Loading ...
Sorry, an error occurred while loading the content.
 

Re: smtp_sender_dependent_authentication hanging

Expand Messages
  • /dev/rob0
    ... What exactly is not working? Why do you think something hangs? We re not seeing what you are seeing, because, uh, you didn t show us. ... Why do you want
    Message 1 of 13 , Mar 30, 2013
      On Sat, Mar 30, 2013 at 11:52:55AM -0400, Dennis Putnam wrote:
      > I think I have everything set up correctly now but when I send a
      > message from the sender in question, something is hanging and there

      What exactly is not working? Why do you think something hangs? We're
      not seeing what you are seeing, because, uh, you didn't show us.

      > is no debug output in the log. Here are the running processes:

      Why do you want debug output in the log? Don't do that. Normal
      logging is adequate for almost everything, and debug logging can put
      an excessive burden on the system/syslogd.

      > I am not familiar enough with postfix to figure out which process
      > is hanging but based on 'top' none are using any resources. I can
      > only guess that there is something going on with authentication
      > (tlsmgr?)

      tlsmgr(8) is the Postfix TLS cache and randomness manager.

      > but I don't know how to get any debug out of it. Can someone
      > suggest a way to debug this? Perhaps this symptom is common to
      > initial setup and someone can suggest a cause. Thanks.

      I don't know what the actual problem is. Show us.

      http://www.postfix.org/DEBUG_README.html#mail
      --
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Dennis Putnam
      ... Thanks for the reply. The purpose of debug logging is to solve this problem. Of course that would be turned back off once it is working. Quite some time
      Message 2 of 13 , Mar 30, 2013
        On 3/30/2013 12:17 PM, /dev/rob0 wrote:
        > On Sat, Mar 30, 2013 at 11:52:55AM -0400, Dennis Putnam wrote:
        >> I think I have everything set up correctly now but when I send a
        >> message from the sender in question, something is hanging and there
        > What exactly is not working? Why do you think something hangs? We're
        > not seeing what you are seeing, because, uh, you didn't show us.
        >
        >> is no debug output in the log. Here are the running processes:
        > Why do you want debug output in the log? Don't do that. Normal
        > logging is adequate for almost everything, and debug logging can put
        > an excessive burden on the system/syslogd.
        >
        >> I am not familiar enough with postfix to figure out which process
        >> is hanging but based on 'top' none are using any resources. I can
        >> only guess that there is something going on with authentication
        >> (tlsmgr?)
        > tlsmgr(8) is the Postfix TLS cache and randomness manager.
        >
        >> but I don't know how to get any debug out of it. Can someone
        >> suggest a way to debug this? Perhaps this symptom is common to
        >> initial setup and someone can suggest a cause. Thanks.
        > I don't know what the actual problem is. Show us.
        >
        > http://www.postfix.org/DEBUG_README.html#mail
        Thanks for the reply. The purpose of debug logging is to solve this
        problem. Of course that would be turned back off once it is working.
        Quite some time after I sent this initial post I finally got this in the
        log (the timeout is apparently very large):

        E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
        while receiving the initial server greeting

        Obviously it was not really hung but just waiting for something.

        Apparently one side or the other is waiting because my configuration is
        wrong. Since this is a commercial mail relay, I doubt the problem is on
        their side. Perhaps if I could get the dialog between the 2 I could
        figure it out. How do I get that dialog?
      • Gerald Vogt
        ... Try reading what is written at that link above and then follow the instructions and provide the necessary information as listed at that link. It s really
        Message 3 of 13 , Mar 30, 2013
          On 30.03.13 18:34, Dennis Putnam wrote:
          > On 3/30/2013 12:17 PM, /dev/rob0 wrote:
          >> I don't know what the actual problem is. Show us.
          >>
          >> http://www.postfix.org/DEBUG_README.html#mail
          > Thanks for the reply. The purpose of debug logging is to solve this
          > problem. Of course that would be turned back off once it is working.
          > Quite some time after I sent this initial post I finally got this in the
          > log (the timeout is apparently very large):

          Try reading what is written at that link above and then follow the
          instructions and provide the necessary information as listed at that link.

