Email Prevent Email Processing Interrupted Due to Relay Permissions Missing In Cisco Iron-port Message Transfer Agent
Article ID: 170463
Updated On:
Products
Data Loss Prevention Network Prevent for Email
Issue/Introduction
Symantec Data Loss Prevention (DLP) E-mail Prevent
DLP Email prevent is unable to process Emails when working in conjunction with Cisco Ironport Message Transfer Agent In Reflecting Mode
Request processor logs show the following:
Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread handlePeerDisconnect
WARNING: RPT(28): Disconnect from sending peer RPT(28)[9ff991ed-d557-4198-a7f4-768c094ce023|S:[/###.###.###.###:10025 -> /###.###.###.###:26880]
Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError
INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error. Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}
Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError
INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error. Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}
Analyzed the SMTP prevent operational logs we see:
11/Nov/17:01:26:06:269-0600 [SEVERE] (SMTP_CONNECTION.5205) Could not create listener (address=0.0.0.0:25 reason=java.net.SocketException: Permission denied)
11/Nov/17:00:28:08:218-0600 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=29 cid=befc6736-9968-4ea7-8fa5-74871a9b0e50 local=###.###.###.###:10025 remote=###.###.###.###:45924)
11/Nov/17:00:28:08:241-0600 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=29 cid=<> reason=Connection refused)
Environment
Scenario:-
- Brand new email prevent on Linux
- Email Prevent in reflecting mode with Cisco Ironport as MTA .
- RequestProcessor.ServerSocketPort :- 10025
- RequestProcessor.MTAResubmitPort:- 10026
Note: This can affect ALL versions of DLP.
Cause
When analyzing SMTP prevent operational logs we see permission denied in the error message.
Root Cause:- Relay permissions for Network Prevent for Email servers on Cisco Iron-port MTA servers were missing
Resolution
After giving relay permissions for Network Prevent for Email servers on Cisco IronPort MTA servers, email started to flow.
Feedback
Yes
No
Powered by
