Re: [courier-users] esmtpd suddenly rejects traffic
Brought to you by:
mrsam
Menu
▾
▴
Re: [courier-users] esmtpd suddenly rejects traffic
|
From: Tim H. <ti...@br...> - 2003-07-22 18:30:08
|
Michael Jinks wrote: > Hi all. > > I think I just need a pointer on where to RTFM. > > Sometime last night, my mail server (courier 0.42.2 on Gentoo Linux) > stopped accepting mail from our (that is, the University of Chicago's) > central mail cluster, or any machine on the 128.135.12.0/24 subnet as > far as I can tell. > > I haven't touched my configuration in weeks. > > Mail from other sites comes in fine; for example I am able to send > myself test messages from my Yahoo account. But mail forwarded to me > through the cluster is deferred. > > One thought was that the U of C might have slipped into somebody's > RBL; > it happens to us once in a while due to hacked or poorly configured > systems elsewhere on our network relaying spam through the central > cluster. But, my esmtpd file has an empty "BLACKLISTS" field, and > rblcheck doesn't list any of our cluster servers as being blocked by > any > of the RBL's that I know of to check. (I'll include sample output > from > rblcheck below as Appendix A.) > > When I try to connect to Courier from one of the cluster machines via > telnet, I get this: > > harper:~$ telnet heavy.uchicago.edu 25 > Trying 128.135.0.56... > Connected to heavy.uchicago.edu (128.135.0.56). > Escape character is '^]'. > 220 ************************ > [odd... session continues:] > ehlo harper.uchicago.edu > 502 ESMTP command error > This looks like a cisco router with smtp fixup enabled between you and the subnet. > I've tried this now from three different machines all on the same > subnet, > with identical results. > > Telnet to port 25 from systems not on 128.135.12.0/24 proceeds as > expected. > > A typical Courier log excerpt looks like this: > > Jul 22 12:17:41 [courieresmtpd] started,ip=[128.135.12.12] > Jul 22 12:17:41 [courieresmtpd] error,relay=128.135.12.12,msg="502 > ESMTP command error",cmd: XXXX midway.uchicago.edu Jul 22 12:19:05 > [courieresmtpd] [128.135.12.6]: Connection timed out > > ...and that's where I'm stuck for now. If anybody knows what I'm > missing, > please drop me a hint. > > Thanks, > --michael > > > Appendix A: rblcheck for "midway.uchicago.edu", our main MX: > > harper:~$ rblcheck -s blackholes.mail-abuse.org 128.135.12.12 > 128.135.12.12 not RBL filtered by list.dsbl.org > 128.135.12.12 not RBL filtered by multihop.dsbl.org > 128.135.12.12 not RBL filtered by unconfirmed.dsbl.org > 128.135.12.12 not RBL filtered by blackholes.easynet.nl > 128.135.12.12 not RBL filtered by dynablock.easynet.nl > 128.135.12.12 not RBL filtered by proxies.relays.monkeys.com > 128.135.12.12 not RBL filtered by dnsbl.njabl.org > 128.135.12.12 not RBL filtered by relays.ordb.org > 128.135.12.12 not RBL filtered by relays.osirusoft.com > 128.135.12.12 not RBL filtered by dsn.rfc-ignorant.org > 128.135.12.12 not RBL filtered by postmaster.rfc-ignorant.org > 128.135.12.12 not RBL filtered by abuse.rfc-ignorant.org > 128.135.12.12 not RBL filtered by whois.rfc-ignorant.org > 128.135.12.12 not RBL filtered by ipwhois.rfc-ignorant.org > 128.135.12.12 not RBL filtered by bl.spamcop.net > 128.135.12.12 not RBL filtered by sbl.spamhaus.org > 128.135.12.12 not RBL filtered by blackholes.mail-abuse.org > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single > machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at > the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > courier-users mailing list > cou...@li... > Unsubscribe: > https://lists.sourceforge.net/lists/listinfo/courier-users |