Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 101041 - SMTP command timeout when sending email to gentoo.org smtp server
Summary: SMTP command timeout when sending email to gentoo.org smtp server
Status: VERIFIED INVALID
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-01 16:52 UTC by Kevin Korb
Modified: 2005-08-02 15:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Korb 2005-08-01 16:52:27 UTC
Not sure if this is the correct place to report this or not but I can't send
email to the gentoo.org smtp server.  My email server is running qmail on Gentoo
Linux behind a NAT firewall running OpenBSD.

The problem can't be qmail related because it happens even when I connect to
port 25 with telnet.  I do not have the problem if I run the telnet command
directly on my OpenBSD NAT router but I don't think this is really a NAT problem
since I send email to other servers all the time with no trouble at all.

Reproducible: Always
Steps to Reproduce:
1. on my server behind my NAT:
2. telnet mail.gentoo.org 25
3.

Actual Results:  
asylum# telnet mail.gentoo.org 25
Trying 134.68.220.30...
Connected to mail.gentoo.org.
Escape character is '^]'.
220 smtp.gentoo.org ESMTP Exim 4.43 Mon, 01 Aug 2005 23:05:05 +0000
help
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
helo sanitarium.net
421 smtp.gentoo.org: SMTP command timeout - closing connection

My source IP is 24.173.162.174

Expected Results:  
hellmouth# telnet mail.gentoo.org 25
Trying 134.68.220.30...
Connected to mail.gentoo.org.
Escape character is '^]'.
220 smtp.gentoo.org ESMTP Exim 4.43 Mon, 01 Aug 2005 23:51:41 +0000
helo sanitarium.net
250 smtp.gentoo.org Hello asylum.sanitarium.net [24.173.162.174]


Any chance there is some unusal firewall rule or smtp server configuration that
I am running into here?
Comment 1 Jon Portnoy (RETIRED) gentoo-dev 2005-08-01 16:55:32 UTC
Reassigning
Comment 2 Andrea Barisani (RETIRED) gentoo-dev 2005-08-01 17:06:00 UTC
Is it possible that you have a very slow network connection?
Your address seems resolvable atm, could you retry and tell me exactly what's the
dealy between the 'helo' and the timeout errir?
Comment 3 Kevin Korb 2005-08-01 17:16:20 UTC
I am pretty sure it isn't a slow network issue because when I run it from the
box that works it returns instantly.  Also, when I run the help command it
returns instantly.  It only hangs when I send the helo from a box behind my NAT.
 It takes about 5 minutes for the connection to actually timeout.

I have had an email to someone@gentoo.org stuck in my outgoing queue for almost
24 hours.
Comment 4 Kurt Lieber (RETIRED) gentoo-dev 2005-08-02 10:03:00 UTC
Given that the SMTP conversation works normally from your border gateway, it
sounds like this issue is localized on your network.  We've been receiving about
the same number of messages over the last few weeks -- no sharp drops that would
indicate a widespread problem.  I also checked the firewall ruleset and SMTP
config file -- no specific mention of the 24.0.0.0/8 block of addresses.  

Closing as invalid -- feel free to reopen if you can provide more information
showing the source of the problem.
Comment 5 Kevin Korb 2005-08-02 10:09:48 UTC
I would be willing to believe that the problem was on my end except I have been
using this configuration for more than a year without any other problems.  I
have sent plenty of email to other Exim servers with no problems.  I don't
believe I have ever tried to send email to gentoo.org before so I can't say if
this is a new problem or not.

I believe this to be some kind of incompatibility between whatever firewalling
is on smtp.gentoo.org and my NAT but I have no way of debugging this further
without knowing what on your setup may be causing this.
Comment 6 Kurt Lieber (RETIRED) gentoo-dev 2005-08-02 11:06:10 UTC
The firewall is standard netfilter/iptables.

