SMTP timeout after DATA from <server> - Networking

This is a discussion on SMTP timeout after DATA from <server> - Networking ; There are a couple of mail servers - charter.net and mta.email.ichotelsgroup.com that give me the timeout after DATA from message in my mail.log. I am running post fix. I get lots of mail from other servers... but these two keep ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: SMTP timeout after DATA from <server>

  1. SMTP timeout after DATA from <server>

    There are a couple of mail servers - charter.net and
    mta.email.ichotelsgroup.com that give me the
    timeout after DATA from
    message in my mail.log.

    I am running post fix.

    I get lots of mail from other servers... but these two keep trying over
    and over again and give me these timeout messages.

    Any idea what might be causing this?

    Any postfix gurus that can suggest a setting I can tweak.

    This is going via a tunnel from a fixed ip address to my mail
    server on the other end of the tunnel. mail from gmail and my
    office and other sites don't have issues.. my log just shows
    charter.net and ichotelsgroup.com as servers having issues.

    jack

    --

  2. Re: SMTP timeout after DATA from <server>

    On Sat, 22 Mar 2008 15:57:57 GMT, Jack Snodgrass
    wrote:

    >There are a couple of mail servers - charter.net and
    >mta.email.ichotelsgroup.com that give me the
    >timeout after DATA from
    >message in my mail.log.
    >
    >I am running post fix.
    >
    >I get lots of mail from other servers... but these two keep trying over
    >and over again and give me these timeout messages.
    >
    >Any idea what might be causing this?
    >
    >Any postfix gurus that can suggest a setting I can tweak.
    >
    >This is going via a tunnel from a fixed ip address to my mail
    >server on the other end of the tunnel. mail from gmail and my
    >office and other sites don't have issues.. my log just shows
    >charter.net and ichotelsgroup.com as servers having issues.
    >
    >jack

    I'm no postfix guru, though I do run it.

    I'd suggest that you try a Wireshark dump. Since other mtas are able
    to talk, then suspect a firewall setting or other foreign
    interference. It certainly isn't impossible that you have something
    weird in your postfix setup, but for it to be so specific would be
    unusual.

    charter.net has been on (and off again) many black hole lists. I
    don't know its current status, but you should see if others also have
    a problem with it.

    If you have ECN (congestion) enabled, make sure that isn't a problem
    for some router in the path.
    --
    buck


  3. Re: SMTP timeout after DATA from <server>

    Am Sat, 22 Mar 2008 15:57:57 +0000 schrieb Jack Snodgrass:


    > This is going via a tunnel from a fixed ip address to my mail
    > server on the other end of the tunnel. mail from gmail and my
    > office and other sites don't have issues.. my log just shows
    > charter.net and ichotelsgroup.com as servers having issues.


    What says the log?

  4. Re: SMTP timeout after DATA from <server>

    On Sat, 22 Mar 2008 20:22:23 -0700, buck wrote:

    > On Sat, 22 Mar 2008 15:57:57 GMT, Jack Snodgrass
    > wrote:
    >
    >>There are a couple of mail servers - charter.net and
    >>mta.email.ichotelsgroup.com that give me the timeout after DATA from
    >>message in my mail.log.
    >>
    >>I am running post fix.
    >>
    >>I get lots of mail from other servers... but these two keep trying over
    >>and over again and give me these timeout messages.
    >>
    >>Any idea what might be causing this?
    >>
    >>Any postfix gurus that can suggest a setting I can tweak.
    >>
    >>This is going via a tunnel from a fixed ip address to my mail server on
    >>the other end of the tunnel. mail from gmail and my office and other
    >>sites don't have issues.. my log just shows charter.net and
    >>ichotelsgroup.com as servers having issues.
    >>
    >>jack

    > I'm no postfix guru, though I do run it.
    >
    > I'd suggest that you try a Wireshark dump. Since other mtas are able to
    > talk, then suspect a firewall setting or other foreign interference. It
    > certainly isn't impossible that you have something weird in your postfix
    > setup, but for it to be so specific would be unusual.
    >
    > charter.net has been on (and off again) many black hole lists. I don't
    > know its current status, but you should see if others also have a
    > problem with it.
    >
    > If you have ECN (congestion) enabled, make sure that isn't a problem for
    > some router in the path.



    Not sure how this will cut/paste.... I changed the domains and email
    addresses... and replaced the local ip with L and the remote with R.
    The rest is as-is....

    L R SMTP Response: 220 home.example.com ESMTP Postfix
    R L TCP 51499 > smtp [ACK] Seq=1 Ack=43 Win=33304 Len=0
    TSV=1776034838 TSER=2021657217
    R L SMTP Command: EHLO que03.charter.net
    L R TCP smtp > 51499 [ACK] Seq=43 Ack=25 Win=91 Len=0
    TSV=2021657480 TSER=1776034838
    L R SMTP Response: 250-home.example.com
    R L TCP 51499 > smtp [ACK] Seq=25 Ack=186 Win=33304 Len=0
    TSV=1776034849 TSER=2021657480
    R L SMTP Command: MAIL FROM: SIZE=3430
    L R SMTP Response: 250 2.1.0 Ok
    R L SMTP Command: RCPT TO:
    L R TCP smtp > 51499 [ACK] Seq=200 Ack=102 Win=91 Len=0
    TSV=2021657770 TSER=1776034866
    L R SMTP Response: 250 2.1.5 Ok
    R L SMTP Command: DATA
    L R TCP smtp > 51499 [ACK] Seq=214 Ack=108 Win=91 Len=0
    TSV=2021657872 TSER=1776034888
    L R SMTP Response: 354 End data with .
    R L SMTP DATA fragment, 1120 bytes
    R L SMTP [TCP Previous segment lost] DATA fragment, 862 bytes
    L R TCP smtp > 51499 [ACK] Seq=251 Ack=1228 Win=126 Len=0
    TSV=2021658042 TSER=1776034898 SLE=2676 SRE=3538
    L R SMTP Response: 421 4.4.2 home.example.com Error: timeout exceeded

    .... is that enough data for someone to tell anything? An email from
    gmail.com does something similar except for the
    R L SMTP [TCP Previous segment lost] DATA fragment, 862 bytes
    packet... I don't get that.. I get a couple of DATA Fragment packets,
    I ACK them and the mail session closes normally.


    jack




    --

  5. Re: SMTP timeout after DATA from <server>

    On Sun, 23 Mar 2008 21:15:01 +0000, Jack Snodgrass wrote:

    > On Sat, 22 Mar 2008 20:22:23 -0700, buck wrote:
    >
    >> On Sat, 22 Mar 2008 15:57:57 GMT, Jack Snodgrass
    >> wrote:
    >>
    >>>There are a couple of mail servers - charter.net and
    >>>mta.email.ichotelsgroup.com that give me the timeout after DATA from
    >>>message in my mail.log.
    >>>
    >>>I am running post fix.
    >>>
    >>>I get lots of mail from other servers... but these two keep trying over
    >>>and over again and give me these timeout messages.
    >>>
    >>>Any idea what might be causing this?
    >>>
    >>>Any postfix gurus that can suggest a setting I can tweak.
    >>>
    >>>This is going via a tunnel from a fixed ip address to my mail server on
    >>>the other end of the tunnel. mail from gmail and my office and other
    >>>sites don't have issues.. my log just shows charter.net and
    >>>ichotelsgroup.com as servers having issues.
    >>>
    >>>jack

    >> I'm no postfix guru, though I do run it.
    >>
    >> I'd suggest that you try a Wireshark dump. Since other mtas are able to
    >> talk, then suspect a firewall setting or other foreign interference. It
    >> certainly isn't impossible that you have something weird in your postfix
    >> setup, but for it to be so specific would be unusual.
    >>
    >> charter.net has been on (and off again) many black hole lists. I don't
    >> know its current status, but you should see if others also have a
    >> problem with it.
    >>
    >> If you have ECN (congestion) enabled, make sure that isn't a problem for
    >> some router in the path.

