Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 2010-02-16 7:30 PM, Sahil Tandon wrote: I wasn't the one posting the link, but I checked it when DJ Lucas posted it and checked it again just now, and it does have a visible answer (at the bottom of the page). Yes, but for posterity and archives, Ansgar is correct and LuKreme is wrong. I just verified using SeaMonkey here. While we're talking posterity... I don't see it (the answer)... but I didn't bother to change my user agent string either, so I guess that's the key - but the simple fact is, normal people won't bother taking the time to do that...
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 15-Feb-2010, at 03:23, Barney Desmond wrote: Experts Exchange is viewable (at least) from google searches. No it isn't. Experts Exchange is such a complete scam that I have it blocked in my local /etc/hosts and excluded from google search results.
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 2010-02-16 LuKreme wrote: On 15-Feb-2010, at 03:23, Barney Desmond wrote: Experts Exchange is viewable (at least) from google searches. No it isn't. Yes it is. It's also viewable if you change your browser's user agent string to that of a search engine spider. How else do you think these sites manage to stay on the search engines' radars? Experts Exchange is such a complete scam that I have it blocked in my local /etc/hosts and excluded from google search results. Well, that's certainly up to you (personally I don't like them either, and I don't think the quality of their solutions is too hot in the first place). However, that doesn't change anything about the fact that there are ways to view Experts Exchange pages without having to log in. Can we now drop this boring and entirely off-topic subject? Thanks. Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 16-Feb-2010, at 12:11, Ansgar Wiechers wrote: On 2010-02-16 LuKreme wrote: On 15-Feb-2010, at 03:23, Barney Desmond wrote: Experts Exchange is viewable (at least) from google searches. No it isn't. Yes it is. The link you posted had no visible answer. It had a banner about signing up and that was all (I checked from my laptop which has no / etc/hosts/ and is not signed in to Google.
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 2010-02-16 LuKreme wrote: On 16-Feb-2010, at 12:11, Ansgar Wiechers wrote: On 2010-02-16 LuKreme wrote: On 15-Feb-2010, at 03:23, Barney Desmond wrote: Experts Exchange is viewable (at least) from google searches. No it isn't. Yes it is. The link you posted had no visible answer. It had a banner about signing up and that was all (I checked from my laptop which has no /etc/hosts/ and is not signed in to Google. I wasn't the one posting the link, but I checked it when DJ Lucas posted it and checked it again just now, and it does havve a visible answer (at the bottom of the page). I'm using SeaMonkey and changed my browser's user agent string as described before. I also tried the Google search approach and it yielded the exact same results. Can we now *please* stop discussing this silly topic? Or at least take it off list? Thank you. Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On Tue, 16 Feb 2010, Ansgar Wiechers wrote: On 2010-02-16 LuKreme wrote: On 16-Feb-2010, at 12:11, Ansgar Wiechers wrote: On 2010-02-16 LuKreme wrote: On 15-Feb-2010, at 03:23, Barney Desmond wrote: Experts Exchange is viewable (at least) from google searches. No it isn't. Yes it is. The link you posted had no visible answer. It had a banner about signing up and that was all (I checked from my laptop which has no /etc/hosts/ and is not signed in to Google. I wasn't the one posting the link, but I checked it when DJ Lucas posted it and checked it again just now, and it does havve a visible answer (at the bottom of the page). I'm using SeaMonkey and changed my browser's user agent string as described before. I also tried the Google search approach and it yielded the exact same results. Can we now *please* stop discussing this silly topic? Or at least take it off list? Thank you. Yes, but for posterity and archives, Ansgar is correct and LuKreme is wrong. I just verified using SeaMonkey here. -- Sahil Tandon sa...@tandon.net
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 15 February 2010 18:41, Stan Hoeppner s...@hardwarefreak.com wrote: I can't get to it without entering a CC and starting a 30 day trial. The bottom of the page is white space. I see no options anywhere on the page to get at the info without signing up. This is kinda by design isn't it? No pay, no play? It's the whole point of the Experts Exchange website is it not? Due to your membership and cookies, even if you aren't logged in, you're probably still seeing a different page than those without a membership and prior cookies already on the the PC accessing the site. It's a no go. Apologies for pushing the OT thread. Experts Exchange is viewable (at least) from google searches. I'm pretty sure it's a referer-check, used to get plenty of good google-juice for their content. As a convenient side-effect, you can always scroll down to the bottom for the answers if you got there via google search. Hit the top result from this search, the answers will be visible. http://www.google.com/search?q=Disable+inspect+esmtp+on+ASA+5505
Re: Postfix - Timeout While Sending End of Data (slightly OT)
On 2010-02-15 5:23 AM, Barney Desmond wrote: Apologies for pushing the OT thread. Experts Exchange is viewable (at least) from google searches. I'm pretty sure it's a referer-check, used to get plenty of good google-juice for their content. As a convenient side-effect, you can always scroll down to the bottom for the answers if you got there via google search. Hit the top result from this search, the answers will be visible. http://www.google.com/search?q=Disable+inspect+esmtp+on+ASA+5505 Not for me...
Re: Postfix - Timeout While Sending End of Data
So here's an update:
1. I have turned off fixup smtp and checked that inspect esmtp or inspect
smtp is not running.
2. I have also enabled ICMP for both ends from our DMZ mail server and
internal mail server. It is still happening.
Plot thickens huh.
On Mon, Feb 15, 2010 at 6:22 PM, DJ Lucas d...@lucasit.com wrote:
On 02/14/2010 10:17 PM, Jafaruddin Lie wrote:
We do have a CISCO ASA 5520 that the outgoing mailserver sits behind,
and I have done the no fixup protocol on the box to no avail.
