More on SMTP - 0 message[s] received

I am talking about the issue discussed briefly here and probably elsewhere though I haven’t checked…

This had become somewhat perplexing to me in my quest to analyse statistics on messages received vs. messages blocked and reasons for such blocking.

In theory, every time “0 message[s] received” is recorded in the log, there should be a corresponding log entry showing either that the host was found in a blacklist, or some other local policy violation (user not found in Domino Directory, mail from that IP blocked locally, attempted third party relay or whatever). Of course there will be occasions when a host connects and disconnects without doing anything, but these should be very rare.

So counting policy rejections (call this A) and blacklist rejections (call this B) and summing them over a defined period, we should expect to see a number roughly equal to the count of “0 message[s] received” (call this C) over the same period - i.e. A+B=C.

In fact, what we have been seeing here is 2*(A+B)=C very roughly - or twice the number of recorded instances of “0 message[s] received” that we would expect from counting explicit rejections.

I suspected this may be a firewall related phenomenon (don’t ask why, just a hunch) and so did some digging. We use a Cisco PIX and this firewall uses something called fixup SMTP protocol. Try searching the R4/R5 forum for that!

So we turned off the Cisco PIX fixup SMTP protocol on the firewall and…

A+B=C

at least for the past 24 hours or so.

This fixup protocol basically restricts the SMTP command set for inbound conversations to HELO, MAIL FROM, RCPT TO, DATA, RSET, NOOP and QUIT. That is, if you think you are using ESMTP (EHLO with those useful extensions like SIZE and PIPELINING and AUTH!), if you are behind a Cisco PIX firewall using fixup SMTP, you are not.

A random sampling of hosts apparently confused by this shows up a high proportion of Exchange servers, many of which like to start with EHLO (translated by fixup to XXXX). They seem to be confused by the 500 reply from the Domino server and disconnect immediately before trying again.

Subject: More on SMTP - 0 message[s] received

Does that mean your losing a ton of mail that you should be receiving from legitimate sources then ?

It’s not like that is a transient problem and future tries by those servers will be successful.

Subject: RE: More on SMTP - 0 message[s] received

Not sure.

I suspect very little real mail has been dropped as a result of this but it depends on how remote senders have configured their MTAs to handle 500 responses to EHLO. They should take that as an invitation to retry with HELO.

In some cases it appears that these remote hosts disconnect first, then reconnect to try HELO, which goes some way towards explaining the anomaly.

Where there is no retry after the initial disconnect, the originating IP can often be found in an RBL - usually one listing open socks or HTTP connect proxies, so this looks like broken spamware which doesn’t worry me too much.

Bottom line - I don’t think this has caused any permanent problems, but I also don’t think it necessary to protect a properly secured Domino SMTP server from ESMTP either…

Subject: RE: More on SMTP - 0 message[s] received

Thanks - interesting topic.