On 09/09/2008 04:48:47 PM, Wietse Venema wrote:
Instead of guessing, run a network sniffer that captures the packet content.
Thank you. I knew someone would send a good idea my way. Here's what I found: Nc seems to be left hanging when there's more than one subscriber to the email list; when two messages go through the filter nc is left hanging after the second pair TCP sessions. Normally as the filter runs the process tree running the mailman-filter filter looks like this:11530 ? S 0:00 \_ spawn -l -n 127.0.0.1:11025 -t inet user=mfilter 11626 ? Ss 0:00 | \_ /bin/sh /usr/local/sbin/mailman-filter 127.0. 11627 ? S 0:00 | \_ awk -W Interactive BEGIN {headers = 1;?
11628 ? R 0:00 | \_ nc 127.0.0.1 11026 With one subscriber, the smtp end sends a packet with a bunch of SMTP protocol ending with a DATA command, gets back a bunch of 250 Oks and a 354 reply, sends the message, ends with a period and then a QUIT in the same packet, gets back a 250 (queued) reply and a 221 (bye) in the same packet. Then both the smtp and the smtpd ends close the tcp socket and awk gets a EOF and ends and nc shuts down as well. Just as expected. When there's more than one subscriber the same thing happens for mail sent to the first subscriber, but then the same message is sent to the second subscriber. Again, smtp sends a DATA command, gets back a 354, sends the message, ends with a period, and gets a 250 reply back. At that point things have changed because the smtp side does not send a QUIT, instead it closes it's side of the TCP connection with a FIN, ACK. I presume that at this point spawn sends awk an EOF on stdin because the process tree then looks like this:11530 ? S 0:00 \_ spawn -l -n 127.0.0.1:11025 -t inet user=mfilter 11537 ? Ss 0:00 | \_ /bin/sh /usr/local/sbin/mailman-filter 127.0.
11539 ? S 0:00 | \_ nc 127.0.0.1 11026
Spawn does not close it's side of the tcp connection
initiated by smtp.
The system stays in this state for 5 minutes until smtpd
times out. Then smtpd sends a 421 (timeout exceeded)
back to nc, which sends it to stdout to spawn and
it goes back to smtp. At that point smtp sends a RST
packet back to spawn and the connection is shut down.
Then smtpd sends a FIN, ACK back to nc, which responds
with it's own FIN, ACK and with a final ACK from smtpd
that side of the filter shuts down gracefully.
So (I think) the question becomes why smtp does not
send a QUIT to end delivery of the 2nd email as it
does the first.
Attached are 4 tcpdumps. For testing I've used ports
11025 (for spawn) and 11026 (for smtpd) rather than
the 10025 and 10026 documented in my script and in
FILTER_README.
Two files record nc "hanging" there are 2 recipients
of the mailing list.
smtp_side2 Traffic between smtp and spawn.
smtpd_side2 Traffic between spawn (nc) and smtpd.
Two files record a "normal" filter event, there
is only 1 recipient of the mailing list message.
smtp_side3 Traffic between smtp and spawn.
smtpd_side3 Traffic between spawn and smtpd.
Thanks for the help.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
smtp_side2
Description: Binary data
smtpd_side2
Description: Binary data
smtp_side3
Description: Binary data
smtpd_side3
Description: Binary data
