Bluewin mail Problem

Dump-Beschreibung / Dump Analysis:

The tcpdump looks like a pretty clear case of some serious problems with the bluewin server.

The first message sent on the connection is refused with "451 MAIL FROM: <Meetalscrase at gattadesign.com> Unable to verify MX Record for domain gattadesign.com". This response does not have an enhanced status code, yet the bluewin server advertising ENHANCEDSTATUSCODES means it should have an enhanced status code on every 2xx, 4xx, or 5xx response after the initial greeting and the response to HELO or EHLO.

EIMS then issues a bunch of pipelined commands for the next message, the first of which is RSET (to reset the message state). The RSET is accepted, but the MAIL FROM for the next message is refused with "501 5.5.2 MAIL FROM syntax error", despite there being nothing wrong with the syntax of the MAIL FROM command issued by EIMS.

Either their mail server has some serious bugs, or more likely they are using some sort of spam filtering proxy that doesn't understand the SMTP PIPELINING and ENHANCEDSTATUSCODES extensions.

TCP Dump und Beschreibung/and description

Alle Mailadressen wurden im Textteil unkenntlich gemacht.
All mail addresses are falsified in the text part.

Der Bluewin server sagt uns, was er alles kann.
The mail server at bluewin.ch advertises its capabilities here.

23:01:13.118912 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: P 63:180(117) ack 16 win 724 <nop,nop,timestamp 1162153401 3247067002>
        0x0000:  4500 00a9 bb87 4000 3a06 ebba c3ba 1390  E.....@.:.......
        0x0010:  3e0c 83b6 0019 f565 4e5d b66e c006 5b0f  >......eN].n..[.
        0x0020:  8018 02d4 d83b 0000 0101 080a 4545 0db9  .....;......EE..
        0x0030:  c18a 4f7a 3235 302d 6d78 3136 2073 6179  ..Oz250-mx16.say
        0x0040:  7320 4548 4c4f 2074 6f20 3632 2e31 322e  s.EHLO.to.62.12.
        0x0050:  3133 312e 3138 323a 3231 3630 300d 0a32  131.182:21600..2
        0x0060:  3530 2d50 4950 454c 494e 494e 470d 0a32  50-PIPELINING..2
        0x0070:  3530 2d53 495a 4520 3236 3231 3434 3030  50-SIZE.26214400
        0x0080:  0d0a 3235 302d 454e 4841 4e43 4544 5354  ..250-ENHANCEDST
        0x0090:  4154 5553 434f 4445 530d 0a32 3530 2038  ATUSCODES..250.8
        0x00a0:  4249 544d 494d 450d 0aaa 2653 5b1c df44  BITMIME...&S[..D
        0x00b0:  21                                       !

Unser Mail Server nimmt dies zur Kenntnis und schickt die Daten des 1. Mails gemäss den zwischen den 2 Servern abgemachten Regeln.

Our mail server acknowledges Bluewins message and sends the first mail acc. to the specs agreed between the 2 servers.

23:01:13.119436 IP mail.udena.ch.62821 > mxzhh.bluewin.ch.smtp: P 16:141(125) ack 180 win 65535 <nop,nop,timestamp 3247067002 1162153401>
        0x0000:  4500 00b1 b0a6 4000 4006 f093 3e0c 83b6  E..... at . at ...>...
        0x0010:  c3ba 1390 f565 0019 c006 5b0f 4e5d b6e3  .....e....[.N]..
        0x0020:  8018 ffff 99b0 0000 0101 080a c18a 4f7a  ..............Oz
        0x0030:  4545 0db9 4d41 494c 2046 524f 4d3a 3c4d  EE..MAIL.FROM:<M
        0x0040:  6565 7461 6c73 6372 6173 6540 6761 7474  eetalscrase at gatt
        0x0050:  6164 6573 6967 6e2e 636f 6d3e 2053 495a  adesign.com>.SIZ
        0x0060:  453d 3130 3539 0d0a 5243 5054 2054 4f3a  E=1059..RCPT.TO:
        0x0070:  3c6f 6a65 6b65 686c 4062 6c75 6577 696e  <xxx at bluewin
        0x0080:  2e63 683e 0d0a 5243 5054 2054 4f3a 3c62  .ch>..RCPT.TO:<b
        0x0090:  6172 6261 7261 2e77 6165 6765 7240 626c  xxx.yyy at bl
        0x00a0:  7565 7769 6e2e 6368 3e0d 0a44 4154 410d  uewin.ch>..DATA.
        0x00b0:  0a                                       .

