[Snort-users] Packet loss

Matt Kettler mkettler at ...4108...
Mon Nov 29 08:38:06 EST 2004


At 07:58 PM 11/27/2004, Michael Steele wrote:
>I've checked everything here and nothing on my end is being sent only
>received.
>
>Very strange...

That was very definitively a SF problem. If you look at the headers you can 
see that the multiplication was done by sc8-sf-list1-b.sourceforge.net 
while passing it to another SF.net server. This server accepted one message 
from,but redelivered it many times to sc8-sf-spam2.sourceforge.net.

You can tell by the SMTP transfer IDs and timestamps in the Received: headers.

sc8-sf-list1 received it from sc8-sf-mx2-b under transfer id 1CXyNf-0007Nm-Pc.

sc8-sf-list1delivered it to sc8-sf-spam1 durring transfer id's 
1CY0mP-0008UP-U2, 1CY0iY-0008Af-Ia, 1CXybd-0005OP-Ce.....

100% inside sf.net. Could have been some kind of bug where spam1 was 
emitting a SMTP 4xx temporary failure, but still delivering the message 
anyway. Or it could have been list1's failure to recognize the SMTP 2xx 
acceptance message and timing out.

I've seen a lot of sites lately suffering from the bug with 4xx errors. 
Gotten several complaints from users at "household name" companies claiming 
I've sent them several copies of a message, only to find that their site 
explicitly issued a 4xx error to my MX, but apparently delivered the 
message anyway. Apparently SF.net is using the same buggy software they are...







More information about the Snort-users mailing list