Hi,
I was trying to send a message to one of my addresses and got this error message:
Aug 20 15:02:01 xxxxx postfix/smtp[30706]: connect to gourmet.spamgourmet.com[216.75.35.164]: Connection refused (port 25)
Aug 20 15:02:01 xxxxx postfix/smtp[30706]: 15CD27FCB0: to=<xxx.5.xxxxx@spamgourmet.com>, relay=none, delay=3, status=deferred (
connect to gourmet.spamgourmet.com[216.75.35.164]: Connection refused)
or this one:
Aug 20 15:58:25 xxxxx postfix/smtp[32023]: connect to gourmet.spamgourmet.com[216.75.35.164]: Connection timed out (port 25)
Aug 20 15:58:25 xxxxx postfix/smtp[32023]: DDEAD7FCB2: to=<xxx.5.xxxxx@spamgourmet.com>, relay=none, delay=31, status=deferred
(connect to gourmet.spamgourmet.com[216.75.35.164]: Connection timed out)
I wonder if the server was just down or not reachable for me or if there is a sort of protection that I was a victim of. At this time, it works again. I would appreciate any piece of information!
Regards
mykro
gourmet.spamgourmet.com [used to] not [be] reachable
20 posts
• Page 1 of 2 • 1, 2
gourmet.spamgourmet.com [used to] not [be] reachable
by mykro » Sun Aug 20, 2006 9:15 pm
- mykro
- Posts: 5
- Joined: Sun Aug 20, 2006 2:58 pm
by mykro » Thu Sep 07, 2006 1:27 pm
Hi,
the problem is still current. I made this traceroute to trackdown the problem:
traceroute to gourmet.spamgourmet.com (216.75.35.164), 30 hops max, 40 byte packets
1 static.88-198-0-65.clients.your-server.de (88.198.0.65) 0.371 ms 0.294 ms 0.241 ms
2 213-239-222-254.clients.your-server.de (213.239.222.254) 0.910 ms 0.533 ms 0.778 ms
3 gi-upl.M7i-1.rz2.hetzner.de (213.239.240.204) 1.453 ms 0.740 ms 0.488 ms
4 gi1-6-rt3-nbg3.core.noris.net (213.133.96.26) 0.978 ms 0.606 ms 0.676 ms
5 vl604-rt1-ffm2.core.noris.net (213.95.0.198) 3.955 ms 3.631 ms 3.708 ms
6 decix.mpd01.fra03.atlas.cogentco.com (80.81.192.63) 6.346 ms 5.761 ms 5.868 ms
7 ten13-0-0.core01.fra03.atlas.cogentco.com (130.117.1.221) 6.229 ms 5.780 ms 5.934 ms
8 p3-0.core01.ams03.atlas.cogentco.com (130.117.0.145) 97.634 ms 97.348 ms 97.029 ms
9 p1-0.core01.lon01.atlas.cogentco.com (130.117.1.225) 179.015 ms 254.129 ms 145.265 ms
10 p9-0.core02.jfk02.atlas.cogentco.com (66.28.4.253) 98.073 ms 97.551 ms 97.224 ms
11 p15-0.core01.jfk02.atlas.cogentco.com (66.28.4.13) 97.828 ms 97.632 ms 97.568 ms
12 p4-0.core02.dca01.atlas.cogentco.com (66.28.4.81) 97.651 ms 97.534 ms 97.370 ms
13 p15-0.core01.dca01.atlas.cogentco.com (66.28.4.21) 97.956 ms 97.583 ms 97.479 ms
14 p3-0.core01.iah01.atlas.cogentco.com (66.28.4.90) 161.652 ms 143.730 ms 203.624 ms
15 p14-0.core01.san01.atlas.cogentco.com (66.28.4.6) 170.883 ms 170.826 ms 170.438 ms
16 vl3812.na21.b006463-1.san01.atlas.cogentco.com (38.20.33.130) 171.510 ms 170.822 ms 171.502 ms
17 ge1-2.gw65-02.kmc01.sdcix.net (66.28.28.126) 171.315 ms 170.317 ms 171.215 ms
18 209.126.155.114 (209.126.155.114) 182.169 ms 180.895 ms 180.292 ms
19 gourmet.spamgourmet.com (216.75.35.164) 182.213 ms !C 181.955 ms !C 181.966 ms !C
The server itself seems to reject the request. Hopefully that can help us to solve the problem. Thank you for your help!
Regards
mykro
the problem is still current. I made this traceroute to trackdown the problem:
traceroute to gourmet.spamgourmet.com (216.75.35.164), 30 hops max, 40 byte packets
1 static.88-198-0-65.clients.your-server.de (88.198.0.65) 0.371 ms 0.294 ms 0.241 ms
2 213-239-222-254.clients.your-server.de (213.239.222.254) 0.910 ms 0.533 ms 0.778 ms
3 gi-upl.M7i-1.rz2.hetzner.de (213.239.240.204) 1.453 ms 0.740 ms 0.488 ms
4 gi1-6-rt3-nbg3.core.noris.net (213.133.96.26) 0.978 ms 0.606 ms 0.676 ms
5 vl604-rt1-ffm2.core.noris.net (213.95.0.198) 3.955 ms 3.631 ms 3.708 ms
6 decix.mpd01.fra03.atlas.cogentco.com (80.81.192.63) 6.346 ms 5.761 ms 5.868 ms
7 ten13-0-0.core01.fra03.atlas.cogentco.com (130.117.1.221) 6.229 ms 5.780 ms 5.934 ms
8 p3-0.core01.ams03.atlas.cogentco.com (130.117.0.145) 97.634 ms 97.348 ms 97.029 ms
9 p1-0.core01.lon01.atlas.cogentco.com (130.117.1.225) 179.015 ms 254.129 ms 145.265 ms
10 p9-0.core02.jfk02.atlas.cogentco.com (66.28.4.253) 98.073 ms 97.551 ms 97.224 ms
11 p15-0.core01.jfk02.atlas.cogentco.com (66.28.4.13) 97.828 ms 97.632 ms 97.568 ms
12 p4-0.core02.dca01.atlas.cogentco.com (66.28.4.81) 97.651 ms 97.534 ms 97.370 ms
13 p15-0.core01.dca01.atlas.cogentco.com (66.28.4.21) 97.956 ms 97.583 ms 97.479 ms
14 p3-0.core01.iah01.atlas.cogentco.com (66.28.4.90) 161.652 ms 143.730 ms 203.624 ms
15 p14-0.core01.san01.atlas.cogentco.com (66.28.4.6) 170.883 ms 170.826 ms 170.438 ms
16 vl3812.na21.b006463-1.san01.atlas.cogentco.com (38.20.33.130) 171.510 ms 170.822 ms 171.502 ms
17 ge1-2.gw65-02.kmc01.sdcix.net (66.28.28.126) 171.315 ms 170.317 ms 171.215 ms
18 209.126.155.114 (209.126.155.114) 182.169 ms 180.895 ms 180.292 ms
19 gourmet.spamgourmet.com (216.75.35.164) 182.213 ms !C 181.955 ms !C 181.966 ms !C
The server itself seems to reject the request. Hopefully that can help us to solve the problem. Thank you for your help!
Regards
mykro
- mykro
- Posts: 5
- Joined: Sun Aug 20, 2006 2:58 pm
by SysKoll » Thu Sep 07, 2006 2:39 pm
I can ping both your IP (88.198.0.65) and gourmet from my workstation. I verified that I can connect to gourmet.
However, a telnet to gourmet's port 25 shows that the server takes about 30-40 seconds to react. You might have timed out in your tests.
Please do a simple test:
telnet gourmet.spamgourmet.com 25
and tell us if it works.
However, a telnet to gourmet's port 25 shows that the server takes about 30-40 seconds to react. You might have timed out in your tests.
Please do a simple test:
telnet gourmet.spamgourmet.com 25
and tell us if it works.
-- SysKoll
- SysKoll
- Posts: 893
- Joined: Thu Aug 28, 2003 9:24 pm
by mykro » Thu Sep 07, 2006 4:49 pm
Hi,
the first try was negative (connection time out), the second was successful. I increased the mta's smtp connection timeout and hope it will work now. I suppose that this isn't only a problem of mine, do you know where that comes from?
