Russell King (Oracle) <linux@xxxxxxxxxxxxxxx> wrote: > Given the packet counts as per my example above, it looks like > conntrack only saw: > > src=180.173.2.183 dst=78.32.30.218 SYN > src=78.32.30.218 dst=180.173.2.183 SYN+ACK > src=180.173.2.183 dst=78.32.30.218 ACK > > and I suspect at that point, the connection went silent - until > Exim timed out and closed the connection, as does seem to be the > case: > > 2023-01-11 21:32:04 no host name found for IP address 180.173.2.183 > 2023-01-11 21:33:05 SMTP command timeout on connection from [180.173.2.183]:64332 I=[78.32.30.218]:25 > > but if Exim closed the connection, why didn't conntrack pick it up? Yes, thats the question. Exim closing the connection should have conntrack at least pick up a fin packet from the mail server (which should move the entry to the 2 minute fin timeout).
