On Wed, 26 Jul 2017 12:41:29 +0100 Jeremy Harris wrote:
> On 26/07/17 11:41, Christian Balzer wrote:
> > The original connection was actually in the previous logfile. ^o^
> > ---
> > 2017-07-26 06:01:14 1da6x5-0005fV-IX <= redacted@redacted U=mail P=spam-scanned S=5454 id=20170725210042.D41044062A@redacted
>
> So show us "grep 1da6x5-0005fV-IX" on the pair of logfiles. It almost
> certainly wasn't trying to do a tls handshake for that long.
Yes it was, at least according to the logs.
Here's another one, complete:
---
2017-07-26 17:47:11 1daHyG-0006wE-On <= somebodyredacted.com U=mail P=spam-scanned S=8615 id=PS1PR0302MB2521EA6D93330DC628D6B68A8DB90@???
2017-07-26 17:47:12 1daHyG-0006wE-On => redacted@??? <redacted> R=dnslookup T=remote_smtp S=8727 H=mb11.dentaku.gol.com [203.216.5.41] I=[203.216.5.87] C="250 OK id=1daHyK-000PFY-JI"
2017-07-26 19:58:42 1daHyG-0006wE-On H=redacted-com.mail.protection.outlook.com [23.103.139.138] TLS error on connection (gnutls_handshake): timed out
2017-07-26 19:58:42 1daHyG-0006wE-On TLS session failure: delivering unencrypted to redacted-com.mail.protection.outlook.com [23.103.139.138] (not in hosts_require_tls)
2017-07-26 19:58:43 1daHyG-0006wE-On => warmbodyu@??? <redacted> R=dnslookup T=remote_smtp S=8727 H=redacted-com.mail.protection.outlook.com [23.103.139.138] I=[203.216.5.87] C="250 2.6.0 <PS1PR0302MB2521EA6D93330DC628D6B68A8DB90@???> [InternalId=50470160698992, Hostname=KL1PR0301MB2056.apcprd03.prod.outlook.com] 19008 bytes in 0.213, 87.128 KB/sec Queued mail for delivery"
2017-07-26 19:58:43 1daHyG-0006wE-On Completed QT=2h11m35s
---
2nd line is an instant local delivery, then should be the forward to the
outsourced hell domain, but nothing for 2 hours.
Christian
--
Christian Balzer Network/Systems Engineer
chibi@??? Rakuten Communications