Loading ...
Sorry, an error occurred while loading the content.

lost connection after CONNECT from google

Expand Messages
  • Crayon
    Hi my newly setup postfix system is working well with one exception. Whenever google s servers tries to send me mail I get these errors (I used debug_peer_list
    Message 1 of 6 , Jan 1, 2007
    • 0 Attachment
      Hi

      my newly setup postfix system is working well with one exception. Whenever
      google's servers tries to send me mail I get these errors (I used
      debug_peer_list for this particular server):

      =================================================
      Jan 1 13:25:17 [postfix/smtpd] connect from
      ug-out-f141.google.com[66.249.92.141]
      Jan 1 13:25:17 [postfix/smtpd] match_hostname: ug-out-f141.google.com ~?
      1.2.3.4/32
      Jan 1 13:25:17 [postfix/smtpd] match_hostaddr: 66.249.92.141 ~?
      1.2.3.4/32
      Jan 1 13:25:17 [postfix/smtpd] match_list_match: ug-out-f141.google.com:
      no match
      Jan 1 13:25:17 [postfix/smtpd] match_list_match: 66.249.92.141: no match
      Jan 1 13:25:17 [postfix/smtpd] send attr request = connect
      Jan 1 13:25:17 [postfix/smtpd] send attr ident = smtp:66.249.92.141
      Jan 1 13:25:17 [postfix/smtpd] private/anvil: wanted attribute: status
      Jan 1 13:25:17 [postfix/smtpd] input attribute name: status
      Jan 1 13:25:17 [postfix/smtpd] input attribute value: 0
      Jan 1 13:25:17 [postfix/smtpd] private/anvil: wanted attribute: count
      Jan 1 13:25:17 [postfix/smtpd] input attribute name: count
      Jan 1 13:25:17 [postfix/smtpd] input attribute value: 1
      Jan 1 13:25:17 [postfix/smtpd] private/anvil: wanted attribute: rate
      Jan 1 13:25:17 [postfix/smtpd] input attribute name: rate
      Jan 1 13:25:17 [postfix/smtpd] input attribute value: 1
      Jan 1 13:25:17 [postfix/smtpd] private/anvil: wanted attribute: (list
      terminator)
      Jan 1 13:25:17 [postfix/smtpd] input attribute name: (end)
      Jan 1 13:25:17 [postfix/smtpd] > ug-out-f141.google.com[66.249.92.141]:
      220 mx.example.com ESMTP Postfix
      Jan 1 13:25:17 [postfix/smtpd] watchdog_pat: 0x80c5458
      Jan 1 13:25:17 [postfix/smtpd] smtp_get: EOF
      Jan 1 13:25:17 [postfix/smtpd] match_hostname: ug-out-f141.google.com ~?
      1.2.3.4/32
      Jan 1 13:25:17 [postfix/smtpd] match_hostaddr: 66.249.92.141 ~?
      1.2.3.4/32
      Jan 1 13:25:17 [postfix/smtpd] match_list_match: ug-out-f141.google.com:
      no match
      Jan 1 13:25:17 [postfix/smtpd] match_list_match: 66.249.92.141: no match
      Jan 1 13:25:17 [postfix/smtpd] send attr request = disconnect
      Jan 1 13:25:17 [postfix/smtpd] send attr ident = smtp:66.249.92.141
      Jan 1 13:25:17 [postfix/smtpd] private/anvil: wanted attribute: status
      Jan 1 13:25:17 [postfix/smtpd] input attribute name: status
      Jan 1 13:25:17 [postfix/smtpd] input attribute value: 0
      Jan 1 13:25:17 [postfix/smtpd] private/anvil: wanted attribute: (list
      terminator)
      Jan 1 13:25:17 [postfix/smtpd] input attribute name: (end)
      Jan 1 13:25:17 [postfix/smtpd] lost connection after CONNECT from
      ug-out-f141.google.com[66.249.92.141]
      Jan 1 13:25:17 [postfix/smtpd] disconnect from
      ug-out-f141.google.com[66.249.92.141]
      Jan 1 13:25:17 [postfix/smtpd] connect from
      ug-out-f141.google.com[66.249.92.141]
      ...
      =================================================
      These repeat until the "[postfix/smtpd] warning: Connection rate limit
      exceeded:" kicks in.

      These are the restrictions that I have in place:

      =================================================
      smtpd_client_restrictions =
      warn_if_reject,
      reject_unauth_pipelining,
      permit

      smtpd_helo_restrictions =
      permit_mynetworks,
      reject_non_fqdn_helo_hostname,
      reject_invalid_helo_hostname,
      permit

      smtpd_sender_restrictions =
      reject_non_fqdn_sender,
      reject_unknown_sender_domain,
      permit

      smtpd_recipient_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_non_fqdn_recipient,
      reject_unknown_recipient_domain,
      reject_unauth_destination,
      reject_unlisted_recipient,
      check_policy_service inet:127.0.0.1:2501,
      permit
      =================================================

      1) These connects/disconnects have been coming from google for the nearly
      the past 24 hours (I *am* expecting a mail from them)
      2) All the other "lost connection after CONNECT" errors I get are mainly
      from "unknown"s and dial-up/dsl/broadband and other cesspits of spam.
      google is the notable exception
      3) The server is not under any load and not hitting any limits.

