We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Bizarre mail issue on network, Please someone, help.

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 19 Apr 2007 07:26:42 +0200
On Wed, Apr 18, 2007 at 11:18:15PM -0400, S R wrote:
> I'm having some problems interpreting this log, but it appears at times that
> I'm not getting an ACK from my router, so I retransmit, which continues for
> 2 days until the timeout and the msg bounces with a rejection notice.

I assume that with "log" you refer to the capture made on the relay-server?
With the ACK you are refering to a TCP-ACK coming from the smtp server
you are trying to send mail to? With retransmit, do you mean a TCP
retransmit, or do you mean that the TCP-session ends and the smtp-daemon
"retries" sending it after it's configured interval? Since you say this
continues for two days ending with a rejection notice. I assume you 
were talking about the second option.

> However, it's even more bizarre because I haven't located any packet loss.
> I don't think it's an MTU problem, and the only time I can replicate the
> email issue is by attempting to send .html attachments (not embedded)  They
> aren't being received inbound and not reaching the recipient outbound.

Does this happen with only one recipient domain or with all domains
you are tryin to send ".html" attachements too? ie can it be that the
problem is caused by the remote site instead of yours?

> Can anyone help me? I have dissected about everything I can think of.  There
> are no rules on my Firewalls to prevent any attachments, no filtering is
> turned on with my mail server or firewall.

Could you send me a (binary) capture file of one SMTP session in which
the message is not fully deliverd?