Have you sniffed your network to see what the last communication is in each
scenario?  If so, please provide edited snippets of the conversations.  (not
just the entire dump file)
Comment 7 Kurt Lieber (RETIRED) gentoo-dev 2005-08-02 11:23:00 UTC
Please check your mail server configuration.  Looking at our mail logs,
reject.log has the following:

toucan mail # grep 24.173.162.174 reject.log*
reject.log:2005-08-02 17:18:28 SMTP call from asylum.sanitarium.net
[24.173.162.174] dropped: too many unrecognized commands (last was "12345678")
reject.log:2005-08-02 18:12:59 SMTP call from asylum.sanitarium.net
(sanitarium.net) [24.173.162.174] dropped: too many unrecognized commands (last
was "
Comment 8 Kurt Lieber (RETIRED) gentoo-dev 2005-08-02 11:23:00 UTC
Please check your mail server configuration.  Looking at our mail logs,
reject.log has the following:

toucan mail # grep 24.173.162.174 reject.log*
reject.log:2005-08-02 17:18:28 SMTP call from asylum.sanitarium.net
[24.173.162.174] dropped: too many unrecognized commands (last was "12345678")
reject.log:2005-08-02 18:12:59 SMTP call from asylum.sanitarium.net
(sanitarium.net) [24.173.162.174] dropped: too many unrecognized commands (last
was "ÿøÿøÿøÿøÿø")
reject.log.1:2005-08-01 18:33:32 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 18:49:15 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 18:50:15 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 19:04:49 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 19:04:55 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 19:05:56 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 19:06:58 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)
reject.log.1:2005-08-01 23:05:08 rejected HELO from asylum.sanitarium.net
[24.173.162.174]: syntactically invalid argument(s): (no argument given)


main.log has:

toucan mail # grep 24.173.162.174 main.log
2005-08-02 05:01:23 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:03:02 1E00AO-0008Ex-PG => gentoobugs@sanitarium.net R=dnslookup
T=remote_smtp H=asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:18:28 SMTP call from asylum.sanitarium.net [24.173.162.174]
dropped: too many unrecognized commands (last was "12345678")
2005-08-02 17:21:19 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:22:12 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:23:04 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:23:38 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:23:50 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:25:21 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:26:08 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:41:30 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:50:15 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:55:46 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 17:57:49 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 18:05:49 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 18:06:12 1E019W-0007El-Ve => gentoobugs@sanitarium.net R=dnslookup
T=remote_smtp H=asylum.sanitarium.net [24.173.162.174]
2005-08-02 18:12:59 SMTP call from asylum.sanitarium.net (sanitarium.net)
[24.173.162.174] dropped: too many unrecognized commands (last was "ÿøÿøÿøÿøÿø")
2005-08-02 18:13:17 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 18:14:41 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 18:15:07 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
2005-08-02 18:16:21 SMTP command timeout on connection from
asylum.sanitarium.net [24.173.162.174]
Comment 9 Kevin Korb 2005-08-02 12:00:18 UTC
Most of those entries were me debugging.
I have determined that this problem only exists when I connect from a Linux box
within my NAT.  If I connect from some other OS it works fine.  I have also
determined that when the failure occours the packet never leaves my router so
the problem probably is on my end although I don't know where.

To recap and update...
Whenever I send an smtp command containing more than 10 bytes (usually the helo
command) from a Linux box (Gentoo or Knoppix, 2.4 or 2.6) behind my OpenBSD NAT
fireall to mail.gentoo.org the connection stalls and the packet containing the
>10 byte command is never transmitted.

The problem only exists when comming from a Linux box and when connecting to
mail.gentoo.org

I am going to set this ticket back to invalid until I have some time to do some
more verbose packet dumping and try to isolate the problem further.
Comment 10 Kevin Korb 2005-08-02 15:13:57 UTC
OK, I finally figured it out...
My default policy on my internal interface was set to accept all packets but it
was not set to create a state for stateful inspection.  I have no idea this
caused these particular symptoms nor do I know why it didn't cause any other
symptoms but my problem is solved.

Thanks for the help.