Advertisement

02.10.2008 at 05:41PM PST, ID: 23152016
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.4

SMTP traffic being disconnected after DATA is sent

Asked by joedelapaz in Spam Black Holes, Anti-Spam Email Software, Simple Mail Transfer Protocol (SMTP)

Tags:

Hello All,

I have an issue with one particular e-newsletter that needs to come into our network, but is being dropped for some reason.

The incoming email trajectory is:
A Cisco 2811 as our border router
Nokia IP 1220 Firewall
Sophos ES1000 Email Filter
(The transmission does not get this far. However, we have:)
SurfControl Content Filter
Exchange 2003 Front End
Exchange 2003 Back End

I have pored over our border router and Firewall logs and we can see the smtp conversations for this particular email being green-lighted and passing through.

I've also been working with the Sophos tech and he can see the following in the appliance logs.

Feb 11  TZMA01 postfix/smtpd[53381]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[53381]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54383]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54383]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[52946]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[52946]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54376]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54376]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: connect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: D1E4B2220241: client=external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54508]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54508]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: connect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: BB12122202C8: client=external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[53226]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[53226]: disconnect from external.mail.com[203.xxx.xxx.xxx]

However, he cannot give me a reason for the disconnection.

The appliance itself is not registering the email spam (as yet) because it does not look as though the SMTP communication is finishing successfully.

By running a sniffer over the connection we can see pretty much the whole email come through, apart from the last few expected packets and the all important <.> end transmission sequence.

Our next testing step is to bypass Sophos and Surfcontrol altogether and go straight to the Exchange FE. This will only be for a very short time in order to test the extent of this particular issue (and mitigate risks).

Also, our MTU size is currently set to 1492. I will probably test setting this to 1500 and see if it works.

Has anyone seen these symptoms before?
Any assistance would be appreciated as I have exhausted all options from my end.

Thanks in advance.

JoeStart Free Trial
 
Keywords: SMTP traffic being disconnected after …
Title
1 smtp
2 SMTP Error
3 SPAM problem / Change SMTP Outbo…
4 Can't get Internet or SMTP fowarding …
5 SMTP Virtual Server - delayed deliver…
6 RETRIES EXHAUSTED
 
Loading Advertisement...
 
[+][-]02.10.2008 at 06:00PM PST, ID: 20863565

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 14-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.10.2008 at 06:21PM PST, ID: 20863616

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 14-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.10.2008 at 06:25PM PST, ID: 20863627

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 14-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.10.2008 at 07:45PM PST, ID: 20863859

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 14-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.11.2008 at 05:16PM PST, ID: 20871882

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 14-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02.12.2008 at 02:57PM PST, ID: 20880120

View this solution now by starting your 14-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Spam Black Holes, Anti-Spam Email Software, Simple Mail Transfer Protocol (SMTP)
Tags: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]
Sign Up Now!
Solution Provided By: joedelapaz
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20081112-EE-VQP-43 / EE_QW_2_20070628