          It's really pointless to guess what you have might done to your
          configuration if all it needs to provide the exact information to help
          you would be to post the output of "postconf -n"...

          > E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
          > while receiving the initial server greeting
          >
          > Obviously it was not really hung but just waiting for something.
          >
          > Apparently one side or the other is waiting because my configuration is
          > wrong. Since this is a commercial mail relay, I doubt the problem is on
          > their side. Perhaps if I could get the dialog between the 2 I could
          > figure it out. How do I get that dialog?

          Sorry, but maybe you should not try to configure a mail server/relay for
          the internet if you have trouble understanding this simple error
          message. It seems a very bad idea to run an internet server if you have
          so many difficulties with the absolute basics (like providing the
          information requested multiple times by now...) There are already too
          many open relays in the internet...

          As the error message says, it times out while receiving the initial
          server greeting. There is no dialog. It doesn't even start. There is not
          even the initial greeting. So figure what could be the problem for
          that... Should be pretty straight forward to understand...

          Gerald
        • Dennis Putnam
          ... I know very well what the error message means. It is the underlying events that I don t understand. How am I supposed to know if this is a timeout trying
          Message 4 of 13 , Mar 30, 2013
            On 3/30/2013 2:07 PM, Gerald Vogt wrote:
            > On 30.03.13 18:34, Dennis Putnam wrote:
            >> On 3/30/2013 12:17 PM, /dev/rob0 wrote:
            >>> I don't know what the actual problem is. Show us.
            >>>
            >>> http://www.postfix.org/DEBUG_README.html#mail
            >> Thanks for the reply. The purpose of debug logging is to solve this
            >> problem. Of course that would be turned back off once it is working.
            >> Quite some time after I sent this initial post I finally got this in the
            >> log (the timeout is apparently very large):
            > Try reading what is written at that link above and then follow the
            > instructions and provide the necessary information as listed at that link.
            >
            > It's really pointless to guess what you have might done to your
            > configuration if all it needs to provide the exact information to help
            > you would be to post the output of "postconf -n"...
            >
            >> E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
            >> while receiving the initial server greeting
            >>
            >> Obviously it was not really hung but just waiting for something.
            >>
            >> Apparently one side or the other is waiting because my configuration is
            >> wrong. Since this is a commercial mail relay, I doubt the problem is on
            >> their side. Perhaps if I could get the dialog between the 2 I could
            >> figure it out. How do I get that dialog?
            > Sorry, but maybe you should not try to configure a mail server/relay for
            > the internet if you have trouble understanding this simple error
            > message. It seems a very bad idea to run an internet server if you have
            > so many difficulties with the absolute basics (like providing the
            > information requested multiple times by now...) There are already too
            > many open relays in the internet...
            > As the error message says, it times out while receiving the initial
            > server greeting. There is no dialog. It doesn't even start. There is not
            > even the initial greeting. So figure what could be the problem for
            > that... Should be pretty straight forward to understand...
            >
            > Gerald
            >
            I know very well what the error message means. It is the underlying
            events that I don't understand. How am I supposed to know if this is a
            timeout trying to open a port as opposed to making a successful socket
            connection and then not receiving a response to the HELO command? Now
            based on your response that there is no dialog, I understand this is a
            socket connection timeout. Otherwise there would be an HELO in the
            dialog. I'm not sure how my config can cause that but at least I have a
            place to start now.
          • Reindl Harald
            ... +1 ... by telnet in.mailjet.com 25 as everybody looks if a tcp connection itself is succesful ... but since we here NOT se a different port as 25 and you
            Message 5 of 13 , Mar 30, 2013
              Am 30.03.2013 19:28, schrieb Dennis Putnam:
              > On 3/30/2013 2:07 PM, Gerald Vogt wrote:
              >> Sorry, but maybe you should not try to configure a mail server/relay for
              >> the internet if you have trouble understanding this simple error
              >> message. It seems a very bad idea to run an internet server if you have
              >> so many difficulties with the absolute basics (like providing the
              >> information requested multiple times by now...) There are already too
              >> many open relays in the internet...
              >> As the error message says, it times out while receiving the initial
              >> server greeting. There is no dialog. It doesn't even start. There is not
              >> even the initial greeting. So figure what could be the problem for
              >> that... Should be pretty straight forward to understand...

              +1

              > I know very well what the error message means. It is the underlying
              > events that I don't understand. How am I supposed to know if this is a
              > timeout trying to open a port as opposed to making a successful socket
              > connection and then not receiving a response to the HELO command?

              by "telnet in.mailjet.com 25" as everybody looks if a tcp connection
              itself is succesful

              > E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
              > while receiving the initial server greeting

              but since we here NOT se a different port as 25 and you refuse MULTIPLE
              tims to post your damned config i guess again that you do not try to
              configrue youre server to submit euthenticated messages to port 587
              and coming from a IP which is not allowed to submit via port 25 for
              whatever reason on the destination - but what do i know because you
              refuse to help others helping you all the time

              so come back with output of "postconf -n" and the both config
              files for "smtp_sender_dependent_authentication" replaced only
              the username and passwort or read manuals and solve your
              troubles at your own
            • Dennis Putnam
              ... Sorry but I wanted to try to figure this out on my own first. That is the way I learn. That is also why all my questions were asking how to debug this
              Message 6 of 13 , Mar 30, 2013
                On 3/30/2013 4:08 PM, Reindl Harald wrote:
                >
                > Am 30.03.2013 19:28, schrieb Dennis Putnam:
                >> On 3/30/2013 2:07 PM, Gerald Vogt wrote:
                >>> Sorry, but maybe you should not try to configure a mail server/relay for
                >>> the internet if you have trouble understanding this simple error
                >>> message. It seems a very bad idea to run an internet server if you have
                >>> so many difficulties with the absolute basics (like providing the
                >>> information requested multiple times by now...) There are already too
                >>> many open relays in the internet...
                >>> As the error message says, it times out while receiving the initial
                >>> server greeting. There is no dialog. It doesn't even start. There is not
                >>> even the initial greeting. So figure what could be the problem for
                >>> that... Should be pretty straight forward to understand...
                > +1
                >
                >> I know very well what the error message means. It is the underlying
                >> events that I don't understand. How am I supposed to know if this is a
                >> timeout trying to open a port as opposed to making a successful socket
                >> connection and then not receiving a response to the HELO command?
                > by "telnet in.mailjet.com 25" as everybody looks if a tcp connection
                > itself is succesful
                >
                >> E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
                >> while receiving the initial server greeting
                > but since we here NOT se a different port as 25 and you refuse MULTIPLE
                > tims to post your damned config i guess again that you do not try to
                > configrue youre server to submit euthenticated messages to port 587
                > and coming from a IP which is not allowed to submit via port 25 for
                > whatever reason on the destination - but what do i know because you
                > refuse to help others helping you all the time
                >
                > so come back with output of "postconf -n" and the both config
                > files for "smtp_sender_dependent_authentication" replaced only
                > the username and passwort or read manuals and solve your
                > troubles at your own
                >
                Sorry but I wanted to try to figure this out on my own first. That is
                the way I learn. That is also why all my questions were asking how to
                debug this rather than ask for a solution. I did not mean to come across
                as uncooperative or ungrateful but my mind was just in a different
                solving mode than yours.

                postconf -n

                alias_database = hash:/etc/postfix/aliases
                alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
                command_directory = /usr/sbin
                config_directory = /etc/postfix
                daemon_directory = /usr/libexec/postfix
                data_directory = /var/lib/postfix
                debug_peer_level = 3
                debug_peer_list = 127.0.0.1
                html_directory = no
                inet_interfaces = all
                inet_protocols = all
                mail_owner = postfix
                mailq_path = /usr/bin/mailq.postfix
                manpage_directory = /usr/share/man
                mydestination = $myhostname, localhost.$mydomain, localhost
                mynetworks_style = host
                newaliases_path = /usr/bin/newaliases.postfix
                queue_directory = /var/spool/postfix
                readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
                relayhost = [smtp.att.yahoo.com]
                sample_directory = /etc/postfix
                sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
                sendmail_path = /usr/sbin/sendmail.postfix
                setgid_group = postdrop
                smtp_generic_maps = hash:/etc/postfix/generic
                smtp_helo_name = home.bellsouth.net
                smtp_sasl_auth_enable = yes
                smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
                smtp_sasl_security_options =
                smtp_sender_dependent_authentication = yes
                smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
                smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (CentOS Linux)
                syslog_name = postfix
                unknown_local_recipient_reject_code = 550

