Mailing List SIMS@mail.stalker.com Message #15010
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Abort received?
Date: Sun, 8 May 2005 12:12:08 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 10:25 AM -0400 5/8/05, David C King  imposed structure on a stream of electrons, yielding:
What does the abort error mean in the log extract below?

This piece of spam was delivered to the local account, so I'm curious to know what the "Abort received, reason=41050" means.


I'm not sure what the 41050 specifically indicates, but there are a number of different ways for an SMTP session to end ungracefully that support the assumption by the SMTP server that the sender has sent the entire message and knows that it has done so successfully.

Once the sender has send the message, been sent back the SMTP-layer 250 response that acknowledges receipt and has sent back a TCP-level ACK's of that traffic, the message is fully handed off. However, after that there remain three exchanges needed to cleanly end the session:

1. The client sends an SMTP 'QUIT' command, which requires the server to respond with a 221 acknowledgement (This is on top of TCP, so those packets need the usual TCP ACK's as well) This exchange finishes the bi-directional application-layer SMTP conversation.

2. The server needs to send a TCP FIN packet indicating that it has no more data to send on the session, which the client needs to respond to with a FIN+ACK packet. This exchange closes out the server to client half of the TCP session.

3. The client needs to send a TCP FIN packet indicating that it has no more data to send on the session, which the server needs to respond to with a FIN+ACK packet. This exchange closes out the client to server half of the TCP session.

Any of those packets can be responded to by either side with a TCP RESET, which causes an abort of the session. In principle there are ways to overload packets to make this a 4-packet exchange instead of the conceptual 6, but some TCP stacks (maybe even OpenTransport) might be confused by that and fail to shift state properly.

In this case, I suspect you might find a bit more info if you look at the other 'SMTP-432' lines around that, but they will only be revealing if you have the SMTP module logging all information.


Thanks

DCK


17:14:37 5 SYSTEM Line Read: Received: from [216.163.32.14] (HELO qtm.net)  by king-dom.org (Stalker SMTP Server 1.8b9d14)  with SMTP id S.0000173904 for <david@king-dom.org>; Sat, 07 May 2005 17:14:36 -0500
17:14:37 5 SYSTEM Line Read: Received: (qmail 32506 invoked from network); 8 May 2005 03:12:09 -0000
17:14:37 5 SYSTEM Line Read: Received: from unknown (HELO localhost) (216.163.37.43)  by mummra.qtm.net with SMTP; 8 May 2005 03:12:09 -0000
17:14:37 5 SYSTEM Line Read: Message-ID: <xljgeinmad@qtm.net>
17:14:37 5 SYSTEM Line Read: From: Core01 <core01@qtm.net>
17:14:37 5 SYSTEM Line Read: To: david@king-dom.org
17:14:37 5 SYSTEM Line Read: Date: Sat, 07 May 2005 23:12:09 -0500
17:14:37 5 SYSTEM Line Read: MIME-Version: 1.0
17:14:37 5 SYSTEM Line Read: Subject: Hi
17:14:37 5 SYSTEM Line Read: Content-Type: multipart/related; type="multipart/alternative"; boundary="apqcqaiobwrqfpkrgbj"
17:14:37 5 SYSTEM Line Read:
17:14:37 2 SYSTEM [S.0000173904] <xljgeinmad@qtm.net> 0+1 From:core01@qtm.net
17:14:37 4 SYSTEM [S.0000173904] submitted
17:14:37 5 SYSTEM delivering to local accounts
17:14:37 3 SMTP-432([216.163.32.14]) Abort Received, reason=41050
17:14:37 5 SYSTEM [S.0000173904] OSOpen refNum=6018
17:14:37 5 SYSTEM [S.0000173904] reading: 24959 bytes at 93
17:14:37 5 SYSTEM Writing 5642: 25049 bytes at 12596

#############################################################
This message is sent to you because you are subscribed to
 the mailing list <SIMS@mail.stalker.com>.
To unsubscribe, E-mail to: <SIMS-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <SIMS-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <SIMS-index@mail.stalker.com>
Send administrative queries to  <SIMS-request@mail.stalker.com>


--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster