Email Prevent Email Processing Interrupted Due to Relay Permissions Missing In Cisco Iron-port Message Transfer Agent
search cancel

Email Prevent Email Processing Interrupted Due to Relay Permissions Missing In Cisco Iron-port Message Transfer Agent

book

Article ID: 170463

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Symantec Data Loss Prevention (DLP) E-mail Prevent

 DLP Email prevent  is unable to process Emails when working in conjunction with Cisco Ironport Message Transfer Agent In Reflecting Mode 

Request processor logs show the following:

Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread handlePeerDisconnect
WARNING: RPT(28): Disconnect from sending peer RPT(28)[9ff991ed-d557-4198-a7f4-768c094ce023|S:[/###.###.###.###:10025 -> /###.###.###.###:26880]
Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError
INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error.  Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}
Nov 11, 2017 1:09:29 AM com.vontu.mta.rp.ESMTPRequestProcessorThread logSMTPError
INFO: {message=Message will be aborted. Sending peer disconnected. Sending error to sending peer., SMTPMessageHeaderId=Nil, UpstreamDisconnect=421 4.3.0 Fatal: Processing error.  Closing connection., ConnectionSecurityType=NO_TLS, MessageUid=Nil, ConnectionId=ab98466d-b911-4f60-9da8-80065db02055}

Analyzed the SMTP prevent operational logs  we see:

11/Nov/17:01:26:06:269-0600 [SEVERE] (SMTP_CONNECTION.5205) Could not create listener (address=0.0.0.0:25 reason=java.net.SocketException: Permission denied)
11/Nov/17:00:28:08:218-0600 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=29 cid=befc6736-9968-4ea7-8fa5-74871a9b0e50 local=###.###.###.###:10025 remote=###.###.###.###:45924)
11/Nov/17:00:28:08:241-0600 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=29 cid=<> reason=Connection refused)

Environment

Scenario:-

  1. Brand new email prevent on Linux 
  1. Email Prevent in reflecting mode with Cisco Ironport as MTA .
  1. RequestProcessor.ServerSocketPort :- 10025
  1. RequestProcessor.MTAResubmitPort:- 10026 

Note: This can affect ALL versions of DLP.

Cause

When analyzing  SMTP prevent operational logs  we see permission denied in the error message.  

Root Cause:-  Relay permissions for Network Prevent for Email servers on Cisco Iron-port MTA servers were missing 

Resolution

After giving relay permissions for Network Prevent for Email servers on Cisco IronPort MTA servers, email started to flow.