Hi

The most common cause for this problem is that a connection is being dropped by your firewall or other network equipment due to their TCP idle timeout settings.

The IronPort will maintain a number of active TCP sessions to your LDAP servers. These will be used for 6 hours or 10,000 queries, whichever comes first.

What can happen is that the a TCP session can remain idle for some time while mail flow is slow. When the IronPort attempts to re-use that connection, your firewall may see that this TCP session has not been used for a long time and so it will drop the packet.

To correct this, you would need to disable the TCP idle timeout settings on your firewall for the IronPort's IP address.

While this issue does produce the occasional alert message, it should not have any significant impact on mail flow. If an LDAP query times out the appliance may soft bounce an email, but the sending server should retry any soft bounces. This means that this may delay emails but it should not cause them to be dropped or hard bounced.

To make sure that the issue is not something more serious, I would recommend going to System Administration -> LDAP, clicking on your LDAP server profile and running a test query for your "Accept" query. If you see the expected results here, the issue is almost certainly the transient TCP idle timeout problem described above.

- Libin V