4.7.0 Timeout waiting for client Input

A few weeks ago, when we switched from our Exchange 2003 relay servers to our Exchange 2007 Edge Transport servers, we experienced problems receiving email from specific domains.

I checked the message tracking logs and I could not find a trace of these emails. So I enabled Protocol Logging on the edge transport servers and found something interesting:

2008-03-18T07:02:47.218Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,0,xx.xx.xx.xx:25,203.91.198.75:28664,+,, 2008-03-18T07:02:47.218Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,1,xx.xx.xx.xx:25,203.91.198.75:28664,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2008-03-18T07:02:47.218Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,2,xx.xx.xx.xx:25,203.91.198.75:28664,>,"220 myserver.mydomain.com Microsoft ESMTP MAIL Service ready at Tue, 18 Mar 2008 11:02:47 +0400",
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,3,xx.xx.xx.xx:25,203.91.198.75:28664,<,EHLO wipro-blr-out02.wipro.com,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,4,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-myserver.mydomain.com Hello [203.91.198.75],
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,5,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-SIZE 10485760,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,6,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-PIPELINING,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,7,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-DSN,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,8,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-ENHANCEDSTATUSCODES,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,9,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-STARTTLS,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,10,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-X-ANONYMOUSTLS,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,11,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-AUTH,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,12,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-X-EXPS NTLM,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,13,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-8BITMIME,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,14,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-BINARYMIME,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,15,xx.xx.xx.xx:25,203.91.198.75:28664,>,250-CHUNKING,
2008-03-18T07:02:47.296Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,16,xx.xx.xx.xx:25,203.91.198.75:28664,>,250 XEXCH50,
. . .
2008-03-18T07:05:24.781Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,17,xx.xx.xx.xx:25,203.91.198.75:28664,>,451 4.7.0 Timeout waiting for client input,
2008-03-18T07:05:24.781Z,myserver\Default internal receive connector myserver,08CA51E4179C05C2,18,xx.xx.xx.xx:25,203.91.198.75:28664,-,,Local

It seems that the remote server is establishes an SMTP session with the Edge Transport server and after the initial exchange of EHLO greetings, there is silence from the remote server. After a timeout period (defined by ConnectionTimeout & ConnectionInactivityTimeout properties on the ReceiveConnector), the Edge Transport server closes the connection with a 4.7.0 Timeout waiting for client input.

The culprit was a rule on the IPS device that filters suspicious TLS connections - it was incorrectly identifying traffic to Exchange Edge Transport servers as a threat. An update from IPS vendor solved the issue.