cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5390
Views
0
Helpful
5
Replies

email from gmail not been delivered

gdamjanovic
Level 1
Level 1

Hi All,

I am managing blocker for my customer for over a year. My colegue that work on site noticed that emails from gmail and one bussines domains a not been delivered. We analyze message tracking noticed that communication starts fine then connection is lost and receaving aborted. Other thing that we noticed that all Emails have (no subject) remark. But when I try to send an email from my gmail account and leave subject line empty, email is delivered and remark is (empty subject) . Problem is not critical becouse we advice people to use buusines mail and not free email services, but we'd like to solve problem with that bussines domain

Does anybody have idea

thanks in advance

regards

Goran

5 Replies 5

Martin Eppler
Cisco Employee
Cisco Employee

Hello Goran,

this is not an easy question to answer, especially when it is not clear why and when the ICID lost / receiving aborted is noted in the logs. The absence of a subject line in message tracking indicates that the subject header has not been received here. This header is transmitted (like all message headers) in the SMTP DATA session.

Can you please verify t which timespan after opening the connection is this encountered? I assume that you can see the envelope sender and recipient address, but after this there is no log entry for the timespan of the "timeout for unsuccessful inbound connections" (default: 5 minutes). In 99% of the cases this is an indication that ICMP traffic is blocked in the network that allows the Path MTU Discovery protocol (RFC 1191) to function. The MTU is small enough to transmit the envelope sender and recipient data and the first "big block" is the one received after the SMTP DATA command and the 354 go ahead response from the appliance. If the injection debug log taken does not show anything beyond this, I'd say that the ICMP blockage is confirmed. If you can see data in the injection debug log after the 354 go ahead, then I'd assume a firewall checking on SPF or DKIM headers. Usually the connection loss is then 1-2 seconds after the envelope recipient is noted in the logs (and not 5 minutes like with ICMP being blocked).

Hope this helps. If not, please feel free to post back.

Thanks and regards,

Martin

Thanx for your reply,

Here is some more information. We run packet capture on blocker. Communication in begining is statandard until Blocker sends go ahed, then go ahed retransmission and then source host sends smtp [rst, ack] and thats it. Whole communication is within 1 second. Blocker is in DMZ on ASA firewall, NAT is deployed, ICMP traffic is alowed from outside.

BR,

Goran

Hello Goran,

thois really sounds like a network related or ASA related issue.As you can see in the tcpdump, the connection is not terminated by the appliance but from the network. Does the ASA have SMTP fixup/ SMTP inspection enabled?  If so, I highly recommend to disable it. You can verify this if the reply to the EHLO/HELO command from the appliance through the firewall returns '220 ****************' instead of '220 mail.example.com'. Also I would not consider it normal if the appliance needs to retransmit the 354 go ahead several times without receiving a reply.

Thanks and regards,

Martin

Thanks Martin,

Problem was related to ASA. SMTP(ESMTP) fixup was enabled. After disableing it problem was solved. Same day i could confirm for gmail and today I recieved comfirmation for bussines domain witch was not workin along with gmail.

Many thanks again.

BR,

Goran

Hello Goran,

thanks for the feedback. I'm glad that I was able to provide some input to solve the issue you have been facing.

Regards,

Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: