Re: Customer getting timeouts - traffic not showing on relays

Viktor Dukhovni Mon, 08 Aug 2022 06:33:21 -0700

On Mon, Aug 08, 2022 at 01:21:01PM +0000, White, Daniel E. (GSFC-770.0)[AEGIS] 
wrote:


> 2022-08-05T17:27:37.326857+00:00 MAILRELAY postfix/smtpd[69606]: connect from 
> unknown[SAME_CLIENT_IP]
> 2022-08-05T17:32:43.057669+00:00 MAILRELAY postfix/smtpd[69606]: timeout 
> after CONNECT from unknown[SAME_CLIENT_IP]
> 2022-08-05T17:32:43.058413+00:00 MAILRELAY postfix/smtpd[69606]: disconnect 
> from unknown[SAME_CLIENT_IP] commands=0/0

The client sent no SMTP commands in more than 5 minutes.  To see whether
there are packet loss or other network-layer issues, try "tshark", or
"tcpdump".

> 2022-08-05T17:28:05.229942+00:00 MAILRELAY postfix/smtpd[69634]: connect from 
> unknown[SAME_CLIENT_IP]
> 2022-08-05T17:33:16.299108+00:00 MAILRELAY postfix/smtpd[69634]: timeout 
> after UNKNOWN from unknown[SAME_CLIENT_IP]
> 2022-08-05T17:33:16.299730+00:00 MAILRELAY postfix/smtpd[69634]: disconnect 
> from unknown[SAME_CLIENT_IP] unknown=0/2 commands=0/2

Here, the client appears to have sent two non-SMTP commands.  To see
what was sent, try "tshark", or "tcpdump".

> 2022-08-05T17:36:43.530386+00:00 MAILRELAY postfix/smtpd[69667]: connect from 
> unknown[SAME_CLIENT_IP]
> 2022-08-05T17:36:43.557118+00:00 MAILRELAY postfix/smtpd[69667]: discarding 
> EHLO keywords: CHUNKING
> 2022-08-05T17:36:43.584122+00:00 MAILRELAY postfix/smtpd[69667]: 8E90F800298: 
> client=unknown[SAME_CLIENT_IP]
> 2022-08-05T17:36:43.611390+00:00 MAILRELAY postfix/cleanup[69670]: 
> 8E90F800298: message-id=<20220805173643.58CA11A2F14@sendinghost.local>
> 2022-08-05T17:36:43.893896+00:00 MAILRELAY postfix/qmgr[69362]: 8E90F800298: 
> from=<SENDER>, size=647, nrcpt=2 (queue active)
> 2022-08-05T17:36:43.894495+00:00 MAILRELAY postfix/smtpd[69667]: disconnect 
> from unknown[SAME_CLIENT_IP] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
> 2022-08-05T17:36:44.308292+00:00 MAILRELAY postfix/smtp[69672]: 8E90F800298: 
> to=<DESTINATION1>, relay=UPSTREAM_RELAY[UPSTREAM_RELAY]:25, delay=0.73, 
> delays=0.31/0/0.19/0.23, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 
> 16ECF8015D6)
> 2022-08-05T17:36:44.308778+00:00 MAILRELAY postfix/smtp[69672]: 8E90F800298: 
> to=<DESTINATION2>, relay=UPSTREAM_RELAY[UPSTREAM_RELAY]:25, delay=0.73, 
> delays=0.31/0/0.19/0.23, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 
> 16ECF8015D6)
> 2022-08-05T17:36:44.308860+00:00 MAILRELAY postfix/qmgr[69362]: 8E90F800298: 
> removed

This connection successfully relayed a message.

> And the final connection timed out
> 
> 2022-08-05T17:36:53.703951+00:00 MAILRELAY postfix/smtpd[69638]: timeout 
> after CONNECT from unknown[SAME_CLIENT_IP]
> 2022-08-05T17:36:53.704553+00:00 MAILRELAY postfix/smtpd[69638]: disconnect 
> from unknown[SAME_CLIENT_IP] commands=0/0

The "connect" event is not shown, but this seems to match the first
connection.

-- 
    Viktor.

Re: Customer getting timeouts - traffic not showing on relays

Reply via email to