575

Many incoming SMTP connections show Winsock Error 10054

Many incoming SMTP connections show 'Winsock Error 10054 Connection was reset by other side!' and then terminate, as shown in this example:

Tue 2008-05-20 16:30:58: Performing PTR lookup (xx.xxx.xxx.xx.IN-ADDR.ARPA)
Tue 2008-05-20 16:30:58: * D=xx.xxx.xxx.xx.IN-ADDR.ARPA TTL=(1351) PTR=[smtp.host.domain.com]
Tue 2008-05-20 16:30:58: * Gathering A records...
Tue 2008-05-20 16:30:58: * D=smtp.host.domain.com TTL=(6) A=[xx.xx.xxx.x]
Tue 2008-05-20 16:30:58: ---- End PTR results
Tue 2008-05-20 16:30:58: --> 220 yourdomain.com ESMTP MDaemon 9.6.5; Tue, 20 May 2008 16:30:58 +0000
Tue 2008-05-20 16:30:58: <-- EHLO mail.domain.com
Tue 2008-05-20 16:30:58: --> 250-yourdomain.com Hello smtp.host.domain.com, pleased to meet you
Tue 2008-05-20 16:30:58: --> 250-ETRN
Tue 2008-05-20 16:30:58: --> 250-AUTH=LOGIN
Tue 2008-05-20 16:30:58: --> 250-AUTH LOGIN CRAM-MD5
Tue 2008-05-20 16:30:58: --> 250-8BITMIME
Tue 2008-05-20 16:30:58: --> 250-STARTTLS
Tue 2008-05-20 16:30:58: --> 250 SIZE 0
Tue 2008-05-20 16:30:58: <-- MAIL FROM:<user@somedomain.com>
Tue 2008-05-20 16:30:58: --> 250 <user@somedomain.com>, Sender ok
Tue 2008-05-20 16:30:58: <-- RCPT TO:<user@yourdomain.com>
Tue 2008-05-20 16:30:58: Performing DNS-BL lookup (xx.xxx.xxx.xx - connecting IP)
Tue 2008-05-20 16:32:28: * opm.blitzed.org - timed out (45 second wait)
Tue 2008-05-20 16:32:28: * zen.spamhaus.org - passed
Tue 2008-05-20 16:32:28: ---- End DNS-BL results
Tue 2008-05-20 16:32:28: --> 250 <user@yourdomain.com>, Recipient ok
Tue 2008-05-20 16:33:42: * Winsock Error 10054 Connection was reset by the other side!
Tue 2008-05-20 16:33:42: SMTP session terminated (Bytes in/out: 94/344)

In the example above, the issue is caused by querying opm.blitzed.org, which was a real time black list host that is no longer in operation. The request to the host times out because their server will not answer. Since the session is taking a long time, the other side does not wait for a response and they disconnect without issuing a quit.

This error can occur when any DNS-BL query times out, whether the host is no longer in service or not. If you see something similar in your logs, you may wish look into whether the host is having a temporary problem or if they are no longer in operation.

If the host is not longer in operation, as with Blitzed, you will need to remove the host from your list of DNS-BL hosts. To do so, follow these steps:

  1. Select the Security menu
  2. Select DNS Black Lists
  3. Click on the DNS-BL Hosts tab
  4. Select the line for the host you need to remove
  5. Click Remove
  6. Click Apply
  7. Click OK

Additional Comments

The DNS Black list host opm.blitzed.org ceased operations as of 7 May 2006.

The Block lists from DSBL (*.list.dsbl.org, *.multihop.dsbl.org and *.unconfirmed.dsbl.org) were set to resolve to an unroutable IP address as of 9 March 2009.