[Techtalk] Null connections with sendmail?
Raven, corporate courtesan
raven at oneeyedcrow.net
Wed Apr 3 20:13:14 EST 2002
Heya --
Quoth Michelle Murrain (Wed, Apr 03, 2002 at 03:03:35PM -0500):
> I did a tcpdump dst host (myhostname):
> How do you see drops and re-transmissions?
You should see the port 25 tcp connection get set up, then just
hang, with no further packets in the stream. Then you'll see another
connection get set up, and hang at some point...
A healthy TCP connection should connect (you'll see SYN packets
as having S in the tcpdump output), send its data, then gracefully
negotiate a disconnect. If you're having connectivity problems you will
often not see that graceful disconnect, because your connection has been
cut off halfway through.
> I've seen entries like:
>
> ns6.choiceone.net.domain > nanuuq.ursa-minor.com.4851: 5683 ServFail
> 0/0/0 (46) (DF)
> 192.168.1.1 > nanuuq.ursa-minor.com: icmp: net
> w058.z065105051.bwi-md.dsl.cnc.net unreachable
>
> What do these mean?
That's a connection from ns6.choiceone.net's port 53 (domain) to
nanuuq.ursa-minor.com on port 4851. The contents of the packet are:
5683 ServFail 0/0/0. The packet is set Don't Fragment (DF). I'm
guessing that ns6 is your nameserver, and it's telling
nanuuq.ursa-minor.com that there's an error on the nameserver. (SERVer
FAILed to answer the query.) ServFails aren't pretty; if you control
that DNS server, check out its configuration. If you don't, send copies
of those packets (and any SERVFAILs from your sendmail log) to the
nameserver administrator, so they know what to look for.
If your MTA (sendmail) gets a SERVFAIL when asking for DNS
resolution to send messages, it's supposed to defer the delivery. This
could be another cause for slow mail delivery.
The next packet is from 192.168.1.1 to nanuuq.ursa-minor.com,
and it's an ICMP error message. It lets you know that the network
containing w058.z065105051.bwi-md.dsl.cnc.net is unreachable to it.
> What I'm doing now is taking a big tcpdump run, and then I'll try to
> correlate the tcpdumps with my mail log file, and see if there is a pattern.
Let us know if you find anything.
Cheers,
Raven
"Argh! All these clocks are the same!"
-- RavenBlack, on unexpected and new synchronicity
More information about the Techtalk
mailing list