TCP Read error

Having an issue with certain email domains. This is part of my log
file (verbose logging) when I tried to send an email to someone at this
domain:

09:23:13 EF6F DMN: MSG 817798 Accepted connection: [192.168.50.7]
(gwava.ccgov.net)
09:23:13 EF6F DMN: MSG 817798 Receiving file:
/media/nss/DATA/campgwia/wpgate/gwia/third/receive/189a8025.176
09:23:14 EF6F DMN: MSG 817798 SMTP session ended: [192.168.50.7]
(gwava.ccgov.net)
09:23:20 F477 Queuing deferred message:
/media/nss/DATA/campgwia/wpgate/gwia/send/s203b687.477
09:23:20 F477 MSG 817737 Analyzing result file:
/media/nss/DATA/campgwia/wpgate/gwia/result/r208a6f3.507
09:23:20 F477 MSG 817737 Command: interactivehealthinc.com
09:23:20 F477 MSG 817737 Response: 220 gwava.ccgov.net GWAVA Proxy
Copyright (c) 2011 GWAVA, Inc. All rights reserved. Ready
09:23:20 F477 MSG 817737 Command: EHLO mail.ccgov.net
09:23:20 F477 MSG 817737 Response: 250 ok
09:23:20 F477 MSG 817737 Command: MAIL FROM:<my email address>
09:23:20 F477 MSG 817737 Response: 250 OK
09:23:20 F477 MSG 817737 Command: RCPT TO:<destination email address>
09:23:20 F477 MSG 817737 Response: 250 2.1.5 Ok
09:23:20 F477 MSG 817737 Detected error on SMTP command
09:23:20 F477 MSG 817737 Command: DATA
09:23:20 F477 MSG 817737 Response: 420 TCP read error
09:23:20 F477 MSG 817737 Deferring message:
/media/nss/DATA/campgwia/wpgate/gwia/defer/s208a6f3.507

I removed specific email addresses, but they are legit addresses. Is
this a gwia error or do I need to contact Gwava since that is our
outbound mail relay.

If this is something with the gwia, any suggestions on it? Gwia 12.0.2
running on sles11sp2/oes11sp1, 64 bit.

--
Stevo

Tags:

  • In article <Hr8Ot.1292$4h.886@kozak.provo.novell.com>, Stevo wrote:
    > Is this a gwia error or do I need to contact Gwava since that is our
    > outbound mail relay.


    This is a connection problem between the two of you. It could be as
    simple as a flaky switch port.

    Start with checking if you are getting any errors on your NIC with the
    ifconfig command.

    Check your switches and internet connection for errors and deal with
    those, then if you are still getting those errors, work with GWAVA.


    Andy Konecny
    Knowledge Partner (voluntary SysOp)
    KonecnyConsulting.ca in Toronto
    ----------------------------------------------------------------------
    Andy's Profile: http://forums.novell.com/member.php?userid=75037


  • Andy Konecny sounds like they 'said':

    > In article <Hr8Ot.1292$4h.886@kozak.provo.novell.com>, Stevo wrote:
    > > Is this a gwia error or do I need to contact Gwava since that is our
    > > outbound mail relay.

    >
    > This is a connection problem between the two of you. It could be as
    > simple as a flaky switch port.
    >
    > Start with checking if you are getting any errors on your NIC with
    > the ifconfig command.
    >
    > Check your switches and internet connection for errors and deal with
    > those, then if you are still getting those errors, work with GWAVA.
    >
    >
    > Andy Konecny
    > Knowledge Partner (voluntary SysOp)
    > KonecnyConsulting.ca in Toronto
    > ----------------------------------------------------------------------
    > Andy's Profile: http://forums.novell.com/member.php?userid=75037


    So my response to Andy's comment is...

    In over 20GB received
  • Hi.

