Postfix MTA user discussion

headers

kshitij mali | 9 Feb 2012 08:49

What wrong with my postfix

Hi sir,

I use postfix2.5.5 rpm to run postfix as relay server

since from last many day my application team of SAP software started complaining for the smtp email failuer

pls find the below longs

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Email 1

Feb 6 10:41:22 D1SNX682RL postfix/smtpd[3693]: connect from unknown[155.14.132.36]
Feb 6 10:41:23 D1SNX682RL postfix/smtpd[3693]: 20C453E00C0: client=unknown[155.14.132.36]
Feb 6 10:41:23 D1SNX682RL postfix/cleanup[10313]: 20C453E00C0: warning: header Subject: RE: RE: RE: RE: RE:// FOLLOW UP // HBL SCREENSHOT // FINAL SI & HBL // E.R FREMANTLE 087 // HIBLOW from unknown[155.14.132.36]; from=<MANILA_DOCS <at> APL.COM> to=<crm_email_archive_apl <at> apl.com> proto=ESMTP helo=<nol.com.sg>
Feb 6 10:41:23 D1SNX682RL postfix/cleanup[10313]: 20C453E00C0: message-id=<ADR37000000104995 <at> nol.com.sg>
Feb 6 10:44:27 D1SNX682RL postfix/smtpd[3693]: lost connection after DATA (437492 bytes) from unknown[155.14.132.36]
Feb 6 10:44:27 D1SNX682RL postfix/smtpd[3693]: disconnect from unknown[155.14.132.36]

Email 2
Feb 6 10:27:19 D1SNX682RL postfix/smtpd[22715]: connect from unknown[155.14.133.55]
Feb 6 10:27:19 D1SNX682RL postfix/smtpd[22715]: E06F63E00E4: client=unknown[155.14.133.55]
Feb 6 10:27:19 D1SNX682RL postfix/cleanup[26755]: E06F63E00E4: warning: header Subject: =?utf-8?Q?RE=3A_=E2=98=85_=28=2712=2E2/8=EC=9D=BC_=EC=84=A0?=? =?utf-8?Q?=EC=A0=81=29_=EB=B2=A0=ED=8A=B8=EB=82=A8_=EC=8F=98=EB=A0=8C?=? =?utf-8?Q?=ED=86=A0R_240=EB=8C=80_AT=28L=29_=EC=84=A0=E from unknown[155.14.133.55]; from=<kor_ob_cs <at> apl.com> to=<shengwu82 <at> kia.co.kr> proto=ESMTP helo=<nol.com.sg>
Feb 6 10:27:19 D1SNX682RL postfix/cleanup[26755]: E06F63E00E4: message-id=<ADR37000000104786 <at> nol.com.sg>
Feb 6 10:30:25 D1SNX682RL postfix/smtpd[22715]: lost connection after DATA (37844 bytes) from unknown[155.14.133.55]
Feb 6 10:30:25 D1SNX682RL postfix/smtpd[22715]: disconnect from unknown[155.14.133.55]

Email 3

Feb 6 09:35:20 D1SNX682RL postfix/smtpd[30764]: connect from unknown[155.14.133.55]
Feb 6 09:35:21 D1SNX682RL postfix/smtpd[30764]: 09C103E00C8: client=unknown[155.14.133.55]
Feb 6 09:35:21 D1SNX682RL postfix/cleanup[31388]: 09C103E00C8: warning: header Subject: RE: Re: mol sparkle v. 0006n from unknown[155.14.133.55]; from=<manila_csd <at> apl.com> to=<mnloce <at> ao.kwe.com> proto=ESMTP helo=<nol.com.sg>
Feb 6 09:35:21 D1SNX682RL postfix/cleanup[31388]: 09C103E00C8: message-id=<ADR37000000104166 <at> nol.com.sg>
Feb 6 09:38:23 D1SNX682RL postfix/smtpd[30764]: lost connection after DATA (11399 bytes) from unknown[155.14.133.55]
Feb 6 09:38:23 D1SNX682RL postfix/smtpd[30764]: disconnect from unknown[155.14.133.55]

