Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
YHC
New Contributor III

lost connection while receiving the initial server greeting

Dear All,

 

We have troubles sending email to a specific mail domain with the following error message:

lost connection with mgw.ntu.edu.tw[140.112.8.25] while receiving the initial server greeting

 

This error happened after we adjusted our Fortigate 30E policy but we have no problems sending emails to other addresses.  Could anyone advise us what kind of policy issues could results in this error?  Or does it simply because of network/connection issues?

 

Thank you.

9 REPLIES 9
dbu
Staff
Staff

Hi @YHC ,
If you have FortiMail try to increase the greeting timeout. The default value is 30 seconds.

 As per RFC 2821 , is  recommended a timeout value of 5 minutes (300 seconds).  Of course you can adjust it lower. 

 

From CLI:
config system mailserver
   set timeout-greeting <seconds_int>
end

https://docs.fortinet.com/document/fortimail/7.2.2/cli-reference/59838/system-mailserver

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
YHC
New Contributor III

Hi,

 

Thank you.

Unfortunately, I am not using FortiMail.

I found that the SMTP transaction time is pretty long (more than 15 sec.).

Could it be the cause of lost connection?

 

I am wondering if there anything wrong with our FortiGate 30E setting and results in our  long SMTP transaction time.

Could anyone advise?

Thank you.

dbu

Yes it can be connection issue. You might have either delay or drops on the path. 
From Fortigate side i believe there is no timeout option to configure to extend the delay. 

Is it possible to check something similar from the Email server side? 

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Elija
New Contributor

I too got the same issue

AEK
Honored Contributor

Hello

You can use mxtoolbox.com to check connection time and transaction time of your remote mail gateway (use "Test Email Server" menu).

If the result is good than it is also possible that your FGT's pub IP is simply blocked from mail gateway side. You need to ask mail administrator to check it for you.

AEK
AEK
Sheikh
Staff
Staff

Hello @YHC 

 

Have you tried to get the packet capture on FortiGate ?

 

diagnose sniffer packet any "140.112.8.25 and port XX" 4 0 l <----------change port number accordingly (25, 587,465 etc..).

and reproduce the issue.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
AEK
Honored Contributor

Can you give more details about the configuration the you changed?

Check if your mail reputation is ok.

Also check if you are not simply blocked by your recipient's gateway.

AEK
AEK
austinjhones72
New Contributor

Experiencing email issues can be challenging. The 'lost connection' error may stem from Fortigate 30E policy adjustments or network challenges. Ensure the policy settings align with email server requirements. Verifying network connectivity globalfist and consulting Fortigate support might help resolve the specific domain sending problem.

janefoster92
New Contributor

It sounds like the policy adjustments on your Fortigate 30E might have inadvertently affected the way your emails are routed or recognized by specific domains like mgw.ntu.edu.tw. It could be a misconfiguration that's causing these domains to not acknowledge your server's greeting. Checking your SMTP settings and ensuring they align with whatsgb guidelines for secure and reliable email communication might help.

Labels
Top Kudoed Authors