Re: [exim] Odd outlook.com SSL messages

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Scott Neader
CC: exim-users
Subject: Re: [exim] Odd outlook.com SSL messages
On Tue, Jan 21, 2014 at 2:13 PM, Scott Neader <scott@???> wrote:
> On Tue, Jan 21, 2014 at 3:05 PM, Todd Lyons <tlyons@???> wrote:
>>
>> 2014-01-10 21:53:45 SSL_write: (from
>> mail-by2lp0241.outbound.protection.outlook.com
>> (na01-by2-obe.outbound.protection.outlook.com) [207.46.163.241])
>> syscall: Connection reset by peer
>> Anybody else seeing this?
>
> FWIW, I am seeing some of this here also. I have 34 of these in my current
> exim_mainlog (within the last 11 hours):
>
> 2014-01-21 15:30:42 SSL_write: (from
> mail-by2lp0235.outbound.protection.outlook.com
> (na01-by2-obe.outbound.protection.outlook.com) [207.46.163.235]:26627)
> syscall: Connection reset by peer
>
> So, it's not just you. This is on a pretty busy server (over 48,000 SMTP
> connections in this log). So, these 34 syscalls are background noise at the
> moment.


Let's compare builds:

This is running on CentOS 5.8 x86_64. The output below is from an
OpenVZ instance, but I have a couple of nodes running on bare metal
and the symptoms are the same.

OVZ-CentOS58[root@ivwm51 /]# rpm -qa exim*
exim-mysql-4.82-1iv
exim-4.82-1iv

OVZ-CentOS58[root@ivwm51 /]# ldd /usr/sbin/exim
    linux-vdso.so.1 =>  (0x00007fff155bd000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f1da5c88000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f1da5a6f000)
    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f1da5837000)
    libm.so.6 => /lib64/libm.so.6 (0x00007f1da55b4000)
    libpam.so.0 => /lib64/libpam.so.0 (0x00007f1da53a8000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f1da51a4000)
    libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f1da4f9b000)
    libdb-4.3.so => /lib64/libdb-4.3.so (0x00007f1da4ca4000)
    libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00007f1da4a69000)
    liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00007f1da485b000)
    libsqlite3.so.0 => /usr/lib64/libsqlite3.so.0 (0x00007f1da45ff000)
    libmysqlclient.so.15 => /usr/lib64/mysql/libmysqlclient.so.15
(0x00007f1da428d000)
    libpq.so.4 => /usr/lib64/libpq.so.4 (0x00007f1da406b000)
    libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f1da3e51000)
    libperl.so =>
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so
(0x00007f1da3b1b000)
    libutil.so.1 => /lib64/libutil.so.1 (0x00007f1da3918000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f1da36fc000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f1da33a5000)
    libssl.so.6 => /lib64/libssl.so.6 (0x00007f1da3159000)
    libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00007f1da2e07000)
    libz.so.1 => /lib64/libz.so.1 (0x00007f1da2bf3000)
    libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f1da29d4000)
    libspf2.so.2 => /usr/lib64/exim/libspf2.so.2 (0x00007f1da27b7000)
    libopendmarc.so.1 => /usr/lib64/libopendmarc.so.1 (0x00007f1da25ab000)
    libaudit.so.0 => /lib64/libaudit.so.0 (0x00007f1da2393000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f1da61db000)
    libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00007f1da20fd000)
    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00007f1da1ecf000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f1da1ccc000)
    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00007f1da1aa7000)
    librt.so.1 => /lib64/librt.so.1 (0x00007f1da189e000)
    libidn.so.11 => /usr/lib64/libidn.so.11 (0x00007f1da166c000)
    libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00007f1da1464000)
    libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f1da1262000)
    libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f1da1049000)
    libsepol.so.1 => /lib64/libsepol.so.1 (0x00007f1da0e03000)


OVZ-CentOS58[root@ivwm51 /]# exim -bV
Exim version 4.82 #2 built 28-Oct-2013 13:11:07
Copyright (c) University of Cambridge, 1995 - 2013
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2013
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (July 12, 2010)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers
OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF
Experimental_SRS Experimental_DMARC Experimental_PRDR
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd
sqlite
Lookups (as-module): spf mysql
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim/exim.conf

OVZ-CentOS58[root@ivwm51 /]# rpm -q openssl
openssl-0.9.8e-22.el5_8.4

The amount of messages I've seen since Sunday morning about 4 AM is:

OVZ-CentOS63[root@ivlog52 exim]# grep -E
'<=.*outbound.protection.outlook.com' main.log | wc -l
1155
OVZ-CentOS63[root@ivlog52 exim]# grep -E
'SSL_write.*outbound.protection.outlook.com.*syscall' main.log | wc -l
1268

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine