> It sounds like they are dropping the connection before getting very far > in the conversation. This can be caused by either end, but the likely > place to check is any spam-screening operations you might be doing that > could impose a delay on your initial greeting, like having greet-pause > set or using one of the network blackhole services that could be taking > a long time to validate this address. Other places that can add delay > are your reverse DNS lookup and an ident query on the socket. The > latter can cause a long timeout if it hits a firewall that silently > discards it without an ICMP 'denied' response. > > -- > Les Mikesell > lesmikesell at gmail.com This indeed was the problem. One of the DNSBLS that we were using has discontinued operation (without notice to subscribers apparently). This was causing some MTAs to drop connections without issuing any commands to our hosts. In the process of resolving this I also took the opportunity to implement Sapmhaus's DROP list as an access.db filter. This change together with blocking .BR and .RU tlds (with an informative error message on how to arrange connectivity to our servers) has cut out number of concurrent SMTP connections from an average of ~68 to ~8. Regards, -- James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3