On Thursday 27 August 2015 15:01:32 Viktor Dukhovni wrote:
> On Thu, Aug 27, 2015 at 02:49:12PM +0100, Gary Stainburn wrote:
> > I've just put live a brand new shiney Centos 7 server to replace my aging
> > Fedora system. One of the reasons for doing the upgrade was to try to
> > get rid of the errors that prevented some sites from sending emails to
> > us.
>
> Are you sure this is actually preventing email delivery? Perhaps
> other log entries show successful mail deliveries.
>
Yes these are preventing delivery. We can successfully send emails to the
domain being managed by antispameurope.com but we cannot receive any.
I'm guessing their server is treating this as a temporary fail as the users
are taking 24 hours to receive an error message.
> > 2015-08-27 14:06:03 TLS error on connection from
> > mx-relay42-dus.antispameurope.com [94.100.134.242] (SSL_accept): timed
> > out
>
> If you're seeing various connection timeouts, perhaps there's a
> path MTU or similar network problem.
I'm getting this from a number of hosts
2015-08-27 15:04:35 TLS error on connection from mail.cecollect.com
[62.73.189.146] (SSL_accept): timed out
2015-08-27 15:04:45 TLS error on connection from mail49.tgml1.co.uk
[37.221.217.49] (SSL_accept): timed out
2015-08-27 15:05:58 TLS error on connection from mail88.atl51.rsgsv.net
[205.201.135.88] (SSL_accept): timed out
2015-08-27 15:06:00 TLS error on connection from
mail132-9.atl131.mandrillapp.com [198.2.132.9] (SSL_accept): timed out
2015-08-27 15:07:02 TLS error on connection from mail136.wdc04.mandrillapp.com
[205.201.131.136] (SSL_accept): timed out
2015-08-27 15:10:07 TLS error on connection from mta65248.mxmfb.com
[109.68.65.248] (SSL_accept): timed out
2015-08-27 15:10:09 TLS error on connection from
mx-relay35-dus.antispameurope.com [94.100.134.235] (SSL_accept): timed out
2015-08-27 15:10:17 TLS error on connection from
mx-relay42-dus.antispameurope.com [94.100.134.242] (SSL_accept): timed out
2015-08-27 15:10:27 TLS error on connection from sec.pmg17.vn.ua
[193.243.159.98] (SSL_accept): timed out
2015-08-27 15:10:28 TLS error on connection from
mx-relay31-dus.antispameurope.com [94.100.134.231] (SSL_accept): timed out
2015-08-27 15:10:28 TLS error on connection from
mx-relay31-dus.antispameurope.com [94.100.134.231] (SSL_accept): timed out
2015-08-27 15:10:33 TLS error on connection from
mx-relay33-dus.antispameurope.com [94.100.134.233] (SSL_accept): timed out
2015-08-27 15:10:38 TLS error on connection from (mail1.aeml1.co.uk)
[37.221.216.1] (SSL_accept): timed out
2015-08-27 15:11:00 TLS error on connection from uspmta164098.emsmtp.com
[212.69.164.98] (SSL_accept): timed out
>
> > As the new server is significantly bigger / faster than the old one, I
> > don't think performance is the cause. I have noticed that when
> > I 'tail -f /var/log/exim/mainlog' it scrolls up my screen much quicker
> > than the old server did so I think that performance may have been part of
> > the reason originally
>
> The timeouts are unlikely to have been caused by the performance
> of your server, either before or after the upgrade.
I did have a number of delay statements in my config as suggested in various
anti-SPAM pages over many years. I have reduced them signigicantly but that
also hasn't made any difference.
>
> You should capture traffic (tcpdump) from one or more of these
> servers, and see if you can make sense of it with wireshark or
> similar. Look for retransmissions, etc.
>
> # By name or address as applicable.
> #
> tcpdump -w /file/name -s 0 host example.com and port 25
> tcpdump -w /file/name -s 0 host 192.0.2.1 and port 25
>
> Ctrl-C or "kill -INT" when enough traffic has been captured.
>
This is something I will look at although the amount of traffic into my server
is scary. A sad fact of internet life is that something like 90% of all
incoming connections seem to be SPAM etc.
Gary
> --
> Viktor.
--
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk