lost connection after DATA (0 bytes)

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

lost connection after DATA (0 bytes)

kemas henry
Hi All,

I googled about this error, it related to ICMP must fragment or MTU
I do have a wg firewall box and postfix is sitting behind this box,I try
to configure it to allow ICMP type 3 code 4 and still no luck.
I try to lower the server ethernet mtu to 1472 still don't clear this up
anything else I can do except throw it away because I can't

Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA (0
bytes) from unknown[202.46.149.146]
Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
unknown[202.46.149.146]
Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
unknown[202.46.149.146]
Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
client=unknown[202.46.149.146]
Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA (0
bytes) from unknown[202.46.149.146]
Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
unknown[202.46.149.146]

regards,

Reply | Threaded
Open this post in threaded view
|

Re: lost connection after DATA (0 bytes)

Justin Piszcz


On Sat, 21 Jun 2008, kemas henry wrote:

> Hi All,
>
> I googled about this error, it related to ICMP must fragment or MTU
> I do have a wg firewall box and postfix is sitting behind this box,I try to
> configure it to allow ICMP type 3 code 4 and still no luck.
> I try to lower the server ethernet mtu to 1472 still don't clear this up
> anything else I can do except throw it away because I can't
>
> Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA (0
> bytes) from unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
> unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
> unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
> client=unknown[202.46.149.146]
> Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA (0
> bytes) from unknown[202.46.149.146]
> Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
> unknown[202.46.149.146]
>
> regards,
>

I see those all the time, they are spam bots, use fail2ban to block them
with iptables if they do that a lot.

Justin.
Reply | Threaded
Open this post in threaded view
|

Re: lost connection after DATA (0 bytes)

kemas henry
Justin Piszcz wrote:

>
>
> On Sat, 21 Jun 2008, kemas henry wrote:
>
>> Hi All,
>>
>> I googled about this error, it related to ICMP must fragment or MTU
>> I do have a wg firewall box and postfix is sitting behind this box,I
>> try to configure it to allow ICMP type 3 code 4 and still no luck.
>> I try to lower the server ethernet mtu to 1472 still don't clear this up
>> anything else I can do except throw it away because I can't
>>
>> Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA
>> (0 bytes) from unknown[202.46.149.146]
>> Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
>> unknown[202.46.149.146]
>> Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
>> unknown[202.46.149.146]
>> Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
>> client=unknown[202.46.149.146]
>> Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA
>> (0 bytes) from unknown[202.46.149.146]
>> Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
>> unknown[202.46.149.146]
>>
>> regards,
>>
>
> I see those all the time, they are spam bots, use fail2ban to block
> them with iptables if they do that a lot.
>
> Justin.

I think they migh be not spam (not all of them), because the IP in the
logs is another old qmail server redirecting to new postfix server.
sometime I also see IP from another mail server, it can't get mail
through my wg to postfix.



--
A: Define misery.
B: - one last cigar feels forever.
   - coffee taste like luxury.
   - lunch time is time for another goddamn lying excuses.
C: ?
        --foolproof

Reply | Threaded
Open this post in threaded view
|

Re: lost connection after DATA (0 bytes)

mouss-2
In reply to this post by kemas henry
kemas henry wrote:

> Hi All,
>
> I googled about this error, it related to ICMP must fragment or MTU
> I do have a wg firewall box and postfix is sitting behind this box,I
> try to configure it to allow ICMP type 3 code 4 and still no luck.
> I try to lower the server ethernet mtu to 1472 still don't clear this up
> anything else I can do except throw it away because I can't
>
> Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA
> (0 bytes) from unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
> unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
> unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
> client=unknown[202.46.149.146]
> Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA
> (0 bytes) from unknown[202.46.149.146]
> Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
> unknown[202.46.149.146]
>
> regards,
>

I guess from your address that the client here is your machine (funny
your server couldn't get its rDNS?).



- see if there is an upgrade for your firewall. old firmware may have
tcp bugs (tcp window scaling, delayed ack, ... etc).
- check your OSes docs or forums and see if you can tune your tcp
settings to support borked firewalls.
- finally, you can replace your firewall. a BSD or a linux box will give
you all the flexibility you need. otherwise, there are cheap new little
firewalls if you don't have much performance demands.

anyway, this is not a postfix issue.

