Link to home
Start Free TrialLog in
Avatar of madasczik
madasczik

asked on

Mdaemon Error reading from socket!

Using Mdaemon v7.2.0 server and getting the following error:

Wed 2004-09-22 18:18:53: ----------
Wed 2004-09-22 18:18:53: Session 1181; child 8; thread 864
Wed 2004-09-22 18:18:31: Accepting SMTP connection from [xxx.xxx.xxx.xxxx : 2815]
Wed 2004-09-22 18:18:31: --> 220-fusionapps.net ESMTP MDaemon 7.2.0; Wed, 22 Sep 2004 18:18:31 -0400
Wed 2004-09-22 18:18:31: --> 220-Unauthorized relays are prohibited.
Wed 2004-09-22 18:18:31: --> 220 All transactions and IP addresses are logged.
Wed 2004-09-22 18:18:31: <-- EHLO websrv19
Wed 2004-09-22 18:18:31: --> 250-fusionapps.net Hello websrv19, pleased to meet you
Wed 2004-09-22 18:18:31: --> 250-ETRN
Wed 2004-09-22 18:18:31: --> 250-AUTH=LOGIN
Wed 2004-09-22 18:18:31: --> 250-AUTH LOGIN CRAM-MD5
Wed 2004-09-22 18:18:31: --> 250-8BITMIME
Wed 2004-09-22 18:18:31: --> 250 SIZE 0
Wed 2004-09-22 18:18:53: Error reading from socket!
Wed 2004-09-22 18:18:53: Unexpected socket closure
Wed 2004-09-22 18:18:53: SMTP session terminated (Bytes in/out: 15/298)
Wed 2004-09-22 18:18:53: ----------

From what I gather, the mail is from a web server sent through MS Exchange server, and then after that it goes through a  proxy server so I don't even know where to begin on this issue.  Awaiting more details.  Normally after the SMTP negotionation, where the socket closure is,  the sending server will provide who the email is from.  I've already eliminated reverse dns lookups and spam detection, also added the IP of what appears to be the proxy server, will know for sure in a few days.  Any ideas?
Avatar of RanjeetRain
RanjeetRain

Did you overlook this line by any chance?

Wed 2004-09-22 18:18:31: Accepting SMTP connection from [xxx.xxx.xxx.xxxx : 2815]

That is a straight pointer. WHy can't you do a lookup on this?
Wed 2004-09-22 18:18:31: --> 220-Unauthorized relays are prohibited.
Wed 2004-09-22 18:18:31: --> 220 All transactions and IP addresses are logged.
Wed 2004-09-22 18:18:31: <-- EHLO websrv19

The intruding host is either trying to use your server as an open relay or is just trying to PING it, to see if it is alive.
Avatar of madasczik

ASKER

This line is the trusted IP address, this is saying the connection is at least starting.  I removed the reverse lookup b/c there's no need to make sure that the IP resolves back to a real name, and to cut down on things that could potentially cause more problems at the moment

Wed 2004-09-22 18:18:31: Accepting SMTP connection from [xxx.xxx.xxx.xxxx : 2815]

These 2 lines are just comments added to smtp negotiation, it could say anything really

Wed 2004-09-22 18:18:31: --> 220-Unauthorized relays are prohibited.
Wed 2004-09-22 18:18:31: --> 220 All transactions and IP addresses are logged.

This line is the mail server on the other end saying, hello my name is this

Wed 2004-09-22 18:18:31: <-- EHLO websrv19

These line are where the problem arises where my mail server is sending to the other server, these are the options you have to make a successful connection with me

Wed 2004-09-22 18:18:31: --> 250-ETRN
Wed 2004-09-22 18:18:31: --> 250-AUTH=LOGIN
Wed 2004-09-22 18:18:31: --> 250-AUTH LOGIN CRAM-MD5
Wed 2004-09-22 18:18:31: --> 250-8BITMIME
Wed 2004-09-22 18:18:31: --> 250 SIZE 0

After these lines, the other side is supposed to pick one of those options above and start transfering stuff my way.  The first line returned back would be who the email is from and to.  Any ideas why the connection fails at this point.  Dealing with exchange server through a proxy, both of which I have real control over.  I can put in a request to change something, but what?
ASKER CERTIFIED SOLUTION
Avatar of RanjeetRain
RanjeetRain

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial