(no subject)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

Petr Janda-3
Hi all,
I have got reports about lost mail(not received, im the receiver not the
sender) recently and trying to find out whats going on seems to be beyond me.

Basically a lot of email is lost with "timeout after DATA"

For example:
timeout after DATA (0 bytes) from mail.securepay.com.au[203.89.212.166]

. Supposedly the problem here is that the sending machine has got a firewall
in front of it thats blocking ICMP MUST FRAGMENT. I somewhat could verify
this by trying to ping those machines and indeed pinging them does not
work(so at least ICMP ECHO is blocked).
On the Postfix website it suggests lowering MTU, so I lowered it from 1500 to
1000, but this did not improve the situation at all. Some suggest disabling
PIPELINING, so i did that but it didnt work either.

I took a tcpdump of one of these and attached it to this email. (daria is the
name of the mail server)

Just a note about my setup: The server is running behind a Cisco ADSL Router
that connects to a Cisco switch and the server connects to the switch.

Any Postfix gurus here that could help me figure this problem out?

Thanks,
Petr

postfix_dump.tgz (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: your mail

Justin Piszcz


On Sat, 15 Nov 2008, Petr Janda wrote:

> Hi all,
> I have got reports about lost mail(not received, im the receiver not the
> sender) recently and trying to find out whats going on seems to be beyond me.
>
> Basically a lot of email is lost with "timeout after DATA"
>
> For example:
> timeout after DATA (0 bytes) from mail.securepay.com.au[203.89.212.166]
>
> . Supposedly the problem here is that the sending machine has got a firewall
> in front of it thats blocking ICMP MUST FRAGMENT. I somewhat could verify
> this by trying to ping those machines and indeed pinging them does not
> work(so at least ICMP ECHO is blocked).
> On the Postfix website it suggests lowering MTU, so I lowered it from 1500 to
> 1000, but this did not improve the situation at all. Some suggest disabling
> PIPELINING, so i did that but it didnt work either.
>
> I took a tcpdump of one of these and attached it to this email. (daria is the
> name of the mail server)
>
> Just a note about my setup: The server is running behind a Cisco ADSL Router
> that connects to a Cisco switch and the server connects to the switch.
>
> Any Postfix gurus here that could help me figure this problem out?
>
> Thanks,
> Petr
>

I see the same thing as well but its typically from spammers:

Nov  8 04:53:10 p34 postfix/smtpd[5998]: timeout after DATA (0 bytes) from smtp.cn.tom.com[61.135.158.252]
Nov  8 11:42:48 p34 postfix/smtpd[22668]: timeout after DATA (0 bytes) from user-514d8324.l3.c2.dsl.pol.co.uk[81.77.131.36]
Nov  8 12:13:44 p34 postfix/smtpd[24419]: timeout after DATA (0 bytes) from dslb-088-078-200-071.pools.arcor-ip.net[88.78.200.71]
Nov  8 15:19:18 p34 postfix/smtpd[31720]: timeout after DATA (0 bytes) from athedsl-287265.home.otenet.gr[85.73.169.191]
Nov  8 18:20:29 p34 postfix/smtpd[747]: timeout after DATA (0 bytes) from 24-180-64-49.dhcp.bycy.mi.charter.com[24.180.64.49]
Nov  9 18:23:36 p34 postfix/smtpd[18691]: timeout after DATA (0 bytes) from 75-107-36-57.cust.wildblue.net[75.107.36.57]
Nov 10 05:32:16 p34 postfix/smtpd[21175]: timeout after DATA (0 bytes) from unknown[89.165.13.95]
Nov 10 13:48:12 p34 postfix/smtpd[28078]: timeout after DATA (0 bytes) from 61-228-22-190.adsl.terra.cl[190.22.228.61]
Nov 11 00:52:29 p34 postfix/smtpd[27788]: timeout after DATA (0 bytes) from unknown[61.11.72.103]
Nov 11 06:58:13 p34 postfix/smtpd[10573]: timeout after DATA (0 bytes) from cpc3-stkn9-0-0-cust23.midd.cable.ntl.com[86.22.28.24]
Nov 13 09:09:05 p34 postfix/smtpd[17362]: timeout after DATA (0 bytes) from unknown[210.5.196.22]
Nov 13 15:09:22 p34 postfix/smtpd[1138]: timeout after DATA (0 bytes) from unknown[117.199.32.64]
Nov 13 17:27:23 p34 postfix/smtpd[6923]: timeout after DATA (0 bytes) from unknown[208.78.42.28]

Is it a legitimate e-mail server?

Justin.