Just received a similar mail here: Return-Path: <> Delivered-To: [EMAIL PROTECTED] Received: (qmail 15790 invoked by uid 9008); 1 Jul 2008 10:42:31 -0000 Delivered-To: [EMAIL PROTECTED] Received: (qmail 14912 invoked from network); 1 Jul 2008 10:41:30 -0000 Received: from web03.domain3.com (x.x.x.x) by mail.domain2.com with SMTP; 1 Jul 2008 10:41:30 -0000 QUIT
Sender and receiver side is qmail too. This is the first one I'm aware of. Sender is a web server we have. Web server and mail server are on the same network so no connectivity issues there. Spamdyke version is 3.1.8. Regards Bgs John Barton wrote: > Sam Clippinger wrote: >> I'm drawing a blank on this one. It really looks like the remote server >> is sending the "QUIT" text inside the message data. >> >> The only other thing I can suggest is to try the latest version of >> spamdyke (your secondary server is running 3.1.2). If that doesn't fix >> it, you could try downgrading until the problem goes away. That would >> help me find a possible culprit in the code. >> >> -- Sam Clippinger >> > I will upgrade the version and see if that resolves the issue, and > report back with results. > > -John >> John Barton wrote: >> >>> Sam Clippinger wrote: >>> >>> >>>> This looks like the remote server is sending the word "QUIT" to your >>>> secondary server, then waiting until the connection times out. My guess >>>> is that the remote server sees the recipient rejections and tries to >>>> bail out without sending anything. I don't know why it would do that >>>> after it sends the "DATA" command, however. The remote server is >>>> aol.com, which reduces the likelihood that it's a problem with their >>>> server software (I know AOL's mail servers correctly handle recipient >>>> graylisting). >>>> >>>> In your mail server configuration, are you running any filters before >>>> spamdyke that might be inserting the "QUIT" command? Any anti-spam >>>> appliances, external devices, anti-virus filters, etc? >>>> >>>> >>>> >>> I am not running anything aside from spamdyke on this machine. I do not >>> have spamassassin, clamav, qmail-scanner, or any other product loaded >>> onto this box. Here is my qmail-smtpd run file: >>> >>> exec /usr/local/bin/softlimit -m 5000000 \ >>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x >>> /var/qmail/control/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g >>> "$NOFILESGID" 0 25 \ >>> /usr/local/sbin/spamdyke --config-file >>> /var/qmail/control/spamdyke.conf -- /var/qmail/bin/qmail-smtpd 2>&1 >>> >>> Also just to note, only some of the intended recipients get graylisted, >>> some of them are accepted and I am still trying to determine if they >>> have successfully received the message. >>> -John >>> >>> >>> >>> >>> >>>> -- Sam Clippinger >>>> >>>> John Barton wrote: >>>> >>>> >>>> >>>>>>> Sam Clippinger wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> That's very strange -- I'm having a hard time imagining any way >>>>>>>> spamdyke could be injecting "QUIT" into a message like that. The >>>>>>>> only time spamdyke injects "QUIT" at all is when a connection times >>>>>>>> out, but then it sends a "." first to end the message. The "QUIT" >>>>>>>> should be interpreted as an SMTP command. >>>>>>>> >>>>>>>> Do your logs show timeouts that correspond with these messages? Are >>>>>>>> any other parts of the message corrupted (e.g. the headers)? >>>>>>>> >>>>>>>> -- Sam Clippinger >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> I will try to go back through my logs and correlate the occurrences >>>>>>> with a timeout. The headers do appear to be incorrect as well, >>>>>>> though, the From address in the header shows up as >>>>>>> [EMAIL PROTECTED] -John >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> OK, after enabling full logging and waiting for someone to report the >>>>> problem again, I now have a little more insight into this problem. Here >>>>> is the full log of the email transaction: >>>>> >>>>> This section is the transcript