SMTP no-such-user issues

Steve Bertrand steve at
Tue Jun 17 15:50:03 UTC 2008

Nathan Ward wrote:
> On 18/06/2008, at 1:20 AM, Steve Bertrand wrote:
>> Steve Bertrand wrote:
>>> Frank Bulk - iNAME wrote:
>>>> Once you've performed a full capture on port 25, Wireshark does a 
>>>> nice job
>>>> of providing an option to extract the relevant conversation by
>>>> right-clicking on just one packet in that conversation and choosing
>>>> something called "Follow the TCP stream", I believe.
>>> Ok. I've never captured in tcpdump and then imported into Wireshark 
>>> before, but I'll do some tests, scp the file to my Windows 
>>> workstation, then follow the stream.
>>> Once I ensure I get a clean stream, I'll post the results.
>> As I research the documentation on the how-to specifics on capturing 
>> with tcpdump in a format that is Wireshark compatible, is there anyone 
>> here that could perform a simple test against their own domain email 
>> system, that can confirm or deny what I have been witnessing?
> Wireshark reads pcap files. Spit them out with this option on the 
> tcpdump commandline.

I'm capturing this now.

In the meantime, I had assistance off-list from someone within an 
external domain, and we confirmed that the problem is NOT solely 
Hotmail, yet it is not solely my end (at least I'm not completely 

I feel quite a bit more relaxed now, although the problem is not resolved.

Hotmail encompassed domains are the only site that we have noticed this 
problem with, however, now I'm certain that there could be more. Most 
are confirmed to work properly, most notably GMail.

It is also not solely related to the Barracuda. Another SMTP server is 
experiencing the same issue within the same network, which is not 
located behind the 'cuda cluster. The only common ground is that both 
environments operate under Qmail. The 'cuda setup with no filtering, and 
the non-cuda setup with SA, ClamAV being called by Simscan.

We're back to square one, but now I know to point squarely at my 
configuration to find out why this is happening.

My sincerest regards for all of the on and off-list help that I have 
received in regards to this issue. I have learned a tremendous amount 
along the way.

Thank you to everyone who has provided the patience and willingness to 
help, and those that are continuing to do so.

If it does turn out to be an implementation issue with any of the 
software chain we have operating here, we will attempt with our best 
efforts to document it, and provide patches to the original source.


More information about the NANOG mailing list