I am seeing an issue with certain senders whereas they send an email and during the transmission the connection is lost. The message details on the C150 show this:
|30 Mar 2010 11:30:53 (GMT -04:00)||Protocol SMTP interface Public (IP xxx.xxx.xxx.xxx) on incoming connection (ICID 12165085) from sender IP xxx.xxx.xxx.xxx. Reverse DNS host mail.blahblah.com verified yes.|
|30 Mar 2010 11:30:53 (GMT -04:00)||(ICID 12165085) ACCEPT sender group WHITELIST match xxx.xxx.xxx.xxx SBRS 5.3|
|30 Mar 2010 11:31:46 (GMT -04:00)||Start message 1330008 on incoming connection (ICID 12165085).|
|30 Mar 2010 11:31:46 (GMT -04:00)||Message 1330008 enqueued on incoming connection (ICID 12165085) from [email protected].|
|30 Mar 2010 11:31:46 (GMT -04:00)||Message 1330008 on incoming connection (ICID 12165085) added recipient ([email protected]).|
|30 Mar 2010 11:43:20 (GMT -04:00)||Incoming connection (ICID 12165085) lost.|
|30 Mar 2010 11:43:20 (GMT -04:00)||Message 1330008 aborted: Receiving aborted|
As you can see I've tried WHITELISTing the domain (even though their SBRS is good). I've also PCAP'd during the transmission of a couple of test emails. One with an attachment (21MB) and one without. I receive the email without the attachment. The email with an attachment almost always loses the connection. Here is the twist: This only happens on nonsolicited email. If the sender replies to an email it will transmit without incident. Also, it is happening to more than one person at this particular domain.
PCAP shows that it is during the DATA fragmenting of the attachment that is loses a segment and starts a Retransmission of which it ACKs. This happens serveral times before the IronPort gives a Receiving aborted about 15mins later.
Have any of you seen this before? Any suggestions?
This has to be resolved for me as the sender domain is our sister company.
The last few lines of the injection debug would be interesting to see if it's possible to post it here because it sounds like the data stops sending and eventually times out. The clue is probably in the injection log. I guess you could send me a private message also.