Discussion:
smtp keep-alive message possibility
(too old to reply)
d tbsky
2006-12-11 10:17:01 UTC
Permalink
hi:
some of our users now use outlook 2003. the smtp session
idle timeout default is 60 seconds for outlook 2003 and 2007.

we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email. so the outlook
2003/2007 think smtp-timeout when clamav is working.
outlook disconnect and try send the mail again in a few minutes.
but qmail think the mail is ok, so it deliver the mail to user.

so outlook try to send the same mail again and again, and
the user receive the same mail again and again.

change outlook timeout fix this. but i wonder if we can let qmail-smtpd
sent out a "keep alive" message when qmail-queue is working?
thanks for help!!

Regards,
tbskyd
m***@epigenomics.com
2006-12-11 11:00:25 UTC
Permalink
On 11 Dec 2006 18:17:01 +0800,
Post by d tbsky
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email. so the outlook
2003/2007 think smtp-timeout when clamav is working.
outlook disconnect and try send the mail again in a few minutes.
but qmail think the mail is ok, so it deliver the mail to user.
Hi!

We faced the same issue.

We made our mailserver faster so that it is able to virus scan messages
within its databytes limit within the 60 seconds default SMTP timeout.

Another option is to have a "frontend" or submission server that
receives the messages and forwards them to the scanning server. This way
you have the SMTP timeout issue on a connection controlled by you. The
drawback is that the submission server will not reject virus messages on
SMTP level.

Greetings
--
Robert Sander
Richard Archer
2006-12-11 10:48:52 UTC
Permalink
Post by d tbsky
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email.
Clamav says:

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M

Sounds like there's a good reason for that default :)

...R.
Daniel Cañas Montero
2006-12-11 21:52:40 UTC
Permalink
Post by Richard Archer
Post by d tbsky
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
Sounds like there's a good reason for that default :)
...R.
This option is for archives only.
There is no mechanism in clamav to skip messages larger than a
certain size.
The user has to do that before passing the message to clamav.

There also is the option "StreamMaxLength" but that closes the
connection when the data size reaches the value specified.
Resulting in the message being rejected.

-- Daniel Alberto
d tbsky
2006-12-12 05:12:00 UTC
Permalink
hi:
qmail-scanner can skip clamav when encounter big mails.
the default is 100M. we now set to 5 MB for safety..
i hope there is a better way...

Regards,
tbskyd
Post by Daniel Cañas Montero
Post by Richard Archer
Post by d tbsky
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
Sounds like there's a good reason for that default :)
...R.
This option is for archives only.
There is no mechanism in clamav to skip messages larger than a
certain size.
The user has to do that before passing the message to clamav.
There also is the option "StreamMaxLength" but that closes the
connection when the data size reaches the value specified.
Resulting in the message being rejected.
-- Daniel Alberto
Adi Pircalabu
2006-12-13 14:36:58 UTC
Permalink
Post by d tbsky
qmail-scanner can skip clamav when encounter big mails.
the default is 100M. we now set to 5 MB for safety..
i hope there is a better way...
Yes there are many, such as:
1. Faster AV scan (all due respect, but qmail-scanner and Clamav do
not qualify as high-end here)
2. Outgoing SMTP server relaying through a scanning machine.
3. Combination of 1. and 2.
--
Adrian Pircalabu
Fabio Busatto
2006-12-11 12:05:45 UTC
Permalink
Post by d tbsky
some of our users now use outlook 2003. the smtp session
idle timeout default is 60 seconds for outlook 2003 and 2007.
Is this timeout for application layer or for trasport layer of
the SMTP protocol?
In other words, does the timeout occur when no SMTP replies are
received for a time or if no TCP packets are received?
Post by d tbsky
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email. so the outlook
2003/2007 think smtp-timeout when clamav is working.
outlook disconnect and try send the mail again in a few minutes.
but qmail think the mail is ok, so it deliver the mail to user.
so outlook try to send the same mail again and again, and
the user receive the same mail again and again.
This is reasonable. The qmail process doesn't check for a reply from
the client (when the message is in the queue, it is in the queue), and
the client disconnects before receiving the return code, so it states
the delivery failed.
Post by d tbsky
change outlook timeout fix this. but i wonder if we can let qmail-smtpd
sent out a "keep alive" message when qmail-queue is working?
thanks for help!!
If the timeout is at trasport layer, you can activate the tcp keepalive
and solve the issue, if it's an application layer timeout I don't know
any way to do this, because the first reply to the mail data is the
status of message processing and the RFC doesn't consider such situations.

