Hello,
some more info on tcp_read = since midnight this morning until noon, there were 1600 of these tcp_read_dot in our log file as rejected.
1) the error message here is typically
2014-05-23 00:12:44.00 [151104710] Rejected 201.231.233.147 <> 0 "[201.231.233.147] tcp_read_dot 12 0 seconds, got 0 bytes (Connection was closed.. after 0 seconds)"
the msg.log for this IP, shows this sequence
2014-05-23 00:12:27.00 [151104710] Rcpt 201.231.233.147 <HIDDEN@n@fibertel.com.ar> <> 0 ""
2014-05-23 00:12:27.00 [0] Bounced 201.231.233.147 orbs <orbs> 0 orbs "denied b.barracudacentral.org ip=201.231.233.147"
2014-05-23 00:12:44.00 [151104710] Rejected 201.231.233.147 <HIDDEN@n@fibertel.com.ar> <myuser@hidden.com> 0 "[201.231.233.147] tcp_read_dot 12 0 seconds, got 0 bytes (Connection was closed. after 0 seconds)"
2) there is no documentation via the admin help box for tcp_read_dot.
3) a lot of the messages being rejected appear first in the mail queue and these messages in the log may be from message attempts to return to sender after timing out of the mail queue.
4) a trace of the return address (here for example 201.231.233.147) does not have an MX record. Using telnet to port 25 at this address [or to reverse domain name of fibertel.com.ar] will not drop the connection (suggesting something is active at that IP address) but it will not respond to mail protocols. I think this may be why it waits in the mail queue and will return for another try later.
5) a number of other IPs in the log extract are to domains that have a home page offering to "Inguire about owning" the domain name, but have no MX record associated with it and are similar in response to (4). (and these are sometime sources of spam with multiple logged records to the same rejection address)
6) a few are just plain errors in a destination domain's DNS and incorrect configuration of the MX records.
7) there are a few that are from our users with misspellings of the destination domain name (eg liquinta. instead of laquinta.) where the name they incorrectly used has a valid IP and active address, no MX address, no mail protocol response, and acts like (4).
Hope this adds some info to help reduce this kind of useless mail sitting in the mailque for long periods.
Larry
=========================
|--- Original message ---
Subject: SurgeMail List] re: tcp_read_dot errors
From: surgemail-support <surgemailHIDDEN@t@netwinsite.com>
To: <surgemailHIDDEN@etwinsite.com>
Date: Thursday, 05/22/2014 6:23 PM
Tell me what platform you are on and we'll supply a new binary to try and establish what is occurring.
The other thing to try and do is do a packet capture of a problem message to see what is actually being sent to your system. But that may be harder to do.
ChrisP.
We've been running into the tcp_read_dot errors pretty frequently lately. I've always assumed it was related to the sender's anti-virus program. But lately it's also happening when people are sending to us via gmail.com addresses.
What's the best approach to diagnose this error? A lot of our customers/clients are complaining that 1 out of 4 emails to us are bouncing back to them. The typical error is:
#< #5.0.0 X-Spam-&-Virus-Firewall; host mail.adultdvdtalk.com[216.55.179.49] said: 554 Failure tcp_read_dot 541 540 seconds, got 3402 bytes (Socket Timeout after 540 seconds) (in reply to end of DATA command)> #SMTP#
