I just can't think of any explanation for this behavior. I strongly suspect it's connected to a timeout somehow but spamdyke should never insert the word "QUIT" into a message body. Whenever it sends "QUIT" to qmail, it always precedes it with ".", which ends the message content.
I'm very much open to suggestions here... -- Sam Clippinger Bgs wrote: > Just received a similar mail here: > > Return-Path: <> > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 15790 invoked by uid 9008); 1 Jul 2008 10:42:31 -0000 > Delivered-To: [EMAIL PROTECTED] > Received: (qmail 14912 invoked from network); 1 Jul 2008 10:41:30 -0000 > Received: from web03.domain3.com (x.x.x.x) > by mail.domain2.com with SMTP; 1 Jul 2008 10:41:30 -0000 > QUIT > > > Sender and receiver side is qmail too. This is the first one I'm aware of. > > Sender is a web server we have. Web server and mail server are on the > same network so no connectivity issues there. Spamdyke version is 3.1.8. > > > Regards > Bgs > > John Barton wrote: > >> Sam Clippinger wrote: >> >>> I'm drawing a blank on this one. It really looks like the remote server >>> is sending the "QUIT" text inside the message data. >>> >>> The only other thing I can suggest is to try the latest version of >>> spamdyke (your secondary server is running 3.1.2). If that doesn't fix >>> it, you could try downgrading until the problem goes away. That would >>> help me find a possible culprit in the code. >>> >>> -- Sam Clippinger >>> >>> >> I will upgrade the version and see if that resolves the issue, and >> report back with results. >> >> -John >> >>> John Barton wrote: >>> >>> >>>> Sam Clippinger wrote: >>>> >>>> >>>> >>>>> This looks like the remote server is sending the word "QUIT" to your >>>>> secondary server, then waiting until the connection times out. My guess >>>>> is that the remote server sees the recipient rejections and tries to >>>>> bail out without sending anything. I don't know why it would do that >>>>> after it sends the "DATA" command, however. The remote server is >>>>> aol.com, which reduces the likelihood that it's a problem with their >>>>> server software (I know AOL's mail servers correctly handle recipient >>>>> graylisting). >>>>> >>>>> In your mail server configuration, are you running any filters before >>>>> spamdyke that might be inserting the "QUIT" command? Any anti-spam >>>>> appliances, external devices, anti-virus filters, etc? >>>>> >>>>> >>>>> >>>>> >>>> I am not running anything aside from spamdyke on this machine. I do not >>>> have spamassassin, clamav, qmail-scanner, or any other product loaded >>>> onto this box. Here is my qmail-smtpd run file: >>>> >>>> exec /usr/local/bin/softlimit -m 5000000 \ >>>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x >>>> /var/qmail/control/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g >>>> "$NOFILESGID" 0 25 \ >>>> /usr/local/sbin/spamdyke --config-file >>>> /var/qmail/control/spamdyke.conf -- /var/qmail/bin/qmail-smtpd 2>&1 >>>> >>>> Also just to note, only some of the intended recipients get graylisted, >>>> some of them are accepted and I am still trying to determine if they >>>> have successfully received the message. >>>> -John >>>> >>>> >>>> >>>> >>>> >>>> >>>>> -- Sam Clippinger >>>>> >>>>> John Barton wrote: >>>>> >>>>> >>>>> >>>>> >>>>>>>> Sam Clippinger wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> That's very strange -- I'm having a hard time imagining any way >>>>>>>>> spamdyke could be injecting "QUIT" into a message like that. The >>>>>>>>> only time spamdyke injects "QUIT" at all is when a connection times >>>>>>>>> out, but then it sends a "." first to end the message. The "QUIT" >>>>>>>>> should be interpreted as an SMTP command. >>>>>>>>> >>>>>>>>> Do your logs show timeouts that correspond with these messages? Are >>>>>>>>> any other parts of the message corrupted (e.g. the headers)? >>>>>>>>> >>>>>>>>> -- Sam Clippinger >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> I will try to go back through my logs and correlate the occurrences >>>>>>>> with a timeout. The headers do appear to be incorrect as well, >>>>>>>> though, the From address in the header shows up as >>>>>>>> [EMAIL PROTECTED] -John >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> OK, after