Re: [exim] received not showing up in logs

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeff Lasman
Data:  
A: exim-users
Assumpte: Re: [exim] received not showing up in logs
On Wednesday 03 August 2005 06:28 am, Marc Sherman wrote:

> The logs would have been helpful; without them, we're just guessing.


The logging information is normal and good... but shows no times before
17:28. Per an offlist suggestion I'm going to look up what to add to
log connections.

> So the message spent about 45 minutes between first starting to
> receive the message (I'm guessing this is the time of receipt of the
> MAIL FROM smtp command), and final delivery by the transport. Do you
> have "log_selector = +queue_time_overall" set? If so, you should see
> a QT=37m34s clause on the message's Completed log entry, to confirm
> this.


On our version, 4.24, we can't use queue_time_overall; it causes an
error. I'll upgrade this system soon.

> The most likely culprits are:
>
> a> very slow network traffic while receiving the body of the message.
> b> delays processing the ACLs. Particularly content scanning (ie:
> spamassassin) in the DATA ACL.


It appears at first blush that the problem is due to spamd getting
backed up, but I could be wrong.

We use extensive blocking, but spamd has still been getting a workout
lately.

> C would have shown up in your logs; while you didn't post them, you
> probably would have noticed a temp failure, so I'm guessing that's
> not it. However, just in case you missed it or didn't know what to
> look for, you want to look for large DT= clauses on the => log entry
> for the delivery.


This is all we currently log:

<snip>
log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery
</snip>

I'm looking to add more.

> Was the message very large? If so, that would cause both A and B;
> check your content filter logs for more details. Especially if the
> message triggered one of spamassassin's known achilles heels, such as
> deeply nested multipart attachments.


One attachment, fairly large. Allegedly it also happened to him with a
small message and no attachments. The only examples he was able to
give me were yahoo and hotmail; know problems themselves.

Thanks!

Jeff
--
Jeff Lasman, Nobaloney Internet Services
1254 So Waterman Ave., Suite 50, San Bernardino, CA 92408
Our blists address used on lists is for list email only
Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html"