                sasl_passwd

                [in.mailjet.com]
                21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69

                sender_relay

                myuser@... [in.mailjet.com]:587

                P.S. There is not a socket connection problem. telnet to port 587 works
                fine as does authentication and commands to send a test email.
              • Reindl Harald
                ... so leave us in peace until you are done with this ... and waste others time useless ... the world doe not work this way first you need to understand what
                Message 7 of 13 , Mar 30, 2013
                  Am 30.03.2013 23:30, schrieb Dennis Putnam:
                  >> so come back with output of "postconf -n" and the both config
                  >> files for "smtp_sender_dependent_authentication" replaced only
                  >> the username and passwort or read manuals and solve your
                  >> troubles at your own
                  >>
                  > Sorry but I wanted to try to figure this out on my own first

                  so leave us in peace until you are done with this

                  > That is the way I learn

                  and waste others time useless

                  > That is also why all my questions were asking how to
                  > debug this rather than ask for a solution

                  the world doe not work this way

                  first you need to understand what you are doing and then
                  you can debug and you can not learn if asking questions
                  without provide informations

                  > I did not mean to come across as uncooperative or ungrateful but my
                  > mind was just in a different solving mode than yours

                  no problem if your mind works alone

                  > sasl_passwd
                  >
                  > [in.mailjet.com]
                  > 21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69
                  >
                  > sender_relay
                  >
                  > myuser@... [in.mailjet.com]:587
                  >
                  > P.S. There is not a socket connection problem. telnet to port 587 works
                  > fine as does authentication and commands to send a test email

                  so in "sasl_passwd" you do not use the port

                  well, and if you would have provided this info at begin the
                  problem would be solved with ONE reply at all

                  [in.mailjet.com] is for port 25 as long you do dont specify [in.mailjet.com]:587
                • Dennis Putnam
                  ... First, my ISP blocks port 25 that is why 587 is needed. Second, I tried specifying the port in the passwd file and that did not work either. You must have
                  Message 8 of 13 , Mar 30, 2013
                    On 3/30/2013 6:48 PM, Reindl Harald wrote:
                    >
                    > Am 30.03.2013 23:30, schrieb Dennis Putnam:
                    >>> so come back with output of "postconf -n" and the both config
                    >>> files for "smtp_sender_dependent_authentication" replaced only
                    >>> the username and passwort or read manuals and solve your
                    >>> troubles at your own
                    >>>
                    >> Sorry but I wanted to try to figure this out on my own first
                    > so leave us in peace until you are done with this
                    >
                    >> That is the way I learn
                    > and waste others time useless
                    >
                    >> That is also why all my questions were asking how to
                    >> debug this rather than ask for a solution
                    > the world doe not work this way
                    >
                    > first you need to understand what you are doing and then
                    > you can debug and you can not learn if asking questions
                    > without provide informations
                    >
                    >> I did not mean to come across as uncooperative or ungrateful but my
                    >> mind was just in a different solving mode than yours
                    > no problem if your mind works alone
                    >
                    >> sasl_passwd
                    >>
                    >> [in.mailjet.com]
                    >> 21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69
                    >>
                    >> sender_relay
                    >>
                    >> myuser@... [in.mailjet.com]:587
                    >>
                    >> P.S. There is not a socket connection problem. telnet to port 587 works
                    >> fine as does authentication and commands to send a test email
                    > so in "sasl_passwd" you do not use the port
                    >
                    > well, and if you would have provided this info at begin the
                    > problem would be solved with ONE reply at all
                    >
                    > [in.mailjet.com] is for port 25 as long you do dont specify [in.mailjet.com]:587
                    >
                    First, my ISP blocks port 25 that is why 587 is needed. Second, I tried
                    specifying the port in the passwd file and that did not work either. You
                    must have woke up on the wrong side of the bed this morning to be so
                    unnecessarily rude and ornery. Never mind. I'll find an other source for
                    help.
                  • Reindl Harald
                    ... do so if you change configurations, provide out of context ones and are not able to provide requested infos multiple times i am sure there are enough
                    Message 9 of 13 , Mar 30, 2013
                      Am 31.03.2013 00:13, schrieb Dennis Putnam:
                      > On 3/30/2013 6:48 PM, Reindl Harald wrote:
                      >>> sasl_passwd
                      >>>
                      >>> [in.mailjet.com]
                      >>> 21a8f6casdasdasdadad850539efca7:ea330afe99asdasdasdasdasdfbbd3fd69
                      >>>
                      >>> sender_relay
                      >>>
                      >>> myuser@... [in.mailjet.com]:587
                      >>>
                      >>> P.S. There is not a socket connection problem. telnet to port 587 works
                      >>> fine as does authentication and commands to send a test email
                      >> so in "sasl_passwd" you do not use the port
                      >>
                      >> well, and if you would have provided this info at begin the
                      >> problem would be solved with ONE reply at all
                      >>
                      >> [in.mailjet.com] is for port 25 as long you do dont specify [in.mailjet.com]:587
                      >>
                      > First, my ISP blocks port 25 that is why 587 is needed. Second, I tried
                      > specifying the port in the passwd file and that did not work either. You
                      > must have woke up on the wrong side of the bed this morning to be so
                      > unnecessarily rude and ornery. Never mind. I'll find an other source for
                      > help

