On 12 Aug 2018, at 16:50, Thomas Kristensen wrote:
Hey
I got this strange problem with postfix 3.1.0.
I got this one server that doesn't get all the mails, queued for it.
Some mails gets the error in subject.
And if I do a tcpdump on the tcp stream I see this everytime:
(the content has been
On 12.08.18 20:50, Thomas Kristensen wrote:
Subject: Timed out while sending end of data -- message may be sent more
than once
I got this strange problem with postfix 3.1.0.
I got this one server that doesn't get all the mails, queued for it. Some mails
gets the error in subject.
And if
On Sun, Aug 12, 2018 at 08:50:19PM +, Thomas Kristensen wrote:
> DATA
> 354 [794178adb94846f8975ac93c9a320e4a] Start mail input; end with
> .
> Received: from Server (unknown [(removed)])
> by Server (Postfix) with ESMTP id 41pBtg5rKGzqYnC
> for (removed); Sun, 12 Aug 2018 10:32:2
Invalid mimetype?
milter out of mem or temp storage?
boundary_274246_f400b577-4e93-4ffd-b5ec-355c7a0b5059
Content-Type: application
.
Hey
I got this strange problem with postfix 3.1.0.
I got this one server that doesn't get all the mails, queued for it. Some mails
gets the error in subject.
And if I do a tcpdump on the tcp stream I see this everytime:
(the content has been wiped for some information)
220 [794178adb94846f8975
John,
> Oct 5 00:10:22 myhost postfix/smtp[28713]: 125BC2400A7:
> to=, relay=mail.abc.tld[123.456.789.123]:25,
> delay=187500, delays=186888/0.01/0.16/612, dsn=4.4.2, status=deferred
> (conversation with mail.abc.tld[123.456.789.123] timed out while sending
> end of data --
89.123]
> timed out while sending end of data -- message may be sent more than
> once)
> .
> .
> Oct 5 01:20:10 myhost postfix/qmgr[18862]: 125BC2400A7:
> from=, size=2760, nrcpt=1 (queue active)
> Oct 5 01:20:10 myhost postfix/smtp[30509]: 125BC2400A7: enabling
> PIX wo
5 00:10:22 myhost postfix/smtp[28713]: 125BC2400A7:
to=, relay=mail.abc.tld[123.456.789.123]:25,
delay=187500, delays=186888/0.01/0.16/612, dsn=4.4.2, status=deferred
(conversation with mail.abc.tld[123.456.789.123] timed out while sending
end of data -- message may be sent more than once
Victor Duchovni:
> On Tue, Jun 14, 2011 at 08:05:24PM -0500, Noel Jones wrote:
>
> > I was thinking a setting integrated with smtp_pix_workarounds would be more
> > automatic, with little maintenance once configured.
>
> Given that the banner detection is incomplete (some pixen are not
> obvious
On Wednesday June 15 2011 05:42:36 Noel Jones wrote:
> At this time I'm inclined to set this aside. The DKIM bug
> doesn't seem to be widespread; there is no compelling case to
> add a new workaround right now.
Indeed the situation has much improved in the past year or two.
Many sites have turne
Am 15.06.2011 08:39, schrieb Ralf Hildebrandt:
> * Benny Pedersen :
>
>> fail2ban could be ones friend if postfix have this
>>
>> fail2ban then just grep logs for outgoing mails that failed pr ip,
>> and add this header ignore pr cidr maps
>
> Yeah, that's a great idea!
>
but what if there are o
On Wed, 15 Jun 2011 08:39:11 +0200, Ralf Hildebrandt wrote:
* Benny Pedersen :
fail2ban could be ones friend if postfix have this
fail2ban then just grep logs for outgoing mails that failed pr ip,
and add this header ignore pr cidr maps
Yeah, that's a great idea!
it is ?, oh thanks :-)
* Benny Pedersen :
> fail2ban could be ones friend if postfix have this
>
> fail2ban then just grep logs for outgoing mails that failed pr ip,
> and add this header ignore pr cidr maps
Yeah, that's a great idea!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Univers
On 6/14/2011 8:22 PM, Victor Duchovni wrote:
On Tue, Jun 14, 2011 at 08:05:24PM -0500, Noel Jones wrote:
I was thinking a setting integrated with smtp_pix_workarounds would be more
automatic, with little maintenance once configured.
Given that the banner detection is incomplete (some pixen ar
On Tue, 14 Jun 2011 20:05:24 -0500, Noel Jones wrote:
That's an interesting idea in itself, but in the scope of pix
workarounds it's not a huge improvement since it still requires
manual
intervention per server/domain.
fail2ban could be ones friend if postfix have this
fail2ban then just gr
On Tue, Jun 14, 2011 at 08:05:24PM -0500, Noel Jones wrote:
> I was thinking a setting integrated with smtp_pix_workarounds would be more
> automatic, with little maintenance once configured.
