[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smtpserver aborts

To: zmailer@nic.funet.fi
Subject: smtpserver aborts
From: James S MacKinnon <jmack@phys.ualberta.ca>
Date: Sun, 29 Jan 1995 21:29:30 -0700 (MST)

Hi,

With the new upgrade to zmailer 2.99.10, I'm seeing a large number of
aborted smtp transactions. Strangely these are initiated from only
a few sites. All other incoming traffic is normal. The frequency is
either 1/2 hour or 1 hour, and the hosts never seem to give up.

[this was not seen in my older zmailer 2.2m8. Platform is Ultrix 4.0]

Can anyone hazard a guess as to what is going on? Does the foreign
site never receive our 220 banner line; do we never receive a HELO; and
why? - is this bug in the way the smtpserver handles the ports, or is
incoming data being dropped, or outgoing data sent prematurely before
the connection to the foreign host is solidly established?

Could this behavior be considered as part of a security problem, i.e.
repeated attempts to break in on port 25?

An example of 1 particularly stubborn site follows (this is occuring
every 1/2/hour, only the last 4 entries are shown):

23745#	connection from UNKNOWN@MORSE.NORCEN.COM (port 41992)
23745w	220 stoney.phys.ualberta.ca Server ESMTP+AUTH 2.99.10mea #1 ready at Sun, 29 Jan 1995 19:31:43 -0700
23745#	remote from [192.131.137.11]
23745#	aborted: session terminated

23786#	connection from UNKNOWN@MORSE.NORCEN.COM (port 43016)
23786w	220 stoney.phys.ualberta.ca Server ESMTP+AUTH 2.99.10mea #1 ready at Sun, 29 Jan 1995 20:01:44 -0700
23786#	remote from [192.131.137.11]
23786#	aborted: session terminated

23802#	connection from UNKNOWN@MORSE.NORCEN.COM (port 44552)
23802w	220 stoney.phys.ualberta.ca Server ESMTP+AUTH 2.99.10mea #1 ready at Sun, 29 Jan 1995 20:31:44 -0700
23802#	remote from [192.131.137.11]
23802#	aborted: session terminated

23852#	connection from UNKNOWN@MORSE.NORCEN.COM (port 45832)
23852w	220 stoney.phys.ualberta.ca Server ESMTP+AUTH 2.99.10mea #1 ready at Sun, 29 Jan 1995 21:01:44 -0700
23852#	remote from [192.131.137.11]
23852#	aborted: session terminated

The aborts terminate some time later than the initial connect. It seems as
if both sides are deadlocked, waiting for each other's input.

Thanks,
--
James S. MacKinnon             Office: P-139 Avahd-Bhatia Physics Lab
Computing/Networking           Voice : (403) 492-8226
Department of Physics
University of Alberta          email : Jim.MacKinnon@Phys.UAlberta.CA
Edmonton, Canada T6G 2N5             : jmack@Phys.UAlberta.CA

Follow-Ups:
- Re: smtpserver aborts
  - From: Matti Aarnio <mea@nic.funet.fi> (Mon, 30 Jan 1995 12:23:41 +0200)

Prev by Date: One last thing...
Next by Date: Re: smtpserver aborts
Prev by thread: One last thing...
Next by thread: Re: smtpserver aborts
Index(es):
- Date
- Thread