[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: smtpserver aborts
> Hi,
>
> With the new upgrade to zmailer 2.99.10, I'm seeing a large number of
> aborted smtp transactions. Strangely these are initiated from only
> a few sites. All other incoming traffic is normal. The frequency is
> either 1/2 hour or 1 hour, and the hosts never seem to give up.
>
> [this was not seen in my older zmailer 2.2m8. Platform is Ultrix 4.0]
I have seen similar behaviour for ages from several
sources, but have never been able to figure out what
is going on.
One case is with BROKEN UCX (?) which considered a case
of not having IDENT service on a VMS as a valid reason to
tear down ALL connections in between the remote server,
and the VMS machine... One choice o that is not to use "-a"
option on the SMTPOPTIONS -line of the /etc/zmailer.conf ..
(But it won't solve a case when the sender is a well-behaving
UNIX machine -- unless the sender has a firewall which
cuts the line, when it gets an IDENT query ?)
> Can anyone hazard a guess as to what is going on? Does the foreign
> site never receive our 220 banner line; do we never receive a HELO; and
> why? - is this bug in the way the smtpserver handles the ports, or is
> incoming data being dropped, or outgoing data sent prematurely before
> the connection to the foreign host is solidly established?
Sometimes I have thought that the problem is on the remote
system which is unable to receive longer responce lines, than
some odd limit -- like 80 chars..
> Could this behavior be considered as part of a security problem, i.e.
> repeated attempts to break in on port 25?
Hardly, who would gain anything from such ?
(And there is nothing to break into in ZMailer's SMTP-server..)
> An example of 1 particularly stubborn site follows (this is occuring
> every 1/2/hour, only the last 4 entries are shown):
Sounds like a message in sendmail's "-q30m" resend queue..
If it really is that regular, you might consider setting up
an tcpdump/snoop -session between your two hosts, and look
things to show up to see, what is going on...
> 23745# connection from UNKNOWN@MORSE.NORCEN.COM (port 41992)
> 23745w 220 stoney.phys.ualberta.ca Server ESMTP+AUTH 2.99.10mea #1 ready at Sun, 29 Jan 1995 19:31:43 -0700
> 23745# remote from [192.131.137.11]
> 23745# aborted: session terminated
The lattest I have seen this kind of behaviour from, is
one SGI, however that problem has been intermittent.
That is, it has also been able to talk with my server...
> The aborts terminate some time later than the initial connect. It seems as
> if both sides are deadlocked, waiting for each other's input.
Remind's me... Just today I found out about a broken Windows-NT
SMTP-server:
----------------------------------------------------------------
castor:~|915$ telnet smtp.tukkk.fi smtp
Trying 130.232.66.11 ...
Connected to smtp.tukkk.fi.
Escape character is '^]'.
220 smtp.tukkk.fi PostalUnion/SMTP[2] v2.1.1 Ready Mon Jan 30 12:04:16 1995
EHLO foo
250-smtp.tukkk.fi says Hello
250-HELP
250-7BITMIME
250-VRFY
250-EXPN
250-X-PU-MS.PC
250-X-PU-VERSION-2.1.1
250-X-PU-REG-1023
----------------------------------------------------------------
Yeah, REALLY! There it stopped! "HELO"-responce was
quite ok, but "EHLO" doesn't yield a final-responce at all :-(
> Thanks,
> --
> James S. MacKinnon Office: P-139 Avahd-Bhatia Physics Lab
> Computing/Networking Voice : (403) 492-8226
> Department of Physics
> University of Alberta email : Jim.MacKinnon@Phys.UAlberta.CA
> Edmonton, Canada T6G 2N5 : jmack@Phys.UAlberta.CA
/Matti Aarnio <mea@nic.funet.fi>