OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alan Barclay (barclayrtda.com)
Date: Fri May 17 2002 - 22:20:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello :-

    I work for a small software company which manages its own domain,
    which was set up by a previous employee, but I now have a problem I
    have not been able to solve.

    Our setup had been working without problem since Nov 2001, but
    around 1AM Apr 29 2002, we started getting a sharp increase
    in logfile messages of the form
      timeout after CONNECT from ...
      lost connection after CONNECT from ...

    It only happens from some external mailers; mail from yahoo,
    this list, and many others comes through fine.

    I've used -v on smtpd, and -D with strace and tcpdump,
    but have not been able to pin it down. As near as I can
    tell, the remote mailer just does not respond to our
    banner, and postfix closes the connection after 300sec.

    Things I've tried:
      + telnet to mailx.rtda.com, port 25;
        I see the right banner, and can deposit mail which is
        delivered properly.
      + check fwd and reverse DNS; our ISP is authoritative,
        and initially lacked reverse DNS records, but putting
        them in did not abate the problem.
      + change banner to not say ESMTP;
      + add rule to allow ICMP ping to mailer, instead of dropping it;
        no apparent difference

    I'm out of ideas, and any help would be most welcome.

    Thanks,
      Alan

    Configuration details:
      OS: Linux-Mandrake 8.0 on x86
      Postfix: postfix-20010228-6mdk (from RPM)
      firewall: SonicWall DMZ

    Example logfile entries ( tail -2000 /var/log/mail/info | grep '[28346]'
    )

    May 17 11:59:12 www postfix/smtpd[28346]: >
    www.pbspro.com[209.128.88.98]: 220 mailx.rtda.com -- banner
    intentionally inscrutable
    May 17 11:59:12 www postfix/smtpd[28346]: connect from
    www.pbspro.com[209.128.88.98]
    May 17 11:59:12 www postfix/smtpd[28346]: watchdog_pat: 0x8074508
    May 17 11:59:12 www postfix/smtpd[28346]: vstream_fflush_some: fd 7
    flush 56
    May 17 12:00:45 www postfix/smtpd[28346]: smtp_get: EOF
    May 17 12:00:45 www postfix/smtpd[28346]: lost connection after CONNECT
    from www.pbspro.com[209.128.88.98]
    May 17 12:00:45 www postfix/smtpd[28346]: disconnect from
    www.pbspro.com[209.128.88.98]

    Output of postconf -n:

    alias_maps = hash:/etc/postfix/aliases
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    debug_peer_level = 3
    debug_peer_list = pbspro.com
    default_privs = nobody
    delay_warning_time = 4
    mail_owner = postfix
    mail_spool_directory = /var/spool/mail
    mailbox_command = /usr/bin/procmail -o -a $DOMAIN -d $LOGNAME
    masquerade_domains = $mydomain
    masquerade_exceptions = root
    mydestination = $myhostname, localhost.$mydomain, $mydomain
    mydomain = rtda.com
    myhostname = mailx.rtda.com
    mynetworks = 207.5.83.64/29, 192.168.3.0/24, 192.168.5.0/24, 127.0.0.0/8
    myorigin = $mydomain
    notify_classes = bounce,delay,policy,protocol,resource,software
    queue_directory = /var/spool/postfix
    relayhost =
    smtpd_banner = $myhostname -- banner intentionally inscrutable
    smtpd_client_restrictions = permit_mynetworks
    smtpd_sender_restrictions = hash:/etc/postfix/access
    transport_maps = hash:/etc/postfix/transport 

    -- 
Regards, 
  Alan Barclay, RTDA Customer Support             http://www.rtda.com
------------------------------------------------------------------------------
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users