Loading ...
Sorry, an error occurred while loading the content.
 

Re: lots of lost connections

Expand Messages
  • brian moore
    On Tue, 30 Mar 2010 14:13:27 -0700 ... ESMTP Pipelining? They could very well be rejected before DATA, except, well, with pipelining they may have already
    Message 1 of 8 , Mar 30, 2010
      On Tue, 30 Mar 2010 14:13:27 -0700
      Terry Barnum <terry@...> wrote:

      > Other ideas why those clients didn't get rejected before DATA?

      ESMTP Pipelining?

      They could very well be rejected before DATA, except, well, with pipelining
      they may have already started sending the message.

      (There are quite a few spam clients that use pipelining for the same reason
      it was added.. it does speed up sending. Of course, spam clients also tend
      to have horrible error detection and just close the socket when they get an
      error, and sometimes just close it after sending the end-of-data marker without
      even bothering to see the response... not like they care if the address is valid
      or not.)
    • Sahil Tandon
      ... Some of the above IPs were listed on zen in the last 9-12 hours, so perhaps that is why they slipped by? -- Sahil Tandon
      Message 2 of 8 , Mar 30, 2010
        On Tue, 30 Mar 2010, Terry Barnum wrote:

        > >> $ grep 'lost connection' /var/log/mail.log
        > >> <snip>
        > >> Mar 30 05:07:14 mail postfix/smtpd[45236]: lost connection after DATA from unknown[123.28.125.3]
        > >> Mar 30 05:07:17 mail postfix/smtpd[45244]: lost connection after DATA from unknown[62.32.223.28]
        > >> Mar 30 05:07:18 mail postfix/smtpd[45240]: lost connection after RCPT from public16037.xdsl.centertel.pl[79.163.62.165]
        > >> Mar 30 05:07:18 mail postfix/smtpd[45159]: lost connection after RCPT from unknown[218.157.167.131]
        > >> Mar 30 05:07:20 mail postfix/smtpd[45188]: lost connection after CONNECT from unknown[212.63.221.10]
        > >> Mar 30 05:07:23 mail postfix/smtpd[45230]: lost connection after RCPT from mproxy01.jheel.bdcom.com[210.4.76.3]
        > >> Mar 30 05:07:25 mail postfix/smtpd[45229]: lost connection after DATA from unknown[119.15.93.218]
        > >> Mar 30 05:07:27 mail postfix/smtpd[45237]: lost connection after RCPT from unknown[213.198.111.207]
        >
        > Other ideas why those clients didn't get rejected before DATA?

        Some of the above IPs were listed on zen in the last 9-12 hours, so
        perhaps that is why they slipped by?

        --
        Sahil Tandon <sahil@...>
      • Terry Barnum
        ... Ahh, good point Sahil. Thanks. -Terry
        Message 3 of 8 , Mar 30, 2010
          On Mar 30, 2010, at 3:05 PM, Sahil Tandon wrote:

          > On Tue, 30 Mar 2010, Terry Barnum wrote:
          >
          >>>> $ grep 'lost connection' /var/log/mail.log
          >>>> <snip>
          >>>> Mar 30 05:07:14 mail postfix/smtpd[45236]: lost connection after DATA from unknown[123.28.125.3]
          >>>> Mar 30 05:07:17 mail postfix/smtpd[45244]: lost connection after DATA from unknown[62.32.223.28]
          >>>> Mar 30 05:07:18 mail postfix/smtpd[45240]: lost connection after RCPT from public16037.xdsl.centertel.pl[79.163.62.165]
          >>>> Mar 30 05:07:18 mail postfix/smtpd[45159]: lost connection after RCPT from unknown[218.157.167.131]
          >>>> Mar 30 05:07:20 mail postfix/smtpd[45188]: lost connection after CONNECT from unknown[212.63.221.10]
          >>>> Mar 30 05:07:23 mail postfix/smtpd[45230]: lost connection after RCPT from mproxy01.jheel.bdcom.com[210.4.76.3]
          >>>> Mar 30 05:07:25 mail postfix/smtpd[45229]: lost connection after DATA from unknown[119.15.93.218]
          >>>> Mar 30 05:07:27 mail postfix/smtpd[45237]: lost connection after RCPT from unknown[213.198.111.207]
          >>
          >> Other ideas why those clients didn't get rejected before DATA?
          >
          > Some of the above IPs were listed on zen in the last 9-12 hours, so
          > perhaps that is why they slipped by?

          Ahh, good point Sahil. Thanks.

          -Terry
        • Terry Barnum
          ... Thank you for the explanation. It s what I imagined to be the case, poorly written spam clients (well, poorly written from a good-is-correct pov, but
          Message 4 of 8 , Mar 30, 2010
            On Mar 30, 2010, at 3:05 PM, brian moore wrote:

            > On Tue, 30 Mar 2010 14:13:27 -0700
            > Terry Barnum <terry@...> wrote:
            >
            >> Other ideas why those clients didn't get rejected before DATA?
            >
            > ESMTP Pipelining?
            >
            > They could very well be rejected before DATA, except, well, with pipelining
            > they may have already started sending the message.
            >
            > (There are quite a few spam clients that use pipelining for the same reason
            > it was added.. it does speed up sending. Of course, spam clients also tend
            > to have horrible error detection and just close the socket when they get an
            > error, and sometimes just close it after sending the end-of-data marker without
            > even bothering to see the response... not like they care if the address is valid
            > or not.)

            Thank you for the explanation. It's what I imagined to be the case, poorly written spam clients (well, poorly written from a good-is-correct pov, but spammers would likely disagree with that definition.)

            -Terry
          Your message has been successfully submitted and would be delivered to recipients shortly.