      Any ideas? I'm not too keen on simply whitelisting that particular server
      (I've only had contact with that server so far).

      --
      Crayon
    • Wietse Venema
      ... This can be SMTP client timeout before the SMTP server responds: not enough smtpd processes or too many delays in policy servers, header/body checks and so
      Message 2 of 6 , Jan 1, 2007
      • 0 Attachment
        Crayon:
        > Jan 1 13:25:17 [postfix/smtpd] > ug-out-f141.google.com[66.249.92.141]:
        > 220 mx.example.com ESMTP Postfix
        > Jan 1 13:25:17 [postfix/smtpd] watchdog_pat: 0x80c5458
        > Jan 1 13:25:17 [postfix/smtpd] smtp_get: EOF

        This can be SMTP client timeout before the SMTP server responds:
        not enough smtpd processes or too many delays in policy servers,
        header/body checks and so on.

        When reporting a problem do provide "postconf -n" output as requested
        in line 6 of the mailing list welcome message.

        Wietse

        1 Welcome to the postfix-users mailing list.
        2
        3 This list is for questions and discussions concerning the installation,
        4 configuration and operation of the Postfix mail system.
        5
        6 TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
        7
        8 TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
        9
        10 Thank you for using Postfix.
      • Crayon
        ... I don t think timeouts are causing the problem because several of these connects/disconnects take place within 1 second. And I don t think smtpd processes
        Message 3 of 6 , Jan 2, 2007
        • 0 Attachment
          On Tuesday 02 January 2007 03:08, Wietse wrote:

          > This can be SMTP client timeout before the SMTP server responds:
          > not enough smtpd processes or too many delays in policy servers,
          > header/body checks and so on.

          I don't think timeouts are causing the problem because several of these
          connects/disconnects take place within 1 second.

          And I don't think smtpd processes are hitting any limit because:

          1) it's a lightly loaded server (typical mail traffic about 1000/day)
          2) anvil doesn't report anything abnormal
          3) I believe postfix gives an explicit error when smptd connection limit
          is reached - "[postfix/master] warning: service "1025" (1025) has reached
          its process limit "10": new clients may experience noticeable delays"?

          Further, the server has since successfully received mail from several
          *other* google servers. It /may/ be that there is a problem with that
          particular server.


          > When reporting a problem do provide "postconf -n" output as requested

          Sorry, here it is:

          ==============================
          broken_sasl_auth_clients = yes
          command_directory = /usr/sbin
          config_directory = /etc/postfix
          daemon_directory = /usr/lib/postfix
          debug_peer_level = 2
          debug_peer_list = 66.249.92.141
          disable_vrfy_command = yes
          home_mailbox = Maildir/
          html_directory = /usr/share/doc/postfix-2.3.4/html
          inet_interfaces = $myhostname
          mail_owner = postfix
          mail_spool_directory = /var/spool/mail
          mailbox_command_maps = cdb:/etc/postfix/mail_command
          mailq_path = /usr/bin/mailq
          manpage_directory = /usr/share/man
          mydestination = $myhostname
          mydomain = example.com
          myhostname = mx.example.com
          mynetworks_style = host
          myorigin = $mydomain
          newaliases_path = /usr/bin/newaliases
          proxy_read_maps = $local_recipient_maps, $mydestination,
          $virtual_alias_maps, $virtual_alias_domains, $virtual_mailbox_maps,
          $virtual_mailbox_domains, $relay_recipient_maps, $relay_domains,
          $canonical_maps, $sender_canonical_maps,
          $recipient_canonical_maps, $relocated_maps, $transport_maps,
          $mynetworks, $virtual_mailbox_limit_maps
          queue_directory = /var/spool/postfix
          readme_directory = /usr/share/doc/postfix-2.3.4/readme
          recipient_bcc_maps = cdb:/etc/postfix/bcc_recipient
          sample_directory = /etc/postfix
          sendmail_path = /usr/sbin/sendmail
          setgid_group = postdrop
          smtpd_client_connection_count_limit = 2
          smtpd_client_connection_rate_limit = 2
          smtpd_client_message_rate_limit = 4
          smtpd_client_new_tls_session_rate_limit = 2
          smtpd_client_recipient_rate_limit = 10
          smtpd_client_restrictions = warn_if_reject, reject_unauth_pipelining,
          permit
          smtpd_delay_reject = yes
          smtpd_error_sleep_time = 60s
          smtpd_hard_error_limit = 2
          smtpd_helo_required = yes
          smtpd_helo_restrictions = permit_mynetworks,
          reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
          smtpd_recipient_restrictions = permit_mynetworks,
          permit_sasl_authenticated, reject_non_fqdn_recipient,
          reject_unknown_recipient_domain, reject_unauth_destination,
          reject_unlisted_recipient, check_policy_service inet:127.0.0.1:2501,
          permit
          smtpd_sasl_auth_enable = yes
          smtpd_sasl_local_domain = $myhostname
          smtpd_sasl_path = private/auth
          smtpd_sasl_security_options = noanonymous
          smtpd_sasl_type = dovecot
          smtpd_sender_restrictions = reject_non_fqdn_sender,
          reject_unknown_sender_domain, permit
          smtpd_soft_error_limit = 1
          smtpd_tls_auth_only = yes
          smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt
          smtpd_tls_key_file = /etc/ssl/private/postfix.key
          smtpd_tls_loglevel = 1
          smtpd_tls_received_header = yes
          smtpd_tls_security_level = may
          smtpd_tls_session_cache_timeout = 3600s
          tls_random_source = dev:/dev/urandom
          unknown_local_recipient_reject_code = 550
          ==============================