Email 4

Feb 6 08:19:18 D1SNX682RL postfix/smtpd[17348]: connect from unknown[155.14.132.36]
Feb 6 08:19:18 D1SNX682RL postfix/smtpd[17348]: 595DC3E00A4: client=unknown[155.14.132.36]
Feb 6 08:19:18 D1SNX682RL postfix/cleanup[4645]: 595DC3E00A4: warning: header Subject: RE: Re: Fwd: FREIGHT QUOTATION MANILA TO HAIPHONG 40'RF CONTRS. COMMODITY: FROZEN FOODSTUFFS from unknown[155.14.132.36]; from=<manila_csd <at> apl.com> to=<romie <at> info.com.ph> proto=ESMTP helo=<nol.com.sg>
Feb 6 08:19:18 D1SNX682RL postfix/cleanup[4645]: 595DC3E00A4: message-id=<ADR37000000103343 <at> nol.com.sg>
Feb 6 08:22:22 D1SNX682RL postfix/smtpd[17348]: lost connection after DATA (7963 bytes) from unknown[155.14.132.36]
Feb 6 08:22:22 D1SNX682RL postfix/smtpd[17348]: disconnect from unknown[155.14.132.36]

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

whats the porblem may be ?

Kshitij Mali

tel.+91 2261544922
kshitij.mali <at> orange.com
15th Floor Vishwaroop IT park Sector 30-A Vashi 400703 Navi Mumbai India
www.orange-business.com

headers

Robert Schetterer | 9 Feb 2012 09:11

Re: What wrong with my postfix

Am 09.02.2012 08:49, schrieb kshitij mali:
> *lost connection after DATA*

mostly means the incomming mailserver stops deliver in by timeout
this may have many reasons, i.e is there some firewall with smtp
inspection involved and/or some network problem
if this is a new problem ask for new hardware/software setup the network
way up to the sender
perhaps you have to do network analyse to find the truth

by the way what is this

warning: header...?

maybe you do to much header checking  ( i.e in header_checks ) this
slows down your system too, and may break deliver in

also look for some header checking software on your server
( which does not report to your log etc )
--

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

headers

Ram | 9 Feb 2012 10:13

Re: What wrong with my postfix

On 02/09/2012 01:19 PM, kshitij mali wrote:

Hi sir,

I use postfix2.5.5 rpm to run postfix as relay server

since from last many day my application team of SAP software started complaining for the smtp email failuer

pls find the below longs

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Email 1

Feb 6 10:41:22 D1SNX682RL postfix/smtpd[3693]: connect from unknown[155.14.132.36]
Feb 6 10:41:23 D1SNX682RL postfix/smtpd[3693]: 20C453E00C0: client=unknown[155.14.132.36]
Feb 6 10:41:23 D1SNX682RL postfix/cleanup[10313]: 20C453E00C0: warning: header Subject: RE: RE: RE: RE: RE:// FOLLOW UP // HBL SCREENSHOT // FINAL SI & HBL // E.R FREMANTLE 087 // HIBLOW from unknown[155.14.132.36]; from=<MANILA_DOCS <at> APL.COM> to=<crm_email_archive_apl <at> apl.com> proto=ESMTP helo=<nol.com.sg>
Feb 6 10:41:23 D1SNX682RL postfix/cleanup[10313]: 20C453E00C0: message-id=<ADR37000000104995 <at> nol.com.sg>
Feb 6 10:44:27 D1SNX682RL postfix/smtpd[3693]: lost connection after DATA (437492 bytes) from unknown[155.14.132.36]
Feb 6 10:44:27 D1SNX682RL postfix/smtpd[3693]: disconnect from unknown[155.14.132.36]

Lost connection after data may mean either the client closed the connection , or the mail was timed out.
Are you able to send mails to this postfix server from other machines ? If yes then it is unlikely to be a smtpd server issue

headers

Nerijus Kislauskas | 9 Feb 2012 10:43

Re: What wrong with my postfix

On 02/09/2012 11:13 AM, Ram wrote:
> Lost connection after data may mean either the client closed the
> connection , or the mail was timed out.
> Are you able to send mails to this postfix server from other machines ? 
> If yes then it is unlikely to be a smtpd server issue

No, you ar not right my friend.

"Lost connection after DATA" does not mean "client closed connection".

It means, that client said "Now I will send you message, catch it", and
he for some reason did not. Server said that "I will not wait any
longer, closing connection and printing to logs about lost connection
after data command". SMTP commands are small network packets. When
client sends data, network packets must be as big as possible.

More likely it's related to network and MTU issues on client side.
--

-- 
Nerijus Kislauskas

headers

Viktor Dukhovni | 9 Feb 2012 14:34

Re: What wrong with my postfix

On Thu, Feb 09, 2012 at 11:43:54AM +0200, Nerijus Kislauskas wrote:

> > Lost connection after data may mean either the client closed the
> > connection, or the mail was timed out.
> > Are you able to send mails to this postfix server from other machines ? 
> > If yes then it is unlikely to be a smtpd server issue
> 
> No, you ar not right my friend.
> 
> "Lost connection after DATA" does not mean "client closed connection".

