Sendmail connection time out

Steve Freegard steve.freegard at fsl.com
Fri Dec 28 12:37:01 GMT 2007 

Budi Febrianto wrote:
> Budi Febrianto wrote:
>> Rob Sterenborg wrote:
>>>> $ telnet 59.125.202.201 25
>>>> Trying 59.125.202.201...
>>>> Connected to 59.125.202.201.
>>>> Escape character is '^]'.
>>>> 220
>>>> *************************************************2******200********2***0 
>>>>
>>>> *00 *****
>>>> quit
>>>> 221 2.0.0 spama.everest.com.tw closing connection
>>>> Connection closed by foreign host.
>>>>
>>>> AFAICT you're behind a Cisco PIX with SMTP fixup enabled. Some SMTP
>>>> servers play nice with it, some not. Disable SMTP fixup. If I'm not
>>>> mistaken you can do it this way:
>>>>
>>>> no fixup protocol smtp
>>>>
>>>>
>>>> Grts,
>>>> Rob
>>>>     
>>
>> I'm using sendmail-8.13.8-2.el5 that came with centos 5.0.
>> I will try to talk to networking people about the cisco pix
>>
>> Thank you.
>>
> Sorry, we don't have cisco pix. We use cisco 2811 as our main router.
> 

Then the 'feature' you are looking for is called 'ESMTP inspection' or 
'SMTP inspection' - if you have it enabled, then turn it off as it will 
cause you issues (admittedly it's not as bad as the PIX 'fix-up').

However - I disagree with the original posters diagnosis, you aren't 
running the PIX, it's the *destination* system running the PIX:

[root at speedy ~]# telnet 59.125.202.201 25
Trying 59.125.202.201...
Connected to 59-125-202-201.HINET-IP.hinet.net (59.125.202.201).
Escape character is '^]'.
220 *************************************************2******2********
QUIT
221 Bye
Connection closed by foreign host.

Your system is fine:

smf at smf-laptop:~$ telnet indomino.net 25
Trying 72.232.141.148...
Connected to indomino.net.
Escape character is '^]'.
220-waikiki.dnsdc9.com ESMTP Exim 4.68 #1 Fri, 28 Dec 2007 06:20:25 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
QUIT
221 waikiki.dnsdc9.com closing connection
Connection closed by foreign host.

See http://www.ussg.iu.edu/hypermail/linux/kernel/0506.2/0256.html and 
try 'echo 0 > /proc/sys/net/ipv4/tcp_window_scaling' as this will most 
likely fix the problem.

To set this permanently add the following to /etc/sysctl.conf:

# fix buggy firewalls that stomp on the scaling bits
net.ipv4.tcp_window_scaling = 0

Let us know if this fixes the problem for you.

Kind regards,
Steve.

--
Steve Freegard
Fort Systems Ltd.

More information about the MailScanner mailing list