Given that the banner detection is incomplete (some pixen are not
obviously such) one still needs manual
On 6/14/2011 7:42 PM, Benny Pedersen wrote:
On Tue, 14 Jun 2011 19:32:39 -0500, Noel Jones wrote:
C) use existing smtp_header_checks solution.
extend to smtp_header_checks_maps, and then use any maps
postfix support
That's an interesting idea in itself, but in the scope of pix
workarounds
On Tue, 14 Jun 2011 19:32:39 -0500, Noel Jones wrote:
C) use existing smtp_header_checks solution.
extend to smtp_header_checks_maps, and then use any maps postfix
support
is smtp_header_checks already pr recipients server ?
On 6/14/2011 5:49 PM, Benny Pedersen wrote:
On Tue, 14 Jun 2011 19:48:54 +0200, Ralf Hildebrandt wrote:
* Noel Jones :
I think I posted something almost exactly like this a while
ago
(year+?). Anyway, I can confirm that I've had this same
problem and
came up with the same workaround, still in
On Tue, 14 Jun 2011 19:48:54 +0200, Ralf Hildebrandt wrote:
* Noel Jones :
I think I posted something almost exactly like this a while ago
(year+?). Anyway, I can confirm that I've had this same problem and
came up with the same workaround, still in place.
Yeah. Maybe it would make a cool ad
* Robert Schetterer :
> make it more public , firewall admins may awake, in germany heise
> postings help sometimes *g
For that one would need large scale statistics.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Wietse Venema:
> Hmm...
>
> % telnet mailamir.com 25
> Trying 114.31.73.44...
> Connected to mailamir.com.
> Escape character is '^]'.
> 220 **
> help
> 502 5.5.2 Error: command not recognized
FYI, this is how I quickly identify Postfix MTAs.
Wietse
Am 14.06.2011 20:48, schrieb Ralf Hildebrandt:
> * Mark Martinec :
>
>> I think the newer versions of ASA can be configured to let ESMTP pass
>> through without censoring the greeting, while still exhibiting one of
>> the header parsing bugs - which can lead to dropping the TCP session
>> without
Am 14.06.2011 15:34, schrieb Ralf Hildebrandt:
> Today I found that some sites behind a PIX/ASA firewall with "smtp
> protocol fixup" would not accept DKIM signed mails.
>
> Solution:
> =
>
> master.cf:
> nodkimunix - - - - - smtp -o
> smtp_header_check
* Mark Martinec :
> I think the newer versions of ASA can be configured to let ESMTP pass
> through without censoring the greeting, while still exhibiting one of
> the header parsing bugs - which can lead to dropping the TCP session
> without a RST (but with a message in the log ... which noone re
> > How does an SMTP client recognize an ASA box before it breaks email?
>
> Only from the /^[02 *]+$/ banner.
> # telnet mx.interfree.it 25
> 220 **
I think the newer versions of ASA can be configured to let ESMTP pass through
with
* Mark Martinec :
> Ralf wrote:
> > Today I found that some sites behind a PIX/ASA firewall with "smtp
> > protocol fixup" would not accept DKIM signed mails.
>
> But you already knew that! :)
Yes I know.
> ASA bug CSCsy28792 and a couple of related header-parsing bugs,
> triggered by encounter
* Victor Duchovni :
> A Postfix system with a PIX in front of it and STARTTLS censored as
> "XXXA" (same length).
Yes, thought so too.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-122
Ralf wrote:
> Today I found that some sites behind a PIX/ASA firewall with "smtp
> protocol fixup" would not accept DKIM signed mails.
But you already knew that! :)
ASA bug CSCsy28792 and a couple of related header-parsing bugs,
triggered by encountering a "content-type" or "content-transfer-enc
On Tue, Jun 14, 2011 at 02:18:43PM -0400, Wietse Venema wrote:
> > # telnet mailamir.com 25
> > Trying 114.31.73.44...
> > Connected to mailamir.com.
> > Escape character is '^]'.
> > 220 **
>
> Hmm...
>
> % telnet mailamir.com 25
> Trying 114.31.73.44...
> Connected to m
Ralf Hildebrandt:
> * Wietse Venema :
>
> > > Yeah. Maybe it would make a cool addition to smtp_pix_workarounds!
> >
> > How does an SMTP client recognize an ASA box before it breaks email?
>
> Only from the /^[02 *]+$/ banner.
>
> # telnet mx.interfree.it 25
> Trying 213.158.72.46...
