On Tue, 7 Mar 2006, Kendall Libby wrote:
> ph10> This might not be what is happening in your case, of course. If
> ph10> you still have the same issue with 4.60, repost the problem.
>
> And indeed we do.
Oh well, that rules that out, then.
> The Proofpoint boxes make multiple connections to our Exim relays, and
> hold them open making lots of VRFY calls. Since we verify a lot of
> our user addresses via LDAP, we were running into a 2 minute timeout
> set on the LDAP server. It seems that Exim would keep the LDAP
> connection open but wouldn't notice or otherwise attempt to restablish
> the connection after the timeout, and so would start deferring. When
> that happened, the sending MTA (Proofpoint) would still get the entire
> LDAP query and error. Also, nothing was being logged by Exim, so only
> the sending MTA knew there was an error.
Without know what your Exim configuration is, I can't really make any
more comments.
> The errors received by the sending MTA were either "ldap search
> initialization failed" or "ldap_result failed: 81, Can't contact the
> LDAP server".
Those seem to me to be errors that are to be expected from time to time.
The question is: what is happening when those errors occur? This will
depend on exactly how you are calling LDAP and how Exim is configured.
If it is possible to set up a box with Exim running in debug mode, cause
an error[*], and see what the debug output says, then I might be able to
see why it is doing what it is doing, and perhaps figure out whether or
not to change things. I suspect that VRFY is very rarely used these
days, so that code is probably not well exercised.
------------------
[*] Should be easy enough; just point it at a box that isn't running
LDAP for its LDAP server...
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book