[ctw] Re: ASSP not accepting connections?

  • From: aklist <aklist_eims@xxxxxxxxxxxxx>
  • To: ctw@xxxxxxxxxxxxx
  • Date: Fri, 29 Apr 2011 13:10:20 -0700

On 4/29/2011 12:45 PM, TR Shaw wrote:

On Apr 29, 2011, at 2:42 PM, aklist wrote:

On 4/29/2011 9:36 AM, aklist wrote:
On 4/29/2011 8:57 AM, TR Shaw wrote:

On Apr 29, 2011, at 11:08 AM, aklist wrote:

Hi All: Sorry if double-post...

ASSP 1.7.5.5 on OSX 10.6.7

ASSP had been running fine, but suddenly started refusing connections.
Restarted the machine, looked at the ASSP log, and don't see any
problems.

Here's a telnet session:

[root@default root]# telnet 216.218.227.130 25
Trying 216.218.227.130...
Connected to 216.218.227.130.
Escape character is '^]'.
Connection closed by foreign host.

In the ASSP log, I see:

Apr-29-11 07:32:19 Connected: 207.158.46.200:54344 ->  216.218.227.130:25
->  127.0.0.1:125;
Apr-29-11 07:32:19 Disconnected: 207.158.46.200;

No connections seem to be being accepted?

what does eims log look like

FWIW: I just updated to 1.8.5.9 (1.1.02) and I'm seeing the same results.

EIMS connection settings are using "125" for smtp and "1587" for SMTP
submit.

Nothing shows up in the server console or logs?

I'm able to send mail through the server on 587, but nothing seems to be
allowed in on SMTP anymore.

ClamAV is at 0.96.1 and freshclam is up to date...clamscan works so I don't 
think it's a clamAV issue.

I just don't know what's "supposed" to happen when a server tries to connect on 
25...it looks like ASSP starts to route it to the correct place, but nothing else 
happens, I don't see the recipient lookup or anything else happen in the ASSP log that 
usually follows the connection.

I'm starting to get desperate since the server's been down for almost 24 hrs. 
now!

Well, set assp to do verbose logging. and try and look at both sets of logs; 
also check to make sure ports are open. Try to send through 125 directly using 
telnet.

Thanks Tom...I appreciate your help!

I changed the connection log to "verbose", but I don't see any additional data in the mail log...is that where it would appear?

From terminal on the local box (mac mini), I tried to telnet to 127.0.0.1 125, and I got:

sh-3.2# telnet 127.0.0.1 125
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

So, maybe it's not ASSP after all? What would prevent EIMS from listening on that port?

Is it possible another process (or <gulp> trojan) has hijacked port 125?

Andrew



Circle The Wagons
manage: //www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: //www.freelists.org/archives/ctw
faq: //www.freelists.org/wiki/the_faq

Other related posts: