Home » Kerio User Forums » Kerio Connect » SMTP Greeting Delay
Karsten Kemper

Messages: 9
Karma: 1
Send a private message to this user
Hello together,

we are having the problem that our mailserver is delaying the smtp greeting delay too long for external connections.

KMS 8.0.2
Windows Server 2008 R2 ( all latest updates applied )
Cisco ASA 5510

The greeting delay under spam repellent is configured to 10seconds with excluding local clients.

A "telnet serveraddress" 25 in our internal network connects immediately and gets a 220 response from our mailserver with no delay.

If i uncheck to exclude the local clients from the greeting delay the same telnet also connects immediately but gets a 220 response after 10 seconds.

So far its fine

A telnet from an external address also connects immediately but the 220 response comes after 45 seconds.

Unchecking the greeting delay at all comes with the same behaviour:

internal telnet: instant connect , instant 220 response
external telnet: instant connect , after 35 sec a 220 response

I set up a test kerio connect on another virutal machine ( same host server ) and set the same rules in the cisco firewall for acl and nat-ing entries.

Telnet on this test mailserver respond fine in every way( 10 sec greeting delay, local clients excluded)

internal telnet: instant connect, instant 220 response
external telnet: instant connect, after 10 sec a 220 response.

Our ISP cannot see any traffic related problems.

Is there any way to check the smtp traffic in a more detailed manner?
Is there a way to enable a more precise logging on side of the mailserver, respectively the windows server 2008 to see what happens in this 35 seconds of waiting time?

With kind regards


Messages: 182
Karma: 22
Send a private message to this user
Could this be a DNS timeout on the reverse lookup of the connecting IP address?
Pavel Dobry (Kerio)

Messages: 2057
Karma: 251
Send a private message to this user
Cisco ASA seems to add additional 35 seconds... I would start by checking Cisco configuration.
Karsten Kemper

Messages: 9
Karma: 1
Send a private message to this user
Are there any log files about the reverse lookup? Or detailed logs about the smtp traffic so i can start to exclude possible failures?

Regarding the Cisco ASA:

The test mailserver is configured the same way on the asa, and does not show this behaviour.
The port on the real mailserver opens up immediatley so i can't see any traffic related problem there, i'll double check the asa nevertheless. On the asa the SMTP traffic is analyzed and for instance the SMTP greeting is scrambled so an external response from our mailserver looks like this: 220 ******************. Disabling this policy does not show any change in smtp transaction time tho.

Thanks alot so far.
Karsten Kemper

Messages: 9
Karma: 1
Send a private message to this user
Ah i found the function to extend the debug log, seems like a dns lookup failure indeed.

Thanks for taking the time to anyways
Previous Topic: 7.3.2 Upgrade
Next Topic: Massive entrys in error log: ASyncKeyDatabase.cpp: ActiveSyncKeyDatabase::StoreFolderInfo: FolderNam
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Dec 12 11:01:30 CET 2018

Total time taken to generate the page: 0.78860 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.