Sam Clippinger wrote: > I'm drawing a blank on this one. It really looks like the remote server > is sending the "QUIT" text inside the message data. > > The only other thing I can suggest is to try the latest version of > spamdyke (your secondary server is running 3.1.2). If that doesn't fix > it, you could try downgrading until the problem goes away. That would > help me find a possible culprit in the code. > > -- Sam Clippinger > I will upgrade the version and see if that resolves the issue, and report back with results.
-John > John Barton wrote: > >> Sam Clippinger wrote: >> >> >>> This looks like the remote server is sending the word "QUIT" to your >>> secondary server, then waiting until the connection times out. My guess >>> is that the remote server sees the recipient rejections and tries to >>> bail out without sending anything. I don't know why it would do that >>> after it sends the "DATA" command, however. The remote server is >>> aol.com, which reduces the likelihood that it's a problem with their >>> server software (I know AOL's mail servers correctly handle recipient >>> graylisting). >>> >>> In your mail server configuration, are you running any filters before >>> spamdyke that might be inserting the "QUIT" command? Any anti-spam >>> appliances, external devices, anti-virus filters, etc? >>> >>> >>> >> I am not running anything aside from spamdyke on this machine. I do not >> have spamassassin, clamav, qmail-scanner, or any other product loaded >> onto this box. Here is my qmail-smtpd run file: >> >> exec /usr/local/bin/softlimit -m 5000000 \ >> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x >> /var/qmail/control/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g >> "$NOFILESGID" 0 25 \ >> /usr/local/sbin/spamdyke --config-file >> /var/qmail/control/spamdyke.conf -- /var/qmail/bin/qmail-smtpd 2>&1 >> >> Also just to note, only some of the intended recipients get graylisted, >> some of them are accepted and I am still trying to determine if they >> have successfully received the message. >> -John >> >> >> >> >> >>> -- Sam Clippinger >>> >>> John Barton wrote: >>> >>> >>> >>>>>> Sam Clippinger wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> That's very strange -- I'm having a hard time imagining any way >>>>>>> spamdyke could be injecting "QUIT" into a message like that. The >>>>>>> only time spamdyke injects "QUIT" at all is when a connection times >>>>>>> out, but then it sends a "." first to end the message. The "QUIT" >>>>>>> should be interpreted as an SMTP command. >>>>>>> >>>>>>> Do your logs show timeouts that correspond with these messages? Are >>>>>>> any other parts of the message corrupted (e.g. the headers)? >>>>>>> >>>>>>> -- Sam Clippinger >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> I will try to go back through my logs and correlate the occurrences >>>>>> with a timeout. The headers do appear to be incorrect as well, >>>>>> though, the From address in the header shows up as >>>>>> [EMAIL PROTECTED] -John >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>> OK, after enabling full logging and waiting for someone to report the >>>> problem again, I now have a little more insight into this problem. Here >>>> is the full log of the email transaction: >>>> >>>> This section is the transcript from my secondary mail server, which >>>> receives the message first: >>>> >>>> >>>> 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587 >>>> 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process = >>>> >>> ; blocked by filter = <XX >>>> 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from >>>> filter to child process = FF> >>>> >>>> <<< 06/04/2008 09:45:30 >>>> 220 mail2.sts-llc.net ESMTP >>>> >>>> >>> 06/04/2008 09:45:30 >>>> EHLO imo-d21.mx.aol.com >>>> >>>> <<< 06/04/2008 09:45:30 >>>> 250-mail2.sts-llc.net >>>> 250-PIPELINING >>>> 250 8BITMIME >>>> >>>> >>> 06/04/2008 09:45:31 >>>> MAIL From:<[EMAIL PROTECTED]> >>>> >>>> <<< 06/04/2008 09:45:31 >>>> 250 ok >>>> >>>> >>> 06/04/2008 09:45:31 >>>> RCPT To:<[EMAIL PROTECTED]> >>>> >>>> <FF 06/04/2008 09:45:31 >>>> 421 Your address has been graylisted. Try again later. >>>> >>>> >>> 06/04/2008 09:45:31 >>>> RCPT To:<[EMAIL PROTECTED]> >>>> >>>> <FF 06/04/2008 09:45:31 >>>> 421 Your address has been graylisted. Try again later. >>>> >>>> >>> 06/04/2008 09:45:31 >>>> RCPT To:<[EMAIL PROTECTED]> >>>> >>>> <<< 06/04/2008 09:45:31 >>>> 250 ok >>>> >>>> >>> 06/04/2008 09:45:31 >>>> RCPT To:<[EMAIL PROTECTED]> >>>> >>>> <<< 06/04/2008 09:45:31 >>>> 250 ok >>>> >>>> >>> 06/04/2008 09:45:31 >>>> RCPT To:<[EMAIL PROTECTED]> >>>> >>>> <<< 06/04/2008 09:45:31 >>>> 250 ok >>>> >>>> >>> 06/04/2008 09:45:31 >>>> DATA >>>> >>>> <<< 06/04/2008 09:45:31 >>>> 354 go ahead >>>> >>>> >>> 06/04/2008 09:45:31 >>>> QUIT >>>> >>>> FF> 06/04/2008 09:46:32 >>>> . >>>> QUIT >>>> >>>> <FF 06/04/2008 09:46:32 >>>> 421 Timeout. Talk faster next time. >>>> >>>> <XX 06/04/2008 09:46:32 >>>> 250 ok 1212590792 qp 589 >>>> 221 mail2.sts-llc.net >>>> >>>> 06/04/2008 09:46:32 CLOSED >>>> >>>> ---------------------------------------------------------------------------------------------------- >>>> >>>> This messages comes into my secondary server, which then gets forwarded >>>> to a couple users on my primary server, but this is the message >>>> transcript from that machine for one of those users: >>>> >>>> >>>> 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953 >>>> 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process = >>>> >>> ; blocked by filter = <XX >>>> 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from >>>> filter to child process = FF> >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 220 stscore01.sts-llc.net ESMTP >>>> >>>> >>> 06/04/2008 09:46:32 >>>> HELO mail2.sts-llc.net >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 250 stscore01.sts-llc.net >>>> >>>> >>> 06/04/2008 09:46:32 >>>> MAIL FROM:<[EMAIL PROTECTED]> >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 250 ok >>>> >>>> >>> 06/04/2008 09:46:32 >>>> RCPT TO:<[EMAIL PROTECTED]> >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 250 ok >>>> >>>> >>> 06/04/2008 09:46:32 >>>> DATA >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 354 go ahead >>>> >>>> >>> 06/04/2008 09:46:32 >>>> Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000 >>>> Received: from imo-d21.mx.aol.com (205.188.144.207) >>>> by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000 >>>> QUIT >>>> . >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 250 ok 1212590792 qp 20959 >>>> >>>> >>> 06/04/2008 09:46:32 >>>> QUIT >>>> >>>> <<< 06/04/2008 09:46:32 >>>> 221 stscore01.sts-llc.net >>>> >>>> 06/04/2008 09:46:32 CLOSED >>>> D >>>> >>>> ----------------------------------------------------------------------------------------------------------------- >>>> >>>> And here is the resulting email message in their inbox: >>>> >>>> From: [EMAIL PROTECTED] >>>> Cc: recipient list not shown: ; >>>> Sent: Jun 4, 2008 09:46 >>>> Subject: >>>> >>>> QUIT >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
