barracuda - Sender Timeout Error

I'm getting an "Deferred" Sender Timeout (421 client disconnected) in the barracuda logs for an email address that needs to be able to pass.
Any reasonwhy this would happen?
LVL 7
tolinromeAsked:
Who is Participating?
 
chuck-williamsConnect With a Mentor Commented:
This is on ASDM 6.3 so I hope the path to find it is the same or similar for you.

Go to Configuration > Firewall >Service Policy Rules

You should have an inspection policy on the right, mine is called inspection_default. double Click it.

Go to the rule actions tab. Verify that ESMTP is unchecked
ESMTP.JPG
0
 
Sudeep SharmaTechnical DesignerCommented:
Try to do the manual telnet the recipient's email server and see it yourself what's happening.

All the error starting with 4XX are temporary error and there are several reasons to it.

User Mailbox is full, server is temporary not available, issue related to scanning of large attachment etc.

do the telnet and check

telnet mail.clientdomain.com 25

Sudeep
0
 
Win2K4LifeCommented:
It can also be caused by rate control kicking in. Is the smtp server retrying at a faster than normal rate? Is there a lot of mail queued for this email address and an administrator is flushing the cache?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
tolinromeAuthor Commented:
There is alot of email queued as deferred from this address at different times. But where is it "deferred" to?
It's a gmail address so I would telnet that server I suppose? The person is trying to email some of our users, its a legit email.
The users mailboxs are not full, the server is available since other emails are coming in fine and the emails are not large attachments.
How do I see if the smtp server is retrying at a faster rate?
0
 
chuck-williamsCommented:
Do you have a cisco based firewall? I had the same issue with all road runner emails getting the 421 client disconnect on the server. I have a new cisco ASA 5505 and had to disable the ESMTP inspect to allow mail to flow from road runner.
0
 
Tim99VACommented:
I'm having this same issue. Why is this question being deleted and is there a solution yet? I also increased the smtp open connections in the Barracuda to 120 with no luck. Can anyone tell me how I can check if the Cisco ESMTP is enabled using the ASDM?
0
 
chuck-williamsCommented:
At lease this is true with firmware 8.3. But if you do a show run look at your config and you will see something similar to this in there:

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect pptp
  Inspect esmtp

IF you see inspect esmtp in there then you can remove it using the following commands (based on the policy map and class names above, yours may be different)

config t
policy-map global-policy
class inspection-default
no inspect esmtp

Thats for you Tim as I believe this question will be delted soon. Hope you get this.
0
 
tolinromeAuthor Commented:
Thanks guys. I'm the author of this question.
Were having problems as well withthe roadrunner domain, same error 421 sender timeout.
I have a Cisco ASA 5520 and from what I remembered using the ASDM gui interface the ESMTP was disabled.
Do you remember how I can check that again though just to be sure?
Thanks!
0
 
tolinromeAuthor Commented:
Object the delete since I'm starting to get some answers.
0
 
tolinromeAuthor Commented:
I think that will do it chuck-williams, thanks.
btw, should unchecking this be a security concern?

Thanks!
0
 
chuck-williamsCommented:
Normally I would say yes. But if you only allow smtp traffic through your ASA to your barracuda and no where else, then the barracuda should be able to handle the security of that traffic. That is why we bought it ... isn.t it. lol.
0
 
tolinromeAuthor Commented:
Nice job.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.