Advertisement

02.10.2008 at 05:41PM PST, ID: 23152016
[x]
Attachment Details

SMTP traffic being disconnected after DATA is sent

Asked by joedelapaz in Spam Black Holes, Anti-Spam Email Software, Simple Mail Transfer Protocol (SMTP)

Tags: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]

Hello All,

I have an issue with one particular e-newsletter that needs to come into our network, but is being dropped for some reason.

The incoming email trajectory is:
A Cisco 2811 as our border router
Nokia IP 1220 Firewall
Sophos ES1000 Email Filter
(The transmission does not get this far. However, we have:)
SurfControl Content Filter
Exchange 2003 Front End
Exchange 2003 Back End

I have pored over our border router and Firewall logs and we can see the smtp conversations for this particular email being green-lighted and passing through.

I've also been working with the Sophos tech and he can see the following in the appliance logs.

Feb 11  TZMA01 postfix/smtpd[53381]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[53381]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54383]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54383]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[52946]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[52946]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54376]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54376]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: connect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: D1E4B2220241: client=external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54409]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54508]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[54508]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: connect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: BB12122202C8: client=external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[69227]: disconnect from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[53226]: timeout after DATA from external.mail.com[203.xxx.xxx.xxx]
Feb 11  TZMA01 postfix/smtpd[53226]: disconnect from external.mail.com[203.xxx.xxx.xxx]

However, he cannot give me a reason for the disconnection.

The appliance itself is not registering the email spam (as yet) because it does not look as though the SMTP communication is finishing successfully.

By running a sniffer over the connection we can see pretty much the whole email come through, apart from the last few expected packets and the all important <.> end transmission sequence.

Our next testing step is to bypass Sophos and Surfcontrol altogether and go straight to the Exchange FE. This will only be for a very short time in order to test the extent of this particular issue (and mitigate risks).

Also, our MTU size is currently set to 1492. I will probably test setting this to 1500 and see if it works.

Has anyone seen these symptoms before?
Any assistance would be appreciated as I have exhausted all options from my end.

Thanks in advance.

JoeStart Free Trial
 
Keywords: SMTP traffic being disconnected after …
Title
1 smtp
2 SMTP Error
3 SPAM problem / Change SMTP Outbo…
4 Can't get Internet or SMTP fowarding …
5 SMTP Virtual Server - delayed deliver…
6 Spam or something else??
 
Loading Advertisement...
 
[+][-]02.10.2008 at 06:00PM PST, ID: 20863565

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.10.2008 at 06:21PM PST, ID: 20863616

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.10.2008 at 06:25PM PST, ID: 20863627

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.10.2008 at 07:45PM PST, ID: 20863859

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.11.2008 at 05:16PM PST, ID: 20871882

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02.12.2008 at 02:57PM PST, ID: 20880120

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Spam Black Holes, Anti-Spam Email Software, Simple Mail Transfer Protocol (SMTP)
Tags: lost connection after DATA from external.mail.com[203.xxx.xxx.xxx]
Sign Up Now!
Solution Provided By: joedelapaz
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628