Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Lost mail - NOQUEUE: [195.154.202.177] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0

850 views
Skip to first unread message

Guizlamoui

unread,
Mar 27, 2002, 4:27:12 PM3/27/02
to
Hi all,

Can some one help me ? I lose a lot of mail (near 30 per hour !) from
certains servers ; in logs I found always alert like that :
Mar 27 20:04:08 serveur sendmail[32289]: NOQUEUE: [xxx.xxx.xxx.xxx] did not
issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0

Does anybody ever had this problem ? Thanks for your help

Gui

GertJan

unread,
Mar 27, 2002, 5:50:16 PM3/27/02
to
Guizlamoui wrote:

Looks more like someone who is constantly scanning your box and not trying
to send mail.
--
GertJan

Running SuSE 7.2 with kernel 2.4.19-pre3-ac4-preempt
11:46pm up 3 days, 7:15, 0 users, load average: 0.00, 0.02, 0.00

Andrzej Filip

unread,
Mar 29, 2002, 8:06:00 AM3/29/02
to
GertJan wrote:

>Guizlamoui wrote:
>
>>Can some one help me ? I lose a lot of mail (near 30 per hour !) from
>>certains servers ; in logs I found always alert like that :
>>Mar 27 20:04:08 serveur sendmail[32289]: NOQUEUE: [xxx.xxx.xxx.xxx] did
>>not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
>>
>>Does anybody ever had this problem ? Thanks for your help
>>
>
>Looks more like someone who is constantly scanning your box and not trying
>to send mail.
>

Is you sendmail compiled with tcpwrappers support ?

sendmail -d0.1 -bv root | grep TCP

--
Andrzej (Andrew) A. Filip an...@box43.pl http://www.polbox.com/a/anfi
366A 5DD7 7707 379C 9251 32AE C948 0BD2 7D99 688A expires: 2003-01-25
I may disagree with the following *random epigram* :
A woman shouldn't have to buy her own perfume.
-- Maurine Lewis

Don Kelloway

unread,
Apr 10, 2002, 11:17:00 PM4/10/02
to
I know that this can be indicative of a TCP connection on port 25 being made
from the IP address to the SMTP server and the IP address doing nothing but
sitting there on the connection.

Note, This can also be manually accomplished through the Windows Telnet
application. Just hit the Enter key a few times after the 220 banner has
appeared and this same error message can be produced.

--
Best Regards,
Don Kelloway
http://www.commodon.com

For *your* protection, visit http://www.commodon.com/threat to learn about
Back Orifice, NetBus, SubSeven and a few others. All of which are "Threats
to Your Security on the Internet".


"Guizlamoui" <guillaum...@free.fr> wrote in message
news:3ca23903$1$11120$626a...@news.free.fr...

Alex Brett

unread,
Apr 11, 2002, 4:17:12 AM4/11/02
to
I am getting this problem when my backup server tries to send email on to my
primary server. The email just gets lost and I'm not sure why. The backup
shows it is sending it normally but then the primary shows the same error
message as below in its logs.

Any ideas?

Alex Brett
alex_...@hotmail.com

"Don Kelloway" <dkel...@commodon.com> wrote in message
news:Me7t8.34204$CA6.4...@newsread1.prod.itd.earthlink.net...

Neil W Rickert

unread,
Apr 11, 2002, 11:52:34 AM4/11/02
to
>I am getting this problem when my backup server tries to send email on to my
>primary server. The email just gets lost and I'm not sure why. The backup
>shows it is sending it normally but then the primary shows the same error
>message as below in its logs.

I suggest you run the primary server with -O LogLevel=15

That should log the smtp dialog, and might give you a better idea as
to what is happening.

Alex Brett

unread,
Apr 11, 2002, 2:49:34 PM4/11/02
to
This is weird: I see this in my primary server log (I can't make any sense
of it:

Apr 11 19:46:00 Server sendmail[7564]: NOQUEUE: connect from
[217.207.35.195]
Apr 11 19:46:00 Server sendmail[7564]: SASL: available mech=PLAIN LOGIN
ANONYMOUS, allowed mech=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
Apr 11 19:46:00 Server sendmail[7564]: g3BIk0l07564: --> 220
localhost.localdomain ESMTP Sendmail 8.11.6/8.11.6; Thu, 11 Apr 2002
19:46:00 +0100
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: <-- EHLO
localhost.localdomain
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: -->
250-localhost.localdomain Hello [217.207.35.195], pleased to meet you
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: -->
250-ENHANCEDSTATUSCODES
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250-8BITMIME
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250-SIZE
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250-DSN
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250-ONEX
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250-ETRN
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250-XUSR
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250 HELP
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: <-- QUIT
Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 221 2.0.0
localhost.localdomain closing connection
Apr 11 19:46:01 Server sendmail[7564]: NOQUEUE: [217.207.35.195] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA


Anybody any ideas?

Thanks in advance,
Alex Brett
alex_...@hotmail.com

"Neil W Rickert" <ricke...@cs.niu.edu> wrote in message
news:a94bg2$ahs$1...@husk.cso.niu.edu...

