I'm sorry to say this, but I'm really out of ideas as to what's causing this. I can't find anything in the code that I think could possibly be to blame. From the logs you've captured, it looks like the remote server is sending "QUIT" at the wrong time, almost like it's misunderstanding the graylist rejections.
At this point, the only suggestion I can offer is to upgrade to the latest version and see if the problem persists. I refactored a lot of the core code in version 4.0, so it's possible that if this is due to a bug in 3.1.x it may have been (inadvertently) removed in 4.0. -- Sam Clippinger John Barton wrote: > This is still an issue for me, even after upgrading to the current 3.1.x > version of spamdyke. Here is the most recent full log: > > 08/13/2008 20:31:22 STARTED: VERSION = 3.1.8, PID = 12718 > 08/13/2008 20:31:22 LEGEND: To remote host = <<< ; to child process = > >>> ; blocked by filter = <XX > 08/13/2008 20:31:22 LEGEND: From filter to remote host = <FF ; from > filter to child process = FF> > > <<< 08/13/2008 20:31:22 > 220 mail2.domain.com ESMTP > > >>> 08/13/2008 20:31:22 > EHLO web5.airset.com > > <<< 08/13/2008 20:31:22 > 250-mail2.domain.com > 250-PIPELINING > 250 8BITMIME > > >>> 08/13/2008 20:31:22 > MAIL From:<[EMAIL PROTECTED]> > > <<< 08/13/2008 20:31:22 > 250 ok > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <FF 08/13/2008 20:31:22 > 421 Your address has been graylisted. Try again later. > > >>> 08/13/2008 20:31:22 > RCPT To:<[EMAIL PROTECTED]> > > <<< 08/13/2008 20:31:22 > 250 ok > > >>> 08/13/2008 20:31:22 > DATA > > <<< 08/13/2008 20:31:22 > 354 go ahead > > >>> 08/13/2008 20:31:22 > QUIT > > FF> 08/13/2008 20:32:23 > . > QUIT > > <FF 08/13/2008 20:32:23 > 421 Timeout. Talk faster next time. > > <XX 08/13/2008 20:32:23 > 250 ok 1218677543 qp 12720 > 221 mail2.sts-llc.net > > 08/13/2008 20:32:23 CLOSED > > > Sam Clippinger wrote: > >> I just can't think of any explanation for this behavior. I strongly >> suspect it's connected to a timeout somehow but spamdyke should never >> insert the word "QUIT" into a message body. Whenever it sends "QUIT" to >> qmail, it always precedes it with ".", which ends the message content. >> >> I'm very much open to suggestions here... >> >> -- Sam Clippinger >> >> Bgs wrote: >> >> >>> Just received a similar mail here: >>> >>> Return-Path: <> >>> Delivered-To: [EMAIL PROTECTED] >>> Received: (qmail 15790 invoked by uid 9008); 1 Jul 2008 10:42:31 -0000 >>> Delivered-To: [EMAIL PROTECTED] >>> Received: (qmail 14912 invoked from network); 1 Jul 2008 10:41:30 -0000 >>> Received: from web03.domain3.com (x.x.x.x) >>> by mail.domain2.com with SMTP; 1 Jul 2008 10:41:30 -0000 >>> QUIT >>> >>> >>> Sender and receiver side is qmail too. This is the first one I'm aware of. >>> >>> Sender is a web server we have. Web server and mail server are on the >>> same network so no connectivity issues there. Spamdyke version is 3.1.8. >>> >>> >>> Regards >>> Bgs >>> >>> John Barton wrote: >>> >>> >>> >>>> Sam Clippinger wrote: >>>> >>>> >>>> >>>>> I'm drawing a blank on this one. It really looks like the remote server >>>>> is sending the "QUIT" text inside the message data. >>>>> >>>>> The only other thing I can suggest is to try the latest version of >>>>> spamdyke (your secondary server is running 3.1.2). If that doesn't fix >>>>> it, you could try downgrading until the problem goes away. That would >>>>> help me find a possible culprit in the code. >>>>> >>>>> -- Sam Clippinger >>>>> >>>>> >>>>> >>>>> >>>> I will upgrade the version and see if that resolves the issue, and >>>> report back with results. >>>> >>>> -John >>>> >>>> >>>> >>>>> John Barton wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Sam Clippinger wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> This