btw, there is a 100% correlation to turning on and turning off spamassassin to getting these error messages. We've been dealing with this since at least last October and spotted occurrences prior.
thanks will Original Message: ----------------- From: Ian FREISLICH [EMAIL PROTECTED] Date: Tue, 17 May 2005 15:04:10 +0200 To: [EMAIL PROTECTED], [EMAIL PROTECTED], [email protected], [EMAIL PROTECTED] Subject: Re: [exim] Re: spamassassin message abandoned bug Jeffrey Wheat wrote: > Will, > > This is an unresolved issue and it seems that the > common response is "spammers or virus connections, ignore it". > Well I am not about to ignore this problem as it probably is > causing valid emails to be rejected as well. I am presently > considering giving postfix or qmail an evaluation due to the > lack of interest in investigating this problem. If you hear > of anything else regaring this problem, please let me know. > I will let you know if I hear of anything else as well. I've seen both "connection lost" and "message abandoned" messages. The actual message is: 2005-05-17 10:02:07 1DXwvT-0000PK-Ju SMTP data timeout (message abandoned) on connection from (mx02.cpt.softwarefutures.com) [196.44.238.133] and 2005-05-17 11:50:13 SMTP connection from (spdcprxx.metropolitan.co.za) [196.36.160.196] lost while reading message data I always assumed that this was because the remote sender got stuck somehow and exim timed out the connection in the first instance and that the remote sender terminated the connection with a TCP RST in the second. It's not something that I'm particularly concerned about and I'm mostly sure that the problem lies with the sending host, not my exim host. Take the first example here: [ian] ~ $ telnet 196.44.238.133 25 Trying 196.44.238.133... Connected to mx02.cpt.softwarefutures.com. Escape character is '^]'. 220 **02******************************************************************0****0 *2*************************200*****2******0200 quit 221 2.0.0 mx02.cpt.softwarefutures.com Service closing transmission channel The only time I've seen a greeting like that before is from the University of Kwazulu Natal here in South Africa. They are RFC ignorant (DSN) and they tarpit connections to the point where the SMTP timeout takes effect from my side (I've seen a response take take 15 minutes to be acknowledged). I don't have the time to dissect this one. I've no reason to believe that this bunch mentioned here are not spam kooks as well and have an SMTP server sufficiently broken to result in wierd and wonderful behaviours. The second log message, the server does not accept connections on port 25, but DNS claims it's www.cadiz.co.za. Maybe it's some home-brew thing that delivers mail out and also has a sufficiently broken SMTP implimentation. I'm pretty sure that if I pick any random entry fom my log there will be some similar anomaly. Lets see: 2005-05-17 12:34:47 SMTP connection from (host138-132.pool82104.interbusiness.it) [82.104.132.138] lost while reading message data (header) [ian] ~ $ nslookup 82.104.132.138 ... Name: host138-132.pool82104.interbusiness.it Address: 82.104.132.138 [ian] ~ $ telnet 82.104.132.138 25 Trying 82.104.132.138... telnet: connect to address 82.104.132.138: Operation timed out telnet: Unable to connect to remote host >From the DNS, this looks like a dialup. It's probably a pawn3d machine. I must say, I really think this is a non-issue. It probably relates to the remote side not being willing to wait more than a second or two while you run the message though SA and some AV scanner. If it's a pawn3d machine, it probably won't even bother with a TCP RST, it might just abandon the connection leaving you to time out. Otherwise, it just RSTs the connection if it doesn't get a response quickly enough to CRLF.CRLF after DATA. It should wait 5 minutes, but how many spammers and virii are prepared to wait that long, after all they have the whole world to infect. So many computers so little time. Perhaps all that postfix or qmail will buy you is that they won't log on this condition. The additional feature qmail will give you is a huge amount of colateral spam as a byproduct of its implimentation. Actually, it won't give that to you, you will give that to the world. Think hard about that before you install that piece of junk. Ian -- Ian Freislich -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
