Re: [exim] MessageLabs 554 SMTP synchronisation error

Top Pagina
Delete this message
Reply to this message
Auteur: Frank S. Bernhardt
Datum:  
Aan: Exim-users
Onderwerp: Re: [exim] MessageLabs 554 SMTP synchronisation error

> On 11 Jul 2005, at 20:45, Jakob Hirsch wrote:
>
>
>> Frank S. Bernhardt wrote:
>>
>>> 3) When they do a telnet to us on port 25 they complain about a 'long'
>>> delay and then the 554 message.
>>>
>>>
>>
>> Most probably they block your ident lookup and send no reject packet
>> (tcp RST or icmp port-unreachable). So it's not your fault, but you
>> could surely lower your timeout (rfc1413_query_timeout) from the 30s
>> default (I have 2s).
>>
>
> yes, this is a good advice, but how do we explain the:
>


I have e-mailed them and offered to do this for them. Does doing this
have any downsides to it, say security wise for 'others' connecting to
us? It's interesting to note that this problem only happens when they
are testing their connection to us from their 'new' bank of towers. Any
mail coming to us form their regular servers or any other server works
just fine.

>
>>> 4) From a supposed print screen I see that they get this [a 554
>>> error] right after the 'Escape character is...' message with no
>>> greeting message displayed.
>>>
>>>
>
> I must say that I do not believe their claim.
>
> g
>
>


Heh, I kinda thought the same thing, here is what they actually sent me:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


With regards to my telnet sessions, these appears to connect
intermittently, giving a 554 Error and being very slow in response.
Please find below an example of a failed telnet session:

[netstar@europa netstar]$ telnet xx.xx.xx.xx 25
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'.
554 SMTP synchronization error
Connection closed by foreign host

I am obviously able to connect to something, but then the connection is
terminated.

If the firewall is not blocking any IP addresses, please take a look at
your mailserver settings.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Those are my x's. Is this a cut and paste job or a retype? Who knows. I
do think however that the actual testing is done by a program and not by
a human. They sent me the output (cut and paste?) which looks like some
kind of program output.

And this is what I see in the reject log:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


2005-07-11 05:57:49 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[194.106.220.35] input=""
2005-07-11 05:58:03 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[194.106.220.51] input=""
2005-07-11 05:58:17 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[195.245.231.163] input=""
2005-07-11 05:58:31 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[195.245.231.211] input=""
2005-07-11 06:16:52 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[70.110.139.37] input=""
2005-07-11 06:19:11 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[81.204.146.185] input=""
2005-07-11 06:19:41 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[81.204.146.185] input=""
2005-07-11 06:25:26 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=[80.5.230.225] input=""

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

The time between each test would also lead me to believe that it is being done by a program.

These are definitely being generated by them as shown by their list of servers they used for the test:

>Tower 91 - 194.106.220.35
>Tower 92 - 194.106.220.51
>Tower 114 - 195.245.231.163
>Tower 117 - 195.245.231.211
>Tower 123 - 85.158.136.3
>Tower 134 - 85.158.137.35


at least for the first 4 tests are. Not sure where the last 4 connections came from.

Well, at least I'm not totaly inept, err maybe. I admire you guys for doing this kinda stuff full time.

Thanks for your feedback. I'll inform you of the outcome.

--

Regards

Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON. Canada
L3P 6R3

905-471-1691 Voice
905-471-3016 FAX

frank@???

Registered Linux-User #312398 with the Linux Counter, http://counter.li.org.