# Sendmail not receiving data end (dot)?



## deadeyes (Mar 20, 2014)

Hi all,

I'm currently breaking my head over a problem with Sendmail.
I can see a full conversation coming up in the logs:

```
Mar xx xx:xx:37 hostname sm-mta-in[10770]: s2K33bvE010770: <-- DATA
Mar xx xx:xx:37 hostname sm-mta-in[10770]: s2K33bvE010770: --- 354 Enter mail, end with "." on a line by itself
```
However after this it seems like the data end never arives (dot).
I would expect a quit message in maillog as well and one that tells that the mail is accepted for delivery.
However this never happens.

When I execute
	
	



```
ps aux| grep sendmail
```
I get a ton of these lines:

```
root    10729   0.0  0.5  37152   4932 ??  I     x:xxAM    0:00.01 sendmail: s2K2wcap010729 mail.domain.com [xxx.xxx.xxx.xxx]: DATA (sendmail)
```
These processes keep being running for a long time. They are for each connection there to sendmail. Even after half an hour or more they still are there. All SMTPs that are sending mail are on a quick connection and the mails are small. So it's not logical it takes so long.
My believe is that the connection(TCP connection or data flow over that connection) gets cut off in between and that's why the mail can never be queued.

When I do just let netcat listen on port 25 I seem to not get all data from the client immediately. So if I type 5 lines on the client, I only get line by line each time I'm sending something back from the server.
By trying I just typed "DATA" and I actually got a message that there was no valid recipient yet (while netcat at the server side didn't sent anything). So clearly a device is in between.

The guys that deliver this VPS say there's nothing wrong :s Maybe I'm missing something or the behavior from Sendmail/FreeBSD is bad and that's why it gets cut off. Or FreeBSD/Sendmail has some extra features and those aren't working well together with the device between my VPS and the internet.

Help is greatly appreciated!

Thanks in advance!


----------



## SirDice (Mar 20, 2014)

Use tcpdump(8) to capture the full traffic. Then analyse it and see if the clients are actually sending the end dot. You can save the tcpdump(8) capture in a .pcap file you can load into Wireshark for easier analysis.


----------



## deadeyes (Mar 20, 2014)

SirDice said:
			
		

> Use tcpdump(8) to capture the full traffic. Then analyse it and see if the clients are actually sending the end dot. You can save the tcpdump(8) capture in a .pcap file you can load into Wireshark for easier analysis.



It's confusing that tcpdump() shows some data just as dots in its output. But I'm pretty sure it's not.
From what I understand the company providing the VPS, their third party which delivers the networking is deploying a DDoS system :S

4 days without mail now :S Terrible.


----------

