Jeremy Towne wrote:
On 3/16/2010 11:14 AM, Eric Shubert wrote:
qmailtoaster wrote:
Hi all,
When my clients try to send mails, they receive time to time (but
more and more):
Message not sent. Server replied:
Connection timed out
110 Can't open SMTP stream.
The value of concurrency incoming is
[r...@mail send]# more /var/qmail/control/concurrencyincoming
100
The netstat shows a lot of smtp connection in status SYN_RECV:
[r...@mail send]# netstat -a|grep smtp |grep SYN_RECV|wc -l
435
[r...@mail send]# netstat -a|grep smtp |grep SYN_RECV|wc -l
The server only relay local mail:
[r...@mail send]# more /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",R
BLSMTPD="",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
192.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",R
BLSMTPD="",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
01.02.03.04:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/pri
vate",RBLSMTPD="",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,BADMIMETYPE="",SENDER_NOCHECK="1",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT
="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN
="/var
/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
Nothings change in the mail or server configuration since weeks...
What can be the cause... and how to avoid the connections timeout?
Thx in advance!,
Christian
---------------------------------------------------------------------------------
Which port are they submitting to?
Are you running spamdyke?
I'm guessing 25, and yes.
If so, does
# ps -ef | grep defunct
show a lot of defunct qmail-smtpd processes?
I have a bunch of defunct qmail-smtpd what is the right way to clean
them up?
Jeremy
---------------------------------------------------------------------------------
Killing the parent pid(s) will clean things up.
This is a bug with spamdyke. Some spammers have begun using TLS in a way
that causes this to happen. I just posted a follow-up message on the
spamdyke list, and hopefully Sam (the spamdyke author) will have a
chance to get it fixed soon.
In the meantime, using tls-level=none in spamdyke.conf will keep this
from happening. It will also prohibit users from using TLS with port 25
though.
If you have users who need TLS on port 25, you can comment out all tls-*
parameters in spamdyke.conf, and qmail-smtpd will take over processing
TLS. Whether or not qmail-spamd has this same problem with TLS and
spammers has not been determined. In addition, allowing qmail-spamd to
handle TLS will defeat several spamdyke filters. See spamdyke
documentation for details.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
