Right. This suggests that either the size information in the queue file is
wrong, or that the SIZE announcement was malformed (i.e. buggy SMTP server).
This requires a packet-level dump to see if there are stray carriage-returns
or other unexpected content in thhe EHLO response.
On 06.10.17 10:56, Florian Coulmier wrote:
I have done such network capture. Here is the hex-dump of the server response
after EHLO command (as displayed by tshark):
0000 00 50 56 9b 64 b4 00 50 56 9b 30 58 08 00 45 00 .PV.d..PV.0X..E.
0010 00 8e 1e da 40 00 37 06 fb ca d5 29 8e 67 ac 11 [email protected]....).g..
0020 19 23 00 19 fc 26 f3 55 0e 57 8b 00 b0 b3 80 18 .#...&.U.W......
0030 04 02 25 56 00 00 01 01 08 0a 8b eb 30 0d 51 41 ..%V........0.QA
0040 c6 84 32 35 30 2d 53 49 5a 45 20 31 32 35 38 32 ..250-SIZE 12582
0050 39 31 32 0d 0a 32 35 30 2d 44 53 4e 0d 0a 32 35 912..250-DSN..25
0060 30 2d 45 4e 48 41 4e 43 45 44 53 54 41 54 55 53 0-ENHANCEDSTATUS
0070 43 4f 44 45 53 0d 0a 32 35 30 2d 41 55 54 48 20 CODES..250-AUTH
0080 4e 54 4c 4d 0d 0a 32 35 30 2d 38 42 49 54 4d 49 NTLM..250-8BITMI
0090 4d 45 0d 0a 32 35 30 20 4f 4b 0d 0a ME..250 OK..
just a note: packet capture made by tcpdump can be read with tshark or even
graphics wireshark, that can very nicely display whole SMTP conversation -
use the "Follow TCP conversation" option.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
