[CentOS] Re: Problem with some SMTP MTAs
James B. Byrne
byrnejb at harte-lyne.ca
Mon Feb 19 18:54:36 UTC 2007
> It sounds like they are dropping the connection before getting very far
> in the conversation. This can be caused by either end, but the likely
> place to check is any spam-screening operations you might be doing that
> could impose a delay on your initial greeting, like having greet-pause
> set or using one of the network blackhole services that could be taking
> a long time to validate this address. Other places that can add delay
> are your reverse DNS lookup and an ident query on the socket. The
> latter can cause a long timeout if it hits a firewall that silently
> discards it without an ICMP 'denied' response.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
This indeed was the problem. One of the DNSBLS that we were using has
discontinued operation (without notice to subscribers apparently). This
was causing some MTAs to drop connections without issuing any commands to
our hosts.
In the process of resolving this I also took the opportunity to implement
Sapmhaus's DROP list as an access.db filter. This change together with
blocking .BR and .RU tlds (with an informative error message on how to
arrange connectivity to our servers) has cut out number of concurrent SMTP
connections from an average of ~68 to ~8.
Regards,
--
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS
mailing list