Incomming SMTP connections not exiting

[GnrInc]

Just recently qmail-smtp connections have not been exiting gracefully.

I found this out when users started complaining that they could not send out email. When I checked, there were 40 "/var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true" sitting in the process list. Most of them were over an hour old.

I cleaned them up, but it has been happening more frequently now.

Looking though the log I don't see any correlation between the different connections that are hanging up.

Any thoughts or direction?

 

[thedaver]

what's your script for running smtpd? are you using a 'run' file with tcpserver? pls post it

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[GnrInc]

I've done some more poking and this is a tcpdump of one of the connections:

reading from file smtp.out2, link-type EN10MB (Ethernet)
12:47:46.245097 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: S 1192049389:1192049389(0) win 65535 <mss 1460,nop,nop,sackOK>
:.....p.................G
12:47:46.245140 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: S 3009066267:3009066267(0) ack 1192049390 win 5840 <mss 1460,nop,nop,sackOK>
:.p...%................U.Z..G
12:47:46.619660 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: . ack 1 win 65535
:..Z..P...iR......iR.U..G
12:47:46.621333 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 1:24(23) ack 1 win 5840
:.P.......220 domain.com ESMTP.G

12:47:47.275786 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: . ack 24 win 65512
:..Z.3P...iR......iR.U..G
12:47:48.215073 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: P 1:27(26) ack 24 win 65512
:..Z.3P.......EHLO ip150-212.viatel.ee

12:47:48.215101 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: . ack 27 win 5840
;.P...RQ..(.H.q../.....U.Z.3G
12:47:48.215237 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 24:135(111) ack 27 win 5840
;.P.......250-domain.comZ.3G
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 10000000
250 AUTH LOGIN PLAIN CRAM-MD5

12:47:48.963735 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: . ack 135 win 65401
;..Z..P..yi8.....yi8.U..G
12:47:50.577473 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: P 27:70(43) ack 135 win 65401
;..Z..P..y\i..MAIL FROM:<08info.daa-hannover@daa-bw.de>

12:47:50.577553 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 135:143(8) ack 70 win 5840
;3P...r...250 ok./.....U.Z..G

12:47:50.784636 IP ip150-212.viatel.ee.63573 > server.domain.com.smtp: P 70:118(48) ack 143 win 65393
;3.Z..P..qA...RCPT TO: <heather@domain.com>
DATA

12:47:50.790703 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

12:47:52.644898 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

12:47:56.357224 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

12:48:03.781793 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

12:48:18.630843 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

12:48:48.328840 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

12:49:01.083562 IP ip150-212.viatel.ee.62547 > server.domain.com.smtp: S 3769501304:3769501304(0) win 65535 <mss 1460,nop,nop,sackOK>
E..0..@.q..H./..H.q..S.....x....p...C...........
12:49:01.083620 IP server.domain.com.smtp > ip150-212.viatel.ee.62547: S 3103349962:3103349962(0) ack 3769501305 win 5840 <mss 1460,nop,nop,sackOK>
E..0..@.@..'H.q../.....S..\....yp....F..........
12:49:01.384778 IP ip150-212.viatel.ee.62547 > server.domain.com.smtp: . ack 1 win 65535
E..(..@.q..@./..H.q..S.....y..\.P...Z.......Z.
12:49:01.384802 IP ip150-212.viatel.ee.62547 > server.domain.com.smtp: R 1:1(0) ack 1 win 0
E..(..@.q..?./..H.q..S.....y..\.P...Z.......Z.
12:49:47.724159 IP server.domain.com.smtp > ip150-212.viatel.ee.63573: P 143:201(58) ack 118 win 5840
;cP...9...451 temporary failure (#4.3.0)
503 RCPT first (#5.5.1)

If I am looking at that right, I am sending a 451 and keeping the connection open from my end. But why would I?

I am running a greylisting plugin, but according to the logs that seems to be running correctly.

 

[thedaver]

Are you running anything that is doing valid user checking?

Are you able to get ANY incoming mail to work? (is it a mailformed incoming msg?)

Can you disable greylist to see if the problem goes away? (

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[GnrInc]

Yes, I am using qmail-spp and a plugin to check for a valid mailbox, along with RSL's and greylisting. We also require smtp auth when sending.

Yes, lots of mail is still coming in.

It seems that I get roughly 10 connections hanging in about 15 mins. After a couple of hours, all my connections are tied up and users start complaining.

I disabled the greylisting plugin, and connections still get hung up.

 

[thedaver]

Can you disable the valid user checking? I have my suspicions there by the way the tcp dump reads.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[GnrInc]

I disabled all my smtp plugins. Still happens.

Very frustrating.

 

[thedaver]

Do you have any anti-spam or anti-virus daemons/scripts in play?

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/