    On 12.08.2013 18:55, Stevo wrote:
    > Having an issue with certain email domains. This is part of my log
    > file (verbose logging) when I tried to send an email to someone at this
    > domain:
    >
    > 09:23:13 EF6F DMN: MSG 817798 Accepted connection: [192.168.50.7]
    > (gwava.ccgov.net)
    > 09:23:13 EF6F DMN: MSG 817798 Receiving file:
    > /media/nss/DATA/campgwia/wpgate/gwia/third/receive/189a8025.176
    > 09:23:14 EF6F DMN: MSG 817798 SMTP session ended: [192.168.50.7]
    > (gwava.ccgov.net)
    > 09:23:20 F477 Queuing deferred message:
    > /media/nss/DATA/campgwia/wpgate/gwia/send/s203b687.477
    > 09:23:20 F477 MSG 817737 Analyzing result file:
    > /media/nss/DATA/campgwia/wpgate/gwia/result/r208a6f3.507
    > 09:23:20 F477 MSG 817737 Command: interactivehealthinc.com
    > 09:23:20 F477 MSG 817737 Response: 220 gwava.ccgov.net GWAVA Proxy
    > Copyright (c) 2011 GWAVA, Inc. All rights reserved. Ready
    > 09:23:20 F477 MSG 817737 Command: EHLO mail.ccgov.net
    > 09:23:20 F477 MSG 817737 Response: 250 ok
    > 09:23:20 F477 MSG 817737 Command: MAIL FROM:<my email address>
    > 09:23:20 F477 MSG 817737 Response: 250 OK
    > 09:23:20 F477 MSG 817737 Command: RCPT TO:<destination email address>
    > 09:23:20 F477 MSG 817737 Response: 250 2.1.5 Ok
    > 09:23:20 F477 MSG 817737 Detected error on SMTP command
    > 09:23:20 F477 MSG 817737 Command: DATA
    > 09:23:20 F477 MSG 817737 Response: 420 TCP read error
    > 09:23:20 F477 MSG 817737 Deferring message:
    > /media/nss/DATA/campgwia/wpgate/gwia/defer/s208a6f3.507



    That log is inconsistent/incomplete. We need to see all entries for MSG
    817737, which you posted isn't all of them (the connection setup is
    missing. The lines referring to MSG 817798 OTOH are of no interest here.

    However, what happened here is your GWIA waiting for a response from the
    gwava server to it's DATA command, which it never received. That can be
    a generic network problem, or a software problem at your gwava machine.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • I see these errors in the gwia when our GWAVA appliance blocks something. Very common when someone tries to send an attachment larger than the max size defined in GWAVA, for example. Easy to test by adding the recipient domain to the exclusion list.



    >>> Stevo<steveSPAM@LESSccgov.net> 8/12/2013 10:55 AM >>>

    Having an issue with certain email domains. This is part of my log
    file (verbose logging) when I tried to send an email to someone at this
    domain:

    09:23:13 EF6F DMN: MSG 817798 Accepted connection: [192.168.50.7]
    (gwava.ccgov.net)
    09:23:13 EF6F DMN: MSG 817798 Receiving file:
    /media/nss/DATA/campgwia/wpgate/gwia/third/receive/189a8025.176
    09:23:14 EF6F DMN: MSG 817798 SMTP session ended: [192.168.50.7]
    (gwava.ccgov.net)
    09:23:20 F477 Queuing deferred message:
    /media/nss/DATA/campgwia/wpgate/gwia/send/s203b687.477
    09:23:20 F477 MSG 817737 Analyzing result file:
    /media/nss/DATA/campgwia/wpgate/gwia/result/r208a6f3.507
    09:23:20 F477 MSG 817737 Command: interactivehealthinc.com
    09:23:20 F477 MSG 817737 Response: 220 gwava.ccgov.net GWAVA Proxy
    Copyright (c) 2011 GWAVA, Inc. All rights reserved. Ready
    09:23:20 F477 MSG 817737 Command: EHLO mail.ccgov.net
    09:23:20 F477 MSG 817737 Response: 250 ok
    09:23:20 F477 MSG 817737 Command: MAIL FROM:<my email address>
    09:23:20 F477 MSG 817737 Response: 250 OK
    09:23:20 F477 MSG 817737 Command: RCPT TO:<destination email address>
    09:23:20 F477 MSG 817737 Response: 250 2.1.5 Ok
    09:23:20 F477 MSG 817737 Detected error on SMTP command
    09:23:20 F477 MSG 817737 Command: DATA
    09:23:20 F477 MSG 817737 Response: 420 TCP read error
    09:23:20 F477 MSG 817737 Deferring message:
    /media/nss/DATA/campgwia/wpgate/gwia/defer/s208a6f3.507

    I removed specific email addresses, but they are legit addresses. Is
    this a gwia error or do I need to contact Gwava since that is our
    outbound mail relay.

