Email Prevent Email Processing Interrupted Due to Relay Permissions Missing In Cisco Iron-port Message Transfer Agent

Article Id: 170463
Status: Published
Updated On: 29-10-2019 05:06
Legacy Id: TECH248147
Products:
Data Loss Prevention Network Prevent for Email
Issue/Introduction:

Symantec Data Loss Prevention (DLP) E-mail Prevent

 DLP Email prevent  is unable to process Emails when working in conjunction with Cisco Ironport Message Transfer Agent In Reflecting Mode 

Request processor logs show the following

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread handlePeerDisconnect

WARNING: RPT(28): Disconnect from sending peer RPT(28)[9ff991ed-d557-4198-a7f4-768c094ce023|S:[/129.170.139.178:10025 -> /129.170.2.144:26880]

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError

INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error.  Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError

INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error.  Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}

 

Analyzed the SMTP prevent operational logs  we see

11/Nov/17:01:26:06:269-0600 [SEVERE] (SMTP_CONNECTION.5205) Could not create listener (address=0.0.0.0:25 reason=java.net.SocketException: Permission denied)

 

11/Nov/17:00:28:08:218-0600 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=29 cid=befc6736-9968-4ea7-8fa5-74871a9b0e50 local=129.170.139.178:10025 remote=129.170.139.177:45924)

11/Nov/17:00:28:08:241-0600 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=29 cid=<> reason=Connection refused)

 

 

Cause:

When analyzing  SMTP prevent operational logs  we see permission denied in the error message.  

Root Cause:-  Relay permissions for Network Prevent for Email servers on Cisco Iron-port MTA servers were missing 

Resolution:

After giving relay permissions for Network Prevent for Email servers on Cisco IronPort MTA servers, email started to flow.