Applies to the Barracuda Email Security Service (BESS)
When you send out email to a lot of recipients, we often see the sending mail server close the connection before we can verify all the recipients. To resolve this, the SMTP timeout on the sending mail server needs to be increased.
What is happening is this:
You send out a single message to say 100 people, This message is sent by your mail server to our service.
The sending mail server sends the "mail from" and all the "rcpt to" in the first few packets to BESS.
Because BESS is a real-time pass-through service, it has to take each of the "mail from" and "rcpt to" addresses, connect to the destination server, send them the "mail from" and "rcpt to" string, wait for the answers and then relay that answer back to the sending mail server. One after the next after the next...
When there are a large number of recipients, this process can and does take a long time.
If your mail server has a short SMTP timeout, it can time out before all the "rcpt to" responses are returned, and when that happens, it closes the connection. Below is a small cut from a message going out to 199 recipients from a server with its SMTP timeout setting set too short. Notice the "Sender Quit" response:
email@example.com Allowed Not Delivered (188.8.131.52 Sender Quit)
firstname.lastname@example.org Allowed Not Delivered (184.108.40.206 Sender Quit)
email@example.com Allowed Not Delivered (220.127.116.11 Sender Quit)
heather.jones@gmail..com Allowed Not Delivered (18.104.22.168 Sender Quit)
The above results show that the mail server closed the connection before all of the "rcpt to" responses were returned, so the message was deferred and is currently being retried by the server. It will, however, never get delivered, because the mail server is the entity closing the connection early.
The default setting for SMTP sessions is five minutes, however, if you are sending one message to a lot of users, it can take longer than that to return all the recipient responses. We often see sending email servers with a very short (one minute or less) SMTP timeout, which is what is sometimes set to prevent Denial of Service attacks.
BESS is at the mercy of the destination servers. The longer they take to return a response, the longer it takes to get that response back to your mail server. Many destination servers verify the sender's email address (which takes more time) and check the sender against blacklists (which takes even more time). This checking processes cause long delays when returning the results back to your server. This long delay can result in your server closing the connection due to an SMTP timeout.
It is critical that if you mass mail through the BESS service, that you have an SMTP timeout long enough to get your mail delivered.
Link to This Page: