[Exim] large SMTP banners and callouts appear to have proble…

Top Page
Delete this message
Reply to this message
Author: wayne
Date:  
To: exim-users
Subject: [Exim] large SMTP banners and callouts appear to have problems.
[note: I've put on my asbestos underwear and I'm fully prepared for
flames about reposting a message, but it appears that my first copy
didn't reach the exim-user list.]


Hi.

I've recently learned about a site that exim callouts don't seem to
agree with. (I'm using debian's "heavy" version of exim 4.30). The
SMTP banner on the site is over 2k in size (mostly anti-spam text).
Looking in verify.c do_callout(), there appears to be a 1k
responsebuffer and if the banner is larger than this, exim gives up.

It appears that I'm missing too many packages to trivially compile
exim to test stuff, so I was wonder if this is a known problem, an RFC
violation (I don't think so), or what.


Comments?


The following is a trace that reproduces the error

(root@backbone) # dig gtcs.com 25 +short
209.181.16.1
(root@backbone) # echo -e "EHLO mail.gtcs.com\nMAIL FROM:<munge@???>\nRCPT TO:<wayne@???>\nQUIT" | sendmail -d+verify -bhc 209.181.16.1
Exim version 4.30 uid=0 gid=0 pid=25825 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (June 16, 2003)
Support for: iconv() IPv6 PAM Perl GnuTLS
Lookups: lsearch wildlsearch nwildlsearch cdb dbm dmbnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=25825
auxiliary group list: <none>
configuration file is /etc/exim4/exim4.conf
log selector = 0c0d99d8
trusted user
admin user
changed uid/gid: privilege not needed
uid=114 gid=114 pid=25825
auxiliary group list: <none>
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
sender address = root@???
sender_fullhost = [209.181.16.1]
sender_rcvhost = [209.181.16.1]

**** SMTP testing session as if from host 209.181.16.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

LOG: smtp_connection MAIN
SMTP connection from [209.181.16.1]
host in host_lookup? yes (matched "*")
looking up host name for 209.181.16.1
DNS lookup of 1.16.181.209.in-addr.arpa (PTR) succeeded
IP address lookup yielded serv.gtcs.com
serv.gtcs.com in dns_ipv4_lookup? yes (matched "*")
gethostbyname2 looked up these IP addresses:
name=serv.gtcs.com address=209.181.16.1
checking addresses for serv.gtcs.com
209.181.16.1 OK
sender_fullhost = serv.gtcs.com [209.181.16.1]
sender_rcvhost = serv.gtcs.com ([209.181.16.1])
set_process_info: 25825 handling incoming connection from serv.gtcs.com [209.181.16.1]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 backbone.midwestcs.com ESMTP Exim 4.30 Sun, 21 Dec 2003 17:12:26 -0600


220 backbone.midwestcs.com ESMTP Exim 4.30 Sun, 21 Dec 2003 17:12:26 -0600

smtp_setup_msg entered
SMTP<< EHLO mail.gtcs.com
sender_fullhost = serv.gtcs.com (mail.gtcs.com) [209.181.16.1]
sender_rcvhost = serv.gtcs.com ([209.181.16.1] helo=mail.gtcs.com)
set_process_info: 25825 handling incoming connection from serv.gtcs.com (mail.gtcs.com) [209.181.16.1]
host in pipelining_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? yes (matched "*")
250-backbone.midwestcs.com Hello serv.gtcs.com [209.181.16.1]

250-SIZE 52428800

250-ETRN

250-PIPELINING

250-STARTTLS

250 HELP

SMTP>> 250-backbone.midwestcs.com Hello serv.gtcs.com [209.181.16.1]


