Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Users encounter issues when sending mails to some domains

    • Updated:
    • 9 Oct 2015
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 3 64-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
Summary

When sending emails to some domains, you encounter any of the following:

  • Timed out while performing the EHLO handshake
  • Timed out while receiving the initial server greeting

Example:

May 12 14:48:29 scone postfix/smtp[29930]: 5E5E11105EE: to=, relay=mail.xxxx.com[203.144.233.74]:25, delay=3472, delays=3352/0.02/120/ 0, dsn=4.4.2, status=deferred (conversation with mail.fnsyrus.com[x.x.x.x] timed out while performing the EHLO handshake) May 12 14:48:29 17:10:32 xxx@xxx.org conversation with im.laotel.com[x.x.x.x] timed out while receiving the initial server greeting xxxx

Details
Public

These issues occur because of deferred mails, thus failing consistently with timeout or lost connection.

To resolve the issue, do any of the following:

Solution 1

  1. Open the sysctl.conf file using this command:

    # vi /etc/sysctl.conf

  2. Look for the "tcp_window_scaling=1" parameter and set its value to "0".
  3. Type in ":wq!".
     
    Do not include the quotation marks.
  4. Reboot the box by executing:

    #reboot

If you use postfix running on Linux and if you try to telnet the above host on port 25, the connection is made, but the remote mail server does not send its 220 messages upon connection.

The following option will revert back once your reboot the system:

Run the following commands:

# echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
# sysctl -p

Solution 2

This issue is caused by "fixup protocol smtp" in some Cisco firewalls. The Cisco PIX firewall has a bug when running software older than version 5.2(4) or 6.0(1).

The "fixup protocol smtp" feature does not correctly handle the case where the "." and the "CRLF" at the end of the mail are sent in separate packets.

This makes users wonder how one recognizes a mailer behind a Cisco PIX with the "fixtool protocol smtp" enabled.

As of version 5.1 and later, the fixup protocol smpt command changes the characters in the SMTP banner to asterisks, except for "2", "0" and "0 SPACE" characters.

When you connect to a mailer behind such a filter, you see something like below:

220 **************************************0******0*********20 ****200**0*********0*00

If the issue persists, collect the following and send them to Trend Micro Technical Support:

  • Packet capture dump
  • Mail log
  • Output of "postconf -n"
Premium
Internal
Rating:
Category:
Deploy
Solution Id:
1055808
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.