Some messages going to a known good destination get stuck in the delivery queue of Symantec Messaging Gateway (SMG) when using TLS
|Article:TECH166581|||||Created: 2011-08-05|||||Updated: 2013-03-15|||||Article URL http://www.symantec.com/docs/TECH166581|
Some messages with a known good destination get stuck in the delivery queue of SMG even though other messages to the same destination are getting delivered. Sometimes these messages show no error associated with the delivery failure as they are still in the active queue. Restarting the mta and flushing the delivery queue causes those messages to be delivered, but sometime more than one restart and flushing attempts are required.
Sometimes these messages show the following error in delivery queue:
421 4.4.0 [internal] no MXs for this domain could be reached at this time
SMG appliance running version 9.x.
Delivery using TLS configured for one or more domains.
Both TLS and non-TLS mail going to the same destination host.
This is a known issue.
This issue seems to occur when TLS mail is mixed with clear text mail going to the same destination host.
This issue has been resolved. To address this issue please update to version 10.x of the Symantec Messaging Gateway.
There are 3 workarounds/solutions for this issue
1. Instead of delivering mail using the Default Route, please configure separate delivery routes for each of the configured domains using the "Destination Routing" option on Protocols -> Domains page. Specify the public IP of the recipient MTA in the Delivery tab Destination Routing because it is more stable to use a fixed IP when delivering with TLS than using default route (mx lookup).
2. Set all the non-local domains to the same TLS level for example "Require TLS encryption and don´t verify certificate" or "Attempt TLS".
3. Change the number of outgoing connections in Administration >> Hosts >> Configuration >> Edit Host >> SMTP >> Advanced Settings >> Delivery >> "Maximum number of outgoing messages for a connection:" to 1
From the next major release the TLS mail delivery should be stable by default regardless of TLS settings.
Article URL http://www.symantec.com/docs/TECH166581