This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error while sending message Broken pipe

I get this error a lot:

2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: [ERR] Error while sending message Connection reset by peer
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: lased _connect() is called
What does "lased _connect() is called" mean?

Below is the full log:
2019-04-08 11:00:55 smtp postfix/smtpd[27423]: 5340BDF865_CAA9D47F: client=post.response.unity3d.com[141.145.10.89]
2019-04-08 11:00:55 smtp postfix/cleanup[27463]: 5340BDF865_CAA9D47F: message-id=<bd6631b26ed346009d450ee766f45b95@795651218>
2019-04-08 11:00:55 smtp postfix/qmgr[83144]: 5340BDF865_CAA9D47F: from=<bounceback@response.unity3d.com>, size=25271, nrcpt=1 (queue active)
2019-04-08 11:00:56 smtp postfix/smtp[29485]: 5340BDF865_CAA9D47F: to=<bob@domain.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=1.9, delays=0.87/0/0/1, dsn=2.0.0, status=sent (250 OK, sent 5CAA9D47_36300_14_1 EBA9BE26BA_CAA9D48B)
2019-04-08 11:00:56 smtp postfix/qmgr[83144]: 5340BDF865_CAA9D47F: removed
2019-04-08 11:00:56 smtp postfix/backend/smtpd[29113]: EBA9BE26BA_CAA9D48B: client=localhost.localdomain[127.0.0.1]
2019-04-08 11:00:56 smtp postfix/backend/cleanup[29114]: EBA9BE26BA_CAA9D48B: message-id=<bd6631b26ed346009d450ee766f45b95@795651218>
2019-04-08 11:00:56 smtp postfix/backend/qmgr[2624]: EBA9BE26BA_CAA9D48B: from=<bounceback@response.unity3d.com>, size=27121, nrcpt=1 (queue active)
2019-04-08 11:00:57 smtp postfix/backend/smtp[29115]: EBA9BE26BA_CAA9D48B: to=<bob@domain.com>, relay=192.168.1.3[192.168.1.3]:25, delay=0.14, delays=0.01/0/0.01/0.12, dsn=2.6.0, status=sent (250 2.6.0 <bd6631b26ed346009d450ee766f45b95@795651218> [InternalId=8602819493893, Hostname=exchange.internal] 28442 bytes in 0.108, 255.204 KB/sec Queued mail for delivery)
2019-04-08 11:00:57 smtp postfix/backend/qmgr[2624]: EBA9BE26BA_CAA9D48B: removed
2019-04-08 11:00:56 smtp postfix/backend/smtp[29115]: setting up TLS connection to 192.168.1.3[192.168.1.3]:25
2019-04-08 11:00:56 smtp postfix/backend/smtp[29115]: Trusted TLS connection established to 192.168.1.3[192.168.1.3]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
2019-04-08 11:00:55 smtp milter[36300]: 5CAA9D47_36300_14_1: Sandstorm header not found.
2019-04-08 11:00:55 smtp milter[36300]: 5CAA9D47_36300_14_1: X-Sophos headers have been stripped.
2019-04-08 11:00:55 smtp milter[36300]: 5CAA9D47_36300_14_1: HISTORIAN: Query results: 'ip=141.145.10.89,fs=1,da=470454,mc=2,sc=0,hc=2,sp=0,fso=1,re=0,sd=0,hd=0'
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: Skipping DMARC no dmarc policy in DNS
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: [ERR] Error while sending message Connection reset by peer
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: lased _connect() is called
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: accepted
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: msg times: r=1.03s u=0.05s s=0
2019-04-08 11:00:56 smtp milter[36300]: 5CAA9D47_36300_14_1: conn times: r=1.04s u=0.05s s=0


This thread was automatically locked due to age.
Parents
  • Hi Judcom

    Lased is part of the as/av system, the call for it means it was scanning the email.

    The relay ip 141.145.10.89 is also blacklisted... as well as some of the delay queue rules were triggered..

    When the connection is instantly severed by the recipient service the result is often a broken pipe..

    An example

    If your filtering the appliance with a firewall and that detects a virus submission to sandstorm if the firewall grabs the sample then the smtp service will fail to connect .. this could also result in a broken pipe error or similar failure

    So there are a few things going on with this sample, unfortunately without access to the messages log with the complete list of hits i cant tell you for sure, but it will be something along those lines

    Cheers

Reply
  • Hi Judcom

    Lased is part of the as/av system, the call for it means it was scanning the email.

    The relay ip 141.145.10.89 is also blacklisted... as well as some of the delay queue rules were triggered..

    When the connection is instantly severed by the recipient service the result is often a broken pipe..

    An example

    If your filtering the appliance with a firewall and that detects a virus submission to sandstorm if the firewall grabs the sample then the smtp service will fail to connect .. this could also result in a broken pipe error or similar failure

    So there are a few things going on with this sample, unfortunately without access to the messages log with the complete list of hits i cant tell you for sure, but it will be something along those lines

    Cheers

Children
No Data