On Tue, 2004-01-27 at 12:31, Rory Campbell-Lange wrote:
> A uu.net fallback host is generating the following errors in my logs:
>
> 2004-01-27 10:15:21 SMTP protocol violation: synchronization error
> (input sent without waiting for greeting): rejected connection from
> H=lfallback2.lnd.ops.eu.uu.net [195.129.12.216]
I've seen a good few of those myself recently...
The message is given when an incoming SMTP session sends a command
before the initial 220 SMTP greeting has been issued.
These result from:-
* Pump & dump spammers (ie connect to you and push a pile of stuff
at you without worrying about little niceities of the protocol)
* Open HTTP relays
* Excessive delays on your box returning a SMTP banner - maybe due
to long DNS timeouts, RFC1413 timeouts (especially when the
caller is behind a firewall that drops port 113) or explicit
delay statements. This means the calling box may fire a QUIT
command at you before you have put out a banner because it got
tired of waiting. This is particular problem with other hosts
doing sender callback verification
I ended up tcpdump-ing connections from the host that was giving me
piles of these when I saw the problem yesterday (that was down to a
RFC1413 delay which was longer than the callers callback verification
timeout).
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
