Some messages to a known good destination get stuck in the delivery queue of Messaging Gateway when using TLS
Last Updated June 11, 2018
Some messages with a known good destination get stuck in the delivery queue of SMG, even though other messages to the same destination are getting delivered. Messages may show no error associated with the delivery failure as they are still in the active queue. Restarting the Mail Transfer Agent (MTA) and flushing the delivery queue causes those messages to be delivered, but sometime more than one restart and flushing attempts are required.
Messaging Gateway/Brightmail Gateway versions before 10.x
Sometimes these messages show the following error in delivery queue:
421 4.4.0 [internal] no MXs for this domain could be reached at this time
This is a known issue.
This issue seems to occur when TLS mail is mixed with clear text mail going to the same destination host.
This issue has been resolved. To address this issue please update to version 10.x of the Symantec Messaging Gateway.
There are 3 workarounds/solutions for this issue
1. Instead of delivering mail using the Default Route, please configure separate delivery routes for each of the configured domains using the "Destination Routing" option on Protocols -> Domains page. Specify the public IP of the recipient MTA in the Delivery tab Destination Routing because it is more stable to use a fixed IP when delivering with TLS than using default route (MX lookup).
2. Set all the non-local domains to the same TLS level for example "Require TLS encryption and don´t verify certificate" or "Attempt TLS".
3. Change the number of outgoing connections in Administration >> Hosts >> Configuration >> Edit Host >> SMTP >> Advanced Settings >> Delivery >> "Maximum number of outgoing messages for a connection:" to 1
From the next major release the TLS mail delivery should be stable by default regardless of TLS settings.
SMG appliance running version 9.x.
Delivery using TLS configured for one or more domains.
Both TLS and non-TLS mail going to the same destination host.
Imported Document ID: TECH166581
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe