We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

What are potential causes of "Sender Timeout" on the Barracuda Spam Firewall?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00001728 Scope: This applies to all Barracuda Spam Firewalls on all firmware versions.

Answer:

Sender timeouts can be caused by any the following: Firewall with proxying or some type of packet filtering enabled for port 25 (sender or receiver's firewall)

A CISCO Pix firewall with the SMTP Fixup protocol enabled or the NO INSPECT ESMTP option disabled (receiver's firewall) 

A Symantec Gateway considers the email headers to be too long (receiver's firewall) 

A sending mail server with virus or spam scanning enabled for outbound traffic

Any type of relay device between the firewall and Barracuda not configured properly or with additional scanning enabled (receiver's side) 

Slow sending server due to system load.

Additional Notes:
If certain specific email providers are showing up on the Basic > Message Log page of the Barracuda Spam Firewall with sender timeouts after successful deliveries, see Solution #00003210 .

CISCO Pix Firewall:

Here are some references for additional information: ESMTP TLS Configuration Note: If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows. Refer to Cisco bug ID CSCtn08326 (registered customers only) for more information. pix(config)#policy-map global_policy pix(config-pmap)#class inspection_default pix(config-pmap-c)#no inspect esmtp pix(config-pmap-c)#exit pix(config-pmap)#exit

Note: In ASA version 8.0.3 and later, the allow-tls command is available to allow TLS email with inspect esmtp enabled as shown: policy-map type inspect esmtp tls-esmtp parameters allow-tls inspect esmtp tls-esmtp Regulate Email Flows If the volume of emails comes in too fast for the internal server, you can use the static command in order to throttle down the PIX to allow a limited number of emails (connections) at a time. This is an example : static (inside,outside) 209.164.3.5 192.168.2.57 netmask 255.255.255.255 60 0 This static command example is taken from the PIX Configuration. This command limits the maximum number of connections to 60 for emails.
The maximum number of simultaneous TCP connections that the local IP hosts are to allow is 0, the default, which means unlimited connections. Idle connections are closed after the time specified by the timeout conn command. Note: If there are intermittent connectivity issues with mail server, make sure that the sysopt noproxyarp inside command is present in the configuration. Otherwise, add it to the configuration.

Refer to Cisco Security Appliance Command Reference, Version 8.0 for more information about this command.