Sender timeouts can be caused by any the following: Firewall with proxying or some type of packet filtering enabled for port 25 (sender or receiver's firewall)
A CISCO Pix firewall with the SMTP Fixup protocol enabled or the NO INSPECT ESMTP option disabled (receiver's firewall)
A Symantec Gateway considers the email headers to be too long (receiver's firewall)
A sending mail server with virus or spam scanning enabled for outbound traffic
Any type of relay device between the firewall and Barracuda not configured properly or with additional scanning enabled (receiver's side)
Slow sending server due to system load.
If certain specific email providers are showing up on the Basic > Message Log page of the Email Security Gateway with sender timeouts after successful deliveries, see Solution #00003210 .
CISCO Pix Firewall:
Here are some references for additional information: ESMTP TLS Configuration Note: If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows. Refer to Cisco bug ID CSCtn08326 (registered customers only) for more information. pix(config)#policy-map global_policy pix(config-pmap)#class inspection_default pix(config-pmap-c)#no inspect esmtp pix(config-pmap-c)#exit pix(config-pmap)#exit
Note: In ASA version 8.0.3 and later, the allow-tls command is available to allow TLS email with inspect esmtp enabled as shown: policy-map type inspect esmtp tls-esmtp parameters allow-tls inspect esmtp tls-esmtp Regulate Email Flows If the volume of emails comes in too fast for the internal server, you can use the static command in order to throttle down the PIX to allow a limited number of emails (connections) at a time. This is an example : static (inside,outside) 18.104.22.168 192.168.2.57 netmask 255.255.255.255 60 0 This static command example is taken from the PIX Configuration. This command limits the maximum number of connections to 60 for emails.
The maximum number of simultaneous TCP connections that the local IP hosts are to allow is 0, the default, which means unlimited connections. Idle connections are closed after the time specified by the timeout conn command. Note: If there are intermittent connectivity issues with mail server, make sure that the sysopt noproxyarp inside command is present in the configuration. Otherwise, add it to the configuration.
Refer to Cisco Security Appliance Command Reference, Version 8.0 for more information about this command.
Link to This Page: https://campus.barracuda.com/solution/50160000000GTxtAAG