There are a number of potential reasons why SMG is unable to establish a network connection to the destination mail server. The most common are as follows:
- A firewall or other network device is denying connection attempts from SMG to the destination mail server
- A network routing issue is preventing the network connection from being established from SMG to the destination mail server
- A firewall or other network device is scanning SMTP session content and either interrupting the network connection or taking too long to scan content and SMTP deliver times out
- Messaging Gateway has been configured to perform a reverse DNS lookup as part of outbound mail processing, but the reverse lookup is failing.
Diagnosing SMTP connection Issues
- Perform a telnet test from the SMG command line interface to the destination mail server as described in Troubleshoot email delivery issues using telnet
- Collect a packet capture of connection attempts to the destination mail server and review the packet capture for failed TCP/IP connection attempts
- Confirm that any intermediate firewalls or network security devices are configured to allow SMG IP addresses unrestricted ability to connect to port 25 on internal and internet servers / IPs
- Ensure that firewall or network traffic content scanning is either disabled for SMG message delivery or that this network or content scanning is not interrupting SMTP connections
If you have a firewall between the Messaging Gateway and the destination SMTP server, ensure that SMTP/ESMTP inspection features are disabled. Consult with the firewall vendor for information on how to disable these features.
Firewalls that are known to have such features are:
- Cisco ASA - Disable all esmtp_inspect features
- Cisco Pix - Disable mailguard
- Checkpoint - Disable the smart defense technology for SMTP/ESMTP
- Astaro Firewall - Versions 220.127.116.11 or lower, please check the following link http://www.astaro.com/lists/Known_Issues-ASG-V7.txt
Reverse DNS Issues
Disable the Reverse DNS Lookup for outbound mail.
- In the SMG Control Center, click the Administration tab.
- Navigate to Hosts > Configuration.
- Click on the scanner(s) having the problem to open their configuration.
- Click the SMTP tab, and then click Advanced Settings.
- Click the Outbound tab.
- Uncheck Enable reverse DNS lookup.
- Click Continue
- Click Save.