Email stops when using remote syslog over TCP to offline syslog server


Messaging Gateway


Mail traffic through Messaging Gateway (SMG) slows significantly or is not processed at all even though CPU utilization is low and the email queues are empty. The MTA service appears to be up and accepting connections but no errors are logged in either the maillog or Brightmail Engine logs and no messages are accepted. Packet captures of port 25 show that Messaging Gateway is not presenting an SMTP banner and inbound SMTP connections are timing out waiting for the banner.

This may be the result of SMG being configured to log to remote syslog using the TCP protocol and being unable to connect to the remote syslog server.


Remote Syslog


Messaging Gateway cannot connect to the configured remote syslog server which is either offline or not accessible via the network.

When an SMTP connection is established to Messaging Gateway and remote syslog is configured to use TCP, if a logging connection to the remote syslog server cannot be established the log message is buffered by the local syslog server. When this buffer is full, all further attempts to log messages are blocked which results in the MTA waiting on logging before it presents the SMTP banner. The connecting mail server will wait approximately 30 seconds for a banner before disconnecting and reattempting delivery at a later time.


This issue has been resolved with the SMG 10.6.3-2 release.


Switching to the default configuration using UDP as the logging protocol will prevent syslog from blocking when the remote syslog server is unavailable.

  1. Log into the control center as an administrator
  2. Go to Administration > Logs > Remote
  3. Select one of the scanner hosts in the pulldown in the upper right
  4. Change the Protocol to UDP
  5. Check the "Apply these Remote Logging settings to all hosts" at the bottom of the page
  6. Click Save