RSA Data Loss Protection 9.6 SP2 Error: NW_903 xxxxxxxxxxxx QueueMonitor MTAMonitorError for MTA: xxxxxxxxxxxx , [Errno -5] No address associated with hostname
RSA Product Set: Data Loss Protection RSA Product/Service Type: Interceptor RSA Version/Condition: 9.6 SP2 Platform: CentOS
Emails get queued which causes a delay for the email release-period on the Interceptor.
This issue occurs when TLS is enabled between the RSA Data Loss Protection Interceptor and the corresponding mail transfer agent (MTA).
It does not affect the functionality of how the Interceptor works as much as it introduces a tangible delay while an email is traversing through the Interceptor.
TLS timeouts after the secure-connection handshake are done between RSA Data Loss Protection Interceptor and the corresponding MTA.
An error related to the issue can be observed inside messages.log file located in /opt/tablus/sensor.log. The syntax is as follows:
ERROR NW_903 xxxxxxxxxx QueueMonitor MTAMonitorError for MTA: xxxxxxxxxx , [Errno -5] No address associated with hostname
These connection timeouts will lead the incoming emails on the interceptor to be queued in the /var/spool/mqueue-out buffer, as per the following logs that are relevant to an attempt of an email going to external domain which has been analyzed by Interceptor and then queued:
Make sure that the MTA hostname is resolvable and its DNS records are updated on DNS server.
Make sure that the MTA is reachable and there is no intermediate connectivity problems between both RSA Data Loss Prevention Interceptor and the MTA.
There are no modifications that can be done to override the TLS timeouts, however in order to avoid getting your emails queued and buffered for a long period of time they can get flushed out more rapidly in less than ten minutes from the /var/spool/mqueue-out buffer instead of waiting for it be released for an hour or more. The steps for doing such workaround are as follows:
On the interceptor, log in as root.
Open /etc/sysconfig/sendmail in a text editor
Change the value of QUEUE=1h to QUEUE=10m.
Exit as root to revert to the tablus account.
Restart Interceptor services
Confirm that all Interceptor services are started:
Note: the minimum value should not be lower than five minutes.