I have one host that seems to have a real hard time sending us email. I see many "Message Aborted" entries in Mail Flow Central. Often it looks like the same email being attempted over and over again. Eventually they will be received. Sometimes it takes several hours before they are successful. I believe the issue is network related. Any ideas on how I might help provide info to the network person, and/or the IT staff on the sending end? Anyone ever had this issue?
Try raising the ACCEPT mail flow policy to have higher max. rcpt per hours. and the DHAP limit.
Or if you can look at the logs directly, the most probabe is DHAP. I had this problem before.
And btw, the default setting, giving 550 code for DHAP abort in the middle of SMTP conversation is not nice too.
domain is listed in our "Trusted" mail flow policy. In that policy, I have all settings at default. The number per hour defaults to unlimited. The same is true for "Accepted". In this case, it doesn't appear to be DHAP related. I will take a closer look at logs tho, thanks for the info...
Is this happening to messages coming from one domain? Or is it with most of the domains?
If you have a PIX/ASA installed on the edge, then please check if it has ESMTP Inspection/SMTP Fixup enabled. If yes.. then disable it.
Running packet capture on the firewall would be really helpful in determining the exact location of the issue. If it is not ESMTP Inspection or fixup thing then there must be some packet loss and you will see "TCP Retransmission" or "DUP ACK" in the packet captures.
An injection debug log might help you to sort things out. This log type logs all(!) data received from a certain host. Be careful! This includes the complete message bodies and attachments.
What I have seen a few times was a sending host that stopped responding after Ironport replies to the DATA command with "220 Go Ahead". It can be the sending system is an old/unpatched MTA that does not recognize the words "Go Ahead" in stead of "OK". At the end the debug log proves (at least in every case I had with it) that the problem is @ the sending side. (They simply stop sending data after our last "220").
The manual describes the best way(s) to configure an injection debug log.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :