Why do Marshal products report Winsock errors?


This article applies to:

  • Trustwave MailMarshal (SEG)
  • WebMarshal

Question:

  • Why do Marshal products report Winsock errors?

Information:

MailMarshal and WebMarshal are software based security products installed into a Microsoft Windows operating system environment. As such they rely on Windows to provide the underlying technology to handle network connections both to the LAN and the Internet.

Windows can return connection errors which are then reported to the Windows Application Event logfile and Marshal product logfiles.

The following table shows the underlying technology that enable the Marshal product to make and receive connections from other hosts.

Application layer Application and services, such as MailMarshal and WebMarshal, that make network connection requests.
Transport layer Responsible for proper handling of connections including packet sorting, disassembly, reassembly and error checking (Windows Sockets).
Network layer Responsible for addressing and routing of data packets. Where your IP address is configured.
Physical layer Translates the packets into electrical impulses for transmission down physical wiring.

Some Common Errors

The most common errors that are reported by Marshal products are the following: 

Connection Reset [WSAECONNRESET 10054]

  • This error occurs when the physical connection is terminated with no message or reason. This could (rarely) be due to a problem in the physical layer, or the remote device could simply be cutting off the communication with minimum use of resources. This behavior is commonly seen from firewalls and routers.

Connection Timed Out [WSAETIMEDOUT 10060]

  • This error is reported where the remote host does not respond and the connection itself times out after a specified time. This can be due the remote host not being present or not responding on the particular port, or a firewall or router simply dropping the packet.

Connection Refused [WSAECONNREFUSED 10061]

  • This error is reported when the remote host refuses the connection with a specific reason. This is the polite way to end the connection and is usually seen from a remote host that rejects the connection due to a configured policy. Some firewall proxies may also use this method.

As you can see from the descriptions above, errors reported by Marshal products can be directly affected by external network devices. Checking that your firewall and routers are set up to expressly allow connections to and from the Marshal product is essential.

It is also important to minimize the use of "fixup" or "proxy" retransmission features. These features can affect or limit the connectivity of the Marshal products. They can often make debugging difficult because they do not provide informative messages. In the case of MailMarshal these features can also reduce anti-spam effectiveness.

Notes:

For more information, see:


Last Modified 3/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle12989.aspx