Hello,
I have:
rejo@eroticon-six$ dig rz.xs4all.nl mx
rz.xs4all.nl. 84227 IN MX 100 mx4.xs4all.nl.
rz.xs4all.nl. 84227 IN MX 10 rz.xs4all.nl.
rz.xs4all.nl. 84227 IN MX 100 mx1.xs4all.nl.
rz.xs4all.nl. 84227 IN MX 100 mx2.xs4all.nl.
rz.xs4all.nl. 84227 IN MX 100 mx3.xs4all.nl.
On rz.xs4all.nl I have Exim 4.12 running.
The other boxes are setup to act as bSMTP servers, running sendmail. I
do not have any rights on them. If they try to deliver some mail to my
box, normally there is no problem. However, sometimes they timeout and
leave my server with a lost connection (mostly because it is spam and
the verifing part takes too long).
What happens is this:
- mx1 tries to deliver a message to rz
- rz does a sender verify
- sender verify will take time as the spammer has a fscked up dns / mta
- mx1 will timeout, as it doesn't get a response quick enough
- rz will timeout, as it doesn't get a response quick enough
- rz want to respond about the timeout to mx1
- rz will notice the connection to mx1 is lost.
Temporarily changes to my setup solved the problem for the timebeing,
but still I have some problems. I have run a debug session, the log is
http://www.xs4all.nl/~sister/misc/exim-log.txt. Now, the relevant part:
287 773 host ns.247365.net [65.242.117.4] MX=10
288 773 host ns.datacommarketing.com [65.242.117.2] MX=15
289 773 host ns.img-online.com MX=20
290 773 host ns.therackroom.com [12.167.116.5] MX=25
291 773 host ns.netsurfers.net [65.242.117.6] MX=30
292 773 host ns.qorban.com MX=35
293 773 host ns.world-services.com [12.167.116.8] MX=40
294 773 host ns.aliasbrokers.com [65.242.117.9] MX=45
295 773 host ns.extreme-marketing.com [12.167.116.10] MX=50
[...]
304 773 interface=NULL port=25
305 773 Connecting to ns.247365.net [65.242.117.4]:25 ... connected
306 773 SMTP>> QUIT
307 773 interface=NULL port=25
308 773 Connecting to ns.datacommarketing.com [65.242.117.2]:25 ... connected
309 773 SMTP>> QUIT
310 773 interface=NULL port=25
311 773 Connecting to ns.therackroom.com [12.167.116.5]:25 ... failed
312 773 interface=NULL port=25
313 773 Connecting to ns.netsurfers.net [65.242.117.6]:25 ... failed
314 773 interface=NULL port=25
315 773 Connecting to ns.world-services.com [12.167.116.8]:25 ... failed
316 773 interface=NULL port=25
317 773 Connecting to ns.aliasbrokers.com [65.242.117.9]:25 ... failed
318 773 interface=NULL port=25
319 773 Connecting to ns.extreme-marketing.com [12.167.116.10]:25 ... failed
What happens, I think, is that Exim tries to connect to all of the MX's
for the domain in the envelop sender. Right? This takes a long long
time, as connecting to five out of seven hosts will result in a timeout.
So, why exactly is Exim trying to connect to all of the MX's for that
domain? And, can I influence this behaviour?
Additionaly, I found that Exim is asking the DNS servers for A6 records
(see 228 and 246 in the log) which are deprecated. Is there a way to
skip these checks while maintaining IPv6 support - except for digging
into the source?
Thank you,
--
Rejo Zenger <rejo@???>
http://www.xs4all.nl/~sister
PGP 0x75FC50F3
