Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SPF problems
  FAQ FAQ  Forum Search   Register Register  Login Login

SPF problems
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Serge View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Serge Quote  Post ReplyReply Direct Link To This Post Topic: SPF problems
    Posted: 23 August 2004 at 8:34am

Hello,

I have several realy good messages wich are rejected with the following log records :

08/21/04 01:18:39:421 -- (1496) Connection from: 62.81.235.144  -  Originating country : Spain
08/21/04 01:18:39:640 -- (1496) Resolving 62.81.235.144 - 144-235-81-62.libre.auna.net
08/21/04 01:18:44:640 -- (1496) - SPF DNS error: - TimedOut
08/21/04 01:18:44:640 -- (1496) - SPF analysis done: - error
08/21/04 01:18:44:640 -- (1496) Mail from: tma@jet.es
08/21/04 01:18:50:000 -- (1496) - MAPS search done...
08/21/04 01:18:50:000 -- (1496) RCPT TO: pol.crevits@cmi.be accepted
08/21/04 01:19:50:328 -- (1496) Disconnect

 

The sender get the message :

Delay reason: remote host closed connection

Can you explain what happened ?

Thanks,

 

 

 

 


 

 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 23 August 2004 at 7:18pm

Serge,

When there is a DNS failure because of timeouts or other problems, SpamFilter will ignore the filter that suffered from the timeout and continue with the next tests. This can be seen from the log snipped you included. There's a timeout on the SPF test, but SpamFilter went ahead and accepted the recipient. Can you please ensure that there are no other log entries from the thread (1496) between 01:18:50:000 and 01:19:50:328? It is odd to see a disconnect like that for no reason unless the remote host initiated the disconnect (it can happen - especially if the remote is just testing the connection or to see if there's an open relay).

Could you also please post the full bounce email that the sender received, possibly including the SMTP headers so we can follow the email flow? Please also let us know the IP address of the SpamFilter server. If you wish to keep this info private, you may email us at support@logsat.com

Roberto F.
LogSat Software
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 24 August 2004 at 5:45pm
Serge,
 
In both cases, SpamFilter is disconnecting the connection exactly 60 seconds after receiving the RCPT TO and DATA command:
 
08/21/04 01:18:50:000 -- (1496) RCPT TO: aaaa@zzzz accepted
08/21/04 01:19:50:328 -- (1496) Disconnect
 
and
 
08/24/04 01:01:28:375 -- (1864) RCPT TO: bbbb@zqqqqq accepted
08/24/04 01:02:28:687 -- (1864) Disconnect
Here's what we think is happening, but we need your confirmation to be more certain.
 
SpamFilter accepts the connection, and runs most of its IP-based tests to check it for spam. The remote server then sends the email's content, but SpamFilter does not see the traffic since "something" else is temporarily holding it. Once that "something" has done its job, the SMTP traffic is fofrwarded to SpamFilter. What is happening is that SpamFilter has a built-in timer to fight Denial of Service attacks. If it sees an incoming connection that does not transmit any data for 60 seconds, it disconnects it.
 
The "something" could be a firewall and/or a virus checking software that wait for the whole email body to be received, scan it for harmful content, and if clean, pass it on to SpamFilter. The problem is that if the email is large, or if the remote server is on a slow connection, it may take the email more that 60 seconds to be received by the "something". Once it is received, SpamFilter will have already cut the connection, thus the failure occurs.
 
If you're not able to change your network topology to solve this problem, the good news is that the timeout value SpamFilter uses is configurable via an option in the SpamFilter.ini file from version 2.0.1.358:
 
// New to VersionNumber = '2.0.1.358';
{TODO -cNew : Added ReadTimeout ini parameter to allow user control of timeout when waiting for remote SMTP commands}
In your SpamFilter.ini file, look for the follwoing line under the [server settings] section (or add it if it's not there):
 
ReadTimeout=60
You can change the number of seconds to a higher value, 300-600 should suffice in most cases.
 
Please let us know if this solves the problem,
 
Roberto F.
LogSat Software
Back to Top
Serge View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Serge Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2004 at 6:18am

Roberto,

First, I changed ReadTimedout to 300 and then to 600.

Sometimes it works and sometimes not. See an extract of the logfiles on support@logsat.com.

Finally, I think it is not because of SpamFilter or our firewall. I continue to make tests with this sender.

Many thanks,

Serge

 

 
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.203 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us