Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

exceeded allowable connection time

Hi guys,
I have changed my SMTP relays from Postfix to IronPort C350. Now I have a problem with webapplications which are sending a lot of mails. In the logfile I found the following error message very often: exceeded allowable connection time. Has anybody an idea???

5 REPLIES
Community Member

Re: exceeded allowable connection time

Hi,

are your webapplications passing a proxy? Some proxies have problems with the multiline SMTP server responses, causing the client never to reply (they will get a response like 220 ****************). This could cause the timeouts.

Hope this helps.

Raf

Community Member

exceeded allowable connection time

Hi,

are your webapplications passing a proxy? Some proxies have problems with the multiline SMTP server responses, causing the client never to reply (they will get a response like 220 ****************). This could cause the timeouts.

Hope this helps.

Raf


...no, they are not using a proxy. They are sending the mails via a python script by using telnet. After round about 15 minutes (...and before finishing mail transfer!) the connection is closed by the IronPort system with the error message above. I'm searching for a possibilty to switch the timer to a higher value. Maybe you have another idea?

Thank you,
Thomas

Community Member

Re: exceeded allowable connection time

Fisherman - check the global settings of your appliance listeners via the listenerconfig->setup subcommand.

[]> setup

Enter the global limit for concurrent connections to be allowed across all
listeners.
[300]>

Enter the maximum number of message header lines. 0 indicates no limit.
[1000]>

1. Allow SenderBase to determine cache time (Recommended)
2. Don't cache SenderBase data.
3. Specify your own cache time.
[1]>

Enter the rate at which injection control counters are reset.
[1h]>

Enter the timeout for unsuccessful inbound connections.
[5m]>

Enter the maximum connection time for inbound connections.
[15m]>

I think you are hitting the 15m max inbound time setting.

I'd suggest you create a new HAT policy for these relay servers to connect via.

8)

Community Member

Re: exceeded allowable connection time

Hmmm, it works for Postfix but not for IronPort, eh? Lack of a proxy notwithstanding, Poesjkin might be on the right track with the multiline server responses if your script isn't smart enough to handle them. However, I've never noticed an IronPort doing this except in response to EHLO (not that I make manual connections to my ESAs very often). But my first guess is that you've got a end-of-line problem. SMTP requires that all lines be terminated with CRLF. However, if your script is using the Unix EOL convention of just "\n" (that is, LF), and your ESA does not have the "clean up bare CR and LF" option turned on, then I'd expect exactly the symptom you're seeing. This is because the "." used to terminate the message isn't recognized if it is just "." and this option isn't turned on. Use the listenerconfig -> edit -> setup -> cleansmtp command to check this setting.

Community Member

exceeded allowable connection time

Hmmm, it works for Postfix but not for IronPort, eh? Lack of a proxy notwithstanding, Poesjkin might be on the right track with the multiline server responses if your script isn't smart enough to handle them. However,  I've never noticed an IronPort doing this except in response to EHLO (not that I make manual connections to my ESAs very often). But my first guess is that you've got a end-of-line problem. SMTP requires that all lines be terminated with CRLF. However, if your script is using the Unix EOL convention of just "\n" (that is, LF), and your ESA does not have the "clean up bare CR and LF" option turned on, then I'd expect exactly the symptom you're seeing. This is because the "." used to terminate the message isn't recognized if it is just "." and this option isn't turned on. Use the listenerconfig -> edit -> setup -> cleansmtp command to check this setting.


Hi dlnash,
many thanks for your answer. verylongbloke was right. I've set this value to 30m and everythink works proberly and the problem was solved.
Regards, Thomas

1289
Views
0
Helpful
5
Replies
CreatePlease to create content