250-SIZE 52428800

250-ETRN

250-PIPELINING

250-STARTTLS

250 HELP

SMTP<< MAIL FROM:<munge@???>
SMTP>> 250 OK


250 OK

SMTP<< RCPT TO:<wayne@???>
using ACL "check_recipient"
processing "accept"
check hosts = :
host in ":"? no (end of list)
accept: condition test failed
processing "accept"
check recipients = postmaster@???
address match: subject=wayne@??? pattern=postmaster@???
wayne@??? in "postmaster@???"? no (end of list)
accept: condition test failed
processing "deny"
check hosts = 24.210.44.37 : 217.199.183.18 : 129.81.13.86 : 68.51.40.88 : 68.154.45.203 : 216.79.30.100 : 24.46.19.122 : 216.190.184.130 : 130.113.234.156 : 138.26.196.27
host in "24.210.44.37 : 217.199.183.18 : 129.81.13.86 : 68.51.40.88 : 68.154.45.203 : 216.79.30.100 : 24.46.19.122 : 216.190.184.130 : 130.113.234.156 : 138.26.196.27"? no (end of list)
deny: condition test failed
processing "deny"
check dnslists = relays.ordb.org:list.dsbl.org:sbl.spamhaus.org:cn-kr.blackholes.us
DNS list check: relays.ordb.org
new DNS lookup for 1.16.181.209.relays.ordb.org
DNS lookup of 1.16.181.209.relays.ordb.org (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.16.181.209.relays.ordb.org failed
=> that means 209.181.16.1 is not listed at relays.ordb.org
DNS list check: list.dsbl.org
new DNS lookup for 1.16.181.209.list.dsbl.org
DNS lookup of 1.16.181.209.list.dsbl.org (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.16.181.209.list.dsbl.org failed
=> that means 209.181.16.1 is not listed at list.dsbl.org
DNS list check: sbl.spamhaus.org
new DNS lookup for 1.16.181.209.sbl.spamhaus.org
DNS lookup of 1.16.181.209.sbl.spamhaus.org (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.16.181.209.sbl.spamhaus.org failed
=> that means 209.181.16.1 is not listed at sbl.spamhaus.org
DNS list check: cn-kr.blackholes.us
new DNS lookup for 1.16.181.209.cn-kr.blackholes.us
DNS lookup of 1.16.181.209.cn-kr.blackholes.us (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
DNS lookup for 1.16.181.209.cn-kr.blackholes.us failed
=> that means 209.181.16.1 is not listed at cn-kr.blackholes.us
deny: condition test failed
processing "deny"
check hosts = *
host in "*"? yes (matched "*")
check sender_domains = ! *.grp.scd.yahoo.com : ! duck.inebraska.com : ! clocktech.com
gtcs.com in "! *.grp.scd.yahoo.com : ! duck.inebraska.com : ! clocktech.com"? yes (end of list)
check !verify = sender/callout
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Verifying munge@???
address match: subject=munge@??? pattern=*@midwestcs.com
gtcs.com in "midwestcs.com"? no (end of list)
munge@??? in "*@midwestcs.com"? no (end of list)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Considering munge@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

routing munge@???
--------> lookuphost router <--------
local_part=munge domain=gtcs.com
checking domains
gtcs.com in "@ : @[] : localhost : midwestcs.com : backbone.midwestcs.com : mail.midwestcs.com : www.midwestcs.com : elginwatches.org : elginwatch.org : elginwatches.com : elgin-watches.org : trusted-forwarder.org"? no (end of list)
gtcs.com in "! +local_domains"? yes (end of list)
calling lookuphost router
lookuphost router called for munge@???
  domain = gtcs.com
DNS lookup of gtcs.com (MX) succeeded
fully qualified name = gtcs.com
host_find_bydns yield = HOST_FOUND (2); returned hosts:
  SERV.gtcs.com 209.181.16.1 10
set transport remote_smtp
queued for remote_smtp transport: local_part = munge
domain = gtcs.com
  errors_to=NULL
  domain_data=NULL localpart_data=NULL
routed by lookuphost router
  envelope to: munge@???
  transport: remote_smtp
  host SERV.gtcs.com [209.181.16.1] MX=10
Attempting full verification using callout
locking /var/spool/exim4/db/callout.lockfile
locked /var/spool/exim4/db/callout.lockfile
opened hints database /var/spool/exim4/db/callout: flags=2
dbfn_read: key=gtcs.com
callout cache: no domain record found
dbfn_read: key=munge@???
callout cache: no address record found
interface=NULL port=25
Connecting to SERV.gtcs.com [209.181.16.1]:25 ... connected
read response data: size=1024
  SMTP<< 220-serv.gtcs.com ESMTP Sendmail 8.12.10/8.11.3/gtcs-6.4.2 ready
         220-on [209.181.16.1] in Cheyenne, Wyoming, USA; at Sun, 21 Dec 2003 16:12:27 -0700 (MST) .
         220-serving as mail.gtcs.com for various domains - see MX records.
         220-* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
         220-*                                                                 *
         220-*  You should be cautioned, that this server does serve clients   *
         220-*  located in jurisdictions with bans (and other limits) on most  *
         220-*  Unsolicited E-Mail messages - whether or not commercial in     *
         220-*  nature and whether or not bulk.  You have been warned!         *
         220-*                                                                 *
         220-*  While we do use various block-lists as a best effort to avoid  *
         220-*  receipt of spam, we may be expected to prosecute for attempts  *
         220-*  and actual deliveries of spam.                                 *
read response data: size=424
         220-*                                                                 *

SMTP>> QUIT

----------- end verify ------------
deny: condition test deferred
LOG: MAIN REJECT
H=serv.gtcs.com (mail.gtcs.com) [209.181.16.1] sender verify defer for <munge@???>: Could not complete sender verify callout
SMTP>> 451 Could not complete sender verify callout


451 Could not complete sender verify callout

LOG: MAIN REJECT
H=serv.gtcs.com (mail.gtcs.com) [209.181.16.1] F=<munge@???> temporarily rejected RCPT <wayne@???>: Could not complete sender verify callout
SMTP<< QUIT
SMTP>> 221 backbone.midwestcs.com closing connection


221 backbone.midwestcs.com closing connection

LOG: smtp_connection MAIN
SMTP connection from serv.gtcs.com (mail.gtcs.com) [209.181.16.1] closed by QUIT
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=25825 terminating with rc=0 >>>>>>>>>>>>>>>>



-wayne