[afnog] is NAT messing me up?

Mon May 19 20:51:53 UTC 2008

Hi Frank,
At 01:17 09-05-2008, Frank Habicht wrote:
>So i have a serious problem here for a few days with emailing and ...
>... while explaining smtp to my colleague ...
>... I got an idea on what and who to blame for it.
>NAT

We always look for someone to blame. :-)

>Now my users at $remote_site_in_china send out an email. Your guess 
>in worst client software would be correct.
>
>Fri 2008-05-09 13:04:50: <-- MAIL FROM: <user_a at aidd.mn>
>Fri 2008-05-09 13:04:50: --> 250 <user_a at aidd.mn>, Sender ok
>Fri 2008-05-09 13:04:51: <-- RCPT TO: <user_b at aidd.mn>
>Fri 2008-05-09 13:04:51: --> 250 <user_b at aidd.mn>, Recipient ok
>Fri 2008-05-09 13:04:52: <-- RCPT TO: <user_c at aidd.mn>
>Fri 2008-05-09 13:04:52: --> 250 <user_c at aidd.mn>, Recipient ok
>Fri 2008-05-09 13:04:54: <-- RCPT TO: <user_d at aidd.mn>
>Fri 2008-05-09 13:04:54: --> 250 <user_d at aidd.mn>, Recipient ok
>Fri 2008-05-09 13:04:55: <-- DATA
>Fri 2008-05-09 13:04:55: Creating temp file (SMTP):
>                           c:\mdaemon\queues\temp\md50000027474.tmp
>Fri 2008-05-09 13:04:55: --> 354 Enter mail, end with <CRLF>.<CRLF>
>Fri 2008-05-09 13:07:42: Message size: 525631 bytes
>Fri 2008-05-09 13:07:42: Passing message through AntiVirus (Size:
>                           525631)...
>Fri 2008-05-09 13:07:42: *  Message is clean (no viruses found)
>Fri 2008-05-09 13:07:42: ---- End AntiVirus results
>Fri 2008-05-09 13:07:42: Message creation successful:
>                           c:\mdaemon\queues\inbound\md50000054979.msg
>Fri 2008-05-09 13:07:42: --> 250 Ok, message saved <Message-ID:
>                           007201c8b192$3a24f020$ae6ed060$@mn>
>Fri 2008-05-09 13:07:42: Connection closed
>Fri 2008-05-09 13:07:42: SMTP session successful (Bytes in/out:
>                           525816/542)

The email was accepted.

>I didn't see an SMTP "QUIT" here....
>Could it be because the "250 Ok, message saved" never made it to the 
>client? Well, the problem we're actually experiencing it that the 
>clients send the same email many many times out.

There should have been a QUIT in there.  In the above case, the 
connection was closed with a QUIT.  That shouldn't be a problem as 
there's the 250.

>[could it be that MS Outlook changes the Date: header each time???]

Have you compared the Message-id to see whether the MUA created a new 
message?  I recall coming across a case where Outlook kept resending 
the message as it didn't "know" that it had already been sent.

Could it be that the remote end is not seeing the "250"?  There's a 
"connection closed" after that.  I cannot tell whether it was 
initiated by the remote end before or during the "250".  That might 
explain the client attempting to send the mail more than once.

>So my best guess is that one of the multiple NAT machines is 
>'forgetting' which 'inside' ip tht conversation belongs to, and thus 
>it can't deliver the packet with "250 Ok, message saved" after the DATA phase.

I won't blame NAT yet.  Can you do a packet dump at the client end or 
have them do a SMTP test manually?

Regards,
-sm 