SMTP no-such-user issues
Steve Bertrand
steve at ibctech.ca
Tue Jun 17 15:50:03 UTC 2008
Nathan Ward wrote:
>
> On 18/06/2008, at 1:20 AM, Steve Bertrand wrote:
>
>> Steve Bertrand wrote:
>>> Frank Bulk - iNAME wrote:
>>>> Once you've performed a full capture on port 25, Wireshark does a
>>>> nice job
>>>> of providing an option to extract the relevant conversation by
>>>> right-clicking on just one packet in that conversation and choosing
>>>> something called "Follow the TCP stream", I believe.
>>> Ok. I've never captured in tcpdump and then imported into Wireshark
>>> before, but I'll do some tests, scp the file to my Windows
>>> workstation, then follow the stream.
>>> Once I ensure I get a clean stream, I'll post the results.
>>
>> As I research the documentation on the how-to specifics on capturing
>> with tcpdump in a format that is Wireshark compatible, is there anyone
>> here that could perform a simple test against their own domain email
>> system, that can confirm or deny what I have been witnessing?
>
>
> Wireshark reads pcap files. Spit them out with this option on the
> tcpdump commandline.
I'm capturing this now.
In the meantime, I had assistance off-list from someone within an
external domain, and we confirmed that the problem is NOT solely
Hotmail, yet it is not solely my end (at least I'm not completely
convinced).
I feel quite a bit more relaxed now, although the problem is not resolved.
Hotmail encompassed domains are the only site that we have noticed this
problem with, however, now I'm certain that there could be more. Most
are confirmed to work properly, most notably GMail.
It is also not solely related to the Barracuda. Another SMTP server is
experiencing the same issue within the same network, which is not
located behind the 'cuda cluster. The only common ground is that both
environments operate under Qmail. The 'cuda setup with no filtering, and
the non-cuda setup with SA, ClamAV being called by Simscan.
We're back to square one, but now I know to point squarely at my
configuration to find out why this is happening.
My sincerest regards for all of the on and off-list help that I have
received in regards to this issue. I have learned a tremendous amount
along the way.
Thank you to everyone who has provided the patience and willingness to
help, and those that are continuing to do so.
If it does turn out to be an implementation issue with any of the
software chain we have operating here, we will attempt with our best
efforts to document it, and provide patches to the original source.
Steve
More information about the NANOG
mailing list