Re: [Exim] Help please : SMTP Relay Messages Frozen

Top Page
Delete this message
Reply to this message
Author: dominik.schramm
Date:  
To: Alex Schlichting, exim-users
Subject: Re: [Exim] Help please : SMTP Relay Messages Frozen
Hi Alex,

you should run exim directly from the command line with debugging turned on.
see section 5.3 of the exim specification under
http://www.exim.org/exim-html-4.20/doc/html/spec.html
for all the command line options.

Example:
$ cat smtp1
HELO localhost
MAIL FROM:<local_address>
RCPT TO:<remote_address>
DATA
From: <local_address>
To: <remote_address>
Subject: test from localhost
.
QUIT

$ cat smtp1 | exim -d+transport -bh localhost
...a lot of debugging output...

From that output you should be able to tell more exactly
what could be the problem.

BTW. why did you specify the user option for the *transport*?
The specification clearly states
> *user*
> [...]
> For remote transports, you should leave this option unset unless you
> really are sure you know what you are doing. When a remote transport
> is running, it needs to be able to access Exim's hints databases,
> because each host may have its own retry data.

(in chapter 23. Generic Transport Options)

regards
dominik

Alex Schlichting napsal(a):

>Tried that already I removed the never_users option that did not help and I
>changed exim_user to mail that did not help either :(
>
>-Alex
>
>
>-----Original Message-----
>From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
>Of Thomas Kinghorn
>Sent: Donnerstag, 4. September 2003 12:09
>To: exim-users@???
>
>exim_user is root BUT so it the never_users
>
><snip>
>######################################################################
>#                  Runtime configuration file for Exim               #
>######################################################################

>
>exim_user = root
>
># No deliveries will ever be run under the uids of these users (a colon-
># separated list). An attempt to do so causes a panic error to be logged,
>and
># the delivery to be deferred. This is a paranoic safety catch. Note that
>the
># default setting means you cannot deliver mail addressed to root as if it
># were a normal user. This isn't usually a problem, as most sites have an
>alias
># for root that redirects such mail to a human administrator.
>
>never_users = root
>
><snip>
>
>regards
>
>Tom
>
>-----Original Message-----
>From: Alex Schlichting [mailto:alex@cshw.net]
>Sent: 04 September 2003 11:52
>To: exim-users@???
>Subject: [Exim] Help please : SMTP Relay Messages Frozen
>
>
>This is a multi-part message in MIME format.
>--
>[ Picked text/plain from multipart/alternative ]
>
>Hi,
>
>I use Exim 4.22 and try to send mails to users not hosted on my server. The
>problem is that I can send mails to local users also authentication seems to
>work fine but when I send a email to someone not on my server the message is
>frozen.
>
>When I look in the mainlog I see error messages like this one :
>
>2003-09-04 10:01:16 19up3K-00018R-VQ == hans-peter.richter@???
><Hans-Peter.Richter@???> R=dnslookup T=remote_smtp defer
>(-1): smtp transport process returned non-zero status 0x000b: terminated by
>signal 11
>2003-09-04 10:01:16 19up3K-00018R-VQ Frozen
>
>I used exim_tidydb to clean the db files I even erased them and tried it
>again without any luck.
>
>I attach my config and really do hope someone can help me. Thank you.
>
>
>######################################################################
>#                  Runtime configuration file for Exim               #
>######################################################################

>
>exim_user = root
>
>########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ###########
>#                                                                          #
># Whenever you change Exim's configuration file, you *must* remember to    #
># HUP the Exim daemon, because it will not pick up the new configuration   #
># until you do. However, any other Exim processes that are started, for    #
># example, a process started by an MUA in order to send a message, will    #
># see the new configuration as soon as it is in place.                     #
>#                                                                          #
># You do not need to HUP the daemon for changes in auxiliary files that    #
># are referenced from this file. They are read every time they are used.   #
>#                                                                          #
># It is usually a good idea to test a new configuration for syntactic      #
># correctness before installing it (for example, by running the command    #
># "exim -C /config/file.new -bV").                                         #
>#                                                                          #
>########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ###########

>
>######################################################################
>#                    MAIN CONFIGURATION SETTINGS                     #
>######################################################################

