Loading ...
Sorry, an error occurred while loading the content.

smtp_sender_dependent_authentication hanging

Expand Messages
  • Dennis Putnam
    I think I have everything set up correctly now but when I send a message from the sender in question, something is hanging and there is no debug output in the
    Message 1 of 13 , Mar 30, 2013
    • 0 Attachment
      I think I have everything set up correctly now but when I send a message
      from the sender in question, something is hanging and there is no debug
      output in the log. Here are the running processes:

      root 6353 0.0 0.2 12488 2444 ? Ss 07:16 0:00
      /usr/libexec/postfix/master
      postfix 8242 0.0 0.2 13524 2564 ? S 11:36 0:00 qmgr -l
      -t fifo -u
      postfix 8243 0.0 0.2 12564 2396 ? S 11:36 0:00 pickup
      -l -t fifo -u
      postfix 8274 0.0 0.4 13496 4176 ? S 11:40 0:00 smtp -t
      unix -u
      postfix 8275 0.0 0.2 12560 2488 ? S 11:40 0:00 tlsmgr
      -l -t unix -u

      I am not familiar enough with postfix to figure out which process is
      hanging but based on 'top' none are using any resources. I can only
      guess that there is something going on with authentication (tlsmgr?) but
      I don't know how to get any debug out of it. Can someone suggest a way
      to debug this? Perhaps this symptom is common to initial setup and
      someone can suggest a cause. Thanks.
    • Reindl Harald
      ... ok now it is enough * read the welcome message of the list * provide output of postconf -n * provide content of master.cf if you changed it * provide
      Message 2 of 13 , Mar 30, 2013
      • 0 Attachment
        Am 30.03.2013 16:52, schrieb Dennis Putnam:
        > I think I have everything set up correctly now but when I send a message
        > from the sender in question, something is hanging and there is no debug
        > output in the log. Here are the running processes:
        >
        > root 6353 0.0 0.2 12488 2444 ? Ss 07:16 0:00
        > /usr/libexec/postfix/master
        > postfix 8242 0.0 0.2 13524 2564 ? S 11:36 0:00 qmgr -l
        > -t fifo -u
        > postfix 8243 0.0 0.2 12564 2396 ? S 11:36 0:00 pickup
        > -l -t fifo -u
        > postfix 8274 0.0 0.4 13496 4176 ? S 11:40 0:00 smtp -t
        > unix -u
        > postfix 8275 0.0 0.2 12560 2488 ? S 11:40 0:00 tlsmgr
        > -l -t unix -u
        >
        > I am not familiar enough with postfix to figure out which process is
        > hanging but based on 'top' none are using any resources. I can only
        > guess that there is something going on with authentication (tlsmgr?) but
        > I don't know how to get any debug out of it. Can someone suggest a way
        > to debug this? Perhaps this symptom is common to initial setup and
        > someone can suggest a cause.

        ok now it is enough

        * read the welcome message of the list
        * provide output of "postconf -n"
        * provide content of "master.cf" if you changed it
        * provide the part of /var/log/maillog from connection to your "hang"
        * BEFORE post maillog-parts DISABLE debug as you can read in debug-howto
        * read http://www.postfix.org/DEBUG_README.html
      • /dev/rob0
        ... What exactly is not working? Why do you think something hangs? We re not seeing what you are seeing, because, uh, you didn t show us. ... Why do you want
        Message 3 of 13 , Mar 30, 2013
        • 0 Attachment
          On Sat, Mar 30, 2013 at 11:52:55AM -0400, Dennis Putnam wrote:
          > I think I have everything set up correctly now but when I send a
          > message from the sender in question, something is hanging and there

          What exactly is not working? Why do you think something hangs? We're
          not seeing what you are seeing, because, uh, you didn't show us.

          > is no debug output in the log. Here are the running processes:

          Why do you want debug output in the log? Don't do that. Normal
          logging is adequate for almost everything, and debug logging can put
          an excessive burden on the system/syslogd.