                      do so

                      if you change configurations, provide out of context ones and are not
                      able to provide requested infos multiple times i am sure there are
                      enough manpages and howtos to learn at your own

                      > you must have woke up on the wrong side of the bed this morning

                      no, if someone has a question he has to provide asked informations
                      or simply shut up in my world and this world works well
                    • Viktor Dukhovni
                      ... It works well for Reindl, who is yet to realise that he is not the only consciousness on the planet. As for the OP, he should try again with the correct
                      Message 10 of 13 , Mar 30, 2013
                        On Sun, Mar 31, 2013 at 12:22:43AM +0100, Reindl Harald wrote:

                        > > you must have woke up on the wrong side of the bed this morning
                        >
                        > no, if someone has a question he has to provide asked informations
                        > or simply shut up in my world and this world works well

                        It works well for Reindl, who is yet to realise that he is not the
                        only consciousness on the planet.

                        As for the OP, he should try again with the correct lookup key for
                        the SASL table, and the destination IP address added to debug_peer_list.

                        Since the SMTP client reports a timeout receiving the initial
                        greeting, a tcpdump capture is helpful to determine what's going
                        on after the TCP 3-way handshake.

                        http://www.postfix.org/DEBUG_README.html#sniffer

                        If all there is is silence, perhaps the remote server is overloaded
                        or having trouble resolving the client's IP address to a name. It
                        is also possible that some rate-limiting system is throttling the
                        client, due to past login failures, or other policy reasons.

                        --
                        Viktor.
                      • Wietse Venema
                        ... According to the SMTP protocol definition, RFC 5321, the server sends the initial greeting before the client sends its first command. RFC 5321 section
                        Message 11 of 13 , Mar 30, 2013
                          > E7B1E1FA81: conversation with in.mailjet.com[46.105.158.233] timed out
                          > while receiving the initial server greeting
                          >
                          > Obviously it was not really hung but just waiting for something.

                          According to the SMTP protocol definition, RFC 5321, the server
                          sends the initial greeting before the client sends its first command.

                          RFC 5321 section 4.5.3.2.1 recommends 5-minute timeout for this
                          protocol stage. This is consistent with the Postfix default:

                          smtp_helo_timeout (default: 300s)
                          The Postfix SMTP client time limit for sending the HELO
                          or EHLO command, and for receiving the initial remote SMTP
                          server response.

                          Why does the server not greet? Perhaps the server is overloaded.
                          It's also possible that they don't want to talk to your system.

                          If you make a tcpdump recording, then I expect to see a lot of a
                          silence.

                          Wietse
                        Your message has been successfully submitted and would be delivered to recipients shortly.