxtoolbox test, (judging from the tophosts, your internal domain is besd.net)

We are seeing ESMTP inspection enabled on your firewall, can we ensure this is disabled completely as this is one of the main causes of the issues.

Connecting to 205.121.132.141

220 ********************* [813 ms]
EHLO PWS3.mxtoolbox.com
250-astark.besd.net
250-8BITMIME
250 SIZE 18877239 [656 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 sender <supertool@mxtoolbox.com> ok [656 ms]
RCPT TO:<test@example.com>
550 #5.1.0 Address rejected. [656 ms]

 

Connecting to 205.121.132.143

220 ******************** [641 ms]
EHLO PWS3.mxtoolbox.com
250-afury.besd.net
250-8BITMIME

 

Thanks,

Matthew

View solution in original post

7 Replies 7

Mathew Huynh
Cisco Employee
Cisco Employee

Hello Matt,

 

From the topic of the thread and also the details you've provided, it looks like there may be some network interruptions happening of some being noticed to the domains.

5.4.7 - Delivery expired (message too old) [Default] '[Errno 54] Connection reset by peer' (delivery attempts: 75) would generally mean the connection had seen a RST packet on the transmission thus closing the connection and hard bounce due to the bounce profile with too many reattempts/time in queue.

 

May i ask if you can attach a copy of the message tracking if possible, also:

I would like to suggest the following commands for initial troubleshooting (all in CLI)

 

CLI > tophosts

Check the hosts with the '*' next to it.

Follow it up with CLI > hoststatus > <Name of affected host>

It will then show you the last known failure on connections and the routes your ESA will send to.

I would like you to then attempt a telnet to this IP on port 25 and let us know the results.

 

if the issue is intermittently happening, the best course of action would be to enable a packet capture on your ESA on port 25 (GUI > Help and Support > Packet Capture)

On the CLI : Use the 'delivernow' command to force attempts of delivery then tail mail_logs so you can monitor live traffic, if failures occur again, stop this packet capture and open it on wireshark, you should see the attempts and errors or RST if it comes up; should it be coming from destination side or so, check the MAC address to see the next hop and investigate this next hop for any packet drops or inspections.

 

Key point:
Ensure no SMTP packet inspections are being done.

 

Please let us know,

Regards, Matthew

Matthew,

 

Thanks for the reply. I'm new at this Ironport so I'm not sure what you mean by a copy of the message tracking but I did a grep from one of the Undelivered messages and have attached part of it here.

Also uploading copies of the tophosts and hoststatus for gmail.com.

I was able to telnet to 173.194.203.27 & 74.12.20.27 gmail.com's IP's. 

 

Working on doing a capture..

Thanks,

Matt

 

 

 

Hello Matt,

To get the message tracking details. it's GUI > Monitor > Message Tracking

Search for the emails and click ' show detail'

 

As per the logs, from what i can tell so far at a glance, it does look to be a port 25 interruption happening on your network, some emails are delivered, some are being stopped with soft bounce (connection terminations).

From an mxtoolbox test, (judging from the tophosts, your internal domain is besd.net)

We are seeing ESMTP inspection enabled on your firewall, can we ensure this is disabled completely as this is one of the main causes of the issues.

Connecting to 205.121.132.141

220 ********************* [813 ms]
EHLO PWS3.mxtoolbox.com
250-astark.besd.net
250-8BITMIME
250 SIZE 18877239 [656 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 sender <supertool@mxtoolbox.com> ok [656 ms]
RCPT TO:<test@example.com>
550 #5.1.0 Address rejected. [656 ms]

 

Connecting to 205.121.132.143

220 ******************** [641 ms]
EHLO PWS3.mxtoolbox.com
250-afury.besd.net
250-8BITMIME

 

Thanks,

Matthew

Matthew,

 

Sorry for the delay we're still doing some testing... but I think the esmtp enabled on our Cisco ASA was the culprit. Let ya know for sure tomorrow!

 

Matt

Hey Matt,

 

Awesome, please keep me posted.

 

Regards,

Matthew

Matthew,

 

Looks like we're working fine now! Looks like turning off the ESMTP solved our issue! Thanks for all your help! 

:)

Matt

Hey Matt,

 

That's excellent! Happy to assist :).

 

Regards,

Matthew