Loading ...
Sorry, an error occurred while loading the content.

Re: timeout after CONNECT

Expand Messages
  • Martijn de Munnik
    ... Stop all Outlook instances on the client computer and check if the computer is still making SMTP connections. If so then a virus or a spambot is likely to
    Message 1 of 3 , Feb 25, 2010
    • 0 Attachment
      On Thu, 2010-02-25 at 15:43 +0100, Zoltan Balogh wrote:
      > Hi List,
      >
      > I have an old postfix install where I am getting "timeout after
      > CONNECT from" error messages upon e-mails being send from one
      > particular host. The user is complaining that he is not able to send
      > out any e-mail. Other users from the same system are sending mail
      > happily without errors. User claims to use MS Outlook client. He was
      > trying to send an e-mail with about 500 recipients in one mail (no
      > comment) but he says before it was processed without problems. Now he
      > claims to have only one outgoing email in his Outbox (others including
      > one with 500 recipients was removed).
      >
      > I do not really understand why Outlook makes so many SMTP connections
      > to send out a single mail. Of course I recommended to check for
      > viruses or spambots on his computer - client computer seems to be
      > clean. I am guessing this is a client problem, but may be there is
      > something I am missing in my postfix config. If you have any idea,
      > please let me know.
      Stop all Outlook instances on the client computer and check if the
      computer is still making SMTP connections. If so then a virus or a
      spambot is likely to be installed.

