On Wed, Sep 23, 2009 at 4:29 PM, Wietse Venema <[email protected]> wrote: > Reinaldo de Carvalho: >> Hi, >> >> Someone can tell me why EHLO reply send 2 packets? >> >> ~# postconf mail_version >> mail_version = 2.5.5 >> >> >> ## tcpdump ## >> >> ^[OM^[OM15:41:23.546763 IP 10.15.10.9.49898 > 10.15.1.65.25: P 1:10(9) >> ack 34 win 46 <nop,nop,timestamp 927636169 259345475> >> e.....@[email protected]. >> . >> >> ..A....`.[TU.s............ >> 7J...uLCEHLO myhost.example.com > > Above is "EHLO myhost.example.com" from the SMTP client to the SMTP server. > >> 15:41:23.546924 IP 10.15.1.65.25 > 10.15.10.9.49898: . ack 10 win 91 >> <nop,nop,timestamp 259346474 927636169> >> e.....@.?..9 >> ..A >> . >> ....U.s.`.[]...[....... >> .uP*7J.. > > Above is a TCP acknowledgment from server kernel to client kernel. >
Verify "MAIL FROM packet" from my the first, or any other SMTP stage, postfix reply only one packet. # Connection handshake + SMTP Banner 16:46:04.084849 IP 10.15.10.9.44807 > 10.15.1.65.25: S 1432841543:1432841543(0) win 5840 <mss 1460,sackOK,timestamp 928606106 0,nop,wscale 7> 16:46:04.085172 IP 10.15.1.65.25 > 10.15.10.9.44807: S 2235726686:2235726686(0) ack 1432841544 win 5792 <mss 1460,sackOK,timestamp 260316627 928606106,nop,wscale 6> 16:46:04.085241 IP 10.15.10.9.44807 > 10.15.1.65.25: . ack 1 win 46 <nop,nop,timestamp 928606106 260316627> 16:46:04.085928 IP 10.15.1.65.25 > 10.15.10.9.44807: P 1:34(33) ack 1 win 91 <nop,nop,timestamp 260316627 928606106> 16:46:04.085951 IP 10.15.10.9.44807 > 10.15.1.65.25: . ack 34 win 46 <nop,nop,timestamp 928606106 260316627> # EHLO + 2 reply packets 16:46:12.709990 IP 10.15.10.9.44807 > 10.15.1.65.25: P 1:12(11) ack 34 win 46 <nop,nop,timestamp 928608262 260316627> 16:46:12.710163 IP 10.15.1.65.25 > 10.15.10.9.44807: . ack 12 win 91 <nop,nop,timestamp 260318784 928608262> 16:46:12.710236 IP 10.15.1.65.25 > 10.15.10.9.44807: P 34:174(140) ack 12 win 91 <nop,nop,timestamp 260318784 928608262> 16:46:12.710261 IP 10.15.10.9.44807 > 10.15.1.65.25: . ack 174 win 54 <nop,nop,timestamp 928608262 260318784> # MAIL FROM + reply packet 16:46:19.395992 IP 10.15.10.9.44807 > 10.15.1.65.25: P 12:37(25) ack 174 win 54 <nop,nop,timestamp 928609934 260318784> 16:46:19.396554 IP 10.15.1.65.25 > 10.15.10.9.44807: P 174:188(14) ack 37 win 91 <nop,nop,timestamp 260320456 928609934> 16:46:19.396602 IP 10.15.10.9.44807 > 10.15.1.65.25: . ack 188 win 54 <nop,nop,timestamp 928609934 260320456> # RCPT TO + reply packet 16:46:29.729985 IP 10.15.10.9.44807 > 10.15.1.65.25: P 37:66(29) ack 188 win 54 <nop,nop,timestamp 928612518 260320456> 16:46:29.734784 IP 10.15.1.65.25 > 10.15.10.9.44807: P 188:202(14) ack 66 win 91 <nop,nop,timestamp 260323041 928612518> 16:46:29.734839 IP 10.15.10.9.44807 > 10.15.1.65.25: . ack 202 win 54 <nop,nop,timestamp 928612519 260323041> # DATA + reply packet 16:46:32.672287 IP 10.15.10.9.44807 > 10.15.1.65.25: P 66:71(5) ack 202 win 54 <nop,nop,timestamp 928613253 260323041> 16:46:32.672525 IP 10.15.1.65.25 > 10.15.10.9.44807: P 202:239(37) ack 71 win 91 <nop,nop,timestamp 260323775 928613253> 16:46:32.672580 IP 10.15.10.9.44807 > 10.15.1.65.25: . ack 239 win 54 <nop,nop,timestamp 928613253 260323775> -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself)
