cancel
Showing results for 
Search instead for 
Did you mean: 

a lots of "Socket communication failed with client" in my ironmail events

Dears,,,,

I'm using IM 6.7 patchlevel 1

I'm receiving a lots of logs saying that "socket communication failed" espicially from an IP address of hotmail.

most of the users can't recieve mails if they forward it from hotmail to our domain.

logs in in our iron mail are as follows

09182010 00:06:17|21|65.55.90.165-40418|2|102|Socket communication failed with c
lient. Connection dropped|[]
09182010 00:06:54|21|65.54.190.148-60329|2|102|Socket communication failed with
client. Connection dropped|[]
09182010 00:07:42|21|65.55.116.97-52431|2|102|Socket communication failed with c
lient. Connection dropped|[]
09182010 00:07:52|21|65.55.90.150-22219|2|102|Socket communication failed with c
lient. Connection dropped|[]
09182010 00:08:11|21|65.54.190.148-62057|2|102|Socket communication failed with
client. Connection dropped|[]

2 Replies

Re: a lots of "Socket communication failed with client" in my ironmail events

Any comments please???

Re: a lots of "Socket communication failed with client" in my ironmail events

These are most often caused by TrustedSource rejects on messages due to high scores, but there are several other reasons that could cause them as well.

For more information, we would need to see the full text of the SMTPProxy log for one of the connections.   You can find this with the show events command at the CLI, and filter down to just one conversation with a grep for the 14 digit connection ID that is given for every connection.  For example, taking one of the entries that you have given below (65.55.90.165-40418) we could do the following at the CLI.  Data has been pulled from a production box, changed to protect anonimity, and shortened, this is not what you will find on your system.

1) Find the connection ID in the event log by changing the dash to a colon and using grep:  show events |grep 65.55.90.165:40418

20101006:03:56:25|22861127196635|9235|ChannelID:ThreadIDSmiley Frustratedource IPSmiley TongueortSmiley Very Happyestination IPSmiley Tongueort -|1:35:65.55.90.165:40418:1.2.3.4:25|

2) Given the connection ID of 22861127196635, we can now look for this: show events |grep 22861127196635

20101006:03:56:25|22861127196635|9235|ChannelID:ThreadIDSmiley Frustratedource IPSmiley TongueortSmiley Very Happyestination IPSmiley Tongueort -|1:35:178.129.39.37:3763:1.2.3.4:25|
20101006:03:56:25|22861127196635|9233|Processing started.||
20101006:03:56:25|22861127196635|9236|Connection accepted.||
20101006:03:56:25|22861127196635|10772|<Channels VIPSmiley Frustratedecure Flag> -|< id=<0>, name=<Default Virtual Host>, network_active=<1>:0>|
20101006:03:56:25|22861127196635|9281|Relay ----> -|<0>|
20101006:03:56:26|22861127196635|9259|Trimmed a special character from MAIL FROM.||
20101006:03:56:26|22861127196635|9260|MAIL FROM - Forged/Invalid From address. Domain listed in routing list, but IP address not in allow relay list. Rejecting command...||
20101006:03:56:26|22861127196635|9312|Socket communication failed with client. Connection dropped||
20101006:03:56:26|22861127196635|9234|Processing completed.||

3) We can see that this particular instance the line was caused by the Reject Invalid MailForm feature, which can be enabled to block incoming mail that reports to be from your own domain.

In another instance, lets say that we have the connection from 113.193.241.153-1979:

1)Find the connection ID in the event log by changing the dash to a colon and using grep:  show events |grep113.193.241.153:1979
20101006:07:53:32|22861185469384|9235|ChannelID:ThreadIDSmiley Frustratedource IPSmiley TongueortSmiley Very Happyestination IPSmiley Tongueort -|0:107:113.193.241.153:1979:1.2.3.4:25|

2) Given the connection ID of 22861185469384, we can now look for this: show events |grep 22861185469384
20101006:07:53:32|22861185469384|9235|ChannelID:ThreadIDSmiley Frustratedource IPSmiley TongueortSmiley Very Happyestination IPSmiley Tongueort -|0:107:113.193.241.153:1979:1.2.3.4:25|
20101006:07:53:32|22861185469384|9233|Processing started.||
20101006:07:53:32|22861185469384|9236|Connection accepted.||
20101006:07:53:32|22861185469384|10772|<Channels VIPSmiley Frustratedecure Flag> -|< id=<0>, name=<Default Virtual Host>, network_active=<1>:0>|
20101006:07:53:32|22861185469384|9281|Relay ----> -|<0>|
20101006:07:53:33|22861185469384|9259|Trimmed a special character from MAIL FROM.||
20101006:07:53:35|22861185469384|9272|Received -|<recipient@recipientdomain:recipient:recipientdomain>|
20101006:07:53:35|22861185469384|5382|The recipient address belongs to the following domain groups (IDs) -|<[]>|
20101006:07:53:35|22861185469384|9307|BATV Debug value(s) <fromSelf> -|113.193.241.153|
20101006:07:53:35|22861185469384|6658|QUEU COMMAND RECEIVED <mailfrom:frm_addr:rcptList:rcptLineList:ipaddress:msgtype:ehloDomain:notifysender:forgedDomain> -|<<sender@senderdomain>:{0: 'sender@senderdomain', 1: 'sender@senderdomain', 2: 'sender@senderdomain'}:{(0, 0L): ['recipient@recipientdomain']}:{(0, 0L): ['<recipient@recipientdomain>']}:113.193.241.153:0Smiley Tonguearas05:0:False>|
20101006:07:53:35|22861185469384|10249|Performing TS Lookup -|protocol <REPPER> query=<CENSORED>|
20101006:07:53:35|22861185469384|10250|TrustedSource Result - <status:lookup_ip:ipscore:score:dq_status:time> -|<132:113.193.241.153:0:135:0:54220.000000>|
20101006:07:53:35|22861185469384|10247|Spam Message. Message not queued.||
20101006:07:53:35|22861185469384|9237|Incomplete message transmission.||
20101006:07:53:36|22861185469384|9312|Socket communication failed with client. Connection dropped||
20101006:07:53:36|22861185469384|9234|Processing completed.||

3) In this particular case, it was TrustedSource that blocked the message resulting in the failed message.

If you are still having trouble finding what is happeinging, feel free to call support, we can help look into it further.