[AusNOG] Outlook 2013 - possible bug to bite?

Ross Wheeler ausnog at rossw.net
Tue Jun 16 16:42:01 EST 2015 


Just had a call from a customer with a brand-new (today) computer, 
evidently running Outlook 2013 (says its the latest version) with a mail 
problem.

They have several computers that check this mailbox, the others are all 
fine - just this (new) one that isn't.

A quick packet capture shows things appear to progress normally:

yy is their IP, xx is my mailserver.

15:36:09  yy.yyy.yyy.yyy  xxx.x.xx.xx     CAPA..
15:36:09  xxx.x.xx.xx     yy.yyy.yyy.yyy  +OK Capability list follows..TOP..USER..LOGIN-DELAY (etc)
15:36:09  yy.yyy.yyy.yyy  xxx.x.xx.xx     USER (username)..
15:36:09  xxx.x.xx.xx     yy.yyy.yyy.yyy  +OK Password required for (username)...
15:36:09  yy.yyy.yyy.yyy  xxx.x.xx.xx     PASS (password)..
15:36:09  xxx.x.xx.xx     yy.yyy.yyy.yyy  +OK (username) has 1 visible message (0 hidden) in 873 octets...
15:36:09  yy.yyy.yyy.yyy  xxx.x.xx.xx     STAT..
15:36:09  xxx.x.xx.xx     yy.yyy.yyy.yyy  +OK 1 873..
15:36:09  yy.yyy.yyy.yyy  xxx.x.xx.xx     ......
15:36:09  xxx.x.xx.xx     yy.yyy.yyy.yyy  -ERR POP EOF or I/O Error..
15:36:09  xxx.x.xx.xx     yy.yyy.yyy.yyy  +OK Pop server at (blah-blah) signing off...
15:36:09  yy.yyy.yyy.yyy  xxx.x.xx.xx     ......

So, I went digging a little deeper

The packet after the "+OK 1" response from the server is the one that has me puzzled.
Why would outlook send a packet with a payload of null bytes abd ckise the connection?


Wire:  0030 8823 | 3ee8 000c | 2947 9659 | 0800                    Ethernet Src: 00:0c:29:47:96:59  Dst: 00:30:88:23:3e:e8
IP:    4500 0035 | 7b6c 4000 | 4006 212e | xxxx xxxx | xxxx xxxx | Len:  53  TTL: 64  Proto: 6 (TCP)  Src: xxx.x.xx.xx  Dst: yy.yyy.yyy.yyy
TCP:   006e c4a1 | e1bc 03b5 | 29e6 594f | 5018 8084 | 1555 0000 | Src port: 110  Dst port: 50337 Flags: Psh Ack 
Data:  2b4f 4b20 | 3120 3332 | 3337 360d | 0a
15:45:18  xxx.x.xx.xx     yy.yyy.yyy.yyy  +OK 1 32376..

Wire:  000c 2947 | 9659 0030 | 8823 3ee8 | 0800                    Ethernet Src: 00:30:88:23:3e:e8  Dst: 00:0c:29:47:96:59
IP:    4500 0028 | 074d 4000 | 3006 a55a | xxxx xxxx | xxxx xxxx | Len:  40  TTL: 48  Proto: 6 (TCP)  Src: yy.yyy.yyy.yyy  Dst: xxx.x.xx.xx
TCP:   c4a1 006e | 29e6 594f | e1bc 03c2 | 5011 003f | e3a7 0000 | Src port: 50337  Dst port: 110 Flags: Fin Ack 
Data:  0000 0000 | 0000 
15:45:18  yy.yyy.yyy.yyy  xxx.x.xx.xx     ......

Wire:  0030 8823 | 3ee8 000c | 2947 9659 | 0800                    Ethernet Src: 00:0c:29:47:96:59  Dst: 00:30:88:23:3e:e8
IP:    4500 0028 | 7b6f 4000 | 4006 2138 | xxxx xxxx | xxxx xxxx | Len:  40  TTL: 64  Proto: 6 (TCP)  Src: xxx.x.xx.xx  Dst: yy.yyy.yyy.yyy
TCP:   006e c4a1 | e1bc 03c2 | 29e6 5950 | 5010 8084 | 6362 0000 | Src port: 110  Dst port: 50337 Flags: Ack

Wire:  0030 8823 | 3ee8 000c | 2947 9659 | 0800                    Ethernet Src: 00:0c:29:47:96:59  Dst: 00:30:88:23:3e:e8
IP:    4500 0043 | 7b70 4000 | 4006 211c | xxxx xxxx | xxxx xxxx | Len:  67  TTL: 64  Proto: 6 (TCP)  Src: xxx.x.xx.xx  Dst: yy.yyy.yyy.yyy
TCP:   006e c4a1 | e1bc 03c2 | 29e6 5950 | 5018 8084 | a5ad 0000 | Src port: 110  Dst port: 50337 Flags: Psh Ack 
Data:  2d45 5252 | 2050 4f50 | 2045 4f46 | 206f 7220 | 492f 4f20 | 4572 726f | 720d 0a
15:45:18  xxx.x.xx.xx     yy.yyy.yyy.yyy  -ERR POP EOF or I/O Error..


I've gone over their settings and everything SOUNDS right. Not sure if this is a "new" problem
and if so, is it about to strike in force? A config issue I couldn't diagnose over the phone?
Anyone encountered it, or seeing it themselves? This is the only report I have (so far).

Thanks in advance,
RossW

More information about the AusNOG mailing list