Bye
Fabio
d tbsky
2006-12-12 05:05:46 UTC
Permalink
hi:
without tcp keepalive, outlook 2007 will show "smtp timeout",
with tcp keepalive, outlook 2003/2007 still timeout, but show "unknown error"..
so outlook want an smtp layer response to keep from timeout.
according to the discussion, it seems that we can only send status response
after "data" command? even not a "line feed" or something before real response?

Regards,
tbskyd
Post by Fabio Busatto
Post by d tbsky
some of our users now use outlook 2003. the smtp session
idle timeout default is 60 seconds for outlook 2003 and 2007.
Is this timeout for application layer or for trasport layer of
the SMTP protocol?
In other words, does the timeout occur when no SMTP replies are
received for a time or if no TCP packets are received?
Post by d tbsky
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email. so the outlook
2003/2007 think smtp-timeout when clamav is working.
outlook disconnect and try send the mail again in a few minutes.
but qmail think the mail is ok, so it deliver the mail to user.
so outlook try to send the same mail again and again, and
the user receive the same mail again and again.
This is reasonable. The qmail process doesn't check for a reply from
the client (when the message is in the queue, it is in the queue), and
the client disconnects before receiving the return code, so it states
the delivery failed.
Post by d tbsky
change outlook timeout fix this. but i wonder if we can let qmail-smtpd
sent out a "keep alive" message when qmail-queue is working?
thanks for help!!
If the timeout is at trasport layer, you can activate the tcp keepalive
and solve the issue, if it's an application layer timeout I don't know
any way to do this, because the first reply to the mail data is the
status of message processing and the RFC doesn't consider such situations.
Bye
Fabio
Charles Cazabon
2006-12-12 13:36:37 UTC
Permalink
Post by d tbsky
according to the discussion, it seems that we can only send status response
after "data" command?
Yes.
Post by d tbsky
even not a "line feed" or something before real response?
No.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
--------------------------------------------------------------------------
Charles Cazabon
2006-12-11 14:50:45 UTC
Permalink
we use qmail-scanner and clamav for virus scans. it would take about 70
seconds to scan a 15 MB email. so the outlook 2003/2007 think smtp-timeout
when clamav is working. outlook disconnect and try send the mail again in a
few minutes. but qmail think the mail is ok, so it deliver the mail to
user.
Yup.
so outlook try to send the same mail again and again, and the user receive
the same mail again and again.
Yup.
change outlook timeout fix this.
Yup.
but i wonder if we can let qmail-smtpd sent out a "keep alive" message when
qmail-queue is working?
No, that's not possible. The SMTP specification does not allow anything to be
sent to the client while waiting for the "real" response to the DATA command.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
--------------------------------------------------------------------------
Jason Haar
2006-12-12 22:40:20 UTC
Permalink
Post by d tbsky
some of our users now use outlook 2003. the smtp session
idle timeout default is 60 seconds for outlook 2003 and 2007.
we use qmail-scanner and clamav for virus scans. it would
take about 70 seconds to scan a 15 MB email. so the outlook
2003/2007 think smtp-timeout when clamav is working.
outlook disconnect and try send the mail again in a few minutes.
but qmail think the mail is ok, so it deliver the mail to user.
Have you read the Qmail-Scanner FAQ? Especially the bit that says:

"SMTP clients hang when sending messages to Qmail-Scanner"

Basically you will need to speed up your mail processing so that this
out-of-your-control Outlook problem doesn't occur. Bigger servers,
faster AV, or run a "raw" Qmail SMTP server for your users - and relay
that mail to the real Qmail-Scanner server. Can be done on the same
server, etc, etc.
--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Continue reading on narkive:
Loading...