SMTP Prevent server closes connections without sending mail

book

Article ID: 159584

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

The Network Prevent for Email (SMTP) server terminates inbound connections without sending mail. The FileReader and RequestProcessor logs show connections opening and closing, and no other issues with SMTP configuration.

Resolution

Some message transfer agents (MTAs) terminate connections based on the absence of required commands in the response to the EHLO command.

Under ESMTP (Enhanced SMTP), the EHLO response contains a list of commands that the MTA will accept. The SMTP Prevent server acts as a proxy in the SMTP transaction, so it repeats the EHLO response it receives from the downstream MTA back to the upstream host (minus any modified commands, such as STARTTLS; see TECH219087 for more information on changing the list of supported commands).

One manifestation of this problem occurs with Microsoft Exchange when it is configured to use the Sender ID feature. If the destination MTA's EHLO response does not include the proprietary commands that Exchange uses to establish the Sender ID, the Exchange MTA will close the connection before transmitting any data.

 

To avoid this problem, you must disable any such proprietary features that require these commands to be present.