RE: [Exim] Incomplete transaction from backup mx?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMkiri at <-
M 
Delete this message
Reply to this message
Author: Eli
Date:  
To: 'Odhiambo G. Washington'
CC: exim-users
Subject: RE: [Exim] Incomplete transaction from backup mx?
>I have seen such logging being caused by systems or scripts that check if a
>port is open on a remote host. They just connect and if it's open, they
quit
>without completing the SMTP session. The difference with this one is it
sends
>the MAIL FROM and RCPT TO commands. Can't think of a reason at the moment.

You might be on the right track... Do you have any RCPT ACL on your backup
mx server that does a full RCPT callout (callback) for verification?

If it does a full callout, it may very well be doing exactly that -
connecting, sending a from of <> (since it's a mailer daemon and doesn't
want any bounces), and sending a rcpt to: <xxxx@???> to see if it's
valid. Your server probably sends an OK, and so it now knows that user is
valid, caches the data, then quit's the connection.

If your backup MX server runs Exim, check it's exim.conf and look at the
acl_smtp_rcpt ACL and see if it has something like: 

    verify = recipient/callout


If so, read this section:

http://www.exim.org/exim-html-4.30/doc/html/spec_38.html#SECT38.20

Eli.

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
Of kiri@???
Sent: Monday, January 12, 2004 5:00 PM
To: Odhiambo G. Washington
Cc: exim-users@???
Subject: Re: [Exim] Incomplete transaction from backup mx?


Quoting "Odhiambo G. Washington" <wash@???>:

> Hello users,
>
> I do see a significant number of the following log info in the mainlog
> of my primary server:
>
> 2004-01-12 15:05:33 H=longonot.wananchi.com [62.8.64.2] incomplete
> transaction (QUIT) from <> for XXXX@???
>
>
> 62.8.64.2 is my backup mx.
> What would you consider the likely cause of this behaviour?
>


I have seen such logging being caused by systems or scripts that check if a
port is open on a remote host. They just connect and if it's open, they quit
without completing the SMTP session. The difference with this one is it
sends
the MAIL FROM and RCPT TO commands. Can't think of a reason at the moment.
Just mentioned this in case there's something like that running from your
backup MX (which might be running some monitoring scripts).
What do the logs from your backup MX say. This might be too far fetched but
consider firewalling all hosts except the backup MX and run this mailhost in
debug mode.

HTH

Kiri

-------------------------------------------------
This message was sent using M-Web Airmail.
http://www.mweb.co.zw/airmail


--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##

---
[This E-mail scanned for viruses]


---
[This E-mail scanned for viruses]



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Need Recommendation: Backend Store for Virtual AccountsRe: [Exim] variation on dns blacklists->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)