>
># Specify your host's canonical name here. This should normally be the fully
># qualified "official" name of your host. If this option is not set, the
># uname() function is called to obtain the name. In many cases this does
># the right thing and you need not set anything explicitly.
>
># primary_hostname =
>
>
># The next three settings create two lists of domains and one list of hosts.
># These lists are referred to later in this configuration using the syntax
># +local_domains, +relay_to_domains, and +relay_from_hosts, respectively.
>They
># are all colon-separated lists:
>
>domainlist local_domains = lsearch;/etc/exim/localdomains
>domainlist relay_to_domains = lsearch;/etc/exim/localdomains
>hostlist relay_from_hosts = 127.0.0.1
>auth_advertise_hosts = *
>
>acl_smtp_rcpt = acl_check_rcpt
>
>acl_smtp_data = acl_check_content
>
># No deliveries will ever be run under the uids of these users (a colon-
># separated list). An attempt to do so causes a panic error to be logged,
>and
># the delivery to be deferred. This is a paranoic safety catch. Note that
>the
># default setting means you cannot deliver mail addressed to root as if it
># were a normal user. This isn't usually a problem, as most sites have an
>alias
># for root that redirects such mail to a human administrator.
>
>never_users = root
>
>
># The setting below causes Exim to do a reverse DNS lookup on all incoming
># IP calls, in order to get the true host name. If you feel this is too
># expensive, you can specify the networks for which a lookup is done, or
># remove the setting entirely.
>
>host_lookup = *
>
>
># The settings below, which are actually the same as the defaults in the
># code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
># calls. You can limit the hosts to which these calls are made, and/or
>change
># the timeout that is used. If you set the timeout to zero, all RFC 1413
>calls
># are disabled. RFC 1413 calls are cheap and can provide useful information
># for tracing problem messages, but some hosts and firewalls have problems
># with them. This can result in a timeout instead of an immediate refused
># connection, leading to delays on starting up an SMTP session.
>
>rfc1413_hosts = *
>rfc1413_query_timeout = 10s
>
>
># This option unfreezes frozen bounce messages after two days, tries
># once more to deliver them, and ignores any delivery failures.
>
>ignore_bounce_errors_after = 2d
>
># This option cancels (removes) frozen messages that are older than a week.
>
>timeout_frozen_after = 7d
>
>
>######################################################################
>#                       ACL CONFIGURATION                            #
>#         Specifies access control lists for incoming SMTP mail      #
>######################################################################
>begin acl

>
>
># This access control list is used for every RCPT command in an incoming
># SMTP message. The tests are run in order until the address is either
># accepted or denied.
>
>acl_check_rcpt:
>
> # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
> # testing for an empty sending host field.
>
> accept hosts = :
>
> # Deny if the local part contains @ or % or / or | or !. These are rarely
> # found in genuine local parts, but are often tried by people looking to
> # circumvent relaying restrictions.
>
> # Also deny if the local part starts with a dot. Empty components aren't
> # strictly legal in RFC 2822, but Exim allows them because this is common.
> # However, actually starting with a dot may cause trouble if the local
>part
> # is used as a file name (e.g. for a mailing list).
>
>  deny    local_parts   = ^.*[@%!/|] : ^\\.

>
> # Accept mail to postmaster in any local domain, regardless of the source,
> # and without verifying the sender.
>
>  accept  local_parts   = postmaster
>          domains       = +local_domains

>
> # Deny unless the sender address can be verified.
>
>  require verify        = sender

>
>
>############################################################################
>#
>  # There are no checks on DNS "black" lists because the domains that
>contain
>  # these lists are changing all the time. However, here are two examples of
>  # how you could get Exim to perform a DNS black list lookup at this point.
>  # The first one denies, while the second just warns.
>  #
>  # deny    message       = rejected because $sender_host_address is in a
>black list at $dnslist_domain\n$dnslist_text
>  #         dnslists      = black.list.example
>  #
>  # warn    message       = X-Warning: $sender_host_address is in a black
>list at $dnslist_domain
>  #         log_message   = found in $dnslist_domain
>  #         dnslists      = black.list.example

>
>############################################################################
>#
>
> # Accept if the address is in a local domain, but only if the recipient
>can
> # be verified. Otherwise deny. The "endpass" line is the border between
> # passing on to the next ACL statement (if tests above it fail) or denying
> # access (if tests below it fail).
>
>  accept  domains       = +local_domains
>          endpass
>          message       = unknown user
>          verify        = recipient

>
> # Accept if the address is in a domain for which we are relaying, but
>again,
> # only if the recipient can be verified.
>
>  accept  domains       = +relay_to_domains
>          endpass
>          message       = unrouteable address
>          verify        = recipient

>
> # If control reaches this point, the domain is neither in +local_domains
> # nor in +relay_to_domains.
>
> # Accept if the message comes from one of the hosts for which we are an
> # outgoing relay. Recipient verification is omitted here, because in many
> # cases the clients are dumb MUAs that don't cope well with SMTP error
> # responses. If you are actually relaying out from MTAs, you should
>probably
> # add recipient verification here.
>
>  accept  hosts         = +relay_from_hosts

>
> accept authenticated = *
>
> # Reaching the end of the ACL causes a "deny", but we might as well give
> # an explicit message.
>
>  deny    message       = relay not permitted

>
>
>acl_check_content:
>
>  # First unpack MIME containers and reject serious errors.
>  deny  message = This message contains a MIME error ($demime_reason)
>        demime = *
>        condition = ${if >{$demime_errorlevel}{2}{1}{0}}

>
>  deny  message = This message contains an unwanted file extension
>($found_extension)
>        demime = scr:vbs:bat:lnk:pif

>
> # finally accept all the rest
> accept
>
>######################################################################
>#                      ROUTERS CONFIGURATION                         #
>#               Specifies how addresses are handled                  #
>######################################################################
>#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
># An address is passed to each router in turn until it is accepted.  #
>######################################################################