Bluewin refüsiert das Mail mit "451 MAIL FROM: <Meetalscrase at gattadesign.com> Unable to verify MX Record for domain gattadesign.com" was ein gültiger Fehler ist, dem aber ein Teil fehlt. Da anfangs die ENHANCEDSTATUSCODES Option gesetzt wurde, müsste dieses Fehlermeldung noch einen Zusatz, eben den "Enhanced Status Code" enthalten, der hier aber fehlt.

Quote from above:

The first message sent on the connection is refused with "451 MAIL FROM: <Meetalscrase at gattadesign.com> Unable to verify MX Record for domain gattadesign.com". This response does not have an enhanced status code, yet the bluewin server advertising ENHANCEDSTATUSCODES means it should have an enhanced status code on every 2xx, 4xx, or 5xx response after the initial greeting and the response to HELO or EHLO.

23:01:13.162070 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: . ack 141 win 724 <nop,nop,timestamp 1162153444 3247067002>
        0x0000:  4500 0034 bb89 4000 3a06 ec2d c3ba 1390  E..4.. at .:..-....
        0x0010:  3e0c 83b6 0019 f565 4e5d b6e3 c006 5b8c  >......eN]....[.
        0x0020:  8010 02d4 605b 0000 0101 080a 4545 0de4  ....`[......EE..
        0x0030:  c18a 4f7a 540f a670 1cdf 4421            ..OzT..p..D!
23:01:13.254018 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: P 180:281(101) ack 141 win 724 <nop,nop,timestamp 1162153536 3247067002>
        0x0000:  4500 0099 bb8b 4000 3a06 ebc6 c3ba 1390  E..... at .:.......
        0x0010:  3e0c 83b6 0019 f565 4e5d b6e3 c006 5b8c  >......eN]....[.
        0x0020:  8018 02d4 fe0c 0000 0101 080a 4545 0e40  ............EE. at 
        0x0030:  c18a 4f7a 3435 3120 4d41 494c 2046 524f  ..Oz451.MAIL.FRO
        0x0040:  4d3a 203c 4d65 6574 616c 7363 7261 7365  M:.<Meetalscrase
        0x0050:  4067 6174 7461 6465 7369 676e 2e63 6f6d   at gattadesign.com
        0x0060:  3e20 556e 6162 6c65 2074 6f20 7665 7269  >.Unable.to.veri
        0x0070:  6679 204d 582d 5265 636f 7264 2066 6f72  fy.MX-Record.for
        0x0080:  2064 6f6d 6169 6e20 6761 7474 6164 6573  .domain.gattades
        0x0090:  6967 6e2e 636f 6d0d 0a12 cb3e 881c df44  ign.com....>...D
        0x00a0:  21                                       !
23:01:13.418673 IP mail.udena.ch.62821 > mxzhh.bluewin.ch.smtp: . ack 281 win 65535 <nop,nop,timestamp 3247067002 1162153536>
        0x0000:  4500 0034 b0ab 4000 4006 f10b 3e0c 83b6  E..4.. at . at ...>...
        0x0010:  c3ba 1390 f565 0019 c006 5b8c 4e5d b748  .....e....[.N].H
        0x0020:  8010 ffff 9933 0000 0101 080a c18a 4f7a  .....3........Oz
        0x0030:  4545 0e40                                EE. at 
23:01:13.420644 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: P 281:375(94) ack 141 win 724 <nop,nop,timestamp 1162153702 3247067002>
        0x0000:  4500 0092 bb8d 4000 3a06 ebcb c3ba 1390  E..... at .:.......
        0x0010:  3e0c 83b6 0019 f565 4e5d b748 c006 5b8c  >......eN].H..[.
        0x0020:  8018 02d4 a2b4 0000 0101 080a 4545 0ee6  ............EE..
        0x0030:  c18a 4f7a 3530 3320 5243 5054 2054 4f20  ..Oz503.RCPT.TO.
        0x0040:  7769 7468 6f75 7420 4d41 494c 2046 524f  without.MAIL.FRO
        0x0050:  4d0d 0a35 3033 2052 4350 5420 544f 2077  M..503.RCPT.TO.w
        0x0060:  6974 686f 7574 204d 4149 4c20 4652 4f4d  ithout.MAIL.FROM
        0x0070:  0d0a 3530 3320 352e 352e 3120 4441 5441  ..503.5.5.1.DATA
        0x0080:  2077 6974 686f 7574 2052 4350 5420 544f  .without.RCPT.TO
        0x0090:  0d0a 8656 f269 1cdf 4421                 ...V.i..D!

