Mails not forwardet from ISP to Imail app. |
Post Reply |
Author | |
morten44
Groupie Joined: 07 March 2008 Status: Offline Points: 74 |
Post Options
Thanks(0)
Posted: 14 March 2011 at 2:47pm |
Hi
I have a problem again where users are saying that mails are not recevied by end user who is a customer behind out ISP Spamfilter. We are using Imail 8.2 The end user send a mail to me with following error: *************************************************************** >> Fra: Mail Delivery System [mailto:Mail Delivery >> Sendt: 12. marts 2011 18:16 >> Til: lisbethkrohn@c.dk >> Emne: Mail Delivery Failure >> http://postmaster.tdc.dk/publish.php?id=2855 >> This message was created automatically by the >> A message that you sent could not be delivered >> recipients >> This is a permanent error. The following >> Reporting-MTA: dns; fep47.mail.dk Arrival-Date: >>14:13:14 +0100 Status: 5.4.7 Last-Attempt-Date: >>18:16:02 +0100 Diagnostic-Code: smtp; 554 5.4.7 >>time without delivery Action: failed Final-Recipient: ***************************************************************** grete@christianshede.dk is normally receiving from several different users also not on our server. lisbethkrohn@c.dk is an exteral account from Tele Denmark I have tried to look in the logfile to find out what happens. I can not find for that same time, but I can find one record that I can not see was delivered I have uploaded the log file on your ftp: 20110312-morten44 Can you have a look at : 03-12-11 06:10:56:218 -- (4792) Received MAIL FROM: <lisbethkrohn@c.dk> I cant see that beeing forwarded or put in queue Hope you can help Regards Morten
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Morten,
When looking at the logfile you uploaded, we see the following last two entries for that email: 03-12-11 06:10:58:812 -- (4792) RCPT TO: grete@christianshede.dk accepted 03-12-11 06:12:38:968 -- (4792) Disconnect SpamFilter accepts the recipient information and is ready to receive the email body. However after almost two minutes (actually exactly 100 seconds) the connection is dropped. Unfortunately the logs do not provide more details as the "why" the disconnect occurs. When SpamFilter disconnects an SMTP session, it should log the reason for doing so, which is not the case here. In most cases, disconnects after relatively long periods of time occur due to timeouts caused by other equipment/software, such as firewalls and/or antivirus software. These could be occurring either on the sender's side or on your side, it's impossible to tell without actually placing a packet sniffer on the network (or installing an app like Wireshark on the SpamFilter server). If you're able to do this, preferably configuring sniffer to capture only traffic from the specific IP address for the mail server you're having problems, we'd be glad to assist by debugging the packet capture logs.
|
|
morten44
Groupie Joined: 07 March 2008 Status: Offline Points: 74 |
Post Options
Thanks(0)
|
Hi
Thanks for your reply If I understand what you are saying, our ISP Spamfilter accpept the incomming request and keep it open for body of message to arrive. The body is then never sent or received and therefore after 100sec, it closes again. Is that correct? I can install Wireshark on our mail server You say I should configure with ip address of mail server that is sending to us and have the problems. Can I see out from log file what I want to sniff Only think I can see is that SPF record is showing "mail.dk" If i do a ping of "mail.dk" i get IP 195.41.46.251 Is that the IP i want to "sniff" from Wireshark on our mail server? I think I would like to follow this up as we have several users with issues like this and we want to understand how we can trouble shoot to prove if fault is with ISP/MailServer/End users PC Thanks again Regards Morten
|
|
morten44
Groupie Joined: 07 March 2008 Status: Offline Points: 74 |
Post Options
Thanks(0)
|
Hi Roberto
I have uploaded a log file and Wireshark log file to your ftp server. The name is: 20110323_morten44 I have asked a user: grafitek@tdcspace.dk to send me: morten@e-advice.dk 4 different mails today I got 3 of the 4 mails, so missing 1 I have tried to capture data with Wireshark for today and have included that in the file. I find it hard to compare them through The 4 mails has process numbers: 7740 7928 7704 7916 in the log files, for me it seems like the process 7740 was not delivered but queued and then disconnected without forwarding. Can you check if the wireshark tell you something if the fault is on our side or on senders site in this case? Thanks again for taking time to look at this Regards Morten |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Morten,
I downloaded your file, but it is not in the native wireshark format - when you saved it it looks like you selected a text-based format, not the .pcap default. The text format does not contain all the TCP packet data, only a summary, and can't thus be used. Can you please try to capture the data again, and save it in the .pcap default format so we can see all of the TCP data and try to help? |
|
morten44
Groupie Joined: 07 March 2008 Status: Offline Points: 74 |
Post Options
Thanks(0)
|
Hi
I have uploaded the file "wiresharknew.zip" to your FTP. Should be right format now. It still have data from the 23rd where you also have the log file. That means hopefully you can see something why ISP Spamfilter accpet but disconnects in 1 of the 4 mails mentioned. Hope I am monitoring the right IP;s so you can see something :) Thanks again Regards Morten |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Morten,
Yes, that second file has the correct format, we're going to be analyzing against the log for that day and will let you know more in a few hours.
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Hi Morten, The entries in the logfile for the email you did not receive were actually those for thread ID 7888 as follows: 03-23-11 12:53:21:359 -- (7888) Detected TCP Connection: 195.41.46.140 03-23-11 12:53:21:359 -- (7888) Connection from: 195.41.46.140 - Originating country : Denmark 03-23-11 12:53:31:515 -- (7888) Received MAIL FROM: <grafitek@tdcspace.dk> 03-23-11 12:53:31:531 -- (7888) Received RCPT TO: morten@e-advice.dk 03-23-11 12:53:32:078 -- (7888) RCPT TO: morten@e-advice.dk accepted 03-23-11 12:55:05:781 -- (7888) Disconnect I'll try to explain what happened with this screenshot. There was a "hiccup" with the TCP connection, but I can't be certain if it was on your side or with the remote side. Whatever the cause, because of it there was an interruption of the TCP flow between your server and the remote server. SpamFilter has a built-in timeout of 1 minute after which, if there is no data being exchanged, SpamFilter will terminate the connection, which is what happened here. You may try to increase this timeout to something in the order of 3-5 minutes (the parameter is the "ReadTimeout=60" in the SpamFilter.ini file, but I am not sure this would have helped in this case, as I can't tell if eventually the TCP session would have self-healed or not. Please note that SpamFilter simply disconnected the connection, it did not "reject" the email. This should have caused the remote SMTP server to retry sending the email after a brief interval, and not to report a non-deliverable notice back to the sender, as this simply simulates the network connection being dropped during the transmission (which should never generate a non-deliverable error if it's temporary). Edited by LogSat - 27 March 2011 at 11:45am |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.221 seconds.