000032847 - RSA DLP ERROR NW_903  xxxxxxxxxxxx QueueMonitor  MTAMonitorError for MTA: xxxxxxxxxxxx , [Errno -5] No address associated with hostname

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032847
Applies ToRSA Product Set: RSA DLP
RSA Product/Service Type: Interceptor 
RSA Version/Condition: 9.6 SP2
Platform: CentOS
 
IssueEmails get queued which causes a delay for the email release-period on the Interceptor. 
This issue occurs when TLS is enabled between the RSA DLP Interceptor & correspondent MTA.
It doesn't affect the functionality of how interceptor works as much as it introduces a tangible delay while an email is traversing through the Interceptor. 
CauseTLS timeouts after the secure-connection handshake  is done between RSA DLP Interceptor & correspondent MTA.
Error related to the issue can be observed inside messages.log file located under path: 
/opt/tablus/sensor/log

Error: 
ERROR NW_903   xxxxxxxxxx  QueueMonitor     MTAMonitorError for MTA: xxxxxxxxxx , [Errno -5] No address associated with hostname

These connection timeouts will lead the incoming emails on the interceptor to be queued in the /var/spool/mqueue-out buffer as per below  logs relevant to an attempt of
an email going to external domain which has been analyzed by Interceptor and then queued:
Apr  1 15:19:39 xxxxxxx [24342]: u31KJdLt024342: to=<xxxxxxx @yahoo.com>, delay=00:00:00, mailer=relay, pri=44232, stat=queued
Apr  1 15:20:03 xxxxxxx  sendmail[24393]: u31KJdLt024342: to=<xxxxxxx @yahoo.com>, delay=00:00:24, xdelay=00:00:02, mailer=relay, pri=134232, relay=xxxxxxx . [1xxxxxxx ], dsn=2.0.0, stat=Sent (<D21D725434DAA84B9AFDE7E908A41140849BB67F@xxxxxxx > [InternalId=4631889] Queued mail for delivery)
ResolutionMake sure that the MTA hostname is resolvable and their DNS records are updated on DNS server. 
Make sure that the MTA is reachable and there is no inter-mediate connectivity problem between both RSA DLP Interceptor & MTA. 
WorkaroundThere are no modifications that can be done to override the TLS timeouts, however in order  to avoid getting your emails queued and buffered for a long period of time they
can get flushed-out more rapidly  in less than 10 minutes from the /var/spool/mqueue-out buffer  instead of waiting for it be released for an hour or more.
The steps for doing such workaround are as follows:
  1. On the interceptor, log in as "root" and edit the file /etc/sysconfig/sendmail  [i.e. vi /etc/sysconfig/sendmail]
  2. Change QUEUE=1h to QUEUE=10m
  3. Exit as root to revert to the tablus account.
  4. Restart  Interceptor services by typing  "tabservice restart" .
  5. Type moncmd status in order to make sure that all Interceptor services started. 
  6. Note: the minimum value should not be lower the 5 minutes

Attachments

    Outcomes