Error: 'Network transport error. Error talking to client <IP Address>. Socket closed unexpectedly'.


This article applies to:

  • Trustwave MailMarshal (SEG)

Symptoms:

  • Error: 'Network transport error. Error talking to client <IP Address>. Socket closed unexpectedly'.
  • Several 'Network Transport' errors appear in the NT Event Viewer Application log (ID 3504, source MailMarshal Receiver).
  • The following error message is displayed in the MailMarshal Receiver log:

    1664 00:54:37.914 Event - Error talking to client <IP Address>
    Socket closed unexpectedly

Causes:

This issue can occur when:
  1. A spamming server sends a spam email to the MailMarshal server.
  2. The sending server immediately drops the connection without a formal quit response.
  3. The MailMarshal Receiver logs this as a 'Network Transport Error' in the Event Viewer Application log.

Information:

These events are not indicative of a problem with the software (MailMarshal) itself. This specific type of socket error is indicative of either a problem with the network, or a problem with the connecting server closing connections without following the proper protocol mechanisms for doing so. MailMarshal does not have control over this. 

More specifically, "unexpectedly" in this case implies that the connection was not terminated by MailMarshal, or was not terminated by the remote host in the expected manner. Since external factors prevent MailMarshal from finishing the SMTP transaction and closing the socket gracefully, an event is raised to inform the administrator that there may be a potential network issue that is interrupting the normal operation of MailMarshal.  This should not cause any service interruption under most circumstances, as quite often it occurs when a remote system, fails to send the "QUIT" command to hang up after sending the message body and data termination sequence.

 

In a very rare few cases, you may find that the local server itself is to blame, either due to a misbehaving network card, or a problem with the underlying TCP subsystem. More typical, would be a misbehaving firewall or intermediate router.

This article was previously published as:
NETIQKB35037

 

 


Last Modified 4/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle10104.aspx