This looks like the remote server is sending the word "QUIT" to your secondary server, then waiting until the connection times out. My guess is that the remote server sees the recipient rejections and tries to bail out without sending anything. I don't know why it would do that after it sends the "DATA" command, however. The remote server is aol.com, which reduces the likelihood that it's a problem with their server software (I know AOL's mail servers correctly handle recipient graylisting).
In your mail server configuration, are you running any filters before spamdyke that might be inserting the "QUIT" command? Any anti-spam appliances, external devices, anti-virus filters, etc? -- Sam Clippinger John Barton wrote: >>> Sam Clippinger wrote: >>> >>> >>>> That's very strange -- I'm having a hard time imagining any way >>>> spamdyke could be injecting "QUIT" into a message like that. The >>>> only time spamdyke injects "QUIT" at all is when a connection times >>>> out, but then it sends a "." first to end the message. The "QUIT" >>>> should be interpreted as an SMTP command. >>>> >>>> Do your logs show timeouts that correspond with these messages? Are >>>> any other parts of the message corrupted (e.g. the headers)? >>>> >>>> -- Sam Clippinger >>>> >>>> >>>> >>> I will try to go back through my logs and correlate the occurrences >>> with a timeout. The headers do appear to be incorrect as well, >>> though, the From address in the header shows up as >>> [EMAIL PROTECTED] -John >>> >>> > > OK, after enabling full logging and waiting for someone to report the > problem again, I now have a little more insight into this problem. Here > is the full log of the email transaction: > > This section is the transcript from my secondary mail server, which > receives the message first: > > > 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587 > 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process = > >>> ; blocked by filter = <XX > 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from > filter to child process = FF> > > <<< 06/04/2008 09:45:30 > 220 mail2.sts-llc.net ESMTP > > >>> 06/04/2008 09:45:30 > EHLO imo-d21.mx.aol.com > > <<< 06/04/2008 09:45:30 > 250-mail2.sts-llc.net > 250-PIPELINING > 250 8BITMIME > > >>> 06/04/2008 09:45:31 > MAIL From:<[EMAIL PROTECTED]> > > <<< 06/04/2008 09:45:31 > 250 ok > > >>> 06/04/2008 09:45:31 > RCPT To:<[EMAIL PROTECTED]> > > <FF 06/04/2008 09:45:31 > 421 Your address has been graylisted. Try again later. > > >>> 06/04/2008 09:45:31 > RCPT To:<[EMAIL PROTECTED]> > > <FF 06/04/2008 09:45:31 > 421 Your address has been graylisted. Try again later. > > >>> 06/04/2008 09:45:31 > RCPT To:<[EMAIL PROTECTED]> > > <<< 06/04/2008 09:45:31 > 250 ok > > >>> 06/04/2008 09:45:31 > RCPT To:<[EMAIL PROTECTED]> > > <<< 06/04/2008 09:45:31 > 250 ok > > >>> 06/04/2008 09:45:31 > RCPT To:<[EMAIL PROTECTED]> > > <<< 06/04/2008 09:45:31 > 250 ok > > >>> 06/04/2008 09:45:31 > DATA > > <<< 06/04/2008 09:45:31 > 354 go ahead > > >>> 06/04/2008 09:45:31 > QUIT > > FF> 06/04/2008 09:46:32 > . > QUIT > > <FF 06/04/2008 09:46:32 > 421 Timeout. Talk faster next time. > > <XX 06/04/2008 09:46:32 > 250 ok 1212590792 qp 589 > 221 mail2.sts-llc.net > > 06/04/2008 09:46:32 CLOSED > > ---------------------------------------------------------------------------------------------------- > > This messages comes into my secondary server, which then gets forwarded > to a couple users on my primary server, but this is the message > transcript from that machine for one of those users: > > > 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953 > 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process = > >>> ; blocked by filter = <XX > 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from > filter to child process = FF> > > <<< 06/04/2008 09:46:32 > 220 stscore01.sts-llc.net ESMTP > > >>> 06/04/2008 09:46:32 > HELO mail2.sts-llc.net > > <<< 06/04/2008 09:46:32 > 250 stscore01.sts-llc.net > > >>> 06/04/2008 09:46:32 > MAIL FROM:<[EMAIL PROTECTED]> > > <<< 06/04/2008 09:46:32 > 250 ok > > >>> 06/04/2008 09:46:32 > RCPT TO:<[EMAIL PROTECTED]> > > <<< 06/04/2008 09:46:32 > 250 ok > > >>> 06/04/2008 09:46:32 > DATA > > <<< 06/04/2008 09:46:32 > 354 go ahead > > >>> 06/04/2008 09:46:32 > Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000 > Received: from imo-d21.mx.aol.com (205.188.144.207) > by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000 > QUIT > . > > <<< 06/04/2008 09:46:32 > 250 ok 1212590792 qp 20959 > > >>> 06/04/2008 09:46:32 > QUIT > > <<< 06/04/2008 09:46:32 > 221 stscore01.sts-llc.net > > 06/04/2008 09:46:32 CLOSED > D > > ----------------------------------------------------------------------------------------------------------------- > > And here is the resulting email message in their inbox: > > From: [EMAIL PROTECTED] > Cc: recipient list not shown: ; > Sent: Jun 4, 2008 09:46 > Subject: > > QUIT > > > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
