Re: [exim] Sender verification, permanent vs. transient erro…

Top Page
Delete this message
Reply to this message
Author: Eric Messick
Date:  
To: exim-users
Subject: Re: [exim] Sender verification, permanent vs. transient error codes
On 1/25/07, Stephen Gran <steve@???> wrote:
>
>
> You don't show the timestamps on the packets, so I can't say for sure,
> but how long between handshake and FIN? They may have a callout set up
> with a timeout shorter than it takes your server to send the banner
> (e.g., if you use delays before the banner is up, or you do rDNS checks,
> or anything else). Knowing that the whole conversation happened roughly
> immediately would rule that out, or provide another avenue for
> investigation.



Ok, here's a dump of the whole log:

No.     Time        Source                Destination           Protocol

> Info
>       1 0.000000    198.144.198.191       209.51.152.98         TCP
> 4500 > smtp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=78345384 TSER=0
> WS=0
>       2 0.092229    209.51.152.98         198.144.198.191       TCP
> smtp > 4500 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
>       3 0.092342    198.144.198.191       209.51.152.98         TCP
> 4500 > smtp [ACK] Seq=1 Ack=1 Win=5840 Len=0
>       4 0.186294    209.51.152.98         198.144.198.191       TCP
> 40768 > auth [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
>       5 0.186380    198.144.198.191       209.51.152.98         ICMP
> Destination unreachable
>       6 0.280798    209.51.152.98         198.144.198.191       SMTP
> Response: 220-river.securenet-server.net ESMTP Exim 4.63 #1 Wed, 24 Jan
> 2007 13:34:3
> 6 -0500
>       7 0.280882    198.144.198.191       209.51.152.98         TCP
> 4500 > smtp [ACK] Seq=1 Ack=185 Win=6432 Len=0
>       8 0.281210    198.144.198.191       209.51.152.98         SMTP
> Command: HELO syzygy.com
>       9 0.377053    209.51.152.98         198.144.198.191       TCP
> smtp > 4500 [ACK] Seq=185 Ack=18 Win=5840 Len=0
>      10 0.377683    209.51.152.98         198.144.198.191       SMTP
> Response: 250 river.securenet-server.net Hello syzygy.com [198.144.198.191
> ]
>      11 0.377908    198.144.198.191       209.51.152.98         SMTP
> Command: MAIL FROM:<eric@???>
>      12 0.472850    209.51.152.98         198.144.198.191       SMTP
> Response: 250 OK
>      13 0.473057    198.144.198.191       209.51.152.98         SMTP
> Command: RCPT TO:<mark@???>
>      14 0.608652    209.51.152.98         198.144.198.191       TCP
> smtp > 4500 [ACK] Seq=260 Ack=86 Win=5840 Len=0
>      15 2.045787    209.51.152.98         198.144.198.191       TCP
> 40774 > smtp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
>      16 2.045896    198.144.198.191       209.51.152.98         TCP
> smtp > 40774 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
>      17 2.138202    209.51.152.98         198.144.198.191       TCP
> 40774 > smtp [ACK] Seq=1 Ack=1 Win=5840 Len=0
>      18 2.258134    198.144.198.191       209.51.152.98         TCP
> 4501 > auth [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=78345610 TSER=0
> WS=0
>      19 5.250159    198.144.198.191       209.51.152.98         TCP
> 4501 > auth [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=78345910 TSER=0
> WS=0
>      20 11.250251   198.144.198.191       209.51.152.98         TCP
> 4501 > auth [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=78346510 TSER=0
> WS=0
>      21 23.250406   198.144.198.191       209.51.152.98         TCP
> 4501 > auth [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=78347710 TSER=0
> WS=0
>      22 32.138342   209.51.152.98         198.144.198.191       TCP
> 40774 > smtp [FIN, ACK] Seq=1 Ack=1 Win=5840 Len=0
>      23 32.139131   209.51.152.98         198.144.198.191       SMTP
> Response: 451 Could not complete sender verify callout
>      24 32.139318   198.144.198.191       209.51.152.98         SMTP
> Command: QUIT
>      25 32.139481   198.144.198.191       209.51.152.98         TCP
> 4500 > smtp [FIN, ACK] Seq=92 Ack=306 Win=6432 Len=0
>      26 32.140521   198.144.198.191       209.51.152.98         TCP
> smtp > 40774 [ACK] Seq=1 Ack=2 Win=5840 Len=0
>      27 32.233483   209.51.152.98         198.144.198.191       TCP
> smtp > 4500 [ACK] Seq=306 Ack=92 Win=5840 Len=0
>      28 32.233933   209.51.152.98         198.144.198.191       SMTP
> Response: 221 river.securenet-server.net closing connection
>      29 32.234026   198.144.198.191       209.51.152.98         TCP
> [TCP Keep-Alive] 4500 > smtp [RST] Seq=92 Ack=1150951851 Win=0 Len=0
>      30 32.235117   209.51.152.98         198.144.198.191       TCP
> smtp > 4500 [FIN, ACK] Seq=357 Ack=92 Win=5840 Len=0
>      31 32.235187   198.144.198.191       209.51.152.98         TCP
> [TCP Keep-Alive] 4500 > smtp [RST] Seq=92 Ack=1150951851 Win=0 Len=0
>      32 32.235199   209.51.152.98         198.144.198.191       TCP
> smtp > 4500 [ACK] Seq=358 Ack=93 Win=5840 Len=0
>      33 32.235235   198.144.198.191       209.51.152.98         TCP
> 4500 > smtp [RST] Seq=93 Ack=1150951851 Win=0 Len=0
>      34 32.251645   198.144.198.191       209.51.152.98         SMTP
> Response: 220 syzygy.com ESMTP
>      35 32.251772   198.144.198.191       209.51.152.98         TCP
> smtp > 40774 [FIN, ACK] Seq=23 Ack=2 Win=5840 Len=0
>      36 32.345273   209.51.152.98         198.144.198.191       TCP
> 40774 > smtp [RST] Seq=2 Ack=2978285068 Win=0 Len=0
>      37 32.345853   209.51.152.98         198.144.198.191       TCP
> 40774 > smtp [RST] Seq=2 Ack=2978285068 Win=0 Len=0



It looks like there's a 30 second delay between their ACK and their FIN
ACK. I didn't think I'd configured a delay into my smtp server, but I'll go
look.

I turned off reverse DNS lookups when I was having problems getting mail
from a misconfigured domain, so that shouldn't be it.

Is 30 seconds too short to wait on their part? If everyone waited until
near the end of the maximum allowable delay to answer, sender verification
could never work.

-eric