On Thursday 27 August 2015 15:01:32 Viktor Dukhovni wrote: > On Thu, Aug 27, 2015 at 02:49:12PM +0100, Gary Stainburn wrote: > > I've just put live a brand new shiney Centos 7 server to replace my aging > > Fedora system. One of the reasons for doing the upgrade was to try to > > get rid of the errors that prevented some sites from sending emails to > > us. > > Are you sure this is actually preventing email delivery? Perhaps > other log entries show successful mail deliveries. >
Yes these are preventing delivery. We can successfully send emails to the domain being managed by antispameurope.com but we cannot receive any. I'm guessing their server is treating this as a temporary fail as the users are taking 24 hours to receive an error message. > > 2015-08-27 14:06:03 TLS error on connection from > > mx-relay42-dus.antispameurope.com [94.100.134.242] (SSL_accept): timed > > out > > If you're seeing various connection timeouts, perhaps there's a > path MTU or similar network problem. I'm getting this from a number of hosts 2015-08-27 15:04:35 TLS error on connection from mail.cecollect.com [62.73.189.146] (SSL_accept): timed out 2015-08-27 15:04:45 TLS error on connection from mail49.tgml1.co.uk [37.221.217.49] (SSL_accept): timed out 2015-08-27 15:05:58 TLS error on connection from mail88.atl51.rsgsv.net [205.201.135.88] (SSL_accept): timed out 2015-08-27 15:06:00 TLS error on connection from mail132-9.atl131.mandrillapp.com [198.2.132.9] (SSL_accept): timed out 2015-08-27 15:07:02 TLS error on connection from mail136.wdc04.mandrillapp.com [205.201.131.136] (SSL_accept): timed out 2015-08-27 15:10:07 TLS error on connection from mta65248.mxmfb.com [109.68.65.248] (SSL_accept): timed out 2015-08-27 15:10:09 TLS error on connection from mx-relay35-dus.antispameurope.com [94.100.134.235] (SSL_accept): timed out 2015-08-27 15:10:17 TLS error on connection from mx-relay42-dus.antispameurope.com [94.100.134.242] (SSL_accept): timed out 2015-08-27 15:10:27 TLS error on connection from sec.pmg17.vn.ua [193.243.159.98] (SSL_accept): timed out 2015-08-27 15:10:28 TLS error on connection from mx-relay31-dus.antispameurope.com [94.100.134.231] (SSL_accept): timed out 2015-08-27 15:10:28 TLS error on connection from mx-relay31-dus.antispameurope.com [94.100.134.231] (SSL_accept): timed out 2015-08-27 15:10:33 TLS error on connection from mx-relay33-dus.antispameurope.com [94.100.134.233] (SSL_accept): timed out 2015-08-27 15:10:38 TLS error on connection from (mail1.aeml1.co.uk) [37.221.216.1] (SSL_accept): timed out 2015-08-27 15:11:00 TLS error on connection from uspmta164098.emsmtp.com [212.69.164.98] (SSL_accept): timed out > > > As the new server is significantly bigger / faster than the old one, I > > don't think performance is the cause. I have noticed that when > > I 'tail -f /var/log/exim/mainlog' it scrolls up my screen much quicker > > than the old server did so I think that performance may have been part of > > the reason originally > > The timeouts are unlikely to have been caused by the performance > of your server, either before or after the upgrade. I did have a number of delay statements in my config as suggested in various anti-SPAM pages over many years. I have reduced them signigicantly but that also hasn't made any difference. > > You should capture traffic (tcpdump) from one or more of these > servers, and see if you can make sense of it with wireshark or > similar. Look for retransmissions, etc. > > # By name or address as applicable. > # > tcpdump -w /file/name -s 0 host example.com and port 25 > tcpdump -w /file/name -s 0 host 192.0.2.1 and port 25 > > Ctrl-C or "kill -INT" when enough traffic has been captured. > This is something I will look at although the amount of traffic into my server is scary. A sad fact of internet life is that something like 90% of all incoming connections seem to be SPAM etc. Gary > -- > Viktor. -- Gary Stainburn Group I.T. Manager Ringways Garages http://www.ringways.co.uk -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
