Connection error in mail_logs

Unanswered Question
Feb 12th, 2008

Hello,


since some days I have a lot of entrys like this in my mail_logs:

Tue Feb 12 12:23:31 2008 Info: Connection Error: DCID: 32131664 domain: 7-11.com IP: 199.196.10.25 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:31 2008 Info: Connection Error: DCID: 32131666 domain: www.yangzhou.cn IP: 61.177.180.12 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:31 2008 Info: Connection Error: DCID: 32131667 domain: alzinger-vogel.de IP: 81.3.54.34 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:31 2008 Info: Connection Error: DCID: 32131668 domain: zedpointrecruiters.com IP: 209.62.20.192 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131669 domain: thinkmachine.net IP: 64.69.68.141 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131827 domain: mm-outgoing-107.amazon.com IP: 207.171.178.142 port: 25 details: 421-'SMTP service not available, closing transmission channel' interface: 192.168.0.10 reason: unexpected SMTP response
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131670 domain: dssop.com IP: 213.171.192.236 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131671 domain: d055108.adsl.hansenet.de IP: 80.171.55.108 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131672 domain: sexatlas.com IP: 216.130.185.4 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131673 domain: dannowicki.com IP: 66.246.195.42 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131674 domain: curvanti.rw IP: 64.18.138.88 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131675 domain: audioforums.com IP: 66.249.253.49 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131677 domain: orgyhome.net IP: 8.15.231.104 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131678 domain: huw.cn IP: 218.85.137.147 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131679 domain: jieke.com.cn IP: 202.165.98.232 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131680 domain: 263.com IP: 211.100.28.126 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out
Tue Feb 12 12:23:32 2008 Info: Connection Error: DCID: 32131681 domain: aaaaa.com.tw IP: 211.21.231.130 port: 25 details: timeout interface: 192.168.0.10 reason: connection timed out


What is going wrong ?
I checked in the gui in Outgoing Destinations, for this domains and I didnt find anything about this domains. Also isn't there not much more emails like before (it seems everything is ok). Only my mailservers are allowed to send emails over the appliance. But I didnt find anything at the mail servers in the logs.

Thanks for any comment.

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Donald Nash Tue, 02/12/2008 - 22:32

Looks like you've got at least two different causes in there. You managed to connect to Amazon, but they hung up on you. That at least verifies that your network connectivity is working, but who knows why Amazon hung up on you.

Most of the rest look like spam domains:

  • sexatlas.com
  • orgyhome.net
  • 263.com
  • aaaaa.com.tw

Spam domains typically don't run SMTP servers, so any mail sent to them will be undeliverable. You say that only your own mail servers are allowed to send via your appliance, but someone is injecting those messages. Look them up in your mail_logs to see where they're coming from.

Actions

This Discussion