000032847 - RSA Data Loss Protection 9.6 SP2 Error: NW_903  xxxxxxxxxxxx QueueMonitor  MTAMonitorError for MTA: xxxxxxxxxxxx , [Errno -5] No address associated with hostname

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 23, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032847
Applies ToRSA Product Set: Data Loss Protection
RSA Product/Service Type: Interceptor 
RSA Version/Condition: 9.6 SP2
Platform: CentOS
 
IssueEmails get queued which causes a delay for the email release-period on the Interceptor. 
This issue occurs when TLS is enabled between the RSA Data Loss Protection Interceptor and the corresponding mail transfer agent (MTA).
It does not affect the functionality of how the Interceptor works as much as it introduces a tangible delay while an email is traversing through the Interceptor. 
CauseTLS timeouts after the secure-connection handshake are done between RSA Data Loss Protection Interceptor and the corresponding MTA.
An error related to the issue can be observed inside messages.log file located in /opt/tablus/sensor.log.  The syntax is as follows:

ERROR NW_903 xxxxxxxxxx QueueMonitor MTAMonitorError for MTA: xxxxxxxxxx , [Errno -5] No address associated with hostname
 

These connection timeouts will lead the incoming emails on the interceptor to be queued in the /var/spool/mqueue-out buffer, as per the following logs that are relevant to an attempt of
an email going to external domain which has been analyzed by Interceptor and then queued:
 
Apr 1 15:19:39 xxxxxxx [24342]: u31KJdLt024342: to=<xxxxxxx @yahoo.com>, delay=00:00:00, mailer=relay, pri=44232, stat=queued
Apr 1 15:20:03 xxxxxxx sendmail[24393]: u31KJdLt024342: to=<xxxxxxx @yahoo.com>, delay=00:00:24, xdelay=00:00:02, mailer=relay, pri=134232, relay=xxxxxxx . [1xxxxxxx ], dsn=2.0.0, stat=Sent (<D21D725434DAA84B9AFDE7E908A41140849BB67F@xxxxxxx > [InternalId=4631889] Queued mail for delivery)
Resolution
  • Make sure that the MTA hostname is resolvable and its DNS records are updated on DNS server. 
  • Make sure that the MTA is reachable and there is no intermediate connectivity problems between both RSA Data Loss Prevention Interceptor and the MTA. 
WorkaroundThere are no modifications that can be done to override the TLS timeouts, however in order  to avoid getting your emails queued and buffered for a long period of time they can get flushed out more rapidly  in less than ten minutes from the /var/spool/mqueue-out buffer instead of waiting for it be released for an hour or more.  The steps for doing such workaround are as follows:
  1. On the interceptor, log in as root.
  2. Open /etc/sysconfig/sendmail in a text editor

vi /etc/sysconfig/sendmail

  1. Change the value of QUEUE=1h to QUEUE=10m.
  2. Exit as root to revert to the tablus account.
  3. Restart Interceptor services

tabservice restart

  1. Confirm that all Interceptor services are started:

moncmd status

 

Note: the minimum value should not be lower than five minutes.

Attachments

    Outcomes