Sam Clippinger wrote:
> This looks like the remote server is sending the word "QUIT" to your
> secondary server, then waiting until the connection times out. My guess
> is that the remote server sees the recipient rejections and tries to
> bail out without sending anything. I don't know why it would do that
> after it sends the "DATA" command, however. The remote server is
> aol.com, which reduces the likelihood that it's a problem with their
> server software (I know AOL's mail servers correctly handle recipient
> graylisting).
>
> In your mail server configuration, are you running any filters before
> spamdyke that might be inserting the "QUIT" command? Any anti-spam
> appliances, external devices, anti-virus filters, etc?
>
I am not running anything aside from spamdyke on this machine. I do not
have spamassassin, clamav, qmail-scanner, or any other product loaded
onto this box. Here is my qmail-smtpd run file:
exec /usr/local/bin/softlimit -m 5000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x
/var/qmail/control/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g
"$NOFILESGID" 0 25 \
/usr/local/sbin/spamdyke --config-file
/var/qmail/control/spamdyke.conf -- /var/qmail/bin/qmail-smtpd 2>&1
Also just to note, only some of the intended recipients get graylisted,
some of them are accepted and I am still trying to determine if they
have successfully received the message.
-John
> -- Sam Clippinger
>
> John Barton wrote:
>
>>>> Sam Clippinger wrote:
>>>>
>>>>
>>>>
>>>>> That's very strange -- I'm having a hard time imagining any way
>>>>> spamdyke could be injecting "QUIT" into a message like that. The
>>>>> only time spamdyke injects "QUIT" at all is when a connection times
>>>>> out, but then it sends a "." first to end the message. The "QUIT"
>>>>> should be interpreted as an SMTP command.
>>>>>
>>>>> Do your logs show timeouts that correspond with these messages? Are
>>>>> any other parts of the message corrupted (e.g. the headers)?
>>>>>
>>>>> -- Sam Clippinger
>>>>>
>>>>>
>>>>>
>>>>>
>>>> I will try to go back through my logs and correlate the occurrences
>>>> with a timeout. The headers do appear to be incorrect as well,
>>>> though, the From address in the header shows up as
>>>> [EMAIL PROTECTED] -John
>>>>
>>>>
>>>>
>> OK, after enabling full logging and waiting for someone to report the
>> problem again, I now have a little more insight into this problem. Here
>> is the full log of the email transaction:
>>
>> This section is the transcript from my secondary mail server, which
>> receives the message first:
>>
>>
>> 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587
>> 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process =
>> >>> ; blocked by filter = <XX
>> 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from
>> filter to child process = FF>
>>
>> <<< 06/04/2008 09:45:30
>> 220 mail2.sts-llc.net ESMTP
>>
>> >>> 06/04/2008 09:45:30
>> EHLO imo-d21.mx.aol.com
>>
>> <<< 06/04/2008 09:45:30
>> 250-mail2.sts-llc.net
>> 250-PIPELINING
>> 250 8BITMIME
>>
>> >>> 06/04/2008 09:45:31
>> MAIL From:<[EMAIL PROTECTED]>
>>
>> <<< 06/04/2008 09:45:31
>> 250 ok
>>
>> >>> 06/04/2008 09:45:31
>> RCPT To:<[EMAIL PROTECTED]>
>>
>> <FF 06/04/2008 09:45:31
>> 421 Your address has been graylisted. Try again later.
>>
>> >>> 06/04/2008 09:45:31
>> RCPT To:<[EMAIL PROTECTED]>
>>
>> <FF 06/04/2008 09:45:31
>> 421 Your address has been graylisted. Try again later.
>>
>> >>> 06/04/2008 09:45:31
>> RCPT To:<[EMAIL PROTECTED]>
>>
>> <<< 06/04/2008 09:45:31
>> 250 ok
>>
>> >>> 06/04/2008 09:45:31
>> RCPT To:<[EMAIL PROTECTED]>
>>
>> <<< 06/04/2008 09:45:31
>> 250 ok
>>
>> >>> 06/04/2008 09:45:31
>> RCPT To:<[EMAIL PROTECTED]>
>>
>> <<< 06/04/2008 09:45:31
>> 250 ok
>>
>> >>> 06/04/2008 09:45:31
>> DATA
>>
>> <<< 06/04/2008 09:45:31
>> 354 go ahead
>>
>> >>> 06/04/2008 09:45:31
>> QUIT
>>
>> FF> 06/04/2008 09:46:32
>> .
>> QUIT
>>
>> <FF 06/04/2008 09:46:32
>> 421 Timeout. Talk faster next time.
>>
>> <XX 06/04/2008 09:46:32
>> 250 ok 1212590792 qp 589
>> 221 mail2.sts-llc.net
>>
>> 06/04/2008 09:46:32 CLOSED
>>
>> ----------------------------------------------------------------------------------------------------
>>
>> This messages comes into my secondary server, which then gets forwarded
>> to a couple users on my primary server, but this is the message
>> transcript from that machine for one of those users:
>>
>>
>> 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953
>> 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process =
>> >>> ; blocked by filter = <XX
>> 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from
>> filter to child process = FF>
>>
>> <<< 06/04/2008 09:46:32
>> 220 stscore01.sts-llc.net ESMTP
>>
>> >>> 06/04/2008 09:46:32
>> HELO mail2.sts-llc.net
>>
>> <<< 06/04/2008 09:46:32
>> 250 stscore01.sts-llc.net
>>
>> >>> 06/04/2008 09:46:32
>> MAIL FROM:<[EMAIL PROTECTED]>
>>
>> <<< 06/04/2008 09:46:32
>> 250 ok
>>
>> >>> 06/04/2008 09:46:32
>> RCPT TO:<[EMAIL PROTECTED]>
>>
>> <<< 06/04/2008 09:46:32
>> 250 ok
>>
>> >>> 06/04/2008 09:46:32
>> DATA
>>
>> <<< 06/04/2008 09:46:32
>> 354 go ahead
>>
>> >>> 06/04/2008 09:46:32
>> Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000
>> Received: from imo-d21.mx.aol.com (205.188.144.207)
>> by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000
>> QUIT
>> .
>>
>> <<< 06/04/2008 09:46:32
>> 250 ok 1212590792 qp 20959
>>
>> >>> 06/04/2008 09:46:32
>> QUIT
>>
>> <<< 06/04/2008 09:46:32
>> 221 stscore01.sts-llc.net
>>
>> 06/04/2008 09:46:32 CLOSED
>> D
>>
>> -----------------------------------------------------------------------------------------------------------------
>>
>> And here is the resulting email message in their inbox:
>>
>> From: [EMAIL PROTECTED]
>> Cc: recipient list not shown: ;
>> Sent: Jun 4, 2008 09:46
>> Subject:
>>
>> QUIT
>>
>>
>>
>>
>> _______________________________________________
>> spamdyke-users mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