          > I am not familiar enough with postfix to figure out which process
          > is hanging but based on 'top' none are using any resources. I can
          > only guess that there is something going on with authentication
          > (tlsmgr?)

          tlsmgr(8) is the Postfix TLS cache and randomness manager.

          > but I don't know how to get any debug out of it. Can someone
          > suggest a way to debug this? Perhaps this symptom is common to
          > initial setup and someone can suggest a cause. Thanks.

          I don't know what the actual problem is. Show us.

          http://www.postfix.org/DEBUG_README.html#mail
          --
          http://rob0.nodns4.us/ -- system administration and consulting
          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
        • Dennis Putnam
          ... Thanks for the reply. The purpose of debug logging is to solve this problem. Of course that would be turned back off once it is working. Quite some time
          Message 4 of 13 , Mar 30, 2013
          • 0 Attachment
            On 3/30/2013 12:17 PM, /dev/rob0 wrote:
            > On Sat, Mar 30, 2013 at 11:52:55AM -0400, Dennis Putnam wrote:
            >> I think I have everything set up correctly now but when I send a
            >> message from the sender in question, something is hanging and there
            > What exactly is not working? Why do you think something hangs? We're
            > not seeing what you are seeing, because, uh, you didn't show us.
            >
            >> is no debug output in the log. Here are the running processes:
            > Why do you want debug output in the log? Don't do that. Normal
            > logging is adequate for almost everything, and debug logging can put
            > an excessive burden on the system/syslogd.
            >
            >> I am not familiar enough with postfix to figure out which process
            >> is hanging but based on 'top' none are using any resources. I can
            >> only guess that there is something going on with authentication
            >> (tlsmgr?)
            > tlsmgr(8) is the Postfix TLS cache and randomness manager.
            >
            >> but I don't know how to get any debug out of it. Can someone
            >> suggest a way to debug this? Perhaps this symptom is common to
            >> initial setup and someone can suggest a cause. Thanks.
            > I don't know what the actual problem is. Show us.
            >
            > http://www.postfix.org/DEBUG_README.html#mail
            Thanks for the reply. The purpose of debug logging is to solve this
            problem. Of course that would be turned back off once it is working.
            Quite some time after I sent this initial post I finally got this in the
            log (the timeout is apparently very large):

            E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
            while receiving the initial server greeting

            Obviously it was not really hung but just waiting for something.

            Apparently one side or the other is waiting because my configuration is
            wrong. Since this is a commercial mail relay, I doubt the problem is on
            their side. Perhaps if I could get the dialog between the 2 I could
            figure it out. How do I get that dialog?
          • Gerald Vogt
            ... Try reading what is written at that link above and then follow the instructions and provide the necessary information as listed at that link. It s really
            Message 5 of 13 , Mar 30, 2013
            • 0 Attachment
              On 30.03.13 18:34, Dennis Putnam wrote:
              > On 3/30/2013 12:17 PM, /dev/rob0 wrote:
              >> I don't know what the actual problem is. Show us.
              >>
              >> http://www.postfix.org/DEBUG_README.html#mail
              > Thanks for the reply. The purpose of debug logging is to solve this
              > problem. Of course that would be turned back off once it is working.
              > Quite some time after I sent this initial post I finally got this in the
              > log (the timeout is apparently very large):

              Try reading what is written at that link above and then follow the
              instructions and provide the necessary information as listed at that link.

              It's really pointless to guess what you have might done to your
              configuration if all it needs to provide the exact information to help
              you would be to post the output of "postconf -n"...

              > E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
              > while receiving the initial server greeting
              >
              > Obviously it was not really hung but just waiting for something.
              >
              > Apparently one side or the other is waiting because my configuration is
              > wrong. Since this is a commercial mail relay, I doubt the problem is on
              > their side. Perhaps if I could get the dialog between the 2 I could
              > figure it out. How do I get that dialog?

              Sorry, but maybe you should not try to configure a mail server/relay for
              the internet if you have trouble understanding this simple error
              message. It seems a very bad idea to run an internet server if you have
              so many difficulties with the absolute basics (like providing the
              information requested multiple times by now...) There are already too
              many open relays in the internet...

