Hello all,
I'm seeing somthing strange with a mail server I am upgrading.
I am rebuilding the 2 year old mail server and in the process I am going
from exim 4.12 to 4.42.
I've setup a unseen manual route to test the system before cutover.
I am seeing slow mail processing with some addresses (domains I think). All
of the messages that are stalling, look to me to be spam (I get a lot of
spam because I am playing around with anti-spam techniques).
My old mail server is holding some messages in the queue becuase the new one
is timing out after the MAIL TO: line.
The exact message in the old mail server log is.
-------------------
2004-10-06 15:40:38 1CFBDK-000GNi-00 == rosiesdiner@???
R=octopustest T=remote_smtp defer (60): Operation timed out: SMTP timeout
while connected to 192.168.10.1 [192.168.10.1] after MAIL
FROM:<Alejandro@???> SIZE=20033
When I transfer the message manually with telnet the SMTP session looks like
this:
-------------------
220 mail.dannysplace.net ESMTP Exim 4.42 Wed, 06 Oct 2004 17:37:34 +0200
HELO mail.dannysplace.net
250 mail.dannysplace.net Hello mail [192.168.1.4]
MAIL FROM:Alejandro@???
250 OK
HELP
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
RCPT TO:danny@???
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
--<SNIP DATA>--
.
250 OK id=1CFDvx-0005Vj-RH
QUIT
Now, the strange thing is after I type the RCPT TO: line, it takes about 2-3
minutes to respond. This ONLY happens with some sender addresses. Most of
the time it takes less than a second to send back the 250 OK message.
On the new server I see:
-------------------
# grep 1CFDvx-0005Vj-RH /var/log/exim/mainlog
2004-10-06 17:43:07 1CFDvx-0005Vj-RH <= Alejandro@??? H=mail
(mail.dannysplace.net) [192.168.1.4] P=smtp S=18627
2004-10-06 17:43:08 1CFDvx-0005Vj-RH => |/usr/local/bin/procmail -f-
/usr/virtmail/dannysplace.net/danny/.procmailrc <danny@???>
R=virtual_userforward T=address_pipe
2004-10-06 17:43:08 1CFDvx-0005Vj-RH Completed
This is normal...
So my question is, what does exim do, after getting the RCPT TO: line? If
it's some recipient check that I have setup then I will gladly alter it so
that the session does not timeout.
My first thought was the DNS lists I use but it's strange that I have been
able to reproduce this every time I try and use the same ipotrades.us
address.
I'd appreciate any suggestions on how I'd go about troublshooting this
further.
My ACL looks like this:
begin acl
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = rejected because $sender_host_address is in a
black list at $dnslist_domain\n$dnslist_text
log_message = found in $dnslist_domain
dnslists = list.dsbl.org : \
unconfirmed.dsbl.org : \
multihop.dsbl.org : \
relays.ordb.org :\
bl.spamcop.net
accept domains = +local_domains
endpass
verify = recipient
accept domains = +relay_to_domains
endpass
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
acl_check_mime:
warn decode = default
deny message = Blacklisted file extension detected
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
{1}{0}}
deny message = Sorry, noone speaks chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
accept
acl_check_content:
deny message = This message contains malware ($malware_name)
malware = *
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
warn message = X-Spam-Flag: YES
spam = nobody
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
accept