Reply | Threaded
Open this post in threaded view
|

Re: lost connection after DATA (0 bytes)

kemas henry
mouss wrote:

> kemas henry wrote:
>> Hi All,
>>
>> I googled about this error, it related to ICMP must fragment or MTU
>> I do have a wg firewall box and postfix is sitting behind this box,I
>> try to configure it to allow ICMP type 3 code 4 and still no luck.
>> I try to lower the server ethernet mtu to 1472 still don't clear this up
>> anything else I can do except throw it away because I can't
>>
>> Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA
>> (0 bytes) from unknown[202.46.149.146]
>> Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
>> unknown[202.46.149.146]
>> Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
>> unknown[202.46.149.146]
>> Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
>> client=unknown[202.46.149.146]
>> Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA
>> (0 bytes) from unknown[202.46.149.146]
>> Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
>> unknown[202.46.149.146]
>>
>> regards,
>>
>
> I guess from your address that the client here is your machine (funny
> your server couldn't get its rDNS?).

I disable smtpd peer lookup

>
> - see if there is an upgrade for your firewall. old firmware may have
> tcp bugs (tcp window scaling, delayed ack, ... etc).

ok, I'll chek their website,

> - check your OSes docs or forums and see if you can tune your tcp
> settings to support borked firewalls.
> - finally, you can replace your firewall. a BSD or a linux box will
> give you all the flexibility you need. otherwise, there are cheap new
> little firewalls if you don't have much performance demands.
>
could you please mention one that really great for future use

> anyway, this is not a postfix issue.
>
yes it's not postfix, but perhaps there are people who have this kind of
box and use postfix also.



--
A: Define misery.
B: - one last cigar feels forever.
   - coffee taste like luxury.
   - lunch time is time for another goddamn lying excuses.
C: ?
        --foolproof

Reply | Threaded
Open this post in threaded view
|

Re: lost connection after DATA (0 bytes)

Victor Duchovni
In reply to this post by kemas henry
On Sat, Jun 21, 2008 at 06:32:35PM +0700, kemas henry wrote:

> Hi All,
>
> I googled about this error, it related to ICMP must fragment or MTU
> I do have a wg firewall box and postfix is sitting behind this box,I try
> to configure it to allow ICMP type 3 code 4 and still no luck.
> I try to lower the server ethernet mtu to 1472 still don't clear this up
> anything else I can do except throw it away because I can't
>
> Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA (0
> bytes) from unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
> unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
> unknown[202.46.149.146]
> Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
> client=unknown[202.46.149.146]
> Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA (0
> bytes) from unknown[202.46.149.146]
> Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
> unknown[202.46.149.146]

Don't confuse what happens when you send mail (MTU issues with message
content), with receiving mail, when your packets contain just short
SMTP responses...

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: lost connection after DATA (0 bytes)

Wietse Venema
Victor Duchovni:

> On Sat, Jun 21, 2008 at 06:32:35PM +0700, kemas henry wrote:
>
> > Hi All,
> >
> > I googled about this error, it related to ICMP must fragment or MTU
> > I do have a wg firewall box and postfix is sitting behind this box,I try
> > to configure it to allow ICMP type 3 code 4 and still no luck.
> > I try to lower the server ethernet mtu to 1472 still don't clear this up
> > anything else I can do except throw it away because I can't
> >
> > Jun 21 18:15:26 mail postfix/smtpd[19352]: lost connection after DATA (0
> > bytes) from unknown[202.46.149.146]
> > Jun 21 18:15:26 mail postfix/smtpd[19352]: disconnect from
> > unknown[202.46.149.146]
> > Jun 21 18:15:26 mail postfix/smtpd[18943]: connect from
> > unknown[202.46.149.146]
> > Jun 21 18:15:26 mail postfix/smtpd[18943]: EE3E8E0089:
> > client=unknown[202.46.149.146]
> > Jun 21 18:15:27 mail postfix/smtpd[18943]: lost connection after DATA (0
> > bytes) from unknown[202.46.149.146]
> > Jun 21 18:15:27 mail postfix/smtpd[18943]: disconnect from
> > unknown[202.46.149.146]
>
> Don't confuse what happens when you send mail (MTU issues with message
> content), with receiving mail, when your packets contain just short
> SMTP responses...

I added this byte-count logging for debugging MTU problems.  It
works best when the result is zero :-) With non-zero byte counts,
the number reported may be too small, because it is based on the
content of complete input lines.

I'll make it more precise by adding the number of unread bytes in
the VSTREAM buffer by calling vstream_peek().

        Wietse