Wie anfangs zwischen den 2 Servern abgemacht, schickt unser Mailserver nun meherere Befehle hintereinander an Bluewin (pipelining), angefangen mit dem RSET Befehl, der dem Bluewin Server sagt, er solle zuerst den Meldungsstatus zurücksetzen, da jetzt eine neue Meldung komme. Der RSET wird akzeptiert und das MAIL FROM der nächsten Meldung wird mit dem bekannten Fehler "501 5.5.2 MAIL FROM syntax error" zurückgewiesen.

Quote from above:

EIMS then issues a bunch of pipelined commands for the next message, the first of which is RSET (to reset the message state). The RSET is accepted, but the MAIL FROM for the next message is refused with "501 5.5.2 MAIL FROM syntax error", despite there being nothing wrong with the syntax of the MAIL FROM command issued by EIMS.

23:01:13.421803 IP mail.udena.ch.62821 > mxzhh.bluewin.ch.smtp: P 141:432(291) ack 375 win 65535 <nop,nop,timestamp 3247067002 1162153702>
        0x0000:  4500 0157 b0ad 4000 4006 efe6 3e0c 83b6  E..W.. at . at ...>...
        0x0010:  c3ba 1390 f565 0019 c006 5b8c 4e5d b7a6  .....e....[.N]..
        0x0020:  8018 ffff 9a56 0000 0101 080a c18a 4f7a  .....V........Oz
        0x0030:  4545 0ee6 5253 4554 0d0a 4d41 494c 2046  EE..RSET..MAIL.F
        0x0040:  524f 4d3a 3c77 6572 6b73 7461 7474 4066  ROM:<xxx at f
        0x0050:  656d 6e65 742e 6368 3e20 5349 5a45 3d33  emnet.ch>.SIZE=3
        0x0060:  3730 340d 0a52 4350 5420 544f 3a3c 636f  704..RCPT.TO:<co
        0x0070:  7269 6e6e 6573 6965 6766 7269 6564 4062  xxx at b
        0x0080:  6c75 6577 696e 2e63 683e 0d0a 5243 5054  luewin.ch>..RCPT
        0x0090:  2054 4f3a 3c62 7269 6769 7474 652e 686f  .TO:<xxx.xx
        0x00a0:  6573 6c69 4062 6c75 6577 696e 2e63 683e  esli at bluewin.ch>
        0x00b0:  0d0a 5243 5054 2054 4f3a 3c77 6172 746f  ..RCPT.TO:<xxx
        0x00c0:  7474 6940 626c 7565 7769 6e2e 6368 3e0d  tti at bluewin.ch>.
        0x00d0:  0a52 4350 5420 544f 3a3c 6769 7573 796d  .RCPT.TO:<xxxxx
        0x00e0:  4062 6c75 6577 696e 2e63 683e 0d0a 5243   at bluewin.ch>..RC
        0x00f0:  5054 2054 4f3a 3c73 7461 6c64 6572 2e77  PT.TO:<xxxxxxx.x
        0x0100:  6f68 6c65 6e40 626c 7565 7769 6e2e 6368  ohlen at bluewin.ch
        0x0110:  3e0d 0a52 4350 5420 544f 3a3c 616d 6475  >..RCPT.TO:<xxxx
        0x0120:  6572 7240 626c 7565 7769 6e2e 6368 3e0d  xxx at bluewin.ch>.
        0x0130:  0a52 4350 5420 544f 3a3c 646f 7269 7368  .RCPT.TO:<xxxxxx
        0x0140:  6573 7340 626c 7565 7769 6e2e 6368 3e0d  ess at bluewin.ch>.
        0x0150:  0a44 4154 410d 0a                        .DATA..
23:01:13.423681 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: . ack 432 win 687 <nop,nop,timestamp 1162153706 3247067002>
        0x0000:  4500 0034 bb8f 4000 3a06 ec27 c3ba 1390  E..4.. at .:..'....
        0x0010:  3e0c 83b6 0019 f565 4e5d b7a6 c006 5caf  >......eN].....
        0x0020:  8010 02af 5d94 0000 0101 080a 4545 0eea  ....].......EE..
