barracuda - Sender Timeout Error

Posted on 2010-08-25
Last Modified: 2012-05-10
I'm getting an "Deferred" Sender Timeout (421 client disconnected) in the barracuda logs for an email address that needs to be able to pass.
Any reasonwhy this would happen?
Question by:tolinrome
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33526572
Try to do the manual telnet the recipient's email server and see it yourself what's happening.

All the error starting with 4XX are temporary error and there are several reasons to it.

User Mailbox is full, server is temporary not available, issue related to scanning of large attachment etc.

do the telnet and check

telnet 25


Expert Comment

ID: 33526652
It can also be caused by rate control kicking in. Is the smtp server retrying at a faster than normal rate? Is there a lot of mail queued for this email address and an administrator is flushing the cache?

Author Comment

ID: 33527680
There is alot of email queued as deferred from this address at different times. But where is it "deferred" to?
It's a gmail address so I would telnet that server I suppose? The person is trying to email some of our users, its a legit email.
The users mailboxs are not full, the server is available since other emails are coming in fine and the emails are not large attachments.
How do I see if the smtp server is retrying at a faster rate?
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.


Expert Comment

ID: 33579066
Do you have a cisco based firewall? I had the same issue with all road runner emails getting the 421 client disconnect on the server. I have a new cisco ASA 5505 and had to disable the ESMTP inspect to allow mail to flow from road runner.

Expert Comment

ID: 33581062
I'm having this same issue. Why is this question being deleted and is there a solution yet? I also increased the smtp open connections in the Barracuda to 120 with no luck. Can anyone tell me how I can check if the Cisco ESMTP is enabled using the ASDM?

Expert Comment

ID: 33581254
At lease this is true with firmware 8.3. But if you do a show run look at your config and you will see something similar to this in there:

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect pptp
  Inspect esmtp

IF you see inspect esmtp in there then you can remove it using the following commands (based on the policy map and class names above, yours may be different)

config t
policy-map global-policy
class inspection-default
no inspect esmtp

Thats for you Tim as I believe this question will be delted soon. Hope you get this.

Author Comment

ID: 33599465
Thanks guys. I'm the author of this question.
Were having problems as well withthe roadrunner domain, same error 421 sender timeout.
I have a Cisco ASA 5520 and from what I remembered using the ASDM gui interface the ESMTP was disabled.
Do you remember how I can check that again though just to be sure?

Author Comment

ID: 33599471
Object the delete since I'm starting to get some answers.

Accepted Solution

chuck-williams earned 250 total points
ID: 33627582
This is on ASDM 6.3 so I hope the path to find it is the same or similar for you.

Go to Configuration > Firewall >Service Policy Rules

You should have an inspection policy on the right, mine is called inspection_default. double Click it.

Go to the rule actions tab. Verify that ESMTP is unchecked

Author Comment

ID: 33627757
I think that will do it chuck-williams, thanks.
btw, should unchecking this be a security concern?


Expert Comment

ID: 33628488
Normally I would say yes. But if you only allow smtp traffic through your ASA to your barracuda and no where else, then the barracuda should be able to handle the security of that traffic. That is why we bought it ... isn.t it. lol.

Author Closing Comment

ID: 33629044
Nice job.

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010, Implementing On-Prem Archiving 3 37
SPF record issue 6 85
block mails from a particular country in postfix 7 79
Mail Server IP address 2 55
Resolve DNS query failed errors for Exchange
Encryption for Business Encryption ( ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question