looks like the remote server is sending the word "QUIT" to your >>>>>>> secondary server, then waiting until the connection times out. My >>>>>>> guess >>>>>>> is that the remote server sees the recipient rejections and tries to >>>>>>> bail out without sending anything. I don't know why it would do that >>>>>>> after it sends the "DATA" command, however. The remote server is >>>>>>> aol.com, which reduces the likelihood that it's a problem with their >>>>>>> server software (I know AOL's mail servers correctly handle recipient >>>>>>> graylisting). >>>>>>> >>>>>>> In your mail server configuration, are you running any filters before >>>>>>> spamdyke that might be inserting the "QUIT" command? Any anti-spam >>>>>>> appliances, external devices, anti-virus filters, etc? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> I am not running anything aside from spamdyke on this machine. I do not >>>>>> have spamassassin, clamav, qmail-scanner, or any other product loaded >>>>>> onto this box. Here is my qmail-smtpd run file: >>>>>> >>>>>> exec /usr/local/bin/softlimit -m 5000000 \ >>>>>> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x >>>>>> /var/qmail/control/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g >>>>>> "$NOFILESGID" 0 25 \ >>>>>> /usr/local/sbin/spamdyke --config-file >>>>>> /var/qmail/control/spamdyke.conf -- /var/qmail/bin/qmail-smtpd 2>&1 >>>>>> >>>>>> Also just to note, only some of the intended recipients get graylisted, >>>>>> some of them are accepted and I am still trying to determine if they >>>>>> have successfully received the message. >>>>>> -John >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> -- Sam Clippinger >>>>>>> >>>>>>> John Barton wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> Sam Clippinger wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> That's very strange -- I'm having a hard time imagining any way >>>>>>>>>>> spamdyke could be injecting "QUIT" into a message like that. The >>>>>>>>>>> only time spamdyke injects "QUIT" at all is when a connection times >>>>>>>>>>> out, but then it sends a "." first to end the message. The "QUIT" >>>>>>>>>>> should be interpreted as an SMTP command. >>>>>>>>>>> >>>>>>>>>>> Do your logs show timeouts that correspond with these messages? >>>>>>>>>>> Are >>>>>>>>>>> any other parts of the message corrupted (e.g. the headers)? >>>>>>>>>>> >>>>>>>>>>> -- Sam Clippinger >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> I will try to go back through my logs and correlate the occurrences >>>>>>>>>> with a timeout. The headers do appear to be incorrect as well, >>>>>>>>>> though, the From address in the header shows up as >>>>>>>>>> [EMAIL PROTECTED] -John >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> OK, after enabling full logging and waiting for someone to report the >>>>>>>> problem again, I now have a little more insight into this problem. >>>>>>>> Here >>>>>>>> is the full log of the email transaction: >>>>>>>> >>>>>>>> This section is the transcript from my secondary mail server, which >>>>>>>> receives the message first: >>>>>>>> >>>>>>>> >>>>>>>> 06/04/2008 09:45:30 STARTED: VERSION = 3.1.2, PID = 587 >>>>>>>> 06/04/2008 09:45:30 LEGEND: To remote host = <<< ; to child process = >>>>>>>> >>> ; blocked by filter = <XX >>>>>>>> 06/04/2008 09:45:30 LEGEND: From filter to remote host = <FF ; from >>>>>>>> filter to child process = FF> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:30 >>>>>>>> 220 mail2.sts-llc.net ESMTP >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:30 >>>>>>>> EHLO imo-d21.mx.aol.com >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:30 >>>>>>>> 250-mail2.sts-llc.net >>>>>>>> 250-PIPELINING >>>>>>>> 250 8BITMIME >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> MAIL From:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:31 >>>>>>>> 250 ok >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <FF 06/04/2008 09:45:31 >>>>>>>> 421 Your address has been graylisted. Try again later. >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <FF 06/04/2008 09:45:31 >>>>>>>> 421 Your address has been graylisted. Try again later. >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:31 >>>>>>>> 250 ok >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:31 >>>>>>>> 250 ok >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> RCPT To:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:31 >>>>>>>> 250 ok >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> DATA >>>>>>>> >>>>>>>> <<< 06/04/2008 09:45:31 >>>>>>>> 354 go ahead >>>>>>>> >>>>>>>> >>> 06/04/2008 09:45:31 >>>>>>>> QUIT >>>>>>>> >>>>>>>> FF> 06/04/2008 09:46:32 >>>>>>>> . >>>>>>>> QUIT >>>>>>>> >>>>>>>> <FF 06/04/2008 09:46:32 >>>>>>>> 421 Timeout. Talk faster next time. >>>>>>>> >>>>>>>> <XX 06/04/2008 09:46:32 >>>>>>>> 250 ok 1212590792 qp 589 >>>>>>>> 221 mail2.sts-llc.net >>>>>>>> >>>>>>>> 06/04/2008 09:46:32 CLOSED >>>>>>>> >>>>>>>> ---------------------------------------------------------------------------------------------------- >>>>>>>> >>>>>>>> This messages comes into my secondary server, which then gets >>>>>>>> forwarded >>>>>>>> to a couple users on my primary server, but this is the message >>>>>>>> transcript from that machine for one of those users: >>>>>>>> >>>>>>>> >>>>>>>> 06/04/2008 09:46:32 STARTED: VERSION = 3.1.8+TLS, PID = 20953 >>>>>>>> 06/04/2008 09:46:32 LEGEND: To remote host = <<< ; to child process = >>>>>>>> >>> ; blocked by filter = <XX >>>>>>>> 06/04/2008 09:46:32 LEGEND: From filter to remote host = <FF ; from >>>>>>>> filter to child process = FF> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 220 stscore01.sts-llc.net ESMTP >>>>>>>> >>>>>>>> >>> 06/04/2008 09:46:32 >>>>>>>> HELO mail2.sts-llc.net >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 250 stscore01.sts-llc.net >>>>>>>> >>>>>>>> >>> 06/04/2008 09:46:32 >>>>>>>> MAIL FROM:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 250 ok >>>>>>>> >>>>>>>> >>> 06/04/2008 09:46:32 >>>>>>>> RCPT TO:<[EMAIL PROTECTED]> >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 250 ok >>>>>>>> >>>>>>>> >>> 06/04/2008 09:46:32 >>>>>>>> DATA >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 354 go ahead >>>>>>>> >>>>>>>> >>> 06/04/2008 09:46:32 >>>>>>>> Received: (qmail 589 invoked from network); 4 Jun 2008 14:45:31 -0000 >>>>>>>> Received: from imo-d21.mx.aol.com (205.188.144.207) >>>>>>>> by mail2.sts-llc.net with SMTP; 4 Jun 2008 14:45:31 -0000 >>>>>>>> QUIT >>>>>>>> . >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 250 ok 1212590792 qp 20959 >>>>>>>> >>>>>>>> >>> 06/04/2008 09:46:32 >>>>>>>> QUIT >>>>>>>> >>>>>>>> <<< 06/04/2008 09:46:32 >>>>>>>> 221 stscore01.sts-llc.net >>>>>>>> >>>>>>>> 06/04/2008 09:46:32 CLOSED >>>>>>>> D >>>>>>>> >>>>>>>> ----------------------------------------------------------------------------------------------------------------- >>>>>>>> >>>>>>>> And here is the resulting email message in their inbox: >>>>>>>> >>>>>>>> From: [EMAIL PROTECTED] >>>>>>>> Cc: recipient list not shown: ; >>>>>>>> Sent: Jun 4, 2008 09:46 >>>>>>>> Subject: >>>>>>>> >>>>>>>> QUIT >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> spamdyke-users mailing list >>>>>>>> [email protected] >>>>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> spamdyke-users mailing list >>>>>>> [email protected] >>>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> spamdyke-users mailing list >>>>>> [email protected] >>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