        0x0030:  c18a 4f7a e3ae d2b1 1cdf 4421            ..Oz......D!
23:01:13.423689 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: P 375:388(13) ack 432 win 724 <nop,nop,timestamp 1162153706 3247067002>
        0x0000:  4500 0041 bb91 4000 3a06 ec18 c3ba 1390  E..A.. at .:.......
        0x0010:  3e0c 83b6 0019 f565 4e5d b7a6 c006 5caf  >......eN].....
        0x0020:  8018 02d4 ee00 0000 0101 080a 4545 0eea  ............EE..
        0x0030:  c18a 4f7a 3235 3020 5253 4554 204f 4b0d  ..Oz250.RSET.OK.
        0x0040:  0af6 61b6 4e1c df44 21                   ..a.N..D!
23:01:13.618808 IP mail.udena.ch.62821 > mxzhh.bluewin.ch.smtp: . ack 388 win 65535 <nop,nop,timestamp 3247067003 1162153706>
        0x0000:  4500 0034 b0b2 4000 4006 f104 3e0c 83b6  E..4.. at . at ...>...
        0x0010:  c3ba 1390 f565 0019 c006 5caf 4e5d b7b3  .....e.....N]..
        0x0020:  8010 ffff 9933 0000 0101 080a c18a 4f7b  .....3........O{
        0x0030:  4545 0eea                                EE..
23:01:13.620780 IP mxzhh.bluewin.ch.smtp > mail.udena.ch.62821: P 388:673(285) ack 432 win 724 <nop,nop,timestamp 1162153902 3247067003>
        0x0000:  4500 0151 bb93 4000 3a06 eb06 c3ba 1390  E..Q.. at .:.......
        0x0010:  3e0c 83b6 0019 f565 4e5d b7b3 c006 5caf  >......eN].....
        0x0020:  8018 02d4 aa88 0000 0101 080a 4545 0fae  ............EE..
        0x0030:  c18a 4f7b 3530 3120 352e 352e 3220 4d41  ..O{501.5.5.2.MA
        0x0040:  494c 2046 524f 4d20 7379 6e74 6178 2065  IL.FROM.syntax.e
        0x0050:  7272 6f72 0d0a 3530 3320 5243 5054 2054  rror..503.RCPT.T
        0x0060:  4f20 7769 7468 6f75 7420 4d41 494c 2046  O.without.MAIL.F
        0x0070:  524f 4d0d 0a35 3033 2052 4350 5420 544f  ROM..503.RCPT.TO
        0x0080:  2077 6974 686f 7574 204d 4149 4c20 4652  .without.MAIL.FR
        0x0090:  4f4d 0d0a 3530 3320 5243 5054 2054 4f20  OM..503.RCPT.TO.
        0x00a0:  7769 7468 6f75 7420 4d41 494c 2046 524f  without.MAIL.FRO
        0x00b0:  4d0d 0a35 3033 2052 4350 5420 544f 2077  M..503.RCPT.TO.w
        0x00c0:  6974 686f 7574 204d 4149 4c20 4652 4f4d  ithout.MAIL.FROM
        0x00d0:  0d0a 3530 3320 5243 5054 2054 4f20 7769  ..503.RCPT.TO.wi
        0x00e0:  7468 6f75 7420 4d41 494c 2046 524f 4d0d  thout.MAIL.FROM.
        0x00f0:  0a35 3033 2052 4350 5420 544f 2077 6974  .503.RCPT.TO.wit
        0x0100:  686f 7574 204d 4149 4c20 4652 4f4d 0d0a  hout.MAIL.FROM..
        0x0110:  3530 3320 5243 5054 2054 4f20 7769 7468  503.RCPT.TO.with
        0x0120:  6f75 7420 4d41 494c 2046 524f 4d0d 0a35  out.MAIL.FROM..5
        0x0130:  3033 2035 2e35 2e31 2044 4154 4120 7769  03.5.5.1.DATA.wi
        0x0140:  7468 6f75 7420 4d41 494c 2046 524f 4d0d  thout.MAIL.FROM.
        0x0150:  0aa5 da1e 621c df44 21                   ....b..D!

Alle weiteren Mails in dieser Verbindung werden mit demselben Fehler zurückgewiesen.