Hi all,
We have Exim 3.35 running at our site (I know, "Please upgrade", but before
I do, I'd like to at least know what the problem is with the old installation
because maybe it will happen with Exim 4.x as well) and only now noticed that
irregularly but several times a day mails are not delivered and an NDR is
generated. This seems to have worsened over time.
I'd be very glad if anyone could (and would) still help me with this. I think I'm missing
something fundamental, which I might adopt into the 4.x configuration.
So when this is figured out, I'll happily migrate.
The situation:
We have Exim 3.35 running with two configurations "incoming" and "outgoing"
with Mailscanner/SpamAssassin 4.13.
The incoming exim process should do nothing more but verify recipient
addresses, partially based on the sender's domain, queue the messages
and leave them on the queue.
MailScanner checks the mails on the queue and hands them over to the
outgoing process, which does the actual delivering.
The eximhost is primary MX for the domains ourdomain.de, 2nddomain.de,
and some others, and as such is reachable from the Internet;
but this should not be a problem since all domains that should be local
because of what the MX records say and in fact aren't
are statically routed to another smart host. This smart host is an
MS Exchange server located in our internal network, which is not reachable
from the Internet.
All this works reliably in over 99% of all our mails (about 5000 per day), but for
about 20 per day (average), the following is logged:
2003-06-23 08:23:01 19UKjE-0002Hi-00 <= Order@??? H=(Internet) [Internet] ....
2003-06-23 08:23:01 19UKjE-0002Hi-00 == organizer@??? R=defer_router defer (-1): remote host address is the local host
2003-06-23 08:23:01 19UKjE-0002Hi-00 ** organizer@???: retry timeout exceeded
2003-06-23 08:23:01 19UKjE-0002Hi-00 Error message sent to Order@???
2003-06-23 08:23:01 19UKjE-0002Hi-00 Completed
2003-06-19 00:08:01 19Sl60-0006NM-00 <= ml-errors@??? H=(newsfeed.cts.com) [Internet] ....
2003-06-19 00:08:02 19Sl60-0006NM-00 == xy@??? R=defer_router defer (-1): remote host address is the local host
2003-06-19 00:08:02 19Sl60-0006NM-00 ** xy@???: retry timeout exceeded
2003-06-19 00:08:02 19Sl60-0006NM-00 Error message sent to ml-errors@???
2003-06-19 00:08:02 19Sl60-0006NM-00 Completed
2003-06-16 08:38:00 19Rncu-0004sM-00 <= organizer@??? H=(...) [10.16.24.9 LAN!!] ....
2003-06-16 08:38:01 19Rncu-0004sM-00 == abc@??? R=defer_router defer (-1): remote host address is the local host
2003-06-16 08:38:09 19Rncu-0004sM-00 => abc@??? R=lookuphost T=remote_smtp H=(Internet) [Internet]
2003-06-16 08:38:09 19Rncu-0004sM-00 Completed
So this seems to happen for any sender and any recipient (inside and outside the
company).
Is it possible that this is due to the retry rules in the incoming configuration.
Messages are put on the queue, but not even one second later (i.e. long before
the retry timeout), "retry timeout exceeded" is logged, and the message is sent
back to the sender with an NDR. Strangely enough, often sender and recipient are
identical: e.g. organizer@???; then sometimes the message can't be
delivered with the afore-mentioned error and an NDR is *successfully* sent to
the same address!
Since this often happens within one second, I finally dropped the idea that
our MS Exchange server might have something to do with this (it's caused a lot of
other trouble, though). This is the smarthost that receives the emails
for the company employees (with domains @ourdomain.de and @2nddomain.de).
All the other domains mentioned are either virtual (no real users, just
machines using these domains in sender addresses; replies to these
machine mails are forwarded to some user(s) in ourdomain.de or 2nddomain.de)
or have an MX somewhere else.
I also wonder if this may have anything to do with the defer router
in the incoming configuration:
defer_router:
driver = domainlist
self = defer
route_list = * 127.0.0.1 byname
no_verify
I'm using 127.0.0.1 here for no particular reason; mainly because I think it's
relevant since the incoming process just puts the messages on the queue and
does nothing else. The Reference Manual just states
> defer
> Delivery of the message is tried again later.
for the self option in routers. Normal retry rules should apply, but the error
is generated within one second after arrival.
