Activate Emails Queued for Delivery

Available Languages

Download Options

  • PDF     (222.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (270.4 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (225.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:March 23, 2023
Document ID:215929

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to troubleshoot emails that are held on an Email Security Appliance (ESA) and that pend delivery. 

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • CLI access to your ESA
    • GUI access to your ESA

    What It Means

    When you troubleshoot email delivery issues, the mail logs show that the last state of a message shows queued for delivery. This means that the message has been processed by the ESA, but that for some reason the ESA is unable to complete delivery of the message to the next-hop MTA. This could be for a variety of reasons, but commonly because the ESA is unable to reach the destination host and/or the messages are throttled or rejected by the next-hop MTA.

    Review and Troubleshoot

    Here are the steps when you need to review the messages queued for delivery and examine the SMTP connectivity. 

    Step 1 - Verify the Number of Messages that Pend Delivery

    From the CLI, you can utilize the  tophosts  command sorted by Active Recipients to review items that are in the delivery queue. Active Recipients signifies the number of messages held that wait.

    esa.lab.local> tophosts active_rcpts

    Status as of: Thu Aug 13 14:29:42 2020 EDT
    Hosts marked with '*' were down as of the last delivery attempt.

    Active Conn. Deliv. Soft Hard
    # Recipient Host Recip. Out Recip. Bounced Bounced

    1 the.encryption.queue  0 0 0 0
    2 the.euq.queue 5 0 0 0 0
    3 the.euq.release.queue 0 0 0 0 0

    From the GUI, you can navigate to Monitor > Delivery Status.

    Active RecipientsDelivery Status - Active Recipients

    Step 2 - Verify the Host Status of a Destination Domain

    From the CLI, you can utilize the  hoststatus command combined with the domain in question to review the Host up/down state. See Monitor the Status of a Mail Host.for more information.

    esa.lab.local> hoststatus mail.com

    Host mail status for: 'mail.com'
    Status as of: Thu Aug 13 14:37:17 2020 EDT
    Host up/down: up

    Counters:
    Queue
    Soft Bounced Events 0
    Completion
    Completed Recipients 336
    Hard Bounced Recipients 0
    DNS Hard Bounces 0
    5XX Hard Bounces 0
    Filter Hard Bounces 0
    Expired Hard Bounces 0
    Other Hard Bounces 0
    Delivered Recipients 336
    Deleted Recipients 0

    Gauges:
    Queue
    Active Recipients 0
    Unattempted Recipients 0
    Attempted Recipients 0
    Connections
    Current Outbound Connections 0
    Pending Outbound Connections 0

    From the GUI, this can also be seen under Monitor > Delivery Status.

    Latest Host StatusDelivery Status - Latest Host Status

    Some examples of the Host up/down status and what it can mean (not all-inclusive):

    Terms

    • Up - Reachable and actively accepts messages.
    • Down - Positively down (for example, connection refused or no route to host) or the SMTP conversation is timed out.
    • Unknown -Unable to connect (for example, delivery routed through an incorrect interface or IP address of the interface is not properly NAT/routed through the firewall).

    Step 3 - Test SMTP Connectivity

    If the host is unreachable, you can first check for the DNS MX records with dig and then test connectivity with telnet

    esa.lab.local> dig mx xmail.com

    ;; QUESTION SECTION:
    ;xmail.com. IN MX

    ;; ANSWER SECTION:
    xmail.com. 1784 IN MX 40 al4.xmail-smtp-in.l.google.com.
    xmail.com. 1784 IN MX 30 al3.xmail-smtp-in.l.google.com.
    xmail.com. 1784 IN MX 10 al1.xmail-smtp-in.l.google.com.
    xmail.com. 1784 IN MX 5 xmail-smtp-in.l.google.com.
    xmail.com. 1784 IN MX 20 al.xmail-smtp-in.l.google.com.


    esa.lab.local> telnet al1.xmail-smtp-in.l.google.com 25

    Trying 10.233.186.26...
    Connected to .
    Escape character is '^]'.
    220 mx.mail.com ESMTP d21si4412123pll.407 - gsmtp

    If the telnet returns Connected with a 220 banner then retry the delivery with the  delivernow all  command. You can also navigate from the GUI to Monitor > Delivery Status and click Retry All Delivery

    Retry All DeliveryRetry All Delivery

    If the connectivity tests return a rejection then additional examination can be required. You can review the mail logs and/or Message Tracking to see if reasons for possible rejections are shown. 

    Troubleshoot with Additional Methods

    Related Information

    Revision History

    Revision Publish Date Comments
    2.0
    23-Mar-2023
    Update links, corrected CCW alerts, reformatted. Recertification.
    1.0
    14-Aug-2020
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Aileen N Ayala
      Cisco TAC Engineer
    • Dennis McCabe Jr
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products