Yes it can, though more typically, the data transfer fails below the
application layer.

The connection was lost. It could have been explicitly closed, but
more likely it experienced a TCP retransmission timeout due to path
MTU issues, firewall bugs, or similar. To resolve the issue, the OP
needs to run "tcpdump" as documented in:

	http://www.postfix.org/DEBUG_README.html#sniffer

--

-- 
	Viktor.

headers

Wietse Venema | 9 Feb 2012 14:48

Re: What wrong with my postfix

kshitij mali:
> Feb  6 10:41:22 D1SNX682RL postfix/smtpd[3693]: connect from
> unknown[155.14.132.36]
> [some headers logged here]
> ADR37000000104995 <at> nol.com.sg>
> Feb  6 10:44:27 D1SNX682RL postfix/smtpd[3693]: *lost connection after
> DATA*(437492 bytes) from unknown[155.14.132.36]

The connection was broken after 437492 data bytes in 5 seconds.

> Feb  6 10:27:19 D1SNX682RL postfix/smtpd[22715]: connect from
> unknown[155.14.133.55]
> [some headers logged here]
> Feb  6 10:30:25 D1SNX682RL postfix/smtpd[22715]: *lost connection after DATA
> * (37844 bytes) from unknown[155.14.133.55]

Same problem: the connection is broken after 6 seconds and 37844 bytes.

Based on the large byte counts, IP path MTU problems are unlikely
to be the cause. 

I'm very suspicious that something is actively interfering with
your TCP connections.  It could be anti-virus, IDS, some firewall,
or something else.

As Victor suggests, this requires tcpdump analysis.

	Wietse

headers

Kshitij mali | 27 Jun 2012 16:40

Re: What wrong with my postfix


Hello Moderator ,
  please delete this thread for security reason

headers

Reindl Harald | 27 Jun 2012 16:44

Re: What wrong with my postfix


Am 27.06.2012 16:40, schrieb Kshitij mali:
> Hello Moderator ,
>   please delete this thread for security reason

you have no clue how email and maling-lists are working?
how do you imagine to delete a thread?

headers

Wietse Venema | 27 Jun 2012 16:48

Re: What wrong with my postfix

Kshitij mali:
> Hello Moderator ,
>   please delete this thread for security reason

Sorry, this thread is archived for eternity and world-side in
websites, search engines, and personal mailboxes.

	Wietse

headers

Kshitij mali | 27 Jun 2012 17:02

Re: What wrong with my postfix


hello,

please at least remove from this site , there is security audit going on in my
organisation i dont want to maintain this thread , please remove this .

regards,
Kshitij

headers

Reindl Harald | 27 Jun 2012 17:15

Re: What wrong with my postfix


Am 27.06.2012 17:02, schrieb Kshitij mali:
> please at least remove from this site , there is security audit going on in my
> organisation i dont want to maintain this thread , please remove this

sorry you can not expect that someone maintains
informations you are sent to the public nor that
the origin archive will have removed messages which
are available everywhere else

headers

Denis Witt | 27 Jun 2012 17:19

Re: What wrong with my postfix

On 27.06.2012 17:02, Kshitij mali wrote:

> please at least remove from this site , there is security audit going on in my
> organisation i dont want to maintain this thread , please remove this .

Hi,

there is no such thing as "this site". From my point of view there isn't 
even a site at all, only my E-Mail-Client.

There are so many mirrors of the Postfix-Mailing-List you can spend the 
rest of your lifetime trying to delete all copies of your message.

Also I don't see anything security relevant in your messages.

Bye.

headers

Kshitij mali | 27 Jun 2012 17:30

Re: What wrong with my postfix

remove my messages

Regards,
Kshitij

headers

Reindl Harald | 27 Jun 2012 17:37

Re: What wrong with my postfix


Am 27.06.2012 17:30, schrieb Kshitij mali:
> remove my messages

who do you think you are telling people what to remove from
their local mail-archive since it was explained to you that
in global ones nobody can remove anything for you

do not send informations which are not meant for leave
your company or learn from your mistakes - nobody else
is responsible for anything leaving your mail-client

there is nothing more you can expect

headers

Larry Stone | 27 Jun 2012 17:56

Re: What wrong with my postfix

On Wed, 27 Jun 2012, Kshitij mali wrote:

> remove my messages

I'll try to explain this a little more politely than another poster.

