|Applies To||RSA Product Set: Data Loss Protection|
RSA Product/Service Type: Interceptor
RSA Version/Condition: 9.6 SP2
|Issue||Emails get queued which causes a delay for the email release-period on the Interceptor. |
This issue occurs when TLS is enabled between the RSA Data Loss Protection Interceptor and the corresponding mail transfer agent (MTA).
It does not affect the functionality of how the Interceptor works as much as it introduces a tangible delay while an email is traversing through the Interceptor.
|Cause||TLS timeouts after the secure-connection handshake are done between RSA Data Loss Protection Interceptor and the corresponding MTA.|
An error related to the issue can be observed inside messages.log file located in /opt/tablus/sensor.log. The syntax is as follows:
ERROR NW_903 xxxxxxxxxx QueueMonitor MTAMonitorError for MTA: xxxxxxxxxx , [Errno -5] No address associated with hostname
These connection timeouts will lead the incoming emails on the interceptor to be queued in the /var/spool/mqueue-out buffer, as per the following logs that are relevant to an attempt of
an email going to external domain which has been analyzed by Interceptor and then queued:
Apr 1 15:19:39 xxxxxxx : u31KJdLt024342: to=<xxxxxxx @yahoo.com>, delay=00:00:00, mailer=relay, pri=44232, stat=queued
Apr 1 15:20:03 xxxxxxx sendmail: u31KJdLt024342: to=<xxxxxxx @yahoo.com>, delay=00:00:24, xdelay=00:00:02, mailer=relay, pri=134232, relay=xxxxxxx . [1xxxxxxx ], dsn=2.0.0, stat=Sent (<D21D725434DAA84B9AFDE7E908A41140849BB67F@xxxxxxx > [InternalId=4631889] Queued mail for delivery)
|Workaround||There are no modifications that can be done to override the TLS timeouts, however in order to avoid getting your emails queued and buffered for a long period of time they can get flushed out more rapidly in less than ten minutes from the /var/spool/mqueue-out buffer instead of waiting for it be released for an hour or more. The steps for doing such workaround are as follows:|
Note: the minimum value should not be lower than five minutes.