Sending mail va SMTP w/TLS was working fine until last night, now all of a sudden it takes about 3 minutes before it gets to the stage where it asks for the SMTP user password.
I've tried without TLS and it still has the same ~3min delay before sending. I've also tried stopping & restarting the services as well as rebooting the machine.
I've watched all the mail logs suggested on:
http://www.tnpi.biz/internet/mail/toaster/upgrade/watch-logs .shtml and nothing happens (other than mail checks) until that ~3 mins has passed & the client finally connects to the SMTP.
I am not using any of the filtering.
To make this even more confusing for me, the server (on the same ip) responds instantly when
checking mail.
I'm using thunderbird as a client & my ISP is Comcast.
Any ideas or suggestions as far as how to troubleshoot this?
Hmm maybe it has something to do with the tarpit delay?
dm1# more tarpitcount
50
dm1# more tarpitdelay
5
It's not a 5 minute delay here though.... maybe 1-3.
Also I noticed a lot of strange IPs hitting my port 25:
# sockstat | grep ':25'
vpopmail tcpserve 18692 0 tcp4 11.22.33.44:25 81.193.3.154:2039
vpopmail tcpserve 18691 0 tcp4 11.22.33.44:25 71.110.152.67:3220
vpopmail tcpserve 18690 0 tcp4 11.22.33.44:25 213.231.80.148:1746
vpopmail tcpserve 18689 0 tcp4 11.22.33.44:25 220.80.248.245:1439
vpopmail tcpserve 18688 0 tcp4 11.22.33.44:25 200.180.178.194:1251
vpopmail tcpserve 18561 0 tcp4 11.22.33.44:25 220.73.109.17:4700
vpopmail tcpserve 18560 0 tcp4 11.22.33.44:25 218.21.77.203:1108
vpopmail tcpserve 18558 0 tcp4 11.22.33.44:25 218.51.128.112:1656
vpopmail tcpserve 7983 3 tcp4 *:25 *:*
# sockstat | grep ':25'
vpopmail tcpserve 18692 0 tcp4 11.22.33.44:25 81.193.3.154:2039
vpopmail tcpserve 18691 0 tcp4 11.22.33.44:25 71.110.152.67:3220
vpopmail tcpserve 18690 0 tcp4 11.22.33.44:25 213.231.80.148:1746
vpopmail tcpserve 18689 0 tcp4 11.22.33.44:25 220.80.248.245:1439
vpopmail tcpserve 7983 3 tcp4 *:25 *:*
None of those are me, and this is a pretty private low-usage mailserver. I'm still watching the logs & nothing is popping up while those ips are connected/trying to connect.
My main concern is that this was working properly before last night , nothing was changed in the configuration, and now it's not working....
I'm just concerned it could be a security/DoS issue with one of the components of the Mail Toaster.
Maybe it has something to do with this:
from /var/qmail/supervise/smtp/run:
exec /usr/local/bin/softlimit -m 15360000 /usr/local/bin/tcpserver -S -H -R -c20 -x /usr/local/vpopmail/etc/tcp.smtp.cdb -u 89 -g 89 0 smtp rblsmtpd -c -a qmail.bondedsender.org qmail-smtpd /usr/local/vpopmail/bin/vchkpw /usr/bin/true 2>&1
dm1# ping qmail.bondedsender.org
PING qmail.bondedsender.org (130.94.6.10): 56 data bytes
(nothing)
^C
--- qmail.bondedsender.org ping statistics ---
20 packets transmitted, 0 packets received, 100% packet loss
dm1# traceroute qmail.bondedsender.org
traceroute to qmail.bondedsender.org (130.94.6.10), 64 hops max, 44 byte packets
(nothing)
^C
3? The default DNS timeout for rblsmtpd is 60 seconds, so you'd need three of your RBLs to be failing to have a 3 minute timeout. Perhaps you're having DNS lookup problems?
Oh, and just because you can't ping a RBL zone name doesn't mean it's not working. They work using UDP, not ICMP.
Matt
matt wrote on Tue, 03 May 2005 21:29 |
3? The default DNS timeout for rblsmtpd is 60 seconds, so you'd need three of your RBLs to be failing to have a 3 minute timeout. Perhaps you're having DNS lookup problems?
Oh, and just because you can't ping a RBL zone name doesn't mean it's not working. They work using UDP, not ICMP.
Matt
|
Ok... to ensure accuracy, I timed it a few times...
it responds
exactly 1 minute 45 seconds later every time.
Nothing with the configuration has changed. It was working early yesterday evening. This is on a network that is pretty much private at the moment.
Also I am connecting to the IP of the SMTPd vs the fqdn right now... (although maybe there are other places for dns to fail).
fwiw, nslookup hangs on the mail/dns machine (tinydns & dnscache are installed), but dnsip resolves domains just fine.
by 'hangs' I mean... sits there and does nothing.
Also I have:
rbl_enable = 0 # master RBL switch. Disables all RBLs
rwl_enable = 0 # master RWL switch. Disables all RWLs
atari wrote on Tue, 03 May 2005 23:39 |
fwiw, nslookup hangs on the mail/dns machine (tinydns & dnscache are installed), but dnsip resolves domains just fine.
by 'hangs' I mean... sits there and does nothing.
|
I'd look into this --
nslookup uses TCP instead of UDP to do lookups AFAIK --
this means there may be a problem with axfrdns
I'd verify the following sorts of DNS records:
forward and reverse of the mail machine from: client, mail machine, third party DNS
forward and reverse of the client machine from: client, mail machine, third party DNS
forward and reverse DNS for any other upstream/downstream mail servers that may be involved, and/or any DNS based spam checking services
I have the same problem.
It's no rbl or rwl checking problem.
it isn't
this issue is it?