    If this is something with the gwia, any suggestions on it? Gwia 12.0.2
    running on sles11sp2/oes11sp1, 64 bit.

    --
    Stevo
  • Stevo;2276683 wrote:

    09:23:20 F477 MSG 817737 Command: DATA
    09:23:20 F477 MSG 817737 Response: 420 TCP read error


    Any chance the remote GWAVA system has greylisting enabled? Because this looks a lot like it. Does the message get delivered on the next resend attempt?

    -- Bob
  • On 16.08.2013 01:36, Bob-O-Rama wrote:
    >
    > Stevo;2276683 Wrote:
    >>
    >> 09:23:20 F477 MSG 817737 Command: DATA
    >> 09:23:20 F477 MSG 817737 Response: 420 TCP read error
    >>

    >
    > Any chance the remote GWAVA system has greylisting enabled? Because
    > this looks a lot like it. Does the message get delivered on the next
    > resend attempt?


    I sure hope GWAVA doesn't implement greylisting in such a miserable way
    that they simply "hang up" instead of sending their own 4XX level error.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Hi

    Further to what Massimo says... why would you implement greylisting on your outbound connections?

    Just asking!

    Cheers,
  • Bob-O-Rama sounds like they 'said':

    > Any chance the remote GWAVA system has greylisting enabled? Because
    > this looks a lot like it. Does the message get delivered on the next
    > resend attempt?
    >
    > -- Bob


    So my response to Bob's comment is...

    For a week or so, they would never get delivered. Now all of a sudden
    they seem to be going through............<shrug>

    --
    Stevo
  • Stevo;2277522 wrote:
    Bob-O-Rama sounds like they 'said':

    > Any chance the remote GWAVA system has greylisting enabled? Because
    > this looks a lot like it. Does the message get delivered on the next
    > resend attempt?
    >
    > -- Bob


    So my response to Bob's comment is...

    For a week or so, they would never get delivered. Now all of a sudden
    they seem to be going through............<shrug>

    --
    Stevo


    Stevo,

    Did you ever get to the bottom of this or has it reappeared? I have the same issue going on with a few domains(that I know of) right now. Just about the same setup you have. GWAVA and the gwia are VMs, so I don't think it's a network issue. We did get ourselves on a couple black lists and got a poor sender base rep because of a user compromised gw password. I'm leaning towards the senderbase rep being part of the issue, but in the past, I think we would get responses that said that much, not just 420 errors in the gwia log.

    As an aside, I hate email and we all need to go back to faxes and party lines.
  • imc;2289964 wrote:
    ...I have the same issue going on with a few domains(that I know of) right now. Just about the same setup you have. GWAVA and the gwia are VMs, so I don't think it's a network issue...


    If all seems ok/healthy on the VM/hypervisor/network side, but you are seeing communication issues between VM's... try disabling tso and lso on both sending and receiving VM (as reference: this can be done on the fly with the ethtools command, for example "ethtools -K eth0 tso off lso off". Seeing the current settings on the nic "ethtool -k eth0).

    It's a stab in the dark, so to say... but I've seen that clear up enough communication issues between VM's to suggest doing it. :) It should not really have an ill effect (or any real-life noticeable ones) for connected clients, it might bump up CPU use a bit (as offload settings get disabled doing this) and somewhat lower throughput when dealing with larger files. Anyway... good just to test it and rule it out. Reversing those settings is easy enough (reboot for a complete reset to the previous default, or just run the same command with the on flag set).

    It would also be good to know a bit more about your setup specifics.... like which hypervisor are you running, which version/patchlevel, what's the OS running on the VM's and there also which version/patchlevel?
    Also curious as to if these VM's are running on the same hypervisor host, or on separate ones?
    And which VM nic type has been selected for the VM's in question?

    Cheers,
    Willem