Here's an interesting tale:
Mail from the SA government network to us was being chronically
delayed for no apparent reason: messages spent between 5 hours and 7
days on the queue trying to get delivered to our servers, running
Exim 1.82.
After investigation, it turned out that their side (running
a sendmail 8.8.8) was logging "timeout waiting for client greeting"
messages, which is the time between the TCP connection being
established, and the Exim banner arriving.
As a check by hand showed this delay to be about 60s, I found
rfc1413_query_timeout
which defaults to 60s. It turned out that ident requests to the
server attempting to send mail were being firewalled, with the result
that they timed out at 60s instead of failing immediately with
'connection refused' or returning a response.
The 60s delay was enough to cause the sending sendmail to fail the
delivery attempt and retry later (though some delivery attempts
succeeeded, so it must be on the boundary).
As we don't use ident information for anything, I disabled it with
rfc1413_query_timeout = 0s
which solved the problem, but perhaps Exim should be using a lower
timeout value by default, eg. 15s, or something which doesn't upset
sendmails behind firewalled ident ports?
Regards
Stephen
---
Stephen Marquard
Western Cape Schools' Network / SchoolNet SA
http://www.wcape.school.za
PO Box 44460, Claremont 7735, Cape Town
Phone (021) 683-8719 / 448-8463
Fax (021) 683-7016
--
*** Exim information can be found at
http://www.exim.org/ ***
