I had a similar experience with a JVM that maintained an SMTP connection pool, the connections were being held open until it went to use them and found they had timed out. In my case, the people administering the JVM were cooperative and set the pool to expire connections rather than keep them around until they timed out on the server side. I don't know EdgeWave from Adam, though, and my mail servers don't communicate directly with any similar DLP product, so this is little better than a WAG in your case.
On Wed, Feb 22, 2012 at 9:56 AM, Scott Neader <[email protected]> wrote: > Hi David. First, I wasn't obfuscating the ID, I was just saying "we send > our 250, they ack". Didn't think the actual log messsage and ID would be > important enough to paste into the email... > > Anyway... you are right... these messages ARE getting delivered. I was > looking at log messages based on IP, and only seeing the connection, data > and delivery messages, but I did not look at how Exim dealt with the > message... when looking by ID as you have suggested, it shows the messages > are being delivered into the local mailbox. > > The mystery still stands as to why I am seeing all these SMTP command > timeouts from just these "EdgeWave" mail servers. If the EdgeWave server > has received our "250 OK" message, and their packet capture shows they have > received it, and they have sent an ACK, then why don't they DISCONNECT? > > I have started a ticket with EdgeWave, to see if they have any interest in > figuring this out. > > Regarding a packet capture on my side, I have to admit, I have never done > it on command-line Linux before (done many on Windoze via > Ethereal/WireShark), so I will have to research that. > > Thanks for the input -- much appreciated!! > > - Scott > > On Wed, Feb 22, 2012 at 4:42 AM, David Woodhouse <[email protected] > >wrote: > > > On Fri, 2012-02-17 at 16:08 -0600, Scott Neader wrote: > > > I was able to get the remote mail server admin to send me a packet > > capture > > > in .pcap format (if anyone wants to see it, I'd be glad to share, > nothing > > > confidential in the cap). > > > > > > What I see is that our Exim server sends the "250 OK id=xxxxxxx" > message > > > just fine, and within a few ms, their server sends an ACK packet. > > > > Hm, if the message they see is really 'OK id=xxxxxxx' with a real > > Exim-like queue ID (why the hell do you feel the need to obfuscate a > > local queue ID, anyway?) then it's unlikely to have been generated > > anywhere but your server. > > > > If you search your logs for that specific ID, what do you see? > > > > If you do a capture on *your* end, does it match what they see at their > > end? > > > > -- > > dwmw2 > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
