On Wed, 8 Jun 2005, Tony Marques wrote:
> At this point I would like to suggest that
>
> a) auto_thaw shouldn't apply to bounces
I have researched the history of auto_thaw. It was added to Exim at
release 0.43, a _very_ long time ago. Unfortunately, the ChangeLog does
not record why it was added; I expect somebody asked for it, because I
rarely add features for any other reason. I think I assumed it would be
an option that was very rarely used, and only in execptional
circumstances. The documentation does say that it is a way of saying
"keep on trying, even though there are big problems".
Back in those days, frozen bounces were not nearly such a big issue as
they are today. Also, Exim did a lot more freezing for other reasons,
such as errors in its configuration detected at run time (e.g.
non-existent files or whatever) - I was really cautious when I first
wrote it. Over the years, the reasons for freezing other than failed
bounces have more or less been eliminated. Nowadays, Exim mostly just
defers delivery for those kinds of problem.
In other words: Times have Changed.
In retrospect, the documentation for auto_thaw is not nearly strong
enough in warning of its dangers. I have made a note to add something to
the next edition.
auto_thaw pre-dates ignore_bounce_errors_after (0.53, but called
ignore_errmsg_errors at that time) and timeout_frozen_after (3.20). I
probably erred in not considering the general effect of all these
options. That's the trouble with updating software. It is easy to add
new features without realizing all the ramifications of their
interactions with everything else.
Your suggestion of making auto_thaw not apply to bounces is an
interesting one, and given that we now have ignore_bounce_errors_after,
it makes a lot of sense (and gets back to the original kinds of
reasoning for the existence of auto_thaw). I am strongly tempted to
implement it. What do other people think?
> or that
>
> b) auto_thaw should mandate ignore_bounce_errors_after be evaluated at
> the same time (but first) and work as designed (deleting the bounce
> after a second failure) -- (so auto_thaw 2h should imply
> ignore_bounce_errors_after 2h).
Simply because of the way things are implemented, I don't think this
would be all that easy to do (though I have not looked at the code),
other than by simply forcing a setting of ignore_bounce_errors when
auto_thaw is set (to be <= auto_thaw). I don't think I like this because
it mixes the two things up.
> That suggestion should be on topic?
Yes. Good suggestion.
> The multi-bounce situation may not be a bug, but perhaps it can be fixed?
Indeed, if it is happening a lot (and it seems that it is), it would be
helpful to try to stop people falling into the trap too easily.
> auto_thaw and bounces don't mix, as presumably that is what
> ignore_bounce_errors_after is for.
Quite. I should have realized this some years ago!
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book