I have also enabled ICMP from that box to our internal mail server,
and ping works so I figure the ICMP NO-FRAGMENT wouldn't be an issue
here now.
It sounds as though the issue surfaced about the same time the new
security device came into play. If so, it might help to make that
absolutely clear to everyone who reads this thread. Is this the only
change in the environment? From what you've said above, it sounds like
you're on the right track. Only thing I noticed is that you mentioned
fixup (PIX) and not inspect (ASA). I don't have an ASA in front of me
ATM (and honestly, I'm not all that good with them anyway), however
something 'like' the following commands should get you to the right
place if you don't have access to ASDM (assuming you haven't changed too
much in the default configuration). There are plenty of examples all
over the net if you use the correct search terms. Obviously, you should
do a 'show run' to make sure my second assumption is correct (and that
this could even be the problem).
{{{
policy-map global_policy
class inspection_default
no inspect esmtp
}}}
Don't forget to write, else it'll be gone on reboot if it works. Sorry,
done that a couple of times myself, though I always dump my configs. A
friendly reminder never hurts either way.
BTW, here is a better example than the Cisco docs (IMO), probably should
have just linked to there in the first place instead of the above
gibberish. Oh well.
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24438893.html
-- DJ Lucas
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
--
Registered Linux user no. 384430
Re: Postfix - Timeout While Sending End of Data
2010/2/16 Jafaruddin Lie jafaruddin@gmail.com: So here's an update: 1. I have turned off fixup smtp and checked that inspect esmtp or inspect smtp is not running. 2. I have also enabled ICMP for both ends from our DMZ mail server and internal mail server. It is still happening. well, try to disable tcp-windows-scaling ? -- Eero
Re: Postfix - Timeout While Sending End of Data
Thank you for all your responses. We nailed it down to the dodgy server / Postfix setup. I copied some of the deferred mail queues to another newly setup Postfix server (in the same DMZ) and those mails got sent immediately. So, all mailis are now going out through the new server. Looking good so far. On Tue, Feb 16, 2010 at 10:26 AM, Jafaruddin Lie jafaruddin@gmail.comwrote: The size of the email is not big, and I don't think the size of the emails matter. No, no attachments, it's mostly just acknowledgement mails. I have seen emails being blocked at around 3KB, whilst emails around 5KB got sent whilst a 160KB mail got blocked. OK, I have disabled tcp_windows_scaling on the server, we'll see if this keeps on happening. On Tue, Feb 16, 2010 at 10:20 AM, Daniel V. Reinhardt crypto...@yahoo.com wrote: From: Jafaruddin Lie jafaruddin@gmail.com To: Daniel V. Reinhardt crypto...@yahoo.com Sent: Mon, February 15, 2010 10:50:07 PM Subject: Re: Postfix - Timeout While Sending End of Data Currently we have mails going to our internal mail server being queued up. So, to answer your question, it's ethernet 100Mbps connection. On Tue, Feb 16, 2010 at 9:36 AM, Daniel V. Reinhardt crypto...@yahoo.com wrote: So here's an update: 1. I have turned off fixup smtp and checked that inspect esmtp or inspect smtp is not running. 2. I have also enabled ICMP for both ends from our DMZ mail server and internal mail server. It is still happening. Plot thickens huh. What is your connection speed, and what are you sending? Thanks, Daniel Reinhardt Website: www.cryptodan.com Email: crypto...@yahoo.com You didnt answer my question, what is being sent in these e-mails like attachments, and if so what size are they. Can you provide log files and what not? Also keep replies on the list. Thanks, Daniel Reinhardt Website: www.cryptodan.com Email: crypto...@yahoo.com -- Registered Linux user no. 384430 -- Registered Linux user no. 384430
Re: Postfix - Timeout While Sending End of Data
DJ Lucas put forth on 2/15/2010 1:22 AM: http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24438893.html Never post links to information that requires a credit card in order to view it. I'm sure this breaks one if not many netiquette rules. ;) Surely there are many freely available texts with the relevant information that are just as good as this non-free text. -- Stan
Re: Postfix - Timeout While Sending End of Data
On 02/15/2010 01:30 AM, Stan Hoeppner wrote: DJ Lucas put forth on 2/15/2010 1:22 AM: http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24438893.html Never post links to information that requires a credit card in order to view it. I'm sure this breaks one if not many netiquette rules. ;) Surely there are many freely available texts with the relevant information that are just as good as this non-free text. My apologies to the list. Didn't even think of that. In my (admittedly weak) defense, you can scroll to the bottom of the page and get the accepted solution and OPs responses without a CC for Experts Exchange. -- DJ Lucas -- This message has been scanned for viruses and dangerous content, and is believed to be clean.
Re: Postfix - Timeout While Sending End of Data
DJ Lucas put forth on 2/15/2010 1:33 AM: On 02/15/2010 01:30 AM, Stan Hoeppner wrote: DJ Lucas put forth on 2/15/2010 1:22 AM: http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24438893.html Never post links to information that requires a credit card in order to view it. I'm sure this breaks one if not many netiquette rules. ;) Surely there are many freely available texts with the relevant information that are just as good as this non-free text. My apologies to the list. Didn't even think of that. In my (admittedly weak) defense, you can scroll to the bottom of the page and get the accepted solution and OPs responses without a CC for Experts Exchange. I can't get to it without entering a CC and starting a 30 day trial. The bottom of the page is white space. I see no options anywhere on the page to get at the info without signing up. This is kinda by design isn't it? No pay, no play? It's the whole point of the Experts Exchange website is it not? Due to your membership and cookies, even if you aren't logged in, you're probably still seeing a different page than those without a membership and prior cookies already on the the PC accessing the site. It's a no go. -- Stan
