what's happening here? and is there something I can tweak to fix?
in [Sendmail]
|
From: horus on 9 Jun 2010 13:57 10:54:37.614262 IP (tos 0x0, ttl 64, id 34390, offset 0, flags [DF], proto: TCP (6), length: 60) universe.41519 > smtp2.wested.org.smtp: S, cksum 0x39bb (correct), 1022610458:1022610458(0) win 5808 <m ss 1452,sackOK,timestamp 3670038023 0,nop,wscale 7> 0x0000: 4500 003c 8656 4000 4006 98e7 829d a910 E..<.V@.@....... 0x0010: 4093 af3d a22f 0019 3cf3 cc1a 0000 0000 @..=./..<....... 0x0020: a002 16b0 39bb 0000 0204 05ac 0402 080a ....9........... 0x0030: dac0 5607 0000 0000 0103 0307 ..V......... 10:54:43.614376 IP (tos 0x0, ttl 64, id 34391, offset 0, flags [DF], proto: TCP (6), length: 60) universe.41519 > smtp2.wested.org.smtp: S, cksum 0x224b (correct), 1022610458:1022610458(0) win 5808 <m ss 1452,sackOK,timestamp 3670044023 0,nop,wscale 7> 0x0000: 4500 003c 8657 4000 4006 98e6 829d a910 E..<.W@.@....... 0x0010: 4093 af3d a22f 0019 3cf3 cc1a 0000 0000 @..=./..<....... 0x0020: a002 16b0 224b 0000 0204 05ac 0402 080a ...."K.......... 0x0030: dac0 6d77 0000 0000 0103 0307 ..mw........ and a gazillion of these 10:55:55.615836 IP (tos 0x0, ttl 64, id 47424, offset 0, flags [DF], proto: TCP (6), length: 60) universe.41520 > smtp2.wested.org.smtp: S, cksum 0x4466 (correct), 1075744146:1075744146(0) win 5808 <m ss 1452,sackOK,timestamp 3670116023 0,nop,wscale 7> 0x0000: 4500 003c b940 4000 4006 65fd 829d a910 E..<.@@.@.e..... 0x0010: 4093 af3d a230 0019 401e 8d92 0000 0000 @..=.0..@....... 0x0020: a002 16b0 4466 0000 0204 05ac 0402 080a ....Df.......... 0x0030: dac1 86b7 0000 0000 0103 0307 ............
From: horus on 9 Jun 2010 14:20 /root # tcpdump -i eth0 -s 128 -w /tmp/junk host physics.wisc.edu tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 128 bytes ls -sal /tmp/junk produces nothing "mikea" <mikea(a)mikea.ath.cx> wrote in message news:dtu4e7-t3t.ln1(a)mikea.ath.cx... > horus <horus(a)sonic.net> wrote in > <4c0fc4e2$0$22181$742ec2ed(a)news.sonic.net>: >>>> Can you do a packet trace on the session with that server for one of >>>> the >>> large mails? You only need packet timestamps and enough packet data to >>> see the "200"/"300"/"400"/"500" series responses from the other end. >> >> >> oooo, ah, Mike, how exactly do I do that? >> all I know is tcpdump at present........is there a way to run the >> sendmail >> process and capture exactly what it is doing? >> >> oooo, this is exciting!..........thanks > > As root, something like > > tcpdump -i _INTERFACE_NAME_ -s 128 -w _TCPDUMP_RAW_FILE_NAME_ host > _OTHER_HOST_NAME_ > > to capture the packets between you and _OTHER_HOST_NAME_ to > _TCPDUMP_RAW_FILE_NAME_. _INTERFACE_NAME_ is the name of the interface > you want to capture traffic from. > > When you see the session time out, do a CONTROL-C to stop tcpdump, then > > tcpdump -s128 -Xx -vvv -r _TCPDUMP_RAW_FILE_NAME_ port 25 | less > > to dump the packets to your screen. > > You're interested in the [234]00-series responses from _OTHER_HOST_NAME_ > and in any packets that have the "R" or "F" flag set. Others probably > will be able to tell you better just what to look for, but in general > you're interested in long delays between packets. > > Good luck. > > -- > I still can't see a wasp without thinking "400K 1W" > - Derek Potter, uk.misc >
From: horus on 9 Jun 2010 14:26 11:24:04.964105 IP (tos 0x0, ttl 64, id 45495, offset 0, flags [DF], proto: TCP (6), length: 1492) universe.54698 > smtp.wested.org.smtp: . 2703899803:2703901243(1440) ack 3956723192 win 144 <nop,nop, timestamp 3671805337 2021527941> 0x0000: 4500 05d4 b1b7 4000 4006 67b7 829d a910 E.....@.@.g..... 0x0010: 4093 af74 d5aa 0019 a12a 3c9b ebd6 cdf8 @..t.....*<..... 0x0020: 8010 0090 217c 0000 0101 080a dadb 4d99 ....!|........M. 0x0030: 787e 1185 1cdc d08f c800 a455 703c cd91 x~.........Up<.. 0x0040: f46a ec09 f624 acda 63bf bbf8 ad94 9c1a .j...$..c....... 0x0050: 1771 db1d 5b70 2075 1e9b dae7 81a3 a63b .q..[p.u.......; 0x0060: 77cc a1a9 4732 f5e2 3046 33d1 2f09 aaa4 w...G2..0F3./... 0x0070: 4e9c N.
