Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: problem with Connection refused

280 views
Skip to first unread message

Laurent CARON

unread,
Oct 25, 2007, 6:11:24 PM10/25/07
to
Carlos Alberto Bernat Orozco wrote:
> Hi group
>
>
> Im having troubles with a user. This user tells me when sends email to
> my domain, he sees the following message:
>
>
>> The following message to < usu...@midominio.net.co
> <mailto:tptbun....@codinet.net.co> > was undeliverable.
>> The reason for the problem:
>> 5.4.7 - Delivery expired (message too old) '[Errno 61] Connection refused'
>>
>

Hi,

You might try:

echo "0" > /proc/sys/net/ipv4/tcp_window_scaling

as a poor man's fix

Laurent

Victor Duchovni

unread,
Oct 25, 2007, 10:54:11 PM10/25/07
to
On Fri, Oct 26, 2007 at 12:11:24AM +0200, Laurent CARON wrote:

> >> The following message to < usu...@midominio.net.co
> > <mailto:tptbun....@codinet.net.co> > was undeliverable.
> >> The reason for the problem:
> >> 5.4.7 - Delivery expired (message too old) '[Errno 61] Connection refused'
>

> You might try:
>
> echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
>
> as a poor man's fix

How does that address "Connection Refused"? Are there firewalls that
issue RST for SYN pkts with wscale > 0 options? Don't recall seeing any
reports of that.

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majo...@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Jay Chandler

unread,
Oct 25, 2007, 10:58:33 PM10/25/07
to
Victor Duchovni wrote:
> On Fri, Oct 26, 2007 at 12:11:24AM +0200, Laurent CARON wrote:
>
>>>> The following message to < usu...@midominio.net.co
>>> <mailto:tptbun....@codinet.net.co> > was undeliverable.
>>>> The reason for the problem:
>>>> 5.4.7 - Delivery expired (message too old) '[Errno 61] Connection refused'
>> You might try:
>>
>> echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
>>
>> as a poor man's fix
>
> How does that address "Connection Refused"? Are there firewalls that
> issue RST for SYN pkts with wscale > 0 options? Don't recall seeing any
> reports of that.
>

This is probably a horrific oversimplification, but have you tried
checking / syncing the time on the affected systems?

--
Jay Chandler / KB1JWQ
Living Legend / Systems Exorcist
Today's Excuse: Melting hard drives

Victor Duchovni

unread,
Oct 25, 2007, 11:01:36 PM10/25/07
to
On Thu, Oct 25, 2007 at 07:58:33PM -0700, Jay Chandler wrote:

> Victor Duchovni wrote:
> >On Fri, Oct 26, 2007 at 12:11:24AM +0200, Laurent CARON wrote:
> >
> >>>>The following message to < usu...@midominio.net.co
> >>><mailto:tptbun....@codinet.net.co> > was undeliverable.
> >>>>The reason for the problem:
> >>>>5.4.7 - Delivery expired (message too old) '[Errno 61] Connection
> >>>>refused'
> >>You might try:
> >>
> >>echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
> >>
> >>as a poor man's fix
> >
> >How does that address "Connection Refused"? Are there firewalls that
> >issue RST for SYN pkts with wscale > 0 options? Don't recall seeing any
> >reports of that.
> >
>
> This is probably a horrific oversimplification, but have you tried
> checking / syncing the time on the affected systems?

This too is a rather unlikely cause. Postfix message expiration does not
depend on the local clock being correct relative to any other reference,
it just needs to not make giant leaps forward.

Laurent CARON

unread,
Oct 26, 2007, 4:26:23 AM10/26/07
to
Victor Duchovni a écrit :

> How does that address "Connection Refused"? Are there firewalls that
> issue RST for SYN pkts with wscale > 0 options? Don't recall seeing any
> reports of that.
>

It happened between one of my postfix servers being unable to connect to
a remote server sitting behind a cheap router.

disabling tcp_window_scaling 'solved' that problem.

Laurent

Victor Duchovni

unread,
Oct 26, 2007, 3:11:25 PM10/26/07
to
On Fri, Oct 26, 2007 at 10:26:23AM +0200, Laurent CARON wrote:

> Victor Duchovni a ?crit :

And it was connection refused, not failure after the 3-way handshake?

Laurent CARON

unread,
Oct 26, 2007, 3:27:53 PM10/26/07
to
Victor Duchovni a écrit :

>> disabling tcp_window_scaling 'solved' that problem.
>
> And it was connection refused, not failure after the 3-way handshake?
>

Yes, connection was refused, tried telnetting to the "foreign" server
without any luck.

I was only able to reach it after disabling tcp_window_scaling.

mouss

unread,
Oct 27, 2007, 6:26:08 AM10/27/07
to
Laurent CARON wrote:
> Victor Duchovni a écrit :
>>> disabling tcp_window_scaling 'solved' that problem.
>>
>> And it was connection refused, not failure after the 3-way handshake?
>>
>
> Yes, connection was refused, tried telnetting to the "foreign" server
> without any luck.

again, was this really "connection refused" (literally) or was it
another error (timeout, ...).

I've seen problems with scp/ftp, when the connection times out.

mouss

unread,
Oct 27, 2007, 6:22:25 AM10/27/07
to
Carlos Alberto Bernat Orozco wrote:
> Hi group
>
>
> Im having troubles with a user. This user tells me when sends email to my
> domain, he sees the following message:
>
>
>> The following message to <usu...@midominio.net.co<tptbun....@codinet.net.co>>

> was undeliverable.
>> The reason for the problem:
>> 5.4.7 - Delivery expired (message too old) '[Errno 61] Connection refused'
>>

tell him to disable his anti-virus and his firewall and try.

>
> And the messages sometimes arrive and sometimes dont. Is this an error of my
> server? is an error of the user or the server of the user from the other
> domain?
>
> I dont have a clue why is happening this. Please any help
>
> this is my postconf -n
>


show relevant postfix logs. If there are none, and if postfix is
listening on the ports used for the connection (typically 25), then the
problem is most certainly elsewhere. some candidates:

- anti-virus software on the client host
- firewall on the client host
- firewall between the client and server
- firewall on the server itself


firewalls are sometimes misconfigured to block all icmp traffic. This is
wrong and is described elsewhere. There are also firewalls that break
with tcp windows scaling. These must be upgraded (after all, they will
break connections from windows vista as well, not only linux/bsd/...),
otherwise, ther's not much you can do unless you can disable windows
scaling on all involved systems....

Laurent CARON

unread,
Oct 27, 2007, 6:32:04 AM10/27/07
to
mouss a écrit :

> Laurent CARON wrote:
>> Victor Duchovni a écrit :
>>>> disabling tcp_window_scaling 'solved' that problem.
>>> And it was connection refused, not failure after the 3-way handshake?
>>>
>> Yes, connection was refused, tried telnetting to the "foreign" server
>> without any luck.
>
> again, was this really "connection refused" (literally) or was it
> another error (timeout, ...).
>
> I've seen problems with scp/ftp, when the connection times out.

Cnx refused.

I'll send Victor Duchovni a tcpdump output about it.

0 new messages