ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Email Prevent Email Processing Interrupted Due to Relay Permissions Missing In Cisco Iron-port Message Transfer Agent

book

Article ID: 170463

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Symantec Data Loss Prevention (DLP) E-mail Prevent

 DLP Email prevent  is unable to process Emails when working in conjunction with Cisco Ironport Message Transfer Agent In Reflecting Mode 

Request processor logs show the following

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread handlePeerDisconnect

WARNING: RPT(28): Disconnect from sending peer RPT(28)[9ff991ed-d557-4198-a7f4-768c094ce023|S:[/129.170.139.178:10025 -> /129.170.2.144:26880]

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError

INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error.  Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError

INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error.  Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}

 

Analyzed the SMTP prevent operational logs  we see

11/Nov/17:01:26:06:269-0600 [SEVERE] (SMTP_CONNECTION.5205) Could not create listener (address=0.0.0.0:25 reason=java.net.SocketException: Permission denied)

 

11/Nov/17:00:28:08:218-0600 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=29 cid=befc6736-9968-4ea7-8fa5-74871a9b0e50 local=129.170.139.178:10025 remote=129.170.139.177:45924)

11/Nov/17:00:28:08:241-0600 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=29 cid=<> reason=Connection refused)

 

 

Cause

When analyzing  SMTP prevent operational logs  we see permission denied in the error message.  

Root Cause:-  Relay permissions for Network Prevent for Email servers on Cisco Iron-port MTA servers were missing 

Environment

Scenario:-

  1. Brand new email prevent on Linux  7.3 +DLP 14.6 mp2
  1. Email Prevent in reflecting mode with Cisco Ironport as MTA .
  1. RequestProcessor.ServerSocketPort :- 10025
  1. RequestProcessor.MTAResubmitPort:- 10026 

Note: This can affect all versions of DLP.

Resolution

After giving relay permissions for Network Prevent for Email servers on Cisco IronPort MTA servers, email started to flow.

Powered by Wolken Software