OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Wietse Venema (wietseporcupine.org)
Date: Sat May 18 2002 - 10:30:27 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Alan B. Barclay:
    > I read about the PIX software problem of 'fixup protocol smtp', but
    > we are behind a (somewhat old) SonicWall DMZ firewall applicance.
    > The banner we display is in the log fragment below at <<===
    >
    > Having said that, however, the SonicWall lost its firmware somehow
    > (still don't know why) and I upgraded (?) from 5.1.5 to 5.1.7
    > when reinstalling. But...
    >
    > The SonicWall F/W reinstall was done Mar 1, about 2 months before
    > the timeouts began to appear.
    >
    > My guess is that certain mailers try something on a different
    > port from 25 to verify our existence, and we fail whatever test
    > they use. But - I would expect them to close the connection

    This is of course pure speculation.

    I can speculate too. Allow me to waste some bandwidth.

    Perhaps some "firewall" purges idle connections from its NAT tables
    too quickly (amazingly, it is kind enough to send RST).

    Perhaps someone configured their MTA for a too short idle timeout.

    And so on. Without a record of the traffic as sent and received
    by the REMOTE system we will never know.

    Enough bandwidth wasted for now.

            Wietse

    > Wietse Venema wrote:
    > >
    > > Alan Barclay:
    > > > May 17 11:59:12 www postfix/smtpd[28346]: >
    > > > www.pbspro.com[209.128.88.98]: 220 mailx.rtda.com -- banner <<===
    > > > intentionally inscrutable <<===
    > > > May 17 11:59:12 www postfix/smtpd[28346]: connect from
    > > > www.pbspro.com[209.128.88.98]
    > > > May 17 11:59:12 www postfix/smtpd[28346]: watchdog_pat: 0x8074508
    > > > May 17 11:59:12 www postfix/smtpd[28346]: vstream_fflush_some: fd 7
    > > > flush 56
    > > > May 17 12:00:45 www postfix/smtpd[28346]: smtp_get: EOF
    > > > May 17 12:00:45 www postfix/smtpd[28346]: lost connection after CONNECT
    > > > from www.pbspro.com[209.128.88.98]
    > > > May 17 12:00:45 www postfix/smtpd[28346]: disconnect from
    > > > www.pbspro.com[209.128.88.98]
    > >
    > > Are you behind a PIX "firewall"?
    > >
    > > Wietse
    > > -
    > > To unsubscribe, send mail to majordomopostfix.org with content
    > > (not subject): unsubscribe postfix-users
    > -
    > To unsubscribe, send mail to majordomopostfix.org with content
    > (not subject): unsubscribe postfix-users
    >
    >

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users