              As the error message says, it times out while receiving the initial
              server greeting. There is no dialog. It doesn't even start. There is not
              even the initial greeting. So figure what could be the problem for
              that... Should be pretty straight forward to understand...

              Gerald
            • Dennis Putnam
              ... I know very well what the error message means. It is the underlying events that I don t understand. How am I supposed to know if this is a timeout trying
              Message 6 of 13 , Mar 30, 2013
              • 0 Attachment
                On 3/30/2013 2:07 PM, Gerald Vogt wrote:
                > On 30.03.13 18:34, Dennis Putnam wrote:
                >> On 3/30/2013 12:17 PM, /dev/rob0 wrote:
                >>> I don't know what the actual problem is. Show us.
                >>>
                >>> http://www.postfix.org/DEBUG_README.html#mail
                >> Thanks for the reply. The purpose of debug logging is to solve this
                >> problem. Of course that would be turned back off once it is working.
                >> Quite some time after I sent this initial post I finally got this in the
                >> log (the timeout is apparently very large):
                > Try reading what is written at that link above and then follow the
                > instructions and provide the necessary information as listed at that link.
                >
                > It's really pointless to guess what you have might done to your
                > configuration if all it needs to provide the exact information to help
                > you would be to post the output of "postconf -n"...
                >
                >> E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
                >> while receiving the initial server greeting
                >>
                >> Obviously it was not really hung but just waiting for something.
                >>
                >> Apparently one side or the other is waiting because my configuration is
                >> wrong. Since this is a commercial mail relay, I doubt the problem is on
                >> their side. Perhaps if I could get the dialog between the 2 I could
                >> figure it out. How do I get that dialog?
                > Sorry, but maybe you should not try to configure a mail server/relay for
                > the internet if you have trouble understanding this simple error
                > message. It seems a very bad idea to run an internet server if you have
                > so many difficulties with the absolute basics (like providing the
                > information requested multiple times by now...) There are already too
                > many open relays in the internet...
                > As the error message says, it times out while receiving the initial
                > server greeting. There is no dialog. It doesn't even start. There is not
                > even the initial greeting. So figure what could be the problem for
                > that... Should be pretty straight forward to understand...
                >
                > Gerald
                >
                I know very well what the error message means. It is the underlying
                events that I don't understand. How am I supposed to know if this is a
                timeout trying to open a port as opposed to making a successful socket
                connection and then not receiving a response to the HELO command? Now
                based on your response that there is no dialog, I understand this is a
                socket connection timeout. Otherwise there would be an HELO in the
                dialog. I'm not sure how my config can cause that but at least I have a
                place to start now.
              • Reindl Harald
                ... +1 ... by telnet in.mailjet.com 25 as everybody looks if a tcp connection itself is succesful ... but since we here NOT se a different port as 25 and you
                Message 7 of 13 , Mar 30, 2013
                • 0 Attachment
                  Am 30.03.2013 19:28, schrieb Dennis Putnam:
                  > On 3/30/2013 2:07 PM, Gerald Vogt wrote:
                  >> Sorry, but maybe you should not try to configure a mail server/relay for
                  >> the internet if you have trouble understanding this simple error
                  >> message. It seems a very bad idea to run an internet server if you have
                  >> so many difficulties with the absolute basics (like providing the
                  >> information requested multiple times by now...) There are already too
                  >> many open relays in the internet...
                  >> As the error message says, it times out while receiving the initial
                  >> server greeting. There is no dialog. It doesn't even start. There is not
                  >> even the initial greeting. So figure what could be the problem for
                  >> that... Should be pretty straight forward to understand...