from my secondary mail server, which >>>>> receives the message first: >>>>> >>>>> >>>>> 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587 >>>>> 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process = >>>>> >>> ; blocked by filter = <XX >>>>> 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from >>>>> filter to child process = FF> >>>>> >>>>> <<< 06/04/2008 09:45:30 >>>>> 220 mail2.sts-llc.net ESMTP >>>>> >>>>> >>> 06/04/2008 09:45:30 >>>>> EHLO imo-d21.mx.aol.com >>>>> >>>>> <<< 06/04/2008 09:45:30 >>>>> 250-mail2.sts-llc.net >>>>> 250-PIPELINING >>>>> 250 8BITMIME >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> MAIL From:<[EMAIL PROTECTED]> >>>>> >>>>> <<< 06/04/2008 09:45:31 >>>>> 250 ok >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> RCPT To:<[EMAIL PROTECTED]> >>>>> >>>>> <FF 06/04/2008 09:45:31 >>>>> 421 Your address has been graylisted. Try again later. >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> RCPT To:<[EMAIL PROTECTED]> >>>>> >>>>> <FF 06/04/2008 09:45:31 >>>>> 421 Your address has been graylisted. Try again later. >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> RCPT To:<[EMAIL PROTECTED]> >>>>> >>>>> <<< 06/04/2008 09:45:31 >>>>> 250 ok >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> RCPT To:<[EMAIL PROTECTED]> >>>>> >>>>> <<< 06/04/2008 09:45:31 >>>>> 250 ok >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> RCPT To:<[EMAIL PROTECTED]> >>>>> >>>>> <<< 06/04/2008 09:45:31 >>>>> 250 ok >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> DATA >>>>> >>>>> <<< 06/04/2008 09:45:31 >>>>> 354 go ahead >>>>> >>>>> >>> 06/04/2008 09:45:31 >>>>> QUIT >>>>> >>>>> FF> 06/04/2008 09:46:32 >>>>> . >>>>> QUIT >>>>> >>>>> <FF 06/04/2008 09:46:32 >>>>> 421 Timeout. Talk faster next time. >>>>> >>>>> <XX 06/04/2008 09:46:32 >>>>> 250 ok 1212590792 qp 589 >>>>> 221 mail2.sts-llc.net >>>>> >>>>> 06/04/2008 09:46:32 CLOSED >>>>> >>>>> ---------------------------------------------------------------------------------------------------- >>>>> >>>>> This messages comes into my secondary server, which then gets forwarded >>>>> to a couple users on my primary server, but this is the message >>>>> transcript from that machine for one of those users: >>>>> >>>>> >>>>> 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953 >>>>> 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process = >>>>> >>> ; blocked by filter = <XX >>>>> 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from >>>>> filter to child process = FF> >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 220 stscore01.sts-llc.net ESMTP >>>>> >>>>> >>> 06/04/2008 09:46:32 >>>>> HELO mail2.sts-llc.net >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 250 stscore01.sts-llc.net >>>>> >>>>> >>> 06/04/2008 09:46:32 >>>>> MAIL FROM:<[EMAIL PROTECTED]> >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 250 ok >>>>> >>>>> >>> 06/04/2008 09:46:32 >>>>> RCPT TO:<[EMAIL PROTECTED]> >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 250 ok >>>>> >>>>> >>> 06/04/2008 09:46:32 >>>>> DATA >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 354 go ahead >>>>> >>>>> >>> 06/04/2008 09:46:32 >>>>> Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000 >>>>> Received: from imo-d21.mx.aol.com (205.188.144.207) >>>>> by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000 >>>>> QUIT >>>>> . >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 250 ok 1212590792 qp 20959 >>>>> >>>>> >>> 06/04/2008 09:46:32 >>>>> QUIT >>>>> >>>>> <<< 06/04/2008 09:46:32 >>>>> 221 stscore01.sts-llc.net >>>>> >>>>> 06/04/2008 09:46:32 CLOSED >>>>> D >>>>> >>>>> ----------------------------------------------------------------------------------------------------------------- >>>>> >>>>> And here is the resulting email message in their inbox: >>>>> >>>>> From: [EMAIL PROTECTED] >>>>> Cc: recipient list not shown: ; >>>>> Sent: Jun 4, 2008 09:46 >>>>> Subject: >>>>> >>>>> QUIT >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