Don Kelloway

unread,
Apr 12, 2002, 12:05:45 AM4/12/02
to
I'm inclined to say that someone or something at IP 217.207.35.195 (located
in Europe) initated an SMTP connection to your server. Then after receipt of
the expected 220 banner, issued the EHLO command and a bogus domain. After
the ESMTP Status Codes were dispalyed, the connection was closed with the
QUIT command. Because the initiator of the connection did nothing other
than the above, the system records the NOQUEUE message.

This process is what I had described in an earlier post on this subject.
There is nothing to be concerned with in regards to the NOQUEUE message
itself, but what you should be concerned with, is that somone or something
at IP 217.207.35.195 was "probing" the server. Of course, this could be
nothing to be concerned with as well...

--
Best Regards,
Don Kelloway
http://www.commodon.com

For *your* protection, visit http://www.commodon.com/threat to learn about
Back Orifice, NetBus, SubSeven and a few others. All of which are "Threats
to Your Security on the Internet".


"Alex Brett" <alex_...@hotmail.com> wrote in message
news:fUkt8.9008$C21.1...@news6-win.server.ntlworld.com...

Alex Brett

unread,
Apr 12, 2002, 8:06:00 AM4/12/02
to
The machine at 217.207.35.195 (linux.downsend.co.uk) is my backup mx server
for pscn.eu.org. I sent an email to it manually and it isn't getting
through to my primary server. That is my main problem!

Alex Brett
alex_...@hotmail.com


"Don Kelloway" <dkel...@commodon.com> wrote in message

news:t2tt8.1966$L1.1...@newsread2.prod.itd.earthlink.net...

Claus Aßmann

unread,
Apr 12, 2002, 9:10:59 AM4/12/02
to
Alex Brett wrote:
> This is weird: I see this in my primary server log (I can't make any sense
> of it:
>
> Apr 11 19:46:00 Server sendmail[7564]: NOQUEUE: connect from
> [217.207.35.195]

> Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: --> 250 HELP


> Apr 11 19:46:01 Server sendmail[7564]: g3BIk0l07564: <-- QUIT

> Anybody any ideas?

Check the same on the secondary server. Run

date | sendmail -O LogLevel=14 -v postm...@primary.server

Check the output and the logfile.

--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/ Before you ask.

Alex Brett

unread,
Apr 12, 2002, 12:44:26 PM4/12/02
to
Ive solved the problem, I added the Dj line to stop sendmail from using
localhost.localdomain on both servers. It now works perfectly

Alex Brett
alex_...@hotmail.com

"Alex Brett" <alex_...@hotmail.com> wrote in message

news:V3At8.12263$C21.2...@news6-win.server.ntlworld.com...

Don Kelloway

unread,
Apr 13, 2002, 1:43:02 AM4/13/02
to
I was just trying to answer your last question posed, which was how to make
sense of the log file posted. Sorry to have wasted your time...

--
Best Regards,
Don Kelloway
http://www.commodon.com

For *your* protection, visit http://www.commodon.com/threat to learn about
Back Orifice, NetBus, SubSeven and a few others. All of which are "Threats
to Your Security on the Internet".


"Alex Brett" <alex_...@hotmail.com> wrote in message

news:V3At8.12263$C21.2...@news6-win.server.ntlworld.com...

Merlin

unread,
Apr 13, 2002, 2:29:23 AM4/13/02
to
> > > > Apr 11 19:46:01 Server sendmail[7564]: NOQUEUE: [217.207.35.195] did
> not
> > > > issue MAIL/EXPN/VRFY/ETRN during connection to MTA
> > > >
> > > >
> > > > Anybody any ideas?


Getting a similar message from my upstream provider. telstra.net . They certainly aren't a bogus company being
Australia's major telco.

but like you - I have no idea what it means.

bc

Alex Brett

unread,
Apr 13, 2002, 4:49:57 AM4/13/02
to
What I found was that it simply didn't like the fact that both of the
sendmails were claiming that they were localhost.localdomain. Maybe in your
case your server is saying it is localhost.localdomain and therefore your
upstream provider is not accepting it for some reason?

Just a thought,
Alex Brett
alex_...@hotmail.com

"Merlin" <rob...@quantum-radio.net.au> wrote in message
news:AcQt8.15$Rv5....@nsw.nnrp.telstra.net...

Merlin

unread,
Apr 13, 2002, 4:58:11 AM4/13/02
to
hmmm. Thanks, I'll look into that, because sendmail is doing everything like that. localhost ??? Something I've been
meaning to track down.

robert

"Alex Brett" <alex_...@hotmail.com> wrote in message news:4iSt8.12178$tZ1.3...@news2-win.server.ntlworld.com...

Alex Brett

unread,
Apr 13, 2002, 6:48:29 AM4/13/02
to
The directive you want in the config file is Dj - it is probably something
like Dj%w.foo.com at the moment, i just uncommented it and changed it to
Djlinux.downsend.co.uk for one of them. Just change that to what your
server actually is - that fixed it for me.

Hope this helps,
Alex Brett
alex_...@hotmail.com

"Merlin" <rob...@quantum-radio.net.au> wrote in message

news:3oSt8.3$zF5...@nsw.nnrp.telstra.net...

0 new messages