1

Topic: network_biopair_interop: error reading 5 bytes from the network

==== Required information ====
- iRedMail version: 0.7.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 5.7
- Related log if you're reporting an issue:
====
Hi Zhang,
Please HELP to solve this problem.

We can send Email to Outside World (Gmail, etc.) but can't  send Email from Outside World (Gmail, etc.) to our Mail System. However, some mails are coming to our mail after much delay. Others are lost in transit. Everything was OK before. This started only after we switched to new ISP. I have Googled a lot for past two days... but found no clue.

Email sent from Our Mail to Gmail reached successfully. The header information seems to be OK.
Delivered-To: subhasis.stpl@gmail.com
Received: by 10.114.77.226 with SMTP id v2csp174844ldw;
        Sat, 7 Dec 2013 08:05:13 -0800 (PST)
X-Received: by 10.68.129.201 with SMTP id ny9mr10931127pbb.70.1386432313042;
        Sat, 07 Dec 2013 08:05:13 -0800 (PST)
Return-Path: <subhasis.bhattacharyya@semaphoreindia.com>
Received: from mx.semaphoreindia.com ([27.49.39.194])

        by mx.google.com with ESMTP id w3si1936649pbh.359.2013.12.07.08.05.08
        for <subhasis.stpl@gmail.com>;
        Sat, 07 Dec 2013 08:05:09 -0800 (PST)
Received-SPF: pass (google.com: domain of subhasis.bhattacharyya@semaphoreindia.com designates 27.49.39.194 as permitted sender) client-ip=27.49.39.194;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of subhasis.bhattacharyya@semaphoreindia.com designates 27.49.39.194 as permitted sender) smtp.mail=subhasis.bhattacharyya@semaphoreindia.com;
       dkim=pass header.i=@semaphoreindia.com

#vi /var/log/maillog   shows full of STARTTLS errors as below:
....
Dec  8 13:47:59 mx postfix/smtpd[5152]: connect from unknown[210.212.29.188]
Dec  8 13:47:59 mx postfix/smtpd[5152]: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
Dec  8 13:47:59 mx postfix/smtpd[5152]: SSL_accept error from unknown[210.212.29.188]: -1
Dec  8 13:47:59 mx postfix/smtpd[5152]: lost connection after STARTTLS from unknown[210.212.29.188]
Dec  8 13:47:59 mx postfix/smtpd[5152]: disconnect from unknown[210.212.29.188]
....
Reason for this is unknown to me.

# postconf -n  => Output given below
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 51200000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 31457280
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = semaphoreindia.com
myhostname = mx.semaphoreindia.com
mynetworks = 127.0.0.0/8 172.16.10.0/24
mynetworks_style = subnet
myorigin = mx.semaphoreindia.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_interfaces = 27.49.39.194
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500
---

# dovecot -n  => Below is extract of IMAP configuration
# 1.2.16: /etc/dovecot.conf
# OS: Linux 2.6.18-274.el5PAE i686 CentOS release 5.7 (Final)
log_path: /var/log/dovecot.log
protocols: pop3 pop3s imap imaps managesieve
listen(default): *
listen(imap): *
listen(pop3): *
listen(managesieve): 127.0.0.1:2000
ssl: required
ssl_ca_file: /etc/pki/tls/certs/iRedMail_CA.pem
ssl_cert_file: /etc/pki/tls/certs/iRedMail_CA.pem
ssl_key_file: /etc/pki/tls/private/iRedMail.key
disable_plaintext_auth: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/libexec/dovecot/managesieve-login
last_valid_uid: 500
mail_uid: 500
mail_gid: 500
mail_location: maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_executable(managesieve): /usr/libexec/dovecot/managesieve
mail_process_size: 1024
mail_plugins(default): quota imap_quota autocreate
mail_plugins(imap): quota imap_quota autocreate
mail_plugins(pop3): quota
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve
imap_client_workarounds(default): tb-extra-mailbox-sep
imap_client_workarounds(imap): tb-extra-mailbox-sep
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: shared
  separator: /
  prefix: Shared/%%u/
  location: maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
  list: children
  subscriptions: yes
lda:
  postmaster_address: root
  auth_socket_path: /var/run/dovecot/auth-master
  mail_plugins: quota sieve autocreate
  sieve_global_path: /var/vmail/sieve/dovecot.sieve
  log_path: /var/log/sieve.log
auth default:
  mechanisms: plain login
  default_realm: semaphoreindia.com
  user: vmail
  passdb:
    driver: sql
    args: /etc/dovecot-mysql.conf
  userdb:
    driver: sql
    args: /etc/dovecot-mysql.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/dovecot-auth
      mode: 438
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 438
      user: vmail
      group: vmail
plugin:
  quota_warning: storage=85%% /usr/local/bin/dovecot-quota-warning.sh 85
  quota_warning2: storage=90%% /usr/local/bin/dovecot-quota-warning.sh 90
  quota_warning3: storage=95%% /usr/local/bin/dovecot-quota-warning.sh 95
  quota: dict:user::proxy::quotadict
  quota_rule: *:storage=0
  expire: Trash 7 Trash/* 7 Junk 30
  expire_dict: proxy::expire
  auth_socket_path: /var/run/dovecot/auth-master
  sieve: /%Lh/sieve/dovecot.sieve
  autocreate: INBOX
  autocreate2: Sent
  autocreate3: Trash
  autocreate4: Drafts
  autocreate5: Junk
  autosubscribe: INBOX
  autosubscribe2: Sent
  autosubscribe3: Trash
  autosubscribe4: Drafts
  autosubscribe5: Junk
  acl: vfile
  acl_shared_dict: proxy::acl
  sieve: /var/vmail/sieve/%Ld/%Ln/dovecot.sieve
  sieve_dir: /var/vmail/sieve/%Ld/%Ln
dict:
  expire: db:/var/lib/dovecot/expire/expire.db
  quotadict: mysql:/etc/dovecot-used-quota.conf
  acl: mysql:/etc/dovecot-share-folder.conf


No mails are coming to our Email from Outside World.
I can Telnet 25 from inside/outside network.
PTR records at ISP end are Ok.

