Topic: Certain emails not being received

[T2I]

I've been scanning the forums for possible help to this delima, but unfortunately I can't find anything exactly like this that's been answered.  Basically, we have been running SME server since 6.x and currently run 7.4.  Off and on, we are having the issue where emails from certain domains are severely delayed in being delivered or simply not delivered at all.

Here is a mail log of one such attempts to deliver but nothing:

2010-01-25 16:22:21.708846500 32593 Accepted connection 0/40 from 24.71.223.10 / idcmail-mo1so.shaw.ca
2010-01-25 16:22:21.709276500 32593 Connection from idcmail-mo1so.shaw.ca [24.71.223.10]
2010-01-25 16:22:21.710068500 32593 running plugin (set_hooks): peers
2010-01-25 16:22:21.710633500 32593 trying to get config for peers/0
2010-01-25 16:22:21.711079500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.711544500 32593 trying to get config for peers/0
2010-01-25 16:22:21.711928500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.713045500 32593 peers hooking valid_auth
2010-01-25 16:22:21.713378500 32593 peers hooking set_hooks
2010-01-25 16:22:21.713820500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.714406500 32593 logging::logterse hooking queue
2010-01-25 16:22:21.714760500 32593 logging::logterse hooking deny
2010-01-25 16:22:21.715128500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.715849500 32593 auth::auth_cvm_unix_local hooking auth-plain
2010-01-25 16:22:21.716157500 32593 auth::auth_cvm_unix_local hooking auth-login
2010-01-25 16:22:21.716475500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.717150500 32593 check_earlytalker hooking connect
2010-01-25 16:22:21.717478500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.717897500 32593 count_unrecognized_commands hooking connect
2010-01-25 16:22:21.718368500 32593 count_unrecognized_commands hooking unrecognized_command
2010-01-25 16:22:21.718725500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.719175500 32593 check_relay hooking connect
2010-01-25 16:22:21.719684500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.720120500 32593 check_norelay hooking connect
2010-01-25 16:22:21.720635500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.721155500 32593 require_resolvable_fromhost hooking mail
2010-01-25 16:22:21.721668500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.722263500 32593 check_basicheaders hooking data_post
2010-01-25 16:22:21.722690500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.723242500 32593 rhsbl hooking rcpt
2010-01-25 16:22:21.723587500 32593 rhsbl hooking mail
2010-01-25 16:22:21.723950500 32593 rhsbl hooking disconnect
2010-01-25 16:22:21.724339500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.724749500 32593 dnsbl hooking connect
2010-01-25 16:22:21.725150500 32593 dnsbl hooking rcpt
2010-01-25 16:22:21.725520500 32593 dnsbl hooking disconnect
2010-01-25 16:22:21.725902500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.726434500 32593 check_badmailfrom hooking rcpt
2010-01-25 16:22:21.726746500 32593 check_badmailfrom hooking mail
2010-01-25 16:22:21.727171500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.727638500 32593 check_badrcptto_patterns hooking rcpt
2010-01-25 16:22:21.728075500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.728564500 32593 check_badrcptto hooking rcpt
2010-01-25 16:22:21.728994500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.729436500 32593 check_spamhelo hooking ehlo
2010-01-25 16:22:21.729740500 32593 check_spamhelo hooking helo
2010-01-25 16:22:21.730233500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.730831500 32593 check_goodrcptto hooking rcpt
2010-01-25 16:22:21.731160500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.731677500 32593 rcpt_ok hooking rcpt
2010-01-25 16:22:21.732115500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.732753500 32593 virus::pattern_filter hooking data_post
2010-01-25 16:22:21.733084500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.733717500 32593 tnef2mime hooking data_post
2010-01-25 16:22:21.734052500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.734621500 32593 spamassassin hooking data_post
2010-01-25 16:22:21.735029500 32593 spamassassin hooking data_post
2010-01-25 16:22:21.735338500 32593 spamassassin hooking data_post
2010-01-25 16:22:21.735646500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.736181500 32593 virus::clamav hooking data_post
2010-01-25 16:22:21.736753500 32593 trying to get config for plugin_dirs
2010-01-25 16:22:21.737340500 32593 queue::qmail_2dqueue hooking queue
2010-01-25 16:22:21.737828500 32593 Plugin peers, hook set_hooks returned DECLINED,
2010-01-25 16:22:21.738279500 32593 running plugin (connect): check_earlytalker
2010-01-25 16:22:22.738395500 32593 check_earlytalker plugin: remote host said nothing spontaneous, proceeding
2010-01-25 16:22:22.738716500 32593 Plugin check_earlytalker, hook connect returned DECLINED,
2010-01-25 16:22:22.738993500 32593 running plugin (connect): count_unrecognized_commands
2010-01-25 16:22:22.739334500 32593 Plugin count_unrecognized_commands, hook connect returned DECLINED,
2010-01-25 16:22:22.739602500 32593 running plugin (connect): check_relay
2010-01-25 16:22:22.739952500 32593 trying to get config for relayclients
2010-01-25 16:22:22.740591500 32593 trying to get config for morerelayclients
2010-01-25 16:22:22.741084500 32593 Plugin check_relay, hook connect returned DECLINED,
2010-01-25 16:22:22.741363500 32593 running plugin (connect): check_norelay
2010-01-25 16:22:22.741663500 32593 trying to get config for norelayclients
2010-01-25 16:22:22.742182500 32593 Plugin check_norelay, hook connect returned DECLINED,
2010-01-25 16:22:22.742450500 32593 running plugin (connect): dnsbl
2010-01-25 16:22:22.742788500 32593 dnsbl plugin: RBLSMTPD not set for 24.71.223.10
2010-01-25 16:22:22.743077500 32593 trying to get config for dnsbl_allow
2010-01-25 16:22:22.743586500 32593 trying to get config for dnsbl_zones
2010-01-25 16:22:22.744230500 32593 dnsbl plugin: Checking 10.223.71.24.zen.spamhaus.org for TXT record in the background
2010-01-25 16:22:22.745957500 32593 dnsbl plugin: Checking 10.223.71.24.bl.spamcop.net for TXT record in the background
2010-01-25 16:22:22.747533500 32593 dnsbl plugin: Checking 10.223.71.24.dnsbl.njabl.org for TXT record in the background
2010-01-25 16:22:22.749077500 32593 dnsbl plugin: Checking 10.223.71.24.whois.rfc-ignorant.org for TXT record in the background
2010-01-25 16:22:22.750672500 32593 Plugin dnsbl, hook connect returned DECLINED,
2010-01-25 16:22:22.751043500 32593 trying to get config for smtpgreeting
2010-01-25 16:22:22.751477500 32593 220 tci3-srv.tcii.net ESMTP
2010-01-25 16:22:22.751822500 32593 trying to get config for timeoutsmtpd
2010-01-25 16:22:23.670520500 4915 cleaning up after 32593
2010-01-25 16:23:47.949918500 4915 running plugin (pre-connection): hosts_allow
2010-01-25 16:23:47.950293500 4915 trying to get config for hosts_allow
2010-01-25 16:23:47.950677500 4915 Plugin hosts_allow, hook pre-connection returned DECLINED,

I have 10 attemps alone in this log file from the same domain, but each one ends immediately after the "trying to get config for timeoutsmtpd".  After some searching, I found a post which suggested that the log level is lower than the other server.  So I ran a config show qpsmtpd and here is the results of that:

qpsmtpd=service
    Bcc=disabled
    BccMode=bcc
    BccUser=maillog
    DNSBL=enabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org:bl.spamcop.net
    RHSBL=enabled
    RequireResolvableFromHost=yes
    SBLList=dsn.rfc-ignorant.org
    access=public
    qplogsumm=disabled
    status=enabled

I don't believe this to be a bug and if required, I can submit this to Bugzilla.  I'm just uncertain if it is something in the settings which needs changed or if it is a problem with the sending mail server.  I can provide any other information requested that might help bring a solution to this.

Any help is greatly appreciated.  Thank you.

[Stefano]

Basically, we have been running SME server since 6.x and currently run 7.4.

so your 7.4 is, basically, a 6.x upgraded to 7.x and so on?

if so, please open a bug in bugzilla, attaching the output of /sbin/e-smith/audittools/templates

Thank you

[piran]

I've been scanning the forums for possible help to this delima, but unfortunately I can't find anything exactly like this that's been answered...

2010-01-25 16:22:21.708846500 32593 Accepted connection 0/40 from 24.71.223.10 / idcmail-mo1so.shaw.ca

Any help is greatly appreciated.

Any? Two radical workarounds enclosed.

Alternative viewpoint A: That IP resides in a large range
that *permanently* scans my router ~ done so for YEARS.
Been blocked at the router, forgotten all about them, they
never even get close to SME. Consider doing so similarly.

Alternative viewpoint B:
Don't want to re-programme the router?
This takes your IP off their operational 'radar',
should take you only a minute or two to do...

[make a template]
nano -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyZombies

[edit template ~ single IP or the whole supporting telco and all who sail/spam in her]
/sbin/iptables -A INPUT -s 24.71.223.10/32 -j DROP # waste of space single IP
/sbin/iptables -A INPUT -s 24.64.0.0/13 -j DROP # supporting telco and all of its subscribers
[Ctrl-X then 'Y'es to save and exit]

[expand the edited template]
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

[restart masquerading]
/etc/init.d/masq restart

Undo by clearing or removing that template
followed by expanding SME's templating
and then a restart of the SME firewall.

...your SME is now off their radar.
They don't stop ~ whatever you do.
Time to start enjoying life more;~)

[PostEdit: typos]

[T2I]

Stefano,

I'll do that.  Thanks.

Piran,

I'll give that a shot and see if it fixes the problem.

Thanks for the assistance.

Shayne