                  +1

                  > I know very well what the error message means. It is the underlying
                  > events that I don't understand. How am I supposed to know if this is a
                  > timeout trying to open a port as opposed to making a successful socket
                  > connection and then not receiving a response to the HELO command?

                  by "telnet in.mailjet.com 25" as everybody looks if a tcp connection
                  itself is succesful

                  > E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
                  > while receiving the initial server greeting

                  but since we here NOT se a different port as 25 and you refuse MULTIPLE
                  tims to post your damned config i guess again that you do not try to
                  configrue youre server to submit euthenticated messages to port 587
                  and coming from a IP which is not allowed to submit via port 25 for
                  whatever reason on the destination - but what do i know because you
                  refuse to help others helping you all the time

                  so come back with output of "postconf -n" and the both config
                  files for "smtp_sender_dependent_authentication" replaced only
                  the username and passwort or read manuals and solve your
                  troubles at your own
                • Dennis Putnam
                  ... Sorry but I wanted to try to figure this out on my own first. That is the way I learn. That is also why all my questions were asking how to debug this
                  Message 8 of 13 , Mar 30, 2013
                  • 0 Attachment
                    On 3/30/2013 4:08 PM, Reindl Harald wrote:
                    >
                    > Am 30.03.2013 19:28, schrieb Dennis Putnam:
                    >> On 3/30/2013 2:07 PM, Gerald Vogt wrote:
                    >>> Sorry, but maybe you should not try to configure a mail server/relay for
                    >>> the internet if you have trouble understanding this simple error
                    >>> message. It seems a very bad idea to run an internet server if you have
                    >>> so many difficulties with the absolute basics (like providing the
                    >>> information requested multiple times by now...) There are already too
                    >>> many open relays in the internet...
                    >>> As the error message says, it times out while receiving the initial
                    >>> server greeting. There is no dialog. It doesn't even start. There is not
                    >>> even the initial greeting. So figure what could be the problem for
                    >>> that... Should be pretty straight forward to understand...
                    > +1
                    >
                    >> I know very well what the error message means. It is the underlying
                    >> events that I don't understand. How am I supposed to know if this is a
                    >> timeout trying to open a port as opposed to making a successful socket
                    >> connection and then not receiving a response to the HELO command?
                    > by "telnet in.mailjet.com 25" as everybody looks if a tcp connection
                    > itself is succesful
                    >
                    >> E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
                    >> while receiving the initial server greeting
                    > but since we here NOT se a different port as 25 and you refuse MULTIPLE
                    > tims to post your damned config i guess again that you do not try to
                    > configrue youre server to submit euthenticated messages to port 587
                    > and coming from a IP which is not allowed to submit via port 25 for
                    > whatever reason on the destination - but what do i know because you
                    > refuse to help others helping you all the time
                    >
                    > so come back with output of "postconf -n" and the both config
                    > files for "smtp_sender_dependent_authentication" replaced only
                    > the username and passwort or read manuals and solve your
                    > troubles at your own
                    >
                    Sorry but I wanted to try to figure this out on my own first. That is
                    the way I learn. That is also why all my questions were asking how to
                    debug this rather than ask for a solution. I did not mean to come across
                    as uncooperative or ungrateful but my mind was just in a different
                    solving mode than yours.

                    postconf -n

                    alias_database = hash:/etc/postfix/aliases
                    alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
                    command_directory = /usr/sbin
                    config_directory = /etc/postfix
                    daemon_directory = /usr/libexec/postfix
                    data_directory = /var/lib/postfix
                    debug_peer_level = 3
                    debug_peer_list = 127.0.0.1
                    html_directory = no
                    inet_interfaces = all
                    inet_protocols = all
                    mail_owner = postfix
                    mailq_path = /usr/bin/mailq.postfix
                    manpage_directory = /usr/share/man
                    mydestination = $myhostname, localhost.$mydomain, localhost
                    mynetworks_style = host
                    newaliases_path = /usr/bin/newaliases.postfix
                    queue_directory = /var/spool/postfix
                    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
                    relayhost = [smtp.att.yahoo.com]
                    sample_directory = /etc/postfix
                    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
                    sendmail_path = /usr/sbin/sendmail.postfix
                    setgid_group = postdrop
                    smtp_generic_maps = hash:/etc/postfix/generic
                    smtp_helo_name = home.bellsouth.net
                    smtp_sasl_auth_enable = yes
                    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
                    smtp_sasl_security_options =
                    smtp_sender_dependent_authentication = yes
                    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
                    smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (CentOS Linux)
                    syslog_name = postfix
                    unknown_local_recipient_reject_code = 550

