2 Replies Latest reply on Oct 6, 2010 3:46 PM by ajclements

    a lots of  "Socket communication failed with client" in my ironmail events

      Dears,,,,

       

      I'm using IM 6.7 patchlevel 1

       

      I'm receiving a lots of logs saying that "socket communication failed" espicially from an IP address of hotmail.

      most of the users can't recieve mails if they forward it from hotmail to our domain.

       

      logs in in our iron mail are as follows

       

      09182010 00:06:17|21|65.55.90.165-40418|2|102|Socket communication failed with c
      lient. Connection dropped|[]
      09182010 00:06:54|21|65.54.190.148-60329|2|102|Socket communication failed with
      client. Connection dropped|[]
      09182010 00:07:42|21|65.55.116.97-52431|2|102|Socket communication failed with c
      lient. Connection dropped|[]
      09182010 00:07:52|21|65.55.90.150-22219|2|102|Socket communication failed with c
      lient. Connection dropped|[]
      09182010 00:08:11|21|65.54.190.148-62057|2|102|Socket communication failed with
      client. Connection dropped|[]

        • 2. Re: a lots of  "Socket communication failed with client" in my ironmail events

          These are most often caused by TrustedSource rejects on messages due to high scores, but there are several other reasons that could cause them as well.

           

          For more information, we would need to see the full text of the SMTPProxy log for one of the connections.   You can find this with the show events command at the CLI, and filter down to just one conversation with a grep for the 14 digit connection ID that is given for every connection.  For example, taking one of the entries that you have given below (65.55.90.165-40418) we could do the following at the CLI.  Data has been pulled from a production box, changed to protect anonimity, and shortened, this is not what you will find on your system.

           

          1) Find the connection ID in the event log by changing the dash to a colon and using grep:  show events |grep 65.55.90.165:40418

          20101006:03:56:25|22861127196635|9235|ChannelID:ThreadID:Source IP:Port:Destination IP:Port -|1:35:65.55.90.165:40418:1.2.3.4:25|

           

          2) Given the connection ID of 22861127196635, we can now look for this: show events |grep 22861127196635

          20101006:03:56:25|22861127196635|9235|ChannelID:ThreadID:Source IP:Port:Destination IP:Port -|1:35:178.129.39.37:3763:1.2.3.4:25|
          20101006:03:56:25|22861127196635|9233|Processing started.||
          20101006:03:56:25|22861127196635|9236|Connection accepted.||
          20101006:03:56:25|22861127196635|10772|<Channels VIP:Secure Flag> -|< id=<0>, name=<Default Virtual Host>, network_active=<1>:0>|
          20101006:03:56:25|22861127196635|9281|Relay ----> -|<0>|
          20101006:03:56:26|22861127196635|9259|Trimmed a special character from MAIL FROM.||
          20101006:03:56:26|22861127196635|9260|MAIL FROM - Forged/Invalid From address. Domain listed in routing list, but IP address not in allow relay list. Rejecting command...||
          20101006:03:56:26|22861127196635|9312|Socket communication failed with client. Connection dropped||
          20101006:03:56:26|22861127196635|9234|Processing completed.||

           

          3) We can see that this particular instance the line was caused by the Reject Invalid MailForm feature, which can be enabled to block incoming mail that reports to be from your own domain.

           

           

          In another instance, lets say that we have the connection from 113.193.241.153-1979:

          1)Find the connection ID in the event log by changing the dash to a colon and using grep:  show events |grep113.193.241.153:1979
          20101006:07:53:32|22861185469384|9235|ChannelID:ThreadID:Source IP:Port:Destination IP:Port -|0:107:113.193.241.153:1979:1.2.3.4:25|

           

          2) Given the connection ID of 22861185469384, we can now look for this: show events |grep 22861185469384
          20101006:07:53:32|22861185469384|9235|ChannelID:ThreadID:Source IP:Port:Destination IP:Port -|0:107:113.193.241.153:1979:1.2.3.4:25|
          20101006:07:53:32|22861185469384|9233|Processing started.||
          20101006:07:53:32|22861185469384|9236|Connection accepted.||
          20101006:07:53:32|22861185469384|10772|<Channels VIP:Secure Flag> -|< id=<0>, name=<Default Virtual Host>, network_active=<1>:0>|
          20101006:07:53:32|22861185469384|9281|Relay ----> -|<0>|
          20101006:07:53:33|22861185469384|9259|Trimmed a special character from MAIL FROM.||
          20101006:07:53:35|22861185469384|9272|Received -|<recipient@recipientdomain:recipient:recipientdomain>|
          20101006:07:53:35|22861185469384|5382|The recipient address belongs to the following domain groups (IDs) -|<[]>|
          20101006:07:53:35|22861185469384|9307|BATV Debug value(s) <fromSelf> -|113.193.241.153|
          20101006:07:53:35|22861185469384|6658|QUEU COMMAND RECEIVED <mailfrom:frm_addr:rcptList:rcptLineList:ipaddress:msgtype:ehloDomain:notifysen der:forgedDomain> -|<<sender@senderdomain>:{0: 'sender@senderdomain', 1: 'sender@senderdomain', 2: 'sender@senderdomain'}:{(0, 0L): ['recipient@recipientdomain']}:{(0, 0L): ['<recipient@recipientdomain>']}:113.193.241.153:0:paras05:0:False>|
          20101006:07:53:35|22861185469384|10249|Performing TS Lookup -|protocol <REPPER> query=<CENSORED>|
          20101006:07:53:35|22861185469384|10250|TrustedSource Result - <status:lookup_ip:ipscore:score:dq_status:time> -|<132:113.193.241.153:0:135:0:54220.000000>|
          20101006:07:53:35|22861185469384|10247|Spam Message. Message not queued.||
          20101006:07:53:35|22861185469384|9237|Incomplete message transmission.||
          20101006:07:53:36|22861185469384|9312|Socket communication failed with client. Connection dropped||
          20101006:07:53:36|22861185469384|9234|Processing completed.||

           

          3) In this particular case, it was TrustedSource that blocked the message resulting in the failed message.

           

          If you are still having trouble finding what is happeinging, feel free to call support, we can help look into it further.