Руководство По Устранению Ошибки для Cisco Cisco Content Security Management Appliance M170
What does "Receiving aborted" and "Receiving
aborted by sender" in the mail logs mean?
aborted by sender" in the mail logs mean?
Document ID: 118295
Contributed by Jai Gill and Robert Sherwin, Cisco TAC Engineers.
Aug 14, 2015
Contents
Introduction
What does "Receiving aborted" in the mail logs mean?
What does "Receiving aborted by sender" in the mail logs mean?
Troubleshoot
Related Information
What does "Receiving aborted" in the mail logs mean?
What does "Receiving aborted by sender" in the mail logs mean?
Troubleshoot
Related Information
Introduction
This document describes the difference between "Receiving aborted" and "Receiving aborted by sender" as
seen in the mail logs and message tracking associated with the Cisco Email Security Appliance (ESA) and the
Cisco Security Management Appliance (SMA).
seen in the mail logs and message tracking associated with the Cisco Email Security Appliance (ESA) and the
Cisco Security Management Appliance (SMA).
What does "Receiving aborted" in the mail logs mean?
"MID XXX Receiving aborted" indicates that the connection from the receiving side has been ended by a
network problem, or the sender just closed the connection abruptly. "MID XXX" is the message ID of the
message that could not be successfully injected. In many cases of seeing "Receiving aborted" it is a Firewall
or SMTP-aware security device that is interrupting the traffic.
network problem, or the sender just closed the connection abruptly. "MID XXX" is the message ID of the
message that could not be successfully injected. In many cases of seeing "Receiving aborted" it is a Firewall
or SMTP-aware security device that is interrupting the traffic.
The following example illustrates a remote client establishing a SMTP connection to the ESA followed by the
connection closing below the application layer, typically seen when the appliance receives a premature TCP
[FIN] flag or a connection reset:
connection closing below the application layer, typically seen when the appliance receives a premature TCP
[FIN] flag or a connection reset:
Thu Aug 14 11:04:31 2014 Info: New SMTP ICID 10293 interface Management
(192.168.0.199) address 192.168.0.200 reverse dns host ns.example.com verified no
Thu Aug 14 11:04:31 2014 Info: ICID 10293 RELAY SG RELAY_SG match 192.168.0.200
SBRS not enabled
Thu Aug 14 11:04:51 2014 Info: Start MID 1404 ICID 10293
Thu Aug 14 11:04:51 2014 Info: MID 1404 ICID 10293 From: <user@domain.com>
Thu Aug 14 11:05:00 2014 Info: MID 1404 ICID 10293 RID 0 To: <end_user@example.com>
Thu Aug 14 11:05:36 2014 Info: ICID 10293 lost
Thu Aug 14 11:05:36 2014 Info: Message aborted MID 1404 Receiving aborted
Thu Aug 14 11:05:36 2014 Info: Message finished MID 1404 aborted
Thu Aug 14 11:05:36 2014 Info: Message aborted MID 1404 Receiving aborted
Thu Aug 14 11:05:36 2014 Info: Message finished MID 1404 aborted
Thu Aug 14 11:05:36 2014 Info: ICID 10293 close
It may also simply mean that the "Timeout for Unsuccessful Inbound Connections" has been reached, which
is five minutes by default, configured on the Listener. This occurs when no data has been sent before the
timeout is reached:
is five minutes by default, configured on the Listener. This occurs when no data has been sent before the
timeout is reached:
Wed Aug 20 22:20:07 2014 Info: Start MID 1558778 ICID 3875465
Wed Aug 20 22:20:07 2014 Info: MID 1558778 ICID 3875465 From: <sndr@xyz.com>
Wed Aug 20 22:20:07 2014 Info: MID 1558778 ICID 3875465 RID 0 To: <recip@abc.com>
Wed Aug 20 22:20:07 2014 Info: MID 1558778 ICID 3875465 RID 0 To: <recip@abc.com>