> Connec
* Wietse Venema :
> > Yeah. Maybe it would make a cool addition to smtp_pix_workarounds!
>
> How does an SMTP client recognize an ASA box before it breaks email?
Only from the /^[02 *]+$/ banner.
# telnet mx.interfree.it 25
Trying 213.158.72.46...
Connected to mx.interfree.it.
Escape character
Ralf Hildebrandt:
> * Noel Jones :
>
> > I think I posted something almost exactly like this a while ago
> > (year+?). Anyway, I can confirm that I've had this same problem and
> > came up with the same workaround, still in place.
>
> Yeah. Maybe it would make a cool addition to smtp_pix_workaro
On Tue, Jun 14, 2011 at 07:48:54PM +0200, Ralf Hildebrandt wrote:
> * Noel Jones :
>
> > I think I posted something almost exactly like this a while ago
> > (year+?). Anyway, I can confirm that I've had this same problem and
> > came up with the same workaround, still in place.
>
> Yeah. Maybe
* Noel Jones :
> I think I posted something almost exactly like this a while ago
> (year+?). Anyway, I can confirm that I've had this same problem and
> came up with the same workaround, still in place.
Yeah. Maybe it would make a cool addition to smtp_pix_workarounds!
--
Ralf Hildebrandt
Ge
On 6/14/2011 8:34 AM, Ralf Hildebrandt wrote:
Today I found that some sites behind a PIX/ASA firewall with "smtp
protocol fixup" would not accept DKIM signed mails.
Solution:
=
master.cf:
nodkimunix - - - - - smtp -o
smtp_header_checks=pcre:/etc/postf
Today I found that some sites behind a PIX/ASA firewall with "smtp
protocol fixup" would not accept DKIM signed mails.
Solution:
=
master.cf:
nodkimunix - - - - - smtp -o
smtp_header_checks=pcre:/etc/postfix/no_dkim.pcre
main.cf:
transport_maps = cdb:/
On Thursday 23 April 2009 10:02:29 Jørn Odberg wrote:
> I can now see that the recieving side has an ESTABLISHED connection from
> the sender, even after the sender tell me it has lost the connection
> with the reciever. So it seems like something in the middle is forcing
> the connection to a clos
Hello again.
I can now see that the recieving side has an ESTABLISHED connection from
the sender, even after the sender tell me it has lost the connection
with the reciever. So it seems like something in the middle is forcing
the connection to a close...
I have now captured some more tcpdump
Jørn,
> As I said in the first email, I control both ends (both the sender- and
> the receiver-server). But I do not control neither network-connectivity
> or Internet-connectivity at either sites.
>
> I did try turning of Window Scaling at both ends, but it did not help at
> all. It still won't d
J?rn Odberg:
> Would I need to do this at the sender or the receiver? Or both ends?
You can run tcpdump at one end first. If we can't figure out what
is happening, then we may also need the other end to see if
something is messing around with the packets.
Some "firewalls" have incomplete TCP impl
On Wed, Apr 22, 2009 at 11:57:30PM +1000, Barney Desmond wrote:
> > As I said in the first email, I control both ends (both the sender- and the
> > receiver-server). But I do not control neither network-connectivity or
> > Internet-connectivity at either sites.
> >
> > I did try turning of Window
2009/4/22 Jørn Odberg :
> As I said in the first email, I control both ends (both the sender- and the
> receiver-server). But I do not control neither network-connectivity or
> Internet-connectivity at either sites.
>
> I did try turning of Window Scaling at both ends, but it did not help at
> all.
Hello Sahil, and thanks for your reply.
As I said in the first email, I control both ends (both the sender- and
the receiver-server). But I do not control neither network-connectivity
or Internet-connectivity at either sites.
I did try turning of Window Scaling at both ends, but it did not h
On Wed, 22 Apr 2009, Jørn Odberg wrote:
> Would I need to do this at the sender or the receiver? Or both ends?
Do it on your end, which is what you control.
--
Sahil Tandon
Would I need to do this at the sender or the receiver? Or both ends?
Thanks for the reply, Wietse. And thanks for Postfix. :-)
Kind regards from Norway,
Jørn Odberg
Wietse Venema skrev:
Turn off TCP window scaling.
http://www.google.com/search?q=tcp+window+scaling
Wietse
--
_
Turn off TCP window scaling.
http://www.google.com/search?q=tcp+window+scaling
Wietse
es and
upwards, I think?) will not deliver... It takes a minute or two, and
then I receive "conversation with NotBib(..and the rest of the domain)
timed out while sending end of data -- message may be sent more than once".
I have tried sending a mail with a size of 1589 from NotBi
48 matches
Mail list logo
