[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtpserver problem

To: ccyflai@uxmail.ust.hk (Lai Yiu Fai)
Subject: Re: smtpserver problem
From: Matti Aarnio <mea@nic.funet.fi>
Date: Wed, 11 Oct 1995 09:24:19 +0200 (GMT)
Cc: zmailer@nic.funet.fi
In-Reply-To: <95Oct11.093336hkt.18931-1+20@uxmail.ust.hk> from "Lai Yiu Fai" at Oct 11, 95 09:33:32 am

> Hi,
> 
> We found a weird thing with smtpserver (currently running 2.99.15).  Whenever
> our internet link is down,  all the smtp port is hang and not further accept
> new connection even within our local IP network and other IP network attached
> to our site.   Most probably, I think it is related to reverse IP-to-hostname
> DNS lookup which require to ask the root domain for answer.  And this locks
> up the smtpserver and can't further to accept() new connection.

	Actually the server does  accept()  the connections, but then
	it appears to freeze -- because the DNS does not respond
	quickly enough.  If you make sure your local DNS knows your
	local IP-reversal table -- for example, shadows it from the
	primary server hmm..  likely you use it already..

	I have a feeling that this problem relates much more to issues
	covered on RFC 1537: "Common DNS Data File Configuration Errors",
	than to ZMailer per se.

> Is anyone experience the same problem?  Or has 2.99.16 or later version of 
> smtpserver already addressed this issue?

	The accept()-wrapping loop in there is the same since very
	early times.  Essentially it just does  accept(), fork()s, and
	lets child out of the loop, while parent closes its copy of
	the new fd, and loops back to accept()..

	The child does all of the work.  (And therefore the parent will
	never block on anything -- shouldn't anyway.)

	It IS possible to cause a ``deny of service''-attack on any TCP
	using server by using a routing blackhole (or by malicious means)
	where the TCP connection initial 3-way handshake is interrupted:
		- Connection open request (SYN) arrives, system creates
		  a new connection into listen()-queue, and sends an ACK
		- The ack is lost/remote reboots/...
		- Connection "ACK-ACK" does not arrive ever
		- listen()-queue fills up
		- when the queue is full, systems usually drop further
		  SYNs  ->  accept() will not get new connections

> =======================================================================
> Lai Yiu Fai                       |  Tel.:       (852) 2358-6202
> Centre of Computing Services      |  Fax.:       (852) 2358-0967
>  & Telecommunications             |  E-mail:     ccyflai@uxmail.ust.hk

	/Matti Aarnio <mea@nic.funet.fi>

References:
- smtpserver problem
  - From: Lai Yiu Fai <ccyflai@uxmail.ust.hk>

Prev by Date: smtpserver problem
Next by Date: Re: YOUR OPINION SOUGHT
Prev by thread: smtpserver problem
Next by thread: Re: YOUR OPINION SOUGHT
Index(es):
- Date
- Thread