          --
          Crayon
        • ronan reynaud
          Hello I have the same kind of problem, although it s not with google : lots of lost connection after DATA and lost connection after CONNECT from orange.fr
          Message 4 of 6 , Jan 2, 2007
          • 0 Attachment
            Hello

            I have the same kind of problem, although it's not with google :

            lots of "lost connection after DATA" and "lost connection after CONNECT" from
            orange.fr (a well known french provider).
            The mails are lost :-(

            Others smtp servers are working fine. I can receive mails.

            here's the logs :
            (...)
            Dec 31 06:40:45 triage postfix/smtpd[16338]: connect from
            smtp20.orange.fr[193.252.22.31]
            Dec 31 06:40:45 triage postfix/smtpd[16338]: AB56A23315:
            client=smtp20.orange.fr[193.252.22.31]
            Dec 31 06:40:45 triage postfix/cleanup[16339]: AB56A23315:
            message-id=<000501c72c32$3a3dbce0$aa4ff9c1@mrx77kyur7frzn>
            Dec 31 06:40:45 triage postfix/smtpd[16338]: lost connection after DATA from
            smtp20.orange.fr[193.252.22.31]
            Dec 31 06:40:45 triage postfix/smtpd[16338]: disconnect from
            smtp20.orange.fr[193.252.22.31]
            (...)


            Here's the postconf -n :

            address_verify_transport_maps = $transport_maps
            alias_database = hash:/etc/aliases
            alias_maps = hash:/etc/aliases
            command_directory = /usr/sbin
            config_directory = /etc/postfix
            daemon_directory = /usr/libexec/postfix
            debug_peer_level = 2
            default_process_limit = 150
            html_directory = no
            in_flow_delay = 0s
            inet_interfaces = $myhostname, localhost
            local_recipient_maps =
            mail_owner = postfix
            mailbox_command = /usr/bin/procmail
            mailq_path = /usr/bin/mailq.postfix
            manpage_directory = /usr/share/man
            mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
            mydomain = XXX.org
            myhostname = triage.XXX.org
            myorigin = $mydomain
            newaliases_path = /usr/bin/newaliases.postfix
            queue_directory = /var/spool/postfix
            readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
            sample_directory = /usr/share/doc/postfix-2.1.5/samples
            sendmail_path = /usr/sbin/sendmail.postfix
            setgid_group = postdrop
            smtpd_banner = $myhostname ESMTP XXX
            transport_maps = regexp:/etc/postfix/transport
            unknown_local_recipient_reject_code = 550

            This server is used to relay to different servers, so this is the transport
            file :
            /^ABC+(.*)/ smtp:[ip.address.num.two]
            /^(.*)\@.../ smtp:[ip.address.num.one]
            /^(.*)\@.../ smtp:[ip.address.num.one]
            /^(.*)\@.../ smtp:[ip.address.num.two]


            I'm trying to contact orange .. with no luck for now.
            (It worked for a while several weeks ago)
            This problem seems to be like your...

            Thanks,
            and happy new year !

            Ronan REYNAUD
          • ronan reynaud
            ... I forgot to say : I tried to change MTU , with no luck. Ronan REYNAUD
            Message 5 of 6 , Jan 2, 2007
            • 0 Attachment
              ... I forgot to say :
              I tried to change MTU , with no luck.

              Ronan REYNAUD
            • Crayon
              ... I just want to report that that mail from that particular google server (ug-out-f141.google.com[66.249.92.141]) has finally been received. I made no
              Message 6 of 6 , Jan 2, 2007
              • 0 Attachment
                On Tuesday 02 January 2007 19:45, ronan reynaud wrote:

                > I have the same kind of problem, although it's not with google :

                I just want to report that that mail from that particular google server
                (ug-out-f141.google.com[66.249.92.141]) has finally been received.

                I made no significant changes to the config (just added an extra item - my
                dialup ip - to the debug_peer_list).

                My only conclusion at this stage is that it's a one-off thing.

                --
                Crayon
              Your message has been successfully submitted and would be delivered to recipients shortly.