Regards
mykro
the first try was negative (connection time out), the second was successful. I increased the mta's smtp connection timeout and hope it will work now. I suppose that this isn't only a problem of mine, do you know where that comes from?
Regards
mykro
- mykro
- Posts: 5
- Joined: Sun Aug 20, 2006 2:58 pm
by josh » Tue Jan 09, 2007 6:11 pm
It's not as simple as adding a backup MX, because the database that drives the service would need to replicated, and the overhead of the replication would require still more horsepower.
Not that we couldn't do it, but these are the sort of things that transform the cost of the service into a new category.
Not that we couldn't do it, but these are the sort of things that transform the cost of the service into a new category.
- josh
- Posts: 1371
- Joined: Fri Aug 29, 2003 2:28 pm
by de552 » Tue Jan 09, 2007 6:20 pm
I didn't mean adding "another replicated" server or adding realtime load balancing.
I ment adding another MX server with higher value. So it would spool messages if primary server is overloaded. Also if possible primary server could allow let's say 100 direct simultaneous connections and 20 ESMTP connections from smtp backup server.
So if primary server is full, messages start routing trough backup server.
My point is that the "incoming" smtp flood including attacks wouldn't directly stress the primary server.
Other option would be using "frontend" servers as many services currently do. Frontend servers take all the "crap" coming from internet, and after some filtering rest of valid traffic is then forwarded to real email servers which are completely hidden from direct traffic. Then Only messages which go trough proper domain and go all the way trough smtp process will be forwarded to main server. Then there is no easy way to "tie up" connections, you would actually need to send large messages to cause problems.
Any comments about that approach?
I ment adding another MX server with higher value. So it would spool messages if primary server is overloaded. Also if possible primary server could allow let's say 100 direct simultaneous connections and 20 ESMTP connections from smtp backup server.
So if primary server is full, messages start routing trough backup server.
My point is that the "incoming" smtp flood including attacks wouldn't directly stress the primary server.
Other option would be using "frontend" servers as many services currently do. Frontend servers take all the "crap" coming from internet, and after some filtering rest of valid traffic is then forwarded to real email servers which are completely hidden from direct traffic. Then Only messages which go trough proper domain and go all the way trough smtp process will be forwarded to main server. Then there is no easy way to "tie up" connections, you would actually need to send large messages to cause problems.
Any comments about that approach?
- de552
- Posts: 48
- Joined: Mon May 29, 2006 12:28 am
by josh » Tue Jan 09, 2007 8:35 pm
I see -- we are indeed looking into the possibility of adding another box to the mix in front of the mail server. Initial thoughts were that it would filter at a lower level than SMTP, based on lists of reported virus-controlled IP addresses. Simply using another mail server is maybe a more manageable way to do that -- makes sense.
- josh
- Posts: 1371
- Joined: Fri Aug 29, 2003 2:28 pm
by josh » Thu Jan 18, 2007 2:33 pm
dig MX spamgourmet.com
[...]
;; ANSWER SECTION:
spamgourmet.com. 86400 IN MX 7 gourmet7.spamgourmet.com.
spamgourmet.com. 86400 IN MX 1 gourmet.spamgourmet.com.
[...]
;; ADDITIONAL SECTION:
gourmet.spamgourmet.com. 86400 IN A 216.75.35.164
gourmet7.spamgourmet.com. 86400 IN A 216.75.35.134
[...]
;; ANSWER SECTION:
spamgourmet.com. 86400 IN MX 7 gourmet7.spamgourmet.com.
spamgourmet.com. 86400 IN MX 1 gourmet.spamgourmet.com.
[...]
;; ADDITIONAL SECTION:
gourmet.spamgourmet.com. 86400 IN A 216.75.35.164
gourmet7.spamgourmet.com. 86400 IN A 216.75.35.134
- josh
- Posts: 1371
- Joined: Fri Aug 29, 2003 2:28 pm
20 posts
• Page 1 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 81 guests