Cisco Cisco Email Security Appliance X1050 Guía Para Resolver Problemas
To determine if the issue is DNS related, you will need to log into the command line (CLI) of the ESA and
use the nslookup command. It is important to do this from the appliance itself so you are working from its
perspective. First you will need to know the IP address that is trying to connect. You may want to use the
mail_logs or Message Tracking to get the IP address.
use the nslookup command. It is important to do this from the appliance itself so you are working from its
perspective. First you will need to know the IP address that is trying to connect. You may want to use the
mail_logs or Message Tracking to get the IP address.
Once you know the IP, you can start using nslookup to test. Be sure to count how many seconds it takes for
each of these
each of these
DNS lookups! First the reverse DNS lookup:
host.example.com> nslookup 10.92.152.18
PTR= host.example.com TTL=2h 35m 43s
PTR= host.example.com TTL=2h 35m 43s
Then do a lookup on the hostname that came back on the reverse DNS lookup, like so:
host.example.com> nslookup host.example.com
A=10.92.152.18 TTL=2h 34m 16s
A=10.92.152.18 TTL=2h 34m 16s
If the total time for these two lookups approximately matches how long the banner is delayed, you have found
the cause and will want to review the DNS situation further. The next steps could include testing other IP
addresses from different networks. This will tell you if the issue is isolated to specific hosts or networks, or if
there is a more general DNS issue.
the cause and will want to review the DNS situation further. The next steps could include testing other IP
addresses from different networks. This will tell you if the issue is isolated to specific hosts or networks, or if
there is a more general DNS issue.
High CPU Usage
Another possible cause of the SMTP banner delay is very high CPU usage.
When a system is under heavy load, everything takes longer to happen. You can check this by going to the
System Status page of the Monitor tab, or by using the 'status detail' CLI command. Both of these will give
the CPU usage statistics in the Gages section. Here is an example:
System Status page of the Monitor tab, or by using the 'status detail' CLI command. Both of these will give
the CPU usage statistics in the Gages section. Here is an example:
CPU Utilization
Total 67%
MGA 16%
CASE 46%
Brightmail AntiSpam 0%
AntiVirus 0%
Reporting 4%
Quarantine 0%
Total 67%
MGA 16%
CASE 46%
Brightmail AntiSpam 0%
AntiVirus 0%
Reporting 4%
Quarantine 0%
If the Total is very high (95% or higher) and continues to remain high for several minutes, CPU usage is
likely the cause of
likely the cause of
the SMTP banner delays.
Resource Conservation mode
Another possible cause of the SMTP banner delay is that the system has entered Resource Conservation
mode. In this mode, the system protects itself by slowing down the flow of mail acceptance. It does this by
intentionally delaying each SMTP response it sends. To determine if the system is in Resource Conservation
mode, go to the System Status page of the Monitor tab, or by use the 'status detail' CLI command. Look for
mode. In this mode, the system protects itself by slowing down the flow of mail acceptance. It does this by
intentionally delaying each SMTP response it sends. To determine if the system is in Resource Conservation
mode, go to the System Status page of the Monitor tab, or by use the 'status detail' CLI command. Look for