Prev: Outgoing mail server and BIG Yahoo email
Next: Sticky MX for queued messages. Bug??
From: mikea on 9 Jun 2010 11:50
horus <horus(a)sonic.net> wrote in <4c0fb1a7$0$22108$742ec2ed(a)news.sonic.net>:
> also, I was able to nab the following:
>
> ./o58Fg7gi013561 smtp.blah.org.: client DATA 354
>
> so am I correct in thinking that their server has seen the final CRLF?
>
> and since the timeouts appear to be alligned with the max. settings
> perhaps there's another CRLF in the stream that kills the EOM concept?
>
> I dunno, I'm a little lost here.
>
> ;-\

If tht "354" does mean that the server has seen the final CRLF, then it
is entirely possible that the server is doing body filtering and you're
timing out because the other end isn't sending an "Accepted for delivery",
"Rejected", "Deferred", or other packet saying that the mail is or is not
delivered.

I've seen this before, when a mailfilter wasn't keeping up with the
inbound flow. The probability it will happen increases with the size of
the mail and with the load on the server. Worse yet, the same mail may be
"in flight" multiple times because of the failures, ramping the server
load up and increasing the probability of failure, in a sort of death
spiral.

Can you do a packet trace on the session with that server for one of the
large mails? You only need packet timestamps and enough packet data to
see the "200"/"300"/"400"/"500" series responses from the other end.

--
Mike Andrews, W5EGO
mikea(a)mikea.ath.cx
Tired old sysadmin
From: horus on 9 Jun 2010 11:59
>> Can you do a packet trace on the session with that server for one of the
> large mails? You only need packet timestamps and enough packet data to
> see the "200"/"300"/"400"/"500" series responses from the other end.


oooo, ah, Mike, how exactly do I do that?
all I know is tcpdump at present........is there a way to run the sendmail
process and capture exactly what it is doing?

oooo, this is exciting!..........thanks


-h


From: mikea on 9 Jun 2010 13:17
horus <horus(a)sonic.net> wrote in <4c0fc4e2$0$22181$742ec2ed(a)news.sonic.net>:
>>> Can you do a packet trace on the session with that server for one of the
>> large mails? You only need packet timestamps and enough packet data to
>> see the "200"/"300"/"400"/"500" series responses from the other end.
>
>
> oooo, ah, Mike, how exactly do I do that?
> all I know is tcpdump at present........is there a way to run the sendmail
> process and capture exactly what it is doing?
>
> oooo, this is exciting!..........thanks

As root, something like

tcpdump -i _INTERFACE_NAME_ -s 128 -w _TCPDUMP_RAW_FILE_NAME_ host _OTHER_HOST_NAME_

to capture the packets between you and _OTHER_HOST_NAME_ to
_TCPDUMP_RAW_FILE_NAME_. _INTERFACE_NAME_ is the name of the interface
you want to capture traffic from.

When you see the session time out, do a CONTROL-C to stop tcpdump, then

tcpdump -s128 -Xx -vvv -r _TCPDUMP_RAW_FILE_NAME_ port 25 | less

to dump the packets to your screen.

You're interested in the [234]00-series responses from _OTHER_HOST_NAME_
and in any packets that have the "R" or "F" flag set. Others probably
will be able to tell you better just what to look for, but in general
you're interested in long delays between packets.

Good luck.

--
I still can't see a wasp without thinking "400K 1W"
- Derek Potter, uk.misc

From: horus on 9 Jun 2010 13:51
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 128
bytes
10:51:00.347856 IP (tos 0x0, ttl 64, id 37815, offset 0, flags [DF], proto:
TCP (6), length: 1492) universe.58391 > smtp.wested.org.smtp: .
699405852:699407292(1440) ack 1931595311 win 144 <nop,nop,ti
mestamp 3669820761 2019623911>
0x0000: 4500 05d4 93b7 4000 4006 85b7 829d a910 E.....@.@.......
0x0010: 4093 af74 e417 0019 29b0 161c 7321 ce2f @..t....)...s!./
0x0020: 8010 0090 217c 0000 0101 080a dabd 0559 ....!|.........Y
0x0030: 7861 03e7 167c 258e 782d 1b2c bd23 351a xa...|%.x-.,.#5.
0x0040: 3933 2a70 71be 2dc2 1abe 9355 a8e0 6b4f 93*pq.-....U..kO
0x0050: de99 a464 ac59 51cf 3539 2c66 ceeb 099a ...d.YQ.59,f....
0x0060: 54fa 614b e03d d727 0cdb fb37 cbae 4dc9 T.aK.=.'...7..M.
0x0070: 202b .+


From: horus on 9 Jun 2010 13:53
10:52:26.365606 IP (tos 0x0, ttl 64, id 37816, offset 0, flags [DF], proto:
TCP (6), length: 1492) universe.58391 > smtp.wested.org.smtp: . 0:1440(1440)
ack 1 win 144 <nop,nop,timestamp 3669906777 201
9623911>
0x0000: 4500 05d4 93b8 4000 4006 85b6 829d a910 E.....@.@.......
0x0010: 4093 af74 e417 0019 29b0 161c 7321 ce2f @..t....)...s!./
0x0020: 8010 0090 217c 0000 0101 080a dabe 5559 ....!|........UY
0x0030: 7861 03e7 167c 258e 782d 1b2c bd23 351a xa...|%.x-.,.#5.
0x0040: 3933 2a70 71be 2dc2 1abe 9355 a8e0 6b4f 93*pq.-....U..kO
0x0050: de99 a464 ac59 51cf 3539 2c66 ceeb 099a ...d.YQ.59,f....
0x0060: 54fa 614b e03d d727 0cdb fb37 cbae 4dc9 T.aK.=.'...7..M.
0x0070: 202b .+


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Outgoing mail server and BIG Yahoo email
Next: Sticky MX for queued messages. Bug??