Re: timeout after ehlo

2014-04-16 Thread Brian Grimal
Viktor - you nailed it. Not certain why just yet, but for a certain subset of hosts, iptables is failing to pass packets containing the mail from: line. After a certain number of (TCP) retries, some will be successful. nf_conntrack isn’t hitting its limits or anything obvious (far from it), s

Re: timeout after ehlo

2014-04-16 Thread Brian Grimal
There is a regular ol’ iptables/linux box in front of this doing nat and state matching, didn’t think to poke around there. Thanks for the tip. Brian On Apr 16, 2014, at 2:47 PM, Viktor Dukhovni wrote: >> > > Some firewall or load-balancer or similar device is losing connection > state on th

Re: timeout after ehlo

2014-04-16 Thread Brian Grimal
ostfix/smtpd[12387]: private/anvil: wanted attribute: (list terminator) Apr 16 13:37:20 mail postfix/smtpd[12387]: input attribute name: (end) Apr 16 13:37:20 mail postfix/smtpd[12387]: timeout after EHLO from vms173009pub.verizon.net[206.46.173.9] Apr 16 13:37:20 mail postfix/smtpd[12387]: disconnect f

Re: timeout after ehlo

2014-04-16 Thread Viktor Dukhovni
On Wed, Apr 16, 2014 at 02:17:23PM -0500, Brian Grimal wrote: > 14:04:31.425682 IP 172.16.5.8.25 > 206.46.173.11.19129: Flags [P.], seq > 35:216, ack 32, win 46, options [nop,nop,TS val 386720906 ecr 1770681376], > length 181 > ..&.&mO-..J. > i.t 250-mail.A.com > 250-PIPELINI

Re: timeout after ehlo

2014-04-16 Thread Wietse Venema
Brian Grimal: > Apr 16 12:57:45 mail postfix/smtpd[18647]: connect from > vms173001pub.verizon.net[206.46.173.1] > Apr 16 13:02:45 mail postfix/smtpd[18647]: timeout after EHLO from > vms173001pub.verizon.net[206.46.173.1] Postfix works as expected. Postfix receives *NOTHING* f

Re: timeout after ehlo

2014-04-16 Thread Brian Grimal
vms173001pub.verizon.net[206.46.173.1] Apr 16 13:02:45 mail postfix/smtpd[18647]: timeout after EHLO from vms173001pub.verizon.net[206.46.173.1] Apr 16 13:02:45 mail postfix/smtpd[18647]: disconnect from vms173001pub.verizon.net[206.46.173.1] gmail, however, delivers quite reasonably: -- Apr 16 13:54:29

Re: timeout after ehlo

2014-04-16 Thread Wietse Venema
Brian Grimal: > after ehlo. I?ve telnetted into the box from off-site (regular > host, not a mail server), and it immediately connects, immediately > responds with the 220 mail..com ESMTP Postfix herald, and > immediately responds to the helo or ehlo. However, it will take > about two minutes

timeout after ehlo

2014-04-16 Thread Brian Grimal
I’m banging my head on the desk over this one. Some hosts, fly right on through - connect, ehlo, mail from, rcpt-to, data, quit .. done. All in maybe 1 second. Others, will consistently timeout after ehlo. I’ve telnetted into the box from off-site (regular host, not a mail server), and it