>
>begin routers
>
>dnslookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more
>
>
>system_aliases:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{$local_part@$domain}lsearch{/etc/exim/aliases}}
> user = mail
> file_transport = address_file
> pipe_transport = address_pipe
>
>
>system_aliases2:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup{*@$domain}lsearch{/etc/exim/aliases}}
> user = mail
> file_transport = address_file
> pipe_transport = address_pipe
>
>
>userforward:
> driver = redirect
> check_local_user
>
> file = $home/.forward
> no_verify
> no_expn
> check_ancestor
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
>
>virtual_localuser:
> driver = accept
> domains = dsearch;/etc/exim/virtual
> local_parts = lsearch;/etc/exim/virtual/$domain/users
> transport = virtual_localdelivery
> no_more
>
>virtual_alias:
> driver = redirect
> allow_fail
> allow_defer
> domains = dsearch;/etc/exim/virtual
> data = ${lookup{$local_part}lsearch{/etc/exim/virtual/$domain/aliases}}
> user = mail
> file_transport = address_file
> pipe_transport = address_pipe
> no_more
>
>
># This router matches local user mailboxes.
>
>localuser:
> driver = accept
> check_local_user
> transport = local_delivery
>
>
>######################################################################
>#                      TRANSPORTS CONFIGURATION                      #
>######################################################################
>#                       ORDER DOES NOT MATTER                        #
>#     Only one appropriate transport is called for each delivery.    #
>######################################################################

>
># A transport is used only when referenced from a router that successfully
># handles an address.
>
>begin transports
>
>
># This transport is used for delivering messages over SMTP connections.
>
>remote_smtp:
> driver = smtp
> user = mail
>
># This transport is used for local delivery to user mailboxes in traditional
># BSD mailbox format. By default it will be run under the uid and gid of the
># local user, and requires the sticky bit to be set on the /var/mail
>directory.
># Some systems use the alternative approach of running mail deliveries under
>a
># particular group instead of using the sticky bit. The commented options
>below
># show how this can be done.
>
>local_delivery:
> driver = appendfile
> file = /var/mail/$local_part
> delivery_date_add
> envelope_to_add
> return_path_add
># group = mail
># mode = 0660
>
>
># This transport is used for handling pipe deliveries generated by alias or
># .forward files. If the pipe generates any standard output, it is returned
># to the sender of the message as a delivery error. Set return_fail_output
># instead of return_output if you want this to happen only when the pipe
>fails
># to complete normally. You can set different transports for aliases and
># forwards if you want to - see the references to address_pipe in the
>routers
># section above.
>
>address_pipe:
> driver = pipe
> return_output
>
>
># This transport is used for handling deliveries directly to files that are
># generated by aliasing or forwarding.
>
>address_file:
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
>
>
># This transport is used for handling autoreplies generated by the filtering
># option of the userforward router.
>
>address_reply:
> driver = autoreply
>
>virtual_localdelivery:
> driver = appendfile
>     create_directory = true
>       directory_mode = 700
>        #directory=/var/spool/mail/virtual/${domain}/${local_part}
> file = /var/spool/mail/virtual/${domain}/${local_part}
> delivery_date_add
> envelope_to_add
> return_path_add
> user = mail
> group = mail
> mode = 660
> #maildir_format

>
>
>######################################################################
>#                      RETRY CONFIGURATION                           #
>######################################################################

>
>begin retry
>
># This single retry rule applies to all domains and all errors. It specifies
># retries every 15 minutes for 2 hours, then increasing retry intervals,
># starting at 1 hour and increasing each time by a factor of 1.5, up to 16
># hours, then retries every 6 hours until 4 days have passed since the first
># failed delivery.
>
># Domain               Error       Retries
># ------               -----       -------

>
>*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

>
>
>
>######################################################################
>#                      REWRITE CONFIGURATION                         #
>######################################################################

>
># There are no rewriting specifications in this default configuration file.
>
>begin rewrite
>
>
>
>######################################################################
>#                   AUTHENTICATION CONFIGURATION                     #
>######################################################################

>
># There are no authenticator specifications in this default configuration
>file.
>
>begin authenticators
>
>plain:
> driver = plaintext
> public_name = PLAIN
> server_condition = "${if
>crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:
>*}}}}}{1}{0}}"
> server_set_id = $1
>
>login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if
>crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:
>*}}}}}{1}{0}}"
> server_set_id = $1
>
>
>######################################################################
>#                   CONFIGURATION FOR local_scan()                   #
>######################################################################

>
># If you have built Exim to include a local_scan() function that contains
># tables for private options, you can define those options here. Remember to
># uncomment the "begin" line. It is commented by default because it provokes
># an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
># set in the Local/Makefile.
>
># begin local_scan
>
>
># End of Exim configuration file
>
>
>
>--
>
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>details at http://www.exim.org/ ##
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>details at http://www.exim.org/ ##
>
>
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>
>