Rory Campbell-Lange <rory@???> wrote:
> I clearly have something misconfigured as I get about 20 messages a
> week on our company mail server (which has about 7000 emails going in
> and out each week) which get frozen with the following
> characteristics:
>
> 7h 2.1K 1BFOjh-0005fq-7q <> *** frozen ***
> pseudo@???
>
> I'm not clear what I should be fiddling with to ensure that these
> mails don't come through. The exim4 server is working as a
> passthrough host protecting an Exchange 5.5 box.
>
These are frozen bounce messages. Since your Exchange 5.5 (really? it's
unsupported isn't it?) server can't do SMTP-time recipient verification,
you're accepting mails on the gateway for potentially non-existant
recipients on the target system. When Exchange bounces one of these, and the
orginal sender is unrouteable, you get a frozen bounce.
Some ways of fixing this:
- Upgrade to Exchange 2003, turn on SMTP-time recipient validation in
Exchange, turn on callout recipient checking in Exim
- Implement a verify-only LDAP lookup on the Exim server to check recipients
before you accept a mail at SMTP time. Or some other way of the Exim server
knowing whether a recipient is valid or not ( a static list, directory
extract, etc)
- Implement callout sender verification in Exim - will stop you accepting a
mail if a subsequent bounce would not be deliverable
- Mess with the timeout_frozen_after settings in Exim to make the frozen
bounces disappear. Not really a fix - a resilient system shouldn't accept
mail for non-existant users, or from non-existant addresses.
You'll want to fix this before your first DHA or joe-job, at which time both
Exim and Exchange will probably melt down.
Peter