Question : Funky SMTP connection termination

We a small network with about 25 users and host our own Exchange and our own spam box, that sits "between" the firewall (Cisco ASA 5505) and the Exchange box (Server 2003 w/ Exchange 2003)... The Cisco ASA 5505 routes all (MX) port 25 traffic to our spam "server," which is a dedicated Windows XP Pro box that houses our spam software (Praetor). Besides the occasional delayed delivery issues cause by XP Pro's virtual SMTP server only allowing 10 concurrent connections, we are having some vexing SMTP issues. This issue seems to be mainly with ATT-Worldnet, but I have had it happen to a couple of G-mail emails as well. Here's the issue:

The spam box will accept the SMTP connection, but then the session ends (is terminated) before transferring any data (the email). To me it looks like it is the ATT server sending the QUIT, but ATT is saying that we are blocking them... And I can guarantee that we are not blocking them, or anyone else for that matter. And its not the spam software terminating the connection due to the AT&T server being on an RBL, as the connection is terminated before the spam software can even act&
Ive included the SMTP logs for one of the troubled connections as well as a good connection from a Gmail account that shows the proper connection flow, including the scanning by the spam software and the transfer to the Exchange server for final delivery to the recipient. Ive also included the header information from an AT&T email on which the connection was canceled&

BAD CONNECTION:
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 EHLO - +fmailhost06.isp.att.net 250 0 177 28 0 SMTP - - - -
---
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 MAIL - +FROM: 250 0 43 40 16 SMTP - - - -
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 RCPT - +TO: 250 0 41 38 0 SMTP - - - -
---
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 QUIT - fmailhost06.isp.att.net 0 875 46 4 328 SMTP - - - -

GOOD CONNECTION:
2009-05-12 16:03:42 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 EHLO - +mail-gx0-f158.google.com 250 0 176 29 0 SMTP - - - -
---
2009-05-12 16:03:43 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 MAIL - +FROM: 250 0 45 32 0 SMTP - - - -
2009-05-12 16:03:43 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 RCPT - +TO: 250 0 41 38 0 SMTP - - - -
2009-05-12 16:03:43 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 DATA - +c4eh555647e0d52bde30@mail.gmail.com> 250 0 145 1708 78 SMTP - - - -
2009-05-12 16:03:43 - OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 220+EXCHANGE01.my-domain.com+Microsoft+ESMTP+MAIL+Service,+Version:+6.0.3790.3959+ready+at++Tue,+12+May+2009+12:06:08+-0400+ 0 0 128 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 EHLO - Praetor.my-domain.com 0 0 4 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 250-EXCHANGE01.my-domain.com+Hello+[192.168.0.32] 0 0 53 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 MAIL - FROM: 0 0 4 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - [email protected]....Sender+OK 0 0 43 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 RCPT - TO: 0 0 4 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - [email protected]+ 0 0 39 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 BDAT - 1987+LAST 0 0 4 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 250+2.6.0++0908p3003bc4eh555647e0d52bde30@mail.gmail.com>+Queued+mail+for+delivery 0 0 97 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 QUIT - - 0 0 4 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 221+2.0.0+EXCHANGE01.my-domain.com+Service+closing+transmission+channel 0 0 75 0 16 SMTP - - - -
---
2009-05-12 16:04:14 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 QUIT - mail-gx0-f158.google.com 0 30328 74 4 0 SMTP - - - -

BAD EMAIL HEADER:
From [email protected] Tue May 12 01:13:58 2009
Return-Path: <>
Authentication-Results: mta144.sbc.mail.mud.yahoo.com  from=isp.att.net; domainkeys=neutral (no sig); from=isp.att.net; dkim=neutral (no  sig)
Received: from 204.127.217.106  (EHLO fmailhost06.isp.att.net) (204.127.217.106)
  by mta144.sbc.mail.mud.yahoo.com with SMTP; Tue, 12 May 2009 01:14:15 -0700
Received: from fmailhost06.isp.att.net (localhost[127.0.0.1])
          by isp.att.net (frfwmhc06) with ESMTP
          id <20090512081414H0600rqsq7e>; Tue, 12 May 2009 08:14:14 +0000
From: [email protected]
Subject: Returned mail: delivery problems encountered
Message-Id: <20090512081358H060074g00e@isp.att.net>
Date: 12 May 2009  8:13:58 +0000
To:
Mime-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="_4a092fc6.1c90.0+isp.att.net=_"
Content-Length: 2317


Any information or assistance would be greatly appreciated. Thanks.

Ric J.

Answer : Funky SMTP connection termination

Have you turned off the SMTP mail guard or whatever it is called on the ASA device? That can cause this problem.

Simon.
Random Solutions  
 
programming4us programming4us