Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Problem with SuSEfirewall and Postfix SMTP?
  • From: Jürgen Mell <juergen.mell@xxxxxxxxxxx>
  • Date: Fri, 18 Mar 2005 20:04:52 +0100
  • Message-id: <200503182004.54939.juergen.mell@xxxxxxxxxxx>
Hi,

On Friday 18 March 2005 08:27, John Fawcett wrote:
> M. Edwin wrote:
> > Jürgen Mell wrote:
> >
> >
> > It's OK too.
> >
> > You wrote this in your previous email
> >
> >> Mar 17 21:52:18 pluto kernel: SFW2-OUT-ERROR IN= OUT=dsl0 SRC=<our
> >> IP> DST=<Provider's mail server IP> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> >> ID=3530 DF PROTO=TCP SPT=25 DPT=58506 WINDOW=1404 RES=0x00 ACK RST
> >> URGP=0 OPT (0101080A015E41E40C059CEB)
> >
> > It seems that when you send an email from your server port 25 to your
> > provider server an error happened in SFW2. (If you have fwlogwatch
> > installed in your systems it can be easier to read the SFW log. Take a
> > look in http://fwlogwatch.inside-security.de/)
>
> Email is never sent from port 25. Email is sent to port 25.
> The above message (which is likely to be a consequence of another
> problem) arises during reception of email from a remote server.
>
> Maybe the remote server disconnected prematurely, probably
> because of waiting too long to get a reply. I doubt it's a firewall
> problem because mail does go through at times.
>
> So the real question is why does the mail server become unresponsive.
> The answer may be in the mail logs (/var/log/mail ?)

In the logs the problem looks like this:

Mar 17 20:11:32 pluto postfix/smtpd[8647]: <
mforward.dtag.de[194.25.242.123]: QUIT
Mar 17 20:11:32 pluto postfix/smtpd[8647]: >
mforward.dtag.de[194.25.242.123]: 221 Bye
Mar 17 20:11:32 pluto postfix/smtpd[8647]: disconnect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:11:32 pluto postfix/smtpd[8647]: connect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:11:32 pluto postfix/smtpd[8647]: >
mforward.dtag.de[194.25.242.123]: 220 pluto.br-tech.de ESMTP Postfix
Mar 17 20:11:32 pluto postfix/smtpd[8647]: watchdog_pat: 0x80a18b8
Mar 17 20:12:20 pluto postfix/smtpd[8639]: >
mforward.dtag.de[194.25.242.123]: 421 pluto.br-tech.de Error: timeout
exceeded
Mar 17 20:12:20 pluto postfix/smtpd[8639]: timeout after END-OF-MESSAGE
from mforward.dtag.de[194.25.242.123]
Mar 17 20:12:20 pluto postfix/smtpd[8639]: disconnect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:12:20 pluto postfix/smtpd[8639]: connect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:12:20 pluto postfix/smtpd[8639]: >
mforward.dtag.de[194.25.242.123]: 220 pluto.br-tech.de ESMTP Postfix
Mar 17 20:12:20 pluto postfix/smtpd[8639]: watchdog_pat: 0x80a18b8
Mar 17 20:12:35 pluto postfix/smtpd[8649]: >
mforward.dtag.de[194.25.242.123]: 421 pluto.br-tech.de Error: timeout
exceeded
Mar 17 20:12:35 pluto postfix/smtpd[8649]: timeout after END-OF-MESSAGE
from mforward.dtag.de[194.25.242.123]
Mar 17 20:12:35 pluto postfix/smtpd[8649]: disconnect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:12:35 pluto postfix/smtpd[8649]: connect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:12:35 pluto postfix/smtpd[8649]: >
mforward.dtag.de[194.25.242.123]: 220 pluto.br-tech.de ESMTP Postfix
Mar 17 20:12:35 pluto postfix/smtpd[8649]: watchdog_pat: 0x80a18b8
Mar 17 20:12:35 pluto postfix/smtpd[8649]: smtp_get: EOF
Mar 17 20:12:35 pluto postfix/smtpd[8649]: lost connection after CONNECT
from mforward.dtag.de[194.25.242.123]
Mar 17 20:12:35 pluto postfix/smtpd[8649]: disconnect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:12:35 pluto postfix/smtpd[8649]: connect from
mforward.dtag.de[194.25.242.123]
Mar 17 20:12:35 pluto postfix/smtpd[8649]: >
mforward.dtag.de[194.25.242.123]: 220 pluto.br-tech.de ESMTP Postfix
Mar 17 20:12:35 pluto postfix/smtpd[8649]: watchdog_pat: 0x80a18b8
Mar 17 20:12:35 pluto postfix/smtpd[8649]: smtp_get: EOF

From this point on, none of the smtpd daemons got a connection.

> > Can you do a
> >
> > ps auxww | grep postfix

It's a bit of a problem right now. All the mails have been sent and right
now everything works well again. I will try to reproduce the problem on
the weekend, for the next outage will come for sure...

Thanks,

Jürgen
< Previous Next >
Follow Ups