When receiving an email message, the SMTP service will either wait until it receives the terminating sequence "<CRLF>.<CRLF>", times out, or the connection is dropped. If it times out or is dropped, there would be indication of this network error in the SMTP Debug log, for example:
04/25/20 23:45:11 ME-E0070: (recv) socket  error during [DATA] command from host XX.XX.XX.XX. Socket was disconnected - Error: (10060)
An error 10060 indicates a timeout waiting for email data and a 10054 means that the remote connection, or something between the SMTP server and the remote one, dropped the connection.
This may not appear immediately after the DATA logging time, instead it could be anywhere up to the timeout time. These events don't necessarily mean there is a problem, but if it happens regularly for specific senders it may indicate a problem. It is also possible that the mail server never receives the terminating sequence due to a faulty router or firewall. Some Cisco devices have had this problem.
The SMTP Activity log shows the commands sent to and from a remote server, and when a time out or disconnect happens during a DATA command you will see the DATA command, but possibly no QUIT command afterwards. Some clients and servers may not send a quit command once a message has been sent, so if the QUIT command is not seen in the SMTP logs you would need to check the SMTP Debug log to see if hte message was received. It is worthwhile to use the message tracking utility to confirm whether the email was fully accepted. The tracking utility will indicate something like the following if the message is not received by the SMTP service:
Result: [4A2895E22344482289CC9C440D7D5423.MAI] was not routed from the SMTP inbound message queue by the local MTA Service.
A 10054 or 10060 error in the SMTP Debug log for an inbound message could indicate a few things. If the error is happening when a user is trying to send via their email client it may be an antivirus program or proxy taking too long to check the email (usually results in the 10060 error), or blocks the email (sometimes a 10054 error). The user should try disabling any AV or bypass any proxy to attempt to determine whether this is the problem.
If it is another remote server having the problem, it may be due to you having an antispam or antivirus proxy in front of your server. You would need to try to disable this, or check it's logging for details on the delay.
The full SMTP inbound conversation can be logged, which may help show exactly what data the SMTP service receives, and this data may be useful. To do this the following Windows registry key need to be added:
For 64bit Windows versions:
For 32bit Windows versions:
You will need to restart the SMTP service for this change to take effect. The details are added to the SMTP Debug log. Caution: This will generate very large log files, so you should only enable this for a short time and check the growth of the file.
|Product:||MailEnable (All Versions)|
|Class:||TRB: Troubleshooting (Configuration or Environment)|
|Revised:||Wednesday, November 4, 2020|