    >
    >
    > Not sure how this will cut/paste.... I changed the domains and email
    > addresses... and replaced the local ip with L and the remote with R.
    > The rest is as-is....
    >
    > L R SMTP Response: 220 home.example.com ESMTP Postfix
    > R L TCP 51499 > smtp [ACK] Seq=1 Ack=43 Win=33304 Len=0
    > TSV=1776034838 TSER=2021657217
    > R L SMTP Command: EHLO que03.charter.net
    > L R TCP smtp > 51499 [ACK] Seq=43 Ack=25 Win=91 Len=0
    > TSV=2021657480 TSER=1776034838
    > L R SMTP Response: 250-home.example.com
    > R L TCP 51499 > smtp [ACK] Seq=25 Ack=186 Win=33304 Len=0
    > TSV=1776034849 TSER=2021657480
    > R L SMTP Command: MAIL FROM: SIZE=3430
    > L R SMTP Response: 250 2.1.0 Ok
    > R L SMTP Command: RCPT TO:
    > L R TCP smtp > 51499 [ACK] Seq=200 Ack=102 Win=91 Len=0
    > TSV=2021657770 TSER=1776034866
    > L R SMTP Response: 250 2.1.5 Ok
    > R L SMTP Command: DATA
    > L R TCP smtp > 51499 [ACK] Seq=214 Ack=108 Win=91 Len=0
    > TSV=2021657872 TSER=1776034888
    > L R SMTP Response: 354 End data with .
    > R L SMTP DATA fragment, 1120 bytes
    > R L SMTP [TCP Previous segment lost] DATA fragment, 862 bytes
    > L R TCP smtp > 51499 [ACK] Seq=251 Ack=1228 Win=126 Len=0
    > TSV=2021658042 TSER=1776034898 SLE=2676 SRE=3538
    > L R SMTP Response: 421 4.4.2 home.example.com Error: timeout exceeded
    >
    > ... is that enough data for someone to tell anything? An email from
    > gmail.com does something similar except for the
    > R L SMTP [TCP Previous segment lost] DATA fragment, 862 bytes
    > packet... I don't get that.. I get a couple of DATA Fragment packets,
    > I ACK them and the mail session closes normally.
    >
    >
    > jack


    bump

    --
    D.A.M. - Mothers Against Dyslexia

    see http://www.jacksnodgrass.com for my contact info.

    jack - Grapevine/Richardson

  6. Re: SMTP timeout after DATA from <server>

    On Sun, 23 Mar 2008 21:15:01 GMT, Jack Snodgrass
    wrote:
    > L R SMTP Response: 220 home.example.com ESMTP Postfix
    > R L TCP 51499 > smtp [ACK] Seq=1 Ack=43 Win=33304 Len=0
    >TSV=1776034838 TSER=2021657217
    > R L SMTP Command: EHLO que03.charter.net
    > L R TCP smtp > 51499 [ACK] Seq=43 Ack=25 Win=91 Len=0
    >TSV=2021657480 TSER=1776034838
    > L R SMTP Response: 250-home.example.com
    > R L TCP 51499 > smtp [ACK] Seq=25 Ack=186 Win=33304 Len=0
    >TSV=1776034849 TSER=2021657480
    > R L SMTP Command: MAIL FROM: SIZE=3430
    > L R SMTP Response: 250 2.1.0 Ok
    > R L SMTP Command: RCPT TO:
    > L R TCP smtp > 51499 [ACK] Seq=200 Ack=102 Win=91 Len=0
    >TSV=2021657770 TSER=1776034866
    > L R SMTP Response: 250 2.1.5 Ok
    > R L SMTP Command: DATA
    > L R TCP smtp > 51499 [ACK] Seq=214 Ack=108 Win=91 Len=0
    >TSV=2021657872 TSER=1776034888
    > L R SMTP Response: 354 End data with .
    > R L SMTP DATA fragment, 1120 bytes
    > R L SMTP [TCP Previous segment lost] DATA fragment, 862 bytes
    > L R TCP smtp > 51499 [ACK] Seq=251 Ack=1228 Win=126 Len=0
    >TSV=2021658042 TSER=1776034898 SLE=2676 SRE=3538


    This sure looks like a dropped packet to me. But the real question
    is, why was it not requested again? Of course, it could be that
    wireshark simply could not keep up so that's why you see this. I've
    never encountered "TCP Previous segment lost" so I'm no help here. But
    I believe that if the TCP/IP protocol found that it had not received
    an expected packet, it would ask for it again.

    Notice that the SEQ jumps from 200 to 214 but the ACK only increments
    from 102 to 108. What happened to those other 8?

    > L R SMTP Response: 421 4.4.2 home.example.com Error: timeout exceeded


    I consider this to be strange because I would expect to see retry
    attempts to get the missing packet. Whether that is the one of 1120
    bytes or the one of 862 bytes is unknown, but the missing fragment
    appears to me to be the root of the problem. If the complete packet
    cannot be reassembled, nothing good is going to happen.

    Have you altered anything in /proc/sys? Is the MTU or a frag setting
    involved?

    Apparently nobody in this group (including me!) has any clues for you
    because several days have elapsed with no other responses. Perhaps
    you should post to linuxquestions or a different group, Etc.

    Where's Moe Trin when ya need him?
    --
    buck


+ Reply to Thread