This is a mailing list. You send mail to the mailing list, the mailing 
list software sends it on to the list subscribers, and at that point, the 
mailing list software on postfix.org (this "site"), is done with it and 
deletes it. In other words, it was deleted from postfix.org within seconds 
of you sending it.

However, subscribers, which includes some archiving websites independent 
of postfix.org, are free to do with it as they please. Getting it removed 
from every place that received it is a near impossibility. I suppose it is 
possible to request the archiving site to remove them but that's not done 
by sending an email to this mailing list. Whether they will is an entirely 
different matter. Meanwhile, I suspect some subscribers maintain their own 
prvate archives.

Think of this as being like you printed a flier and distributed it on a 
street corner. Once people took some, you really can't go back and tell 
people to destroy them. You don't know who has them and even if you did, 
now that they're in their hands, you can't tell them what to do with them.

-- Larry Stone
    lstone19 <at> stonejongleux.com

headers

Kshitij mali | 29 Jun 2012 07:22

Re: What wrong with my postfix

Hi sir,

Please delete this thread from the archive of the gmane.org or atleast hide the
ipaddress and email address from the logs from the below archive.

http://comments.gmane.org/gmane.mail.postfix.user/227441

Regards,
Kshitij Mali

headers

Ansgar Wiechers | 29 Jun 2012 10:31

Re: What wrong with my postfix

On 2012-06-29 Kshitij mali wrote:
> Please delete this thread from the archive of the gmane.org or atleast
> hide the ipaddress and email address from the logs from the below
> archive.
> 
> http://comments.gmane.org/gmane.mail.postfix.user/227441

What in the blue blazes would lead you to believe that anything you
write to the POSTFIX MAILING LIST would cause the person running the
GMANE.ORG WEBSITE to take any kind of action? Please get a clue and stop
bothering this list with your misplaced requests. Thank you.

Regards
Ansgar Wiechers
--

-- 
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

headers

James Day | 29 Jun 2012 10:40

RE: What wrong with my postfix

> -----Original Message-----
> From: owner-postfix-users <at> postfix.org [mailto:owner-postfix-
> users <at> postfix.org] On Behalf Of Kshitij mali
> Sent: 29 June 2012 06:22
> To: postfix-users <at> postfix.org
> Subject: Re: What wrong with my postfix
> 
> Hi sir,
> 
> 
> Please delete this thread from the archive of the gmane.org or atleast hide
> the ipaddress and email address from the logs from the below archive.
> 
> 
> http://comments.gmane.org/gmane.mail.postfix.user/227441
> 
> 
> Regards,
> Kshitij Mali

I'm afraid to say that all you will achieve with your misplaced requests for removal is draw attention to the
data that you wish to be removed. Unfortunately the damage is done. If your systems are secure then a few
exposed IP addresses really shouldn't trouble you.

Kind regards,

James Day

headers

Reindl Harald | 29 Jun 2012 13:43

Re: What wrong with my postfix


Am 29.06.2012 07:22, schrieb Kshitij mali:
> Please delete this thread from the archive of the gmane.org or atleast hide the
> ipaddress and email address from the logs from the below archive.
> 
> http://comments.gmane.org/gmane.mail.postfix.user/227441

you got many replies from different people who explained you
how the internet works - so why you are still fucking too
stupid to realize that NOBODY HERE can and will remove anything
from any archive out there

if you write a message to a mailing-list it is out of control
after hit

since you are refusing BASICS how email, mailinglists and the
internet works you should consider a job outside of the IT
or at least realize taht your repeatet tries get anything out
of archives whcih are also archived may lead for your boss
to the conclusion that he should make this decision for you

headers

Charles Marcus | 29 Jun 2012 14:14

Re: What wrong with my postfix

On 2012-06-29 7:43 AM, Reindl Harald <h.reindl <at> thelounge.net> wrote:
> Am 29.06.2012 07:22, schrieb Kshitij mali:
>> Please delete this thread from the archive of the gmane.org or atleast hide the
>> ipaddress and email address from the logs from the below archive.
>>
>> http://comments.gmane.org/gmane.mail.postfix.user/227441

> you got many replies from different people who explained you
> how the internet works - so why you are still fucking too
> stupid to realize that NOBODY HERE can and will remove anything
> from any archive out there

My question is, why don't all of you complaining about this send your 
replies directly to the loser in question (like I did) rather than 
spamming the list?

--

-- 

Best regards,

Charles