MX PTR => 27.49.39.197,
Firewall NAT IP => 27.49.39.194.



Please help me fix this problem

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: network_biopair_interop: error reading 5 bytes from the network

subhasis.stpl wrote:

Dec  8 13:47:59 mx postfix/smtpd[5152]: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer

Looks like a network gateway issue. Search "network_biopair_interop" in Google please.
Also, please make sure you have correct A/MX records in DNS for your mail domain.

3

Re: network_biopair_interop: error reading 5 bytes from the network

ZhangHuangbin wrote:
subhasis.stpl wrote:

Dec  8 13:47:59 mx postfix/smtpd[5152]: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer

Looks like a network gateway issue. Search "network_biopair_interop" in Google please.
Also, please make sure you have correct A/MX records in DNS for your mail domain.

Thanks Jhang for your reply.

I got this reply from Gmail.

Mail Delivery Subsystem <mailer-daemon@googlemail.com> 8:03 PM (1 hour ago) to me
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:
     subhasis.bhattacharyya@semaphoreindia.com

Message will be retried for 2 more day(s)

Technical details of temporary failure:
Unspecified Error (SENT_SECOND_EHLO): Connection reset by peer

? Why SENT_SECOND_EHLO message given.

I can Telnet to mx.semaphoreindia.com at Port 25 from Outside of my network.

C:\>telnet mx.semaphoreindia.com 25
220 mx.semaphoreindia.com ESMTP Service ready
ehlo semaphoreindia.com
250-Requested mail action okay, completed
250-SIZE 31457280
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH PLAIN LOGIN
250-8BITMIME
250-STARTTLS
250 OK

Also Traceroute mx.semaphoreindia.com
C:\>tracert mx.semaphoreindia.com

Tracing route to mx.semaphoreindia.com [27.49.39.197]
over a maximum of 30 hops:
  1    54 ms    44 ms    38 ms  10.228.193.9
  2    49 ms    41 ms    35 ms  10.228.213.14
  3    48 ms    39 ms    38 ms  116.202.227.21
  4    49 ms    45 ms    35 ms  14.140.119.181.static-Kolkata.vsnl.net.in [14.10.119.181]
  5    82 ms    72 ms    72 ms  172.29.250.34
  6    93 ms    76 ms    74 ms  59.163.25.242.static.vsnl.net.in [59.163.25.242]
  7    86 ms    81 ms    74 ms  115.248.111.22
  8   120 ms   104 ms   107 ms  115.249.9.1
  9   109 ms   112 ms   105 ms  115.249.9.1
10   122 ms   103 ms   107 ms  27.49.39.11
11   125 ms   103 ms   107 ms  mx.semaphoreindia.com [27.49.39.197]
Trace complete.

The DNS query shows the MX record Ok.
C:\>nslookup
Default Server:  UnKnown
Address:  10.228.193.113

> set type=MX
> semaphoreindia.com
Server:  UnKnown
Address:  10.228.193.113

Non-authoritative answer:
semaphoreindia.com      MX preference = 10, mail exchanger = mx.semaphoreindia.com

semaphoreindia.com      nameserver = pdns.semaphoreindia.com
mx.semaphoreindia.com   internet address = 27.49.39.197
pdns.semaphoreindia.com internet address = 27.49.39.195
>
>

A probe for the Domain semaphoreindia.com at www.dnsstuff.com showed the following report:

All connections to Mailservers port 25 have failed. The standard port for SMTP transactions is 25, so your servers should be operating on that port. It is recommended that it be fixed in order for your mail service to operate properly. The Mail Servers that failed are:

27.49.39.197 | failed message send with: failed cx open with: failed socket connect with: Operation now in progress

The whole situation is very confusing. Zhang can you suggest a solution.

4

Re: network_biopair_interop: error reading 5 bytes from the network

Another probe for the Domain semaphoreindia.com at www.dnsstuff.com showed the following report:


FAIL
Mailserver rejected mail to postmaster. Mailservers are required by RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1 to have a valid postmaster address that is accepting mail. The Mailserver provided is:

27.49.39.197 | unexpected response to [RCPT TO: ] | 550 Requested action not taken: mailbox unavailable

Acceptance of abuse    Mailserver rejected mail to abuse. Mailservers are required by RFC2142 Section 2 to have a valid abuse address that is accepting mail.

27.49.39.197 | unexpected response to [RCPT TO: ] | 550 Requested action not taken: mailbox unavailable

As far iRedMail is concerned "postmaster" account is created by default while installing. Please suggest a solution.

The whole thing is getting more confusing. Please HELP.

5

Re: network_biopair_interop: error reading 5 bytes from the network

Just want to repeat myself: "Looks like a network gateway issue. Search "network_biopair_interop" in Google please."