      >
      > Here is a snip from /var/log/mail/info:
      > Feb 25 14:07:53 ns postfix/smtpd[1642]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:08:09 ns postfix/smtpd[1649]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:08:10 ns postfix/smtpd[1695]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:09:15 ns postfix/smtpd[1924]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:09:15 ns postfix/smtpd[1925]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:10:16 ns postfix/smtpd[3172]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:10:16 ns postfix/smtpd[1667]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:07 ns postfix/smtpd[32530]: timeout after CONNECT from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:07 ns postfix/smtpd[32530]: disconnect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:07 ns postfix/smtpd[17571]: timeout after CONNECT from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:07 ns postfix/smtpd[17571]: disconnect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:07 ns postfix/smtpd[16099]: timeout after CONNECT from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:07 ns postfix/smtpd[16099]: disconnect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:19 ns postfix/smtpd[32530]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:19 ns postfix/smtpd[16099]: connect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:21 ns postfix/smtpd[15515]: timeout after CONNECT from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:21 ns postfix/smtpd[15515]: disconnect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:21 ns postfix/smtpd[15816]: timeout after CONNECT from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      > Feb 25 14:11:21 ns postfix/smtpd[15816]: disconnect from
      > adsl-d128.84-47-53.t-com.sk[84.47.53.128]
      >
      > .. such log messages are appearing constantly for the past 2 days.
      >
      > Of course reguraly I get the following:
      > Feb 25 14:13:40 ns postfix/anvil[21586]: statistics: max connection
      > rate 9/60s for (smtp:84.47.53.128) at Feb 25 14:07:07
      > Feb 25 14:13:40 ns postfix/anvil[21586]: statistics: max connection
      > count 19 for (smtp:84.47.53.128) at Feb 25 14:10:16
      >
      > There are always 5 to 15 SMTP connects hanging from the same IP.
      > # netstat -ap
      > tcp 0 0 *:smtp *:*
      > LISTEN 1519/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23729
      > ESTABLISHED 16165/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23732
      > ESTABLISHED 1519/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23682
      > ESTABLISHED 1667/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23681
      > ESTABLISHED 3172/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23710
      > ESTABLISHED 32530/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23711
      > ESTABLISHED 16099/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23662
      > ESTABLISHED 1925/smtpd
      > tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23661
      > ESTABLISHED 1924/smtpd
      >
      > In the following my server host domain is forged to "myhost.sk":
      >
      > # postconf -n
      > alias_database = hash:/usr/local/postfix/conf/aliases
      > alias_maps = hash:/usr/local/postfix/conf/aliases
      > body_checks = regexp:/usr/local/postfix/conf/body_checks
      > command_directory = /usr/local/postfix-2.2.3/bin
      > config_directory = /usr/local/postfix-2.2.3/conf
      > content_filter = smtp-amavis:[127.0.0.1]:10024
      > daemon_directory = /usr/local/postfix-2.2.3/libexec
      > debug_peer_level = 2
      > delay_notice_recipient = info@...
      > disable_vrfy_command = yes
      > error_notice_recipient = info@...
      > header_checks = regexp:/usr/local/postfix/conf/header_checks
      > html_directory = /usr/local/postfix-2.2.3/html
      > inet_interfaces = all
      > local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_maps
      > mail_owner = postfix
      > mailbox_command = /usr/bin/procmail
      > mailbox_size_limit = 281200000
      > mailq_path = /usr/local/postfix-2.2.3/mailq
      > manpage_directory = /usr/local/postfix-2.2.3/man
      > max_use = 10
      > message_size_limit = 120000000
      > mime_header_checks = regexp:/usr/local/postfix/conf/mime_header_checks
      > mydestination = $myhostname
      > mydomain = myhost.sk
      > myhostname = ns.myhost.sk
      > newaliases_path = /usr/local/postfix-2.2.3/bin/newaliases
      > queue_directory = /var/spool/postfix
      > readme_directory = /usr/local/postfix-2.2.3/readme
      > relay_domains = /usr/local/postfix/conf/relay-domains
      > sample_directory = /usr/local/postfix-2.2.3/conf
      > sendmail_path = /usr/local/postfix-2.2.3/sbin/sendmail
      > setgid_group = postdrop
      > smtpd_banner = $myhostname ESMTP
      > smtpd_client_restrictions = permit_mynetworks, check_client_access
      > hash:/usr/local/postfix/conf/access.client, permit
      > smtpd_helo_required = yes
      > smtpd_recipient_restrictions = permit_mynetworks,
      > permit_sasl_authenticated, reject_unauth_destination,
      > reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
      > reject_rbl_client zen.spamhaus.org
      > smtpd_sasl_auth_enable = yes
      > smtpd_sasl_local_domain =
      > smtpd_sasl_security_options = noanonymous
      > smtpd_sender_restrictions = check_sender_access
      > hash:/usr/local/postfix/conf/access.sender, reject_non_fqdn_sender,
      > reject_unknown_sender_domain
      > transport_maps = hash:/usr/local/postfix/conf/transport
      > unknown_local_recipient_reject_code = 450
      > virtual_alias_domains = hash:/usr/local/postfix/conf/virtual_domains
      >
      > # cat master.cf
      > #amavis
      > smtp-amavis unix - - n - 2 smtp
      > -o smtp_data_done_timeout=1200
      > -o smtp_send_xforward_command=yes
      > -o disable_dns_lookups=yes
      >
      > 127.0.0.1:10025 inet n - n - - smtpd
      > -o content_filter=
      > -o local_recipient_maps=
      > -o relay_recipient_maps=
      > -o smtpd_restriction_classes=
      > -o smtpd_client_restrictions=
      > -o smtpd_helo_restrictions=
      > -o smtpd_sender_restrictions=
      > -o smtpd_recipient_restrictions=permit_mynetworks,reject
      > -o mynetworks=127.0.0.0/8
      > -o strict_rfc821_envelopes=yes
      > -o smtpd_error_sleep_time=0
      > -o smtpd_soft_error_limit=1001
      > -o smtpd_hard_error_limit=1000
      > -o receive_override_options=no_header_body_checks
      >
      >
      > # ==========================================================================
      > # service type private unpriv chroot wakeup maxproc command + args
      > # (yes) (yes) (yes) (never) (100)
      > # ==========================================================================
      > smtp inet n - n - 150 smtpd
      > #submission inet n - n - - smtpd
      > # -o smtpd_etrn_restrictions=reject
      > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      > #smtps inet n - n - - smtpd
      > # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
      > #submission inet n - n - - smtpd
      > # -o smtpd_etrn_restrictions=reject
      > # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
      > #628 inet n - n - - qmqpd
      > pickup fifo n - n 60 1 pickup
      > cleanup unix n - n - 0 cleanup
      > qmgr fifo n - n 300 1 qmgr
      > #qmgr fifo n - n 300 1 oqmgr
      > tlsmgr unix - - n 1000? 1 tlsmgr
      > rewrite unix - - n - - trivial-rewrite
      > bounce unix - - n - 0 bounce
      > defer unix - - n - 0 bounce
      > trace unix - - n - 0 bounce
      > verify unix - - n - 1 verify
      > flush unix n - n 1000? 0 flush
      > proxymap unix - - n - - proxymap
      > smtp unix - - n - 150 smtp
      > # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
      > relay unix - - n - - smtp
      > -o fallback_relay=
      > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      > showq unix n - n - - showq
      > error unix - - n - - error
      > discard unix - - n - - discard
      > local unix - n n - - local
      > virtual unix - n n - - virtual
      > lmtp unix - - n - - lmtp
      > anvil unix - - n - 1 anvil
      > scache unix - - n - 1 scache
      >
      > # maildrop. See the Postfix MAILDROP_README file for details.
      > # Also specify in main.cf: maildrop_destination_recipient_limit=1
      > maildrop unix - n n - - pipe
      > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
      >
      > # The Cyrus deliver program has changed incompatibly, multiple times.
      > old-cyrus unix - n n - - pipe
      > flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
      >
      > # Cyrus 2.1.5 (Amos Gouaux)
      > # Also specify in main.cf: cyrus_destination_recipient_limit=1
      > cyrus unix - n n - - pipe
      > user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
      >
      > # See the Postfix UUCP_README file for configuration details.
      > uucp unix - n n - - pipe
      > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
      >
      > # Other external delivery methods.
      > ifmail unix - n n - - pipe
      > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      > bsmtp unix - n n - - pipe
      > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
      >
      >
      >
      > Regards,
      > Zoltan
      >
      > http://zee.balogh.sk/
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.