This is still an issue for me, even after upgrading to the current 3.1.x version of spamdyke. Here is the most recent full log:
08/13/2008 20:31:22 STARTED: VERSION = 3.1.8, PID = 12718 08/13/2008 20:31:22 LEGEND: To remote host = <<< ; to child process = >>> ; blocked by filter = <XX 08/13/2008 20:31:22 LEGEND: From filter to remote host = <FF ; from filter to child process = FF> <<< 08/13/2008 20:31:22 220 mail2.domain.com ESMTP >>> 08/13/2008 20:31:22 EHLO web5.airset.com <<< 08/13/2008 20:31:22 250-mail2.domain.com 250-PIPELINING 250 8BITMIME >>> 08/13/2008 20:31:22 MAIL From:<[EMAIL PROTECTED]> <<< 08/13/2008 20:31:22 250 ok >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <FF 08/13/2008 20:31:22 421 Your address has been graylisted. Try again later. >>> 08/13/2008 20:31:22 RCPT To:<[EMAIL PROTECTED]> <<< 08/13/2008 20:31:22 250 ok >>> 08/13/2008 20:31:22 DATA <<< 08/13/2008 20:31:22 354 go ahead >>> 08/13/2008 20:31:22 QUIT FF> 08/13/2008 20:32:23 . QUIT <FF 08/13/2008 20:32:23 421 Timeout. Talk faster next time. <XX 08/13/2008 20:32:23 250 ok 1218677543 qp 12720 221 mail2.sts-llc.net 08/13/2008 20:32:23 CLOSED Sam Clippinger wrote: > I just can't think of any explanation for this behavior. I strongly > suspect it's connected to a timeout somehow but spamdyke should never > insert the word "QUIT" into a message body. Whenever it sends "QUIT" to > qmail, it always precedes it with ".", which ends the message content. > > I'm very much open to suggestions here... > > -- Sam Clippinger > > Bgs wrote: > >> Just received a similar mail here: >> >> Return-Path: <> >> Delivered-To: [EMAIL PROTECTED] >> Received: (qmail 15790 invoked by uid 9008); 1 Jul 2008 10:42:31 -0000 >> Delivered-To: [EMAIL PROTECTED] >> Received: (qmail 14912 invoked from network); 1 Jul 2008 10:41:30 -0000 >> Received: from web03.domain3.com (x.x.x.x) >> by mail.domain2.com with SMTP; 1 Jul 2008 10:41:30 -0000 >> QUIT >> >> >> Sender and receiver side is qmail too. This is the first one I'm aware of. >> >> Sender is a web server we have. Web server and mail server are on the >> same network so no connectivity issues there. Spamdyke version is 3.1.8. >> >> >> Regards >> Bgs >> >> John Barton wrote: >> >> >>> Sam Clippinger wrote: >>> >>> >>>> I'm drawing a blank on this one. It really looks like the remote server >>>> is sending the "QUIT" text inside the message data. >>>> >>>> The only other thing I can suggest is to try the latest version of >>>> spamdyke (your secondary server is running 3.1.2). If that doesn't fix >>>> it, you could try downgrading until the problem goes away. That would >>>> help me find a possible culprit in the code. >>>> >>>> -- Sam Clippinger >>>> >>>> >>>> >>> I will upgrade the version and see if that resolves the issue, and >>> report back with results. >>> >>> -John >>> >>> >>>> John Barton wrote: >>>> >>>> >>>> >>>>> Sam Clippinger wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> This looks like the remote server is sending the word "QUIT" to your >>>>>> secondary server, then waiting until the connection times out. My guess >>>>>> is that the remote server sees the recipient rejections and tries to >>>>>> bail out without sending anything. I don't know why it would do that >>>>>> after it sends the "DATA" command, however. The remote server is >>>>>> aol.com, which reduces the likelihood that it's a problem with their >>>>>> server software (I know AOL's mail servers correctly handle recipient >>>>>> graylisting). >>>>>> >>>>>> In your mail server configuration, are you running any filters before >>>>>> spamdyke that might be inserting the "QUIT" command? Any anti-spam >>>>>> appliances, external devices, anti-virus filters, etc? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> I am not running anything aside from spamdyke on this machine. I do not >>>>> have spamassassin, clamav, qmail-scanner, or any other product loaded >>>>> onto this box. Here is my qmail-smtpd run file: >>>>> >>>>> exec /usr/local/bin/softlimit -m 5000000 \ >>>>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x >>>>> /var/qmail/control/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g >>>>> "$NOFILESGID" 0 25 \ >>>>> /usr/local/sbin/spamdyke --config-file >>>>> /var/qmail/control/spamdyke.conf -- /var/qmail/bin/qmail-smtpd 2>&1 >>>>> >>>>> Also just to note, only some of the intended recipients get graylisted, >>>>> some of them are accepted and I am still trying to determine if they >>>>> have successfully received the message. >>>>> -John >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> -- Sam Clippinger >>>>>> >>>>>> John Barton wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>>> Sam Clippinger wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> That's very strange -- I'm having a hard time imagining any way >>>>>>>>>> spamdyke could be injecting "QUIT" into a message like that. The >>>>>>>>>> only time spamdyke injects "QUIT" at all is when a connection times >>>>>>>>>> out, but then it sends a "." first to end the message. The "QUIT" >>>>>>>>>> should be interpreted as an SMTP command. >>>>>>>>>> >>>>>>>>>> Do your logs show timeouts that correspond with these messages? Are >>>>>>>>>> any other parts of the message corrupted (e.g. the headers)? >>>>>>>>>> >>>>>>>>>> -- Sam Clippinger >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> I will try to go back through my logs and correlate the occurrences >>>>>>>>> with a timeout. The headers do appear to be incorrect as well, >>>>>>>>> though, the From address in the header shows up as >>>>>>>>> [EMAIL PROTECTED] -John >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> OK, after enabling full logging and waiting for someone to report the >>>>>>> problem again, I now have a little more insight into this problem. Here >>>>>>> is the full log of the email transaction: >>>>>>> >>>>>>> This section is the transcript from my secondary mail server, which >>>>>>> receives the message first: >>>>>>> >>>>>>> >>>>>>> 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587 >>>>>>> 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process = >>>>>>> >>> ; blocked by filter = <XX >>>>>>> 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from >>>>>>> filter to child process = FF> >>>>>>> >>>>>>> <<< 06/04/2008 09:45:30 >>>>>>> 220 mail2.sts-llc.net ESMTP >>>>>>> >>>>>>> >>> 06/04/2008 09:45:30 >>>>>>> EHLO imo-d21.mx.aol.com >>>>>>> >>>>>>> <<< 06/04/2008 09:45:30 >>>>>>> 250-mail2.sts-llc.net >>>>>>> 250-PIPELINING >>>>>>> 250 8BITMIME >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> MAIL From:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <<< 06/04/2008 09:45:31 >>>>>>> 250 ok >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <FF 06/04/2008 09:45:31 >>>>>>> 421 Your address has been graylisted. Try again later. >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <FF 06/04/2008 09:45:31 >>>>>>> 421 Your address has been graylisted. Try again later. >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <<< 06/04/2008 09:45:31 >>>>>>> 250 ok >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <<< 06/04/2008 09:45:31 >>>>>>> 250 ok >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <<< 06/04/2008 09:45:31 >>>>>>> 250 ok >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> DATA >>>>>>> >>>>>>> <<< 06/04/2008 09:45:31 >>>>>>> 354 go ahead >>>>>>> >>>>>>> >>> 06/04/2008 09:45:31 >>>>>>> QUIT >>>>>>> >>>>>>> FF> 06/04/2008 09:46:32 >>>>>>> . >>>>>>> QUIT >>>>>>> >>>>>>> <FF 06/04/2008 09:46:32 >>>>>>> 421 Timeout. Talk faster next time. >>>>>>> >>>>>>> <XX 06/04/2008 09:46:32 >>>>>>> 250 ok 1212590792 qp 589 >>>>>>> 221 mail2.sts-llc.net >>>>>>> >>>>>>> 06/04/2008 09:46:32 CLOSED >>>>>>> >>>>>>> ---------------------------------------------------------------------------------------------------- >>>>>>> >>>>>>> This messages comes into my secondary server, which then gets forwarded >>>>>>> to a couple users on my primary server, but this is the message >>>>>>> transcript from that machine for one of those users: >>>>>>> >>>>>>> >>>>>>> 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953 >>>>>>> 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process = >>>>>>> >>> ; blocked by filter = <XX >>>>>>> 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from >>>>>>> filter to child process = FF> >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 220 stscore01.sts-llc.net ESMTP >>>>>>> >>>>>>> >>> 06/04/2008 09:46:32 >>>>>>> HELO mail2.sts-llc.net >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 250 stscore01.sts-llc.net >>>>>>> >>>>>>> >>> 06/04/2008 09:46:32 >>>>>>> MAIL FROM:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 250 ok >>>>>>> >>>>>>> >>> 06/04/2008 09:46:32 >>>>>>> RCPT TO:<[EMAIL PROTECTED]> >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 250 ok >>>>>>> >>>>>>> >>> 06/04/2008 09:46:32 >>>>>>> DATA >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 354 go ahead >>>>>>> >>>>>>> >>> 06/04/2008 09:46:32 >>>>>>> Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000 >>>>>>> Received: from imo-d21.mx.aol.com (205.188.144.207) >>>>>>> by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000 >>>>>>> QUIT >>>>>>> . >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 250 ok 1212590792 qp 20959 >>>>>>> >>>>>>> >>> 06/04/2008 09:46:32 >>>>>>> QUIT >>>>>>> >>>>>>> <<< 06/04/2008 09:46:32 >>>>>>> 221 stscore01.sts-llc.net >>>>>>> >>>>>>> 06/04/2008 09:46:32 CLOSED >>>>>>> D >>>>>>> >>>>>>> ----------------------------------------------------------------------------------------------------------------- >>>>>>> >>>>>>> And here is the resulting email message in their inbox: >>>>>>> >>>>>>> From: [EMAIL PROTECTED] >>>>>>> Cc: recipient list not shown: ; >>>>>>> Sent: Jun 4, 2008 09:46 >>>>>>> Subject: >>>>>>> >>>>>>> QUIT >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> spamdyke-users mailing list >>>>>>> [email protected] >>>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> spamdyke-users mailing list >>>>>> [email protected] >>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
