Re: [Exim] Help: connection lost and message abandoned error…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeffrey Wheat at <-
 
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] Help: connection lost and message abandoned errors
Hi Jeffrey, on Tue, 20 Jul 2004 11:45:54 -0400 you wrote:

> Jul 20 11:11:03 mail exim[85403]: 2004-07-20 11:11:03
> H=2-33-201-85.cable.ubr07.azte.blueyonder.co.uk (shawcable.net)
> [82.33.201.85] I=[209.198.2.15]:25 incomplete transaction (connection
> lost) from <gatewkk@???>
> Jul 20 11:11:03 mail exim[85403]: 2004-07-20 11:11:03 unexpected
> disconnection while reading SMTP command from
> 82-33-201-85.cable.ubr07.azte.blueyonder.co.uk (shawcable.net)
> [82.33.201.85] I=[209.198.2.15]:25

This error is usually nothing to be concerned about and is indicative of a
virus or other malware. In this particular case, the sender is almost
without doubt a virus (Blueyonder broadband, random-looking sender
address, HELO=shawcable.net? Yeah right. Clueless Windoze luser infected
with a virus or spamware trojan.). Viruses don't "play nice" and often do
unexpected things like dropping the connection after DATA, triggering
errors such as the one you're seeing.

Clearly, this shouldn't happen to "real" senders with "real" MTAs though.
Has anyone "real" complained? Occasionally, similar errors (e.g. strange
timeouts and things) are caused by a broken firewall somewhere along the
way (dontcha just love "consultants" who think that the solution to all
problems is to drop some random firewall in, and block everything that
moves, including all ICMP packets, thus causing weird and hard-to-debug
breakage?).

> One of the bounce messages that I have seen is:
[snip "local delivery failed" error from BSMTP input]

OK, are we talking about separate things here? Was that from a real sender
trying to send mail to you or from a local process? It's a bit confusing
to deduce much from it because you don't specify what host you're talking
about (it helps if you don't munge addresses too so we can make a fair
guess at what you're talking about), and which host generated the bounce.
It *looks* superficially like you tried to send a BSMTP file on a single
host, and that host itself generated the error? In that case, it's a bit
odd because the problem described above (virus engine) clearly isn't
applicable. In that case, I'm not quite sure why you would get an
"incoming DATA timeout" on a BSMTP input unless you are piping from a
script which has hung or something.

In other words, there may - conceivably - be two separate issues here, but
I'm not really sure to be honest. I wouldn't be concerned about unexpected
connection terminations from virus engines, but BSMTP timeouts on local
submissions is worth looking into.


TIm


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Filter condition?Re: [Exim] Accepting mail for users in a MySQL database->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)