Tuesday, July 16, 2013

MAIL EXPN VRFY ETRN



sendmail ERROR "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA"


We had to investigate problems relaying mail from a certain IP. Looking through the MTA logs, we see:



Jul 16 15:40:29 gate sendmail[30309]: r6GCcjKJ030309: spamfilter2.starnet.md [178.168.2.134] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 16 15:57:11 gate sendmail[30913]: r6GCtSW0030913: spamfilter2.starnet.md [178.168.2.134] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 16 16:17:12 gate sendmail[31567]: r6GDFTme031567: spamfilter2.starnet.md [178.168.2.134] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 16 16:18:16 gate sendmail[31617]: r6GDGVie031617: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 16 16:22:57 gate sendmail[31786]: r6GDLEbe031786: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 16 16:50:59 gate sendmail[32740]: r6GDnIa1032740: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 16 17:22:54 gate sendmail[1672] : r6GEL9oM001672: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


On the other side , the error eMaiL was : 


Reporting-MTA: dns; spamfilter.starnet.md
Arrival-Date: Tue,  9 Jul 2013 22:03:38 +0300 (EEST)

Final-Recipient: rfc822; dircom@mydomain.com
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Spam-&-Virus-Firewall; connect to
    [27.10.97.70]: read timeout



A Cisco PIX between the host and our mail relay is performing SMTP inspection ("SMTP Fixup"). 



The sending MTA apparently does not know how to handle a "500 5.5.1" response from our MTA, and keeps the connection open for one hour (default Timeout.command in sendmail). After one hour, our MTA closes the connection.



As a workaround, enable ESMTP inspection, or disable SMTP inspection. ESMTP inspection allows commands described in RFC 2821. Note that ESMTP inspection and SMTP inspection are mutually exclusive.


http://brandonhutchinson.com/wiki/SMTP_Fixup_problems
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008064730a.shtml



http://frustratedtech.com/post/41281442135/sendmail-dropping-connections-from-monitoring-servers
http://www.sendmail.com/sm/open_source/docs/configuration_readme/



 Sendmail Dropping Connections From Monitoring Servers?

I’ve been seeing this frequently.  We currently use IPMonitor at work.  I hate it.  But, it is what it is, gotta use what is provided.  So, this monitoring system uses snmp to check all services and then it also tries to connect to smtp.  However, one server is setup to require pop3 login before smtp access can be acquired.  This was giving plenty of false positives for the monitoring system since we were seeing this message a lot.
# tail -f /var/log/maillog
Jan 23 04:02:02 LUX5 sendmail[8278]: r0N922sj008278: [123.456.789.10] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
To fix this I needed to add the monitoring server to the access file for sendmail to accept the connection.
# nano /etc/mail/access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
connect:localhost.localdomain           RELAY
connect:localhost                       RELAY
connect:127.0.0.1                       RELAY
######ADD YOUR IP BELOW#########
connect:123.456.789.10                  OK
Then just rebuild the database and restart sendmail. You will see see the error message, but at least you will no longer get the false positives.
# makemap hash /etc/mail/access < /etc/mail/access
# service sendmail restart

No comments:

Post a Comment