Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
What can cause the SMTP banner to be delayed?
Document ID: 118016
Contributed by Jackie Fleming and Enrico Werner Cisco TAC
Engineers.
Jul 18, 2014
Engineers.
Jul 18, 2014
Contents
Question:
DNS Issues
High CPU Usage
High CPU Usage
Resource Conservation mode
Firewalls
Firewalls
Question:
What can cause the SMTP banner to be delayed?
Typically when you telnet to port 25 of a mail server, you will get the SMTP banner very quickly. Here are
examples of SMTP banners:
examples of SMTP banners:
220 host.example.com ESMTP
554 host.example.com
Sometimes there is a delay and all you get is the connection information in your display. Here is an example:
host.example.com> telnet 10.92.152.18 25
Trying 10.92.152.18...
Connected to host.example.com.
Escape character is '^]'.
554 host.example.com
Sometimes there is a delay and all you get is the connection information in your display. Here is an example:
host.example.com> telnet 10.92.152.18 25
Trying 10.92.152.18...
Connected to host.example.com.
Escape character is '^]'.
Note that the banner is missing in this example. After some time passes, the banner should finally be
displayed on the next line. This article addresses this specific situation. There are four common causes we
will discuss: DNS Issues, High CPU Usage, Resource Conservation mode and Firewalls.
displayed on the next line. This article addresses this specific situation. There are four common causes we
will discuss: DNS Issues, High CPU Usage, Resource Conservation mode and Firewalls.
DNS Issues
The most common cause of the SMTP banner being delayed is that the DNS lookups took longer than normal
or timed out. There are three lookups that happen between the connect and the banner display: a reverse DNS
(or PTR record) lookup, then a forward (or A record) lookup of the hostname given in the PTR record, and
then a SenderBase lookup to get the connecting host's SBRS (SenderBase Reputation Score).
or timed out. There are three lookups that happen between the connect and the banner display: a reverse DNS
(or PTR record) lookup, then a forward (or A record) lookup of the hostname given in the PTR record, and
then a SenderBase lookup to get the connecting host's SBRS (SenderBase Reputation Score).
These lookups are used to determine which Sender Group the connecting host belongs to. This determines
what Mail Flow Policy is used and if mail will be accepted from this host. This affects what mail banner, if
any, will be sent. That is why it is critical for these lookups to happen before the banner is given.
what Mail Flow Policy is used and if mail will be accepted from this host. This affects what mail banner, if
any, will be sent. That is why it is critical for these lookups to happen before the banner is given.