[courier-users] esmtpd suddenly rejects traffic
Brought to you by:
mrsam
From: Michael J. <mj...@mi...> - 2003-07-22 17:49:09
|
Hi all. I think I just need a pointer on where to RTFM. Sometime last night, my mail server (courier 0.42.2 on Gentoo Linux) stopped accepting mail from our (that is, the University of Chicago's) central mail cluster, or any machine on the 128.135.12.0/24 subnet as far as I can tell. I haven't touched my configuration in weeks. Mail from other sites comes in fine; for example I am able to send myself test messages from my Yahoo account. But mail forwarded to me through the cluster is deferred. One thought was that the U of C might have slipped into somebody's RBL; it happens to us once in a while due to hacked or poorly configured systems elsewhere on our network relaying spam through the central cluster. But, my esmtpd file has an empty "BLACKLISTS" field, and rblcheck doesn't list any of our cluster servers as being blocked by any of the RBL's that I know of to check. (I'll include sample output from rblcheck below as Appendix A.) When I try to connect to Courier from one of the cluster machines via telnet, I get this: harper:~$ telnet heavy.uchicago.edu 25 Trying 128.135.0.56... Connected to heavy.uchicago.edu (128.135.0.56). Escape character is '^]'. 220 ************************ [odd... session continues:] ehlo harper.uchicago.edu 502 ESMTP command error I've tried this now from three different machines all on the same subnet, with identical results. Telnet to port 25 from systems not on 128.135.12.0/24 proceeds as expected. A typical Courier log excerpt looks like this: Jul 22 12:17:41 [courieresmtpd] started,ip=[128.135.12.12] Jul 22 12:17:41 [courieresmtpd] error,relay=128.135.12.12,msg="502 ESMTP command error",cmd: XXXX midway.uchicago.edu Jul 22 12:19:05 [courieresmtpd] [128.135.12.6]: Connection timed out ...and that's where I'm stuck for now. If anybody knows what I'm missing, please drop me a hint. Thanks, --michael Appendix A: rblcheck for "midway.uchicago.edu", our main MX: harper:~$ rblcheck -s blackholes.mail-abuse.org 128.135.12.12 128.135.12.12 not RBL filtered by list.dsbl.org 128.135.12.12 not RBL filtered by multihop.dsbl.org 128.135.12.12 not RBL filtered by unconfirmed.dsbl.org 128.135.12.12 not RBL filtered by blackholes.easynet.nl 128.135.12.12 not RBL filtered by dynablock.easynet.nl 128.135.12.12 not RBL filtered by proxies.relays.monkeys.com 128.135.12.12 not RBL filtered by dnsbl.njabl.org 128.135.12.12 not RBL filtered by relays.ordb.org 128.135.12.12 not RBL filtered by relays.osirusoft.com 128.135.12.12 not RBL filtered by dsn.rfc-ignorant.org 128.135.12.12 not RBL filtered by postmaster.rfc-ignorant.org 128.135.12.12 not RBL filtered by abuse.rfc-ignorant.org 128.135.12.12 not RBL filtered by whois.rfc-ignorant.org 128.135.12.12 not RBL filtered by ipwhois.rfc-ignorant.org 128.135.12.12 not RBL filtered by bl.spamcop.net 128.135.12.12 not RBL filtered by sbl.spamhaus.org 128.135.12.12 not RBL filtered by blackholes.mail-abuse.org |