enabling full logging and waiting for someone to report the >>>>>> problem again, I now have a little more insight into this problem. Here >>>>>> is the full log of the email transaction: >>>>>> >>>>>> This section is the transcript from my secondary mail server, which >>>>>> receives the message first: >>>>>> >>>>>> >>>>>> 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587 >>>>>> 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process = >>>>>> >>> ; blocked by filter = <XX >>>>>> 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from >>>>>> filter to child process = FF> >>>>>> >>>>>> <<< 06/04/2008 09:45:30 >>>>>> 220 mail2.sts-llc.net ESMTP >>>>>> >>>>>> >>> 06/04/2008 09:45:30 >>>>>> EHLO imo-d21.mx.aol.com >>>>>> >>>>>> <<< 06/04/2008 09:45:30 >>>>>> 250-mail2.sts-llc.net >>>>>> 250-PIPELINING >>>>>> 250 8BITMIME >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> MAIL From:<[EMAIL PROTECTED]> >>>>>> >>>>>> <<< 06/04/2008 09:45:31 >>>>>> 250 ok >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>> >>>>>> <FF 06/04/2008 09:45:31 >>>>>> 421 Your address has been graylisted. Try again later. >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>> >>>>>> <FF 06/04/2008 09:45:31 >>>>>> 421 Your address has been graylisted. Try again later. >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>> >>>>>> <<< 06/04/2008 09:45:31 >>>>>> 250 ok >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>> >>>>>> <<< 06/04/2008 09:45:31 >>>>>> 250 ok >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>> >>>>>> <<< 06/04/2008 09:45:31 >>>>>> 250 ok >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> DATA >>>>>> >>>>>> <<< 06/04/2008 09:45:31 >>>>>> 354 go ahead >>>>>> >>>>>> >>> 06/04/2008 09:45:31 >>>>>> QUIT >>>>>> >>>>>> FF> 06/04/2008 09:46:32 >>>>>> . >>>>>> QUIT >>>>>> >>>>>> <FF 06/04/2008 09:46:32 >>>>>> 421 Timeout. Talk faster next time. >>>>>> >>>>>> <XX 06/04/2008 09:46:32 >>>>>> 250 ok 1212590792 qp 589 >>>>>> 221 mail2.sts-llc.net >>>>>> >>>>>> 06/04/2008 09:46:32 CLOSED >>>>>> >>>>>> ---------------------------------------------------------------------------------------------------- >>>>>> >>>>>> This messages comes into my secondary server, which then gets forwarded >>>>>> to a couple users on my primary server, but this is the message >>>>>> transcript from that machine for one of those users: >>>>>> >>>>>> >>>>>> 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953 >>>>>> 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process = >>>>>> >>> ; blocked by filter = <XX >>>>>> 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from >>>>>> filter to child process = FF> >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 220 stscore01.sts-llc.net ESMTP >>>>>> >>>>>> >>> 06/04/2008 09:46:32 >>>>>> HELO mail2.sts-llc.net >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 250 stscore01.sts-llc.net >>>>>> >>>>>> >>> 06/04/2008 09:46:32 >>>>>> MAIL FROM:<[EMAIL PROTECTED]> >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 250 ok >>>>>> >>>>>> >>> 06/04/2008 09:46:32 >>>>>> RCPT TO:<[EMAIL PROTECTED]> >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 250 ok >>>>>> >>>>>> >>> 06/04/2008 09:46:32 >>>>>> DATA >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 354 go ahead >>>>>> >>>>>> >>> 06/04/2008 09:46:32 >>>>>> Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000 >>>>>> Received: from imo-d21.mx.aol.com (205.188.144.207) >>>>>> by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000 >>>>>> QUIT >>>>>> . >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 250 ok 1212590792 qp 20959 >>>>>> >>>>>> >>> 06/04/2008 09:46:32 >>>>>> QUIT >>>>>> >>>>>> <<< 06/04/2008 09:46:32 >>>>>> 221 stscore01.sts-llc.net >>>>>> >>>>>> 06/04/2008 09:46:32 CLOSED >>>>>> D >>>>>> >>>>>> ----------------------------------------------------------------------------------------------------------------- >>>>>> >>>>>> And here is the resulting email message in their inbox: >>>>>> >>>>>> From: [EMAIL PROTECTED] >>>>>> Cc: recipient list not shown: ; >>>>>> Sent: Jun 4, 2008 09:46 >>>>>> Subject: >>>>>> >>>>>> QUIT >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> spamdyke-users mailing list >>>>>> [email protected] >>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