                    sasl_passwd

                    [in.mailjet.com]
                    21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69

                    sender_relay

                    myuser@... [in.mailjet.com]:587

                    P.S. There is not a socket connection problem. telnet to port 587 works
                    fine as does authentication and commands to send a test email.
                  • Reindl Harald
                    ... so leave us in peace until you are done with this ... and waste others time useless ... the world doe not work this way first you need to understand what
                    Message 9 of 13 , Mar 30, 2013
                    • 0 Attachment
                      Am 30.03.2013 23:30, schrieb Dennis Putnam:
                      >> so come back with output of "postconf -n" and the both config
                      >> files for "smtp_sender_dependent_authentication" replaced only
                      >> the username and passwort or read manuals and solve your
                      >> troubles at your own
                      >>
                      > Sorry but I wanted to try to figure this out on my own first

                      so leave us in peace until you are done with this

                      > That is the way I learn

                      and waste others time useless

                      > That is also why all my questions were asking how to
                      > debug this rather than ask for a solution

                      the world doe not work this way

                      first you need to understand what you are doing and then
                      you can debug and you can not learn if asking questions
                      without provide informations

                      > I did not mean to come across as uncooperative or ungrateful but my
                      > mind was just in a different solving mode than yours

                      no problem if your mind works alone

                      > sasl_passwd
                      >
                      > [in.mailjet.com]
                      > 21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69
                      >
                      > sender_relay
                      >
                      > myuser@... [in.mailjet.com]:587
                      >
                      > P.S. There is not a socket connection problem. telnet to port 587 works
                      > fine as does authentication and commands to send a test email

                      so in "sasl_passwd" you do not use the port

                      well, and if you would have provided this info at begin the
                      problem would be solved with ONE reply at all

                      [in.mailjet.com] is for port 25 as long you do dont specify [in.mailjet.com]:587
                    • Dennis Putnam
                      ... First, my ISP blocks port 25 that is why 587 is needed. Second, I tried specifying the port in the passwd file and that did not work either. You must have
                      Message 10 of 13 , Mar 30, 2013
                      • 0 Attachment
                        On 3/30/2013 6:48 PM, Reindl Harald wrote:
                        >
                        > Am 30.03.2013 23:30, schrieb Dennis Putnam:
                        >>> so come back with output of "postconf -n" and the both config
                        >>> files for "smtp_sender_dependent_authentication" replaced only
                        >>> the username and passwort or read manuals and solve your
                        >>> troubles at your own
                        >>>
                        >> Sorry but I wanted to try to figure this out on my own first
                        > so leave us in peace until you are done with this
                        >
                        >> That is the way I learn
                        > and waste others time useless
                        >
                        >> That is also why all my questions were asking how to
                        >> debug this rather than ask for a solution
                        > the world doe not work this way
                        >
                        > first you need to understand what you are doing and then
                        > you can debug and you can not learn if asking questions
                        > without provide informations
                        >
                        >> I did not mean to come across as uncooperative or ungrateful but my
                        >> mind was just in a different solving mode than yours
                        > no problem if your mind works alone
                        >
                        >> sasl_passwd
                        >>
                        >> [in.mailjet.com]
                        >> 21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69
                        >>
                        >> sender_relay
                        >>
                        >> myuser@... [in.mailjet.com]:587
                        >>
                        >> P.S. There is not a socket connection problem. telnet to port 587 works
                        >> fine as does authentication and commands to send a test email
                        > so in "sasl_passwd" you do not use the port
                        >
                        > well, and if you would have provided this info at begin the
                        > problem would be solved with ONE reply at all
                        >
                        > [in.mailjet.com] is for port 25 as long you do dont specify [in.mailjet.com]:587
                        >
                        First, my ISP blocks port 25 that is why 587 is needed. Second, I tried
                        specifying the port in the passwd file and that did not work either. You
                        must have woke up on the wrong side of the bed this morning to be so
                        unnecessarily rude and ornery. Never mind. I'll find an other source for
                        help.
                      • Reindl Harald
                        ... do so if you change configurations, provide out of context ones and are not able to provide requested infos multiple times i am sure there are enough
                        Message 11 of 13 , Mar 30, 2013
                        • 0 Attachment
                          Am 31.03.2013 00:13, schrieb Dennis Putnam:
                          > On 3/30/2013 6:48 PM, Reindl Harald wrote:
                          >>> sasl_passwd
                          >>>
                          >>> [in.mailjet.com]
                          >>> 21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69
                          >>>
                          >>> sender_relay
                          >>>
                          >>> myuser@... [in.mailjet.com]:587
                          >>>
                          >>> P.S. There is not a socket connection problem. telnet to port 587 works
                          >>> fine as does authentication and commands to send a test email
                          >> so in "sasl_passwd" you do not use the port
                          >>
                          >> well, and if you would have provided this info at begin the
                          >> problem would be solved with ONE reply at all
                          >>
                          >> [in.mailjet.com] is for port 25 as long you do dont specify [in.mailjet.com]:587
                          >>
                          > First, my ISP blocks port 25 that is why 587 is needed. Second, I tried
                          > specifying the port in the passwd file and that did not work either. You
                          > must have woke up on the wrong side of the bed this morning to be so
                          > unnecessarily rude and ornery. Never mind. I'll find an other source for
                          > help