I hope this is not too much information, but I think this configuration
has grown pretty complex by now, so I just included it whole.
Thanks for any help.
Dominik Schramm
Here's the default ("incoming") configuration which is stored as "configure_file"
(i.e., is also called when no explicit configuration file is given) has the
following main settings.
############
# INCOMING #
############
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
qualify_domain = eximhost.ourdomain.de
local_domains = localhost:eximhost.ourdomain.de:eximhost
local_domains_include_host = true
relay_domains = 4thdomain.de:5thdomain.de:ourdomain.de:2nddomain.de:2nddomain.at
# relay_domains_include_local_mx = true
host_accept_relay = 127.0.0.1 : 10.16.0.0/16 : 10.16.24.200
spool_directory = /var/spool/exim_incoming
queue_only = true
sender_reject_recipients = partial-dbm;/etc/exim/bounce_senders
smtp_verify = false
smtp_accept_queue_per_connection = 100
receiver_try_verify = true
receiver_verify_hosts = ! 10.16.0.0/8
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
local_delivery:
driver = appendfile
user = $local_part
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
file = /var/spool/mail/${local_part}
remote_smtp:
driver = smtp
######################################################################
# DIRECTORS CONFIGURATION #
######################################################################
real_local:
prefix = real-
driver = localuser
transport = local_delivery
verify_only
verify_recipient
system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch
verify_only
verify_recipient
lists:
driver = forwardfile
file = /usr/lists/$local_part
no_check_local_user
verify_only
verify_recipient
localuser:
driver = localuser
transport = local_delivery
verify_only
verify_recipient
defer_director:
driver = smartuser
new_address = :defer: All deliveries are deferred
no_verify
######################################################################
# ROUTERS CONFIGURATION #
######################################################################
bounce_recipients:
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/bounce_recipients}{yes}{no}}
driver = domainlist
route_list = ourdomain.de 10.16.24.9 byname; \
2nddomain.de 10.16.24.9 byname; \
5thdomain.de 10.16.24.9 byname; \
2nddomain.at 10.16.24.9 byname
verify_only
verify_recipient
fail_verify
localdelivery:
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/local_users}{yes}{no}}
driver = domainlist
transport = local_delivery
route_list = ourdomain.de localhost byname; \
5thdomain.de localhost byname; \
2nddomain.de localhost byname; \
2nddomain.at localhost byname
verify_only
verify_recipient
smarthost:
driver = domainlist
transport = remote_smtp
route_list = ourdomain.de 10.16.24.9 byname; \
2nddomain.de 10.16.24.9 byname; \
5thdomain.de 10.16.24.9 byname; \
2nddomain.at 10.16.24.9 byname
verify_only
verify_recipient
defer_router:
driver = domainlist
self = defer
route_list = * 127.0.0.1 byname
no_verify
######################################################################
# RETRY CONFIGURATION #
######################################################################
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
*@eximhost ${lookup{$1}lsearch{/etc/email-addresses}\
{$value}fail} frFs
--------------------------------------------------------------------
Here is the outgoing configuration, which is used to actually deliver mail.
Mails are taken out of the incoming queue by MailScanner, are scanned
for viruses etc. and put on the outgoing queue.
############
# OUTGOING #
############
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
qualify_domain = eximhost.ourdomain.de
local_domains = localhost:eximhost.ourdomain.de:eximhost
local_domains_include_host = true
relay_domains = 4thdomain.de:5thdomain.de:ourdomain.de:2nddomain.de:2nddomain.at
# relay_domains_include_local_mx = true
host_accept_relay = 127.0.0.1 : 10.16.0.0/16
smtp_verify = false
smtp_accept_queue_per_connection = 100
freeze_tell_mailmaster = true
receiver_try_verify = true
message_filter = /etc/exim/system_filter
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
throw_away:
driver = appendfile
user = mail
file = /dev/null
local_delivery:
driver = appendfile
user = $local_part
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
file = /var/spool/mail/${local_part}
remote_smtp:
driver = smtp
maildirdrop:
driver = appendfile
directory = /home/$local_part/Mail
delivery_date_add
envelope_to_add
return_path_add
maildir_format
user = $local_part
prefix =
suffix =
check_string =
######################################################################
# DIRECTORS CONFIGURATION #
######################################################################
real_local:
prefix = real-
driver = localuser
transport = local_delivery
system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch
lists:
driver = forwardfile
file = /usr/lists/$local_part
no_check_local_user
forbid_pipe
forbid_file
errors_to = $local_part-request@$domain
localimap:
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/imap_users}{yes}{no}}
driver = localuser
transport = maildirdrop
localuser:
driver = localuser
transport = local_delivery
######################################################################
# ROUTERS CONFIGURATION #
######################################################################
# certain local_parts should be delivered locally
# to imap server even though domain is not in local_domains
localimap:
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/imap_users}{yes}{no}}
transport = maildirdrop
driver = domainlist
route_list = ourdomain.de localhost byname; \
2nddomain.de localhost byname; \
5thdomain.de localhost byname; \
2nddomain.at localhost byname
# certain local_parts should be delivered locally
# (non-imap) even though domain is not in local_domains
localdelivery:
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/local_users}{yes}{no}}
driver = domainlist
transport = local_delivery
route_list = ourdomain.de localhost byname; \
2nddomain.de localhost byname; \
5thdomain.de localhost byname; \
2nddomain.at localhost byname
smarthost:
driver = domainlist
transport = remote_smtp
route_list = ourdomain.de 10.16.24.9 byname; \
2nddomain.de 10.16.24.9 byname; \
5thdomain.de 10.16.24.9 byname; \
2nddomain.at 10.16.24.9 byname
throw_away:
condition = ${lookup{$sender_host_address}lsearch{/etc/exim/throw_away_domains}{yes}{no}}
driver = domainlist
transport = throw_away
route_list = * localhost byname
lookuphost:
driver = lookuphost
transport = remote_smtp
######################################################################
# RETRY CONFIGURATION #
######################################################################
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
*@eximhost ${lookup{$1}lsearch{/etc/email-addresses}\
{$value}fail} frFs
--------------------------------------------------------------------
And finally here's the system filter file referenced in the outgoing configuration:
# Exim filter
if first_delivery and
($h_to: contains "@3rddomain.de" or $h_from: contains "@???")
then
unseen deliver imcopy@localhost errors_to postmaster@???
if error_message then
seen deliver 3rddomain@??? errors_to postmaster@???
finish
endif
endif
if first_delivery and
($h_to: contains "info@???" or $h_to: contains "registration@???" or
$h_to: contains "organizer@???" or $h_to: contains "hotline@???")
then
unseen deliver 3rddomain@??? errors_to postmaster@???
deliver external@??? errors_to postmaster@???
endif
if error_message then finish endif
if first_delivery and
($h_to: matches "(order|silent|bestellung|registration)@2nddomain.de" or
$h_from: matches "(order|silent|bestellung|registration)@2nddomain.de")
then
unseen deliver nmcopy@localhost errors_to postmaster@???
endif
if first_delivery and $h_to: contains 4thdomain@??? then
unseen deliver external@??? errors_to postmaster@???
unseen deliver shops.2nddomain@??? errors_to postmaster@???
endif
if first_delivery and
($h_to: matches "(hotline|order|registration|shop.registrierung)@4thdomain.de" or
$h_from: matches "(hotline|order|registration|shop.registrierung)@4thdomain.de")
then
unseen deliver whcopy@localhost errors_to postmaster@???
if $h_to: matches "silentwh@???"
then
unseen deliver silent@??? errors_to postmaster@???
elif $h_to: matches "basketwh@???"
then
unseen deliver basket@??? errors_to postmaster@???
elif $h_to: matches "test.silentwh@???"
then
unseen deliver test.silent@??? errors_to postmaster@???
elif $h_to: matches "test.basketwh@???"
then
unseen deliver test.basket@??? errors_to postmaster@???
endif
endif
Dominik Schramm
Senior System Administrator
businessMart AG
eMail dominik.schramm@???
Web <
http://www.businessmart.de>
