Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 7229 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP connection lost while reading message

fredz2
While researching some messages that one of our user's didn't receive, I found traces of them in the raw smtp logs.  If I look in "Mail Manager/SMTP Log", I see no evidence of the messages.

For the 2 senders I'm looking for, the messages are coming from different domains.  At this point, I don't know if the sender's are receiving an error message, when they try to send messages to us. 

2009:04:03-02:21:55 (none) exim[23083]: 2009-04-03 02:21:55 DNS list lookup defer (probably timeout) for w.x.y.z.pbl.spamhaus.org: assumed not in list

2009:04:03-02:21:55 (none) exim[23083]: 2009-04-03 02:21:55 [z.y.x.w] F= R= Verifying recipient address with callout

2009:04:03-02:21:55 (none) exim[23083]: 2009-04-03 02:21:55 SMTP connection from mail.domain.com [z.y.x.w]:58059 lost while reading message data (header)


Does anyone know what's causing the problem?  

We're running v7.304 on an ASG320. 

Bill


This thread was automatically locked due to age.
Parents
  • 0
    Are you using greylisting?

    I would assume that the sending server would retry.  Was the same message received within the following day or two?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    No, we're not using greylisting.

    There are other instances of messages from the same sender(s) to this recipient over the course of several days.  I can't tell if they are new messages or retries.  All of them have the same "SMTP connection ... lost while reading message" error and never go any further.
  • 0 in reply to fredz2
    It would be interesting to know if the user has whitelisted this sender.  Certainly, if the sender is using a good mailserver, then the sender should be receiving non-delivery notices.

    I'm curious to learn the cause of this problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to fredz2
    It would be interesting to know if the user has whitelisted this sender.  Certainly, if the sender is using a good mailserver, then the sender should be receiving non-delivery notices.

    I'm curious to learn the cause of this problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Just an update ...

    I opened a support case with Astaro Platinum support early last week and they discovered that a lag occurred (20-60 seconds) on the SMTP "RCPT TO:" command.  They were going to have their developers look into our issue.

    Talked with Astaro again this week - I hadn't seen any connections from Germany.  They wanted to try some other tests ... By disabling the RBL checks, the lag went away, as did this error we were seeing.  I said that wasn't a valid solution.  

    One thing I noticed is that our 7.3xx version was checking list.dsbl.org (it's defined in exim.conf).  Reading a recent post on DSBL.org, they say: 

    "DSBL's list nameservers have continued to answer queries for 10 months after the list went off. From now on, DSBL list queries (to *.list.dsbl.org, *.multihop.dsbl.org and *.unconfirmed.dsbl.org) will go to the nonexistant nameserver stop-using-dsbl.dsbl.org, which resolves to the unroutable example IP address 192.0.2.1.

    This should keep nameservers everywhere working like they should, while slowing down spam filters that are still using DSBL. Hopefully the annoyance of the slowdown will convince the remaining DSBL users to stop using DSBL. DNS timeouts should not cause any email to get lost."

    I asked Astaro if they thought this was the root of the issue - so far, no response from them.  

    Astaro (Germany) did connect to our box for a few hours yesterday, but I haven't been able to get an update on our case.

    If you're still running 7.3x and have the RBL's checked, you might want to grep your smtp.log and see if you're experiencing the same issue.

    ----
    Bill
  • 0 in reply to fredz2
    Bill, I'm surprised that not one of us here remembered that issue.  Williamsej did a great thread n this: https://community.sophos.com/products/unified-threat-management/astaroorg/f/56/t/48552

    The temporary fix is to to uncheck 'Use recommended RBLs', and add the following to the 'Extra RBL Zones' box:

    sbl-xbl.spamhaus.org
    pbl.spamhaus.org
    cbl.abuseat.org
    bl.spamcop.net


    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi,

    Was there any follow up to this?  Did the provided solution work, did Astaro come back with something?

    Regards,
    Stuart
Cookie Information Banner