Some entries in the Message Audit Log (MAL) for Symantec Messaging Gateway (SMG) display "Abort message" as the Action, with no verdict.
This symptom occurs when a connection is interrupted during the message transmission, after the MAIL FROM, before completion of the DATA command within the SMTP conversation.
Possible underlying causes:
While you can resolve these symptoms in multiple ways, based on the underlying cause, Symantec recommends the order in which they appear.
For directions specific to your firewall model, please contact your firewall manufacturer.
Though not recommended, you may also try to resolve the issue by increasing the Connection Timeout value for the SMTP conversation.
Note: Symantec does not recommend setting the Connection Timeout higher than 5 minutes.
Well-known examples of SMTP filtration features within non-Symantec firewall products include, but are not limited to:
If the default timeout of 30 seconds is exceeded, the appliance's MTA terminates the SMTP conversation before the entire DATA portion of the message is received. This behavior results in partial entries in the Mail Audit Log.
Firewalls which scan or proxy SMTP traffic to ensure that the traffic is valid can hold the connection and cause it to fail. This issue is due to the timeout values built into the appliance MTA to prevent denial-of-service attacks. Firewall devices which do not support ESMTP commands may also cause disconnects.