From: horus on 9 Jun 2010 14:37 11:33:32.139591 IP (tos 0x0, ttl 64, id 65484, offset 0, flags [DF], proto: TCP (6), length: 1492) universe.40820 > smtp.wested.org.smtp: . 3180534633:3180536073(1440) ack 118647175 win 144 <nop,nop,t imestamp 3672372501 2021973145> 0x0000: 4500 05d4 ffcc 4000 4006 19a2 829d a910 E.....@.@....... 0x0010: 4093 af74 9f74 0019 bd93 1b69 0712 6987 @..t.t.....i..i. 0x0020: 8010 0090 217c 0000 0101 080a dae3 f515 ....!|.......... 0x0030: 7884 dc99 3c1d 6229 480b 9942 9f40 6d95 x...<.b)H..B.(a)m. 0x0040: 8618 812e 327f b22d af4e cc76 bd1f be8f ....2..-.N.v.... 0x0050: be0d 7b34 4340 616a b93b afba f070 01c0 ..{4C(a)aj.;...p.. 0x0060: afcc b29e 2da7 7402 dbbf 4cf1 de45 a84c ....-.t...L..E.L 0x0070: 072a .* 11:33:46.471876 IP (tos 0x0, ttl 64, id 40128, offset 0, flags [DF], proto: TCP (6), length: 60) universe.50004 > smtp2.wested.org.smtp: S, cksum 0xbc26 (correct), 3496525286:3496525286(0) win 5808 <m ss 1452,sackOK,timestamp 3672386833 0,nop,wscale 7> 0x0000: 4500 003c 9cc0 4000 4006 827d 829d a910 E..<..@.@..}.... 0x0010: 4093 af3d c354 0019 d068 bde6 0000 0000 @..=.T...h...... 0x0020: a002 16b0 bc26 0000 0204 05ac 0402 080a .....&.......... 0x0030: dae4 2d11 0000 0000 0103 0307 ..-......... 11:33:52.471995 IP (tos 0x0, ttl 64, id 40129, offset 0, flags [DF], proto: TCP (6), length: 60) universe.50004 > smtp2.wested.org.smtp: S, cksum 0xa4b6 (correct), 3496525286:3496525286(0) win 5808 <m ss 1452,sackOK,timestamp 3672392833 0,nop,wscale 7> 0x0000: 4500 003c 9cc1 4000 4006 827c 829d a910 E..<..@.@..|.... 0x0010: 4093 af3d c354 0019 d068 bde6 0000 0000 @..=.T...h...... 0x0020: a002 16b0 a4b6 0000 0204 05ac 0402 080a ................ 0x0030: dae4 4481 0000 0000 0103 0307 ..D......... (END)
From: horus on 9 Jun 2010 17:28 Jun 9 14:25:07 universe sendmail[1970]: STARTTLS: read error=timeout Jun 9 14:25:07 universe sendmail[1970]: o59KP5JX001970: collect: premature EOM: Connection timed out with blah.blah.edu Jun 9 14:25:07 universe sendmail[1970]: o59KP5JX001970: SYSERR(root): collect: I/O error on connection from blah.blah.edu, from=<myname(a)blah.blah.edu> Jun 9 14:25:07 universe sendmail[1970]: o59KP5JX001970: from=<myname(a)blah.blah.edu>, size=1780081, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=blah.blah.edu [128.104.160.000] Jun 9 14:25:07 universe dovecot: POP3(fizzygoo): Disconnected: Logged out top=0/0, retr=0/0, del=0/5459, size=186306670
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Outgoing mail server and BIG Yahoo email Next: Sticky MX for queued messages. Bug?? |