                          do so

                          if you change configurations, provide out of context ones and are not
                          able to provide requested infos multiple times i am sure there are
                          enough manpages and howtos to learn at your own

                          > you must have woke up on the wrong side of the bed this morning

                          no, if someone has a question he has to provide asked informations
                          or simply shut up in my world and this world works well
                        • Viktor Dukhovni
                          ... It works well for Reindl, who is yet to realise that he is not the only consciousness on the planet. As for the OP, he should try again with the correct
                          Message 12 of 13 , Mar 30, 2013
                          • 0 Attachment
                            On Sun, Mar 31, 2013 at 12:22:43AM +0100, Reindl Harald wrote:

                            > > you must have woke up on the wrong side of the bed this morning
                            >
                            > no, if someone has a question he has to provide asked informations
                            > or simply shut up in my world and this world works well

                            It works well for Reindl, who is yet to realise that he is not the
                            only consciousness on the planet.

                            As for the OP, he should try again with the correct lookup key for
                            the SASL table, and the destination IP address added to debug_peer_list.

                            Since the SMTP client reports a timeout receiving the initial
                            greeting, a tcpdump capture is helpful to determine what's going
                            on after the TCP 3-way handshake.

                            http://www.postfix.org/DEBUG_README.html#sniffer

                            If all there is is silence, perhaps the remote server is overloaded
                            or having trouble resolving the client's IP address to a name. It
                            is also possible that some rate-limiting system is throttling the
                            client, due to past login failures, or other policy reasons.

                            --
                            Viktor.
                          • Wietse Venema
                            ... According to the SMTP protocol definition, RFC 5321, the server sends the initial greeting before the client sends its first command. RFC 5321 section
                            Message 13 of 13 , Mar 30, 2013
                            • 0 Attachment
                              > E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
                              > while receiving the initial server greeting
                              >
                              > Obviously it was not really hung but just waiting for something.

                              According to the SMTP protocol definition, RFC 5321, the server
                              sends the initial greeting before the client sends its first command.

                              RFC 5321 section 4.5.3.2.1 recommends 5-minute timeout for this
                              protocol stage. This is consistent with the Postfix default:

                              smtp_helo_timeout (default: 300s)
                              The Postfix SMTP client time limit for sending the HELO
                              or EHLO command, and for receiving the initial remote SMTP
                              server response.

                              Why does the server not greet? Perhaps the server is overloaded.
                              It's also possible that they don't want to talk to your system.

                              If you make a tcpdump recording, then I expect to see a lot of a
                              silence.

                              Wietse
                            Your message has been successfully submitted and would be delivered to recipients shortly.