[exim] localhost mail loop created by bad IPv6 AAAA DNS reco…

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
MDominic Cleal at ->
Delete this message
Reply to this message
Author: J. Ryan Earl
Date:  
To: exim-users
CC: sysadmin
Subject: [exim] localhost mail loop created by bad IPv6 AAAA DNS record
Hello,

I'm having a problem with an Exim MTA that I manage. I noticed late
last week load on the server was increasing in quantized intervals, ie
load was going up by exactly 1 in puntuated periods. After
investigating more, it turns out some emails were looping between exim
processes because of a bad IPv6 AAAA record, but first I would like to
give a bit of background and information on the server host in question
before I ask for possible permanent workarounds:

Exim is running on a RHEL4 with the default Redhat Exim RPM--I'm trying
to not build my own version of exim:
# rpm -q exim
exim-4.43-1.RHEL4.5

This MTA only relays email generated by a Real-Estate software product
my company vends that sends out automated search results on a
pre-calculated schedule. The follow is a snippet of the mainlog while a
handful of these emails were looping in the system:

2006-08-20 00:00:00 1GEfPj-0004A6-ST => joe@???
R=dnslookup T=remote_smtp H=clsmail.com [::]
2006-08-20 00:00:00 1GEfPj-0004A6-ST Completed
2006-08-20 00:00:00 1GEfPk-0004AW-1P <= Joe@???
H=(mlsni.connectmls.com) [::1] P=esmtp S=1287 id=10317647.1155978577
158.JavaMail.testapp@ws05
2006-08-20 00:00:00 1GEfPk-0004AU-1P <= Joe@???
H=(mlsni.connectmls.com) [::1] P=esmtp S=1898 id=5655817.11559797865
87.JavaMail.testapp@ws05
2006-08-20 00:00:00 1GEfPj-0004AM-V0 => joe@???
<Joe@???> R=dnslookup T=remote_smtp H=clsmail.com [::]
2006-08-20 00:00:00 1GEfPj-0004AM-V0 Completed
2006-08-20 00:00:00 1GEfPk-0004AS-1O <= Joe@???
H=(mlsni.connectmls.com) [::1] P=esmtp S=1288 id=25859032.1155979132
802.JavaMail.testapp@ws05
2006-08-20 00:00:00 1GEfPj-0004AI-UT => joe@???
R=dnslookup T=remote_smtp H=clsmail.com [::]
2006-08-20 00:00:00 1GEfPj-0004AI-UT Completed
2006-08-20 00:00:00 1GEfPk-0004AY-1R <= Joe@???
H=(mlsni.connectmls.com) [::1] P=esmtp S=1936 id=26030786.1155979264
858.JavaMail.testapp@ws05
2006-08-20 00:00:00 1GEfPj-0004AF-Tv => joe@???
<Joe@???> R=dnslookup T=remote_smtp H=clsmail.com [::]
2006-08-20 00:00:00 1GEfPj-0004AF-Tv Completed
2006-08-20 00:00:00 no host name found for IP address ::1
2006-08-20 00:00:00 1GEfPj-0004AK-Up => joe@???
R=dnslookup T=remote_smtp H=clsmail.com [::]
2006-08-20 00:00:00 1GEfPj-0004AK-Up Completed
2006-08-20 00:00:00 no host name found for IP address ::1
2006-08-20 00:00:00 no host name found for IP address ::1
2006-08-20 00:00:00 no host name found for IP address ::1
2006-08-20 00:00:00 1GEfPk-0004Af-3a <= Joe@???
H=(mlsni.connectmls.com) [::1] P=esmtp S=1287 id=10317647.1155978577
158.JavaMail.testapp@ws05
2006-08-20 00:00:00 1GEfPk-0004Ah-3v <= Joe@???
H=(mlsni.connectmls.com) [::1] P=esmtp S=1898 id=5655817.11559797865
87.JavaMail.testapp@ws05
2006-08-20 00:00:00 1GEfPk-0004AW-1P => joe@???
<Joe@???> R=dnslookup T=remote_smtp H=clsmail.com [::]
2006-08-20 00:00:00 1GEfPk-0004AW-1P Completed

The clsmail.com MX is immediately suspect:

# dig clsmail.com mx

; <<>> DiG 9.2.4 <<>> clsmail.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47673
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION:
;clsmail.com.                   IN      MX


;; ANSWER SECTION:
clsmail.com.            3600    IN      MX      10 spam.c-logic.net.


;; Query time: 90 msec
;; SERVER: 192.168.2.45#53(192.168.2.45)
;; WHEN: Mon Aug 21 11:05:29 2006
;; MSG SIZE rcvd: 61

MX looks OK here, but let's check the AAAA record because we see IPv6
"anyhost" and "localhost" addresses in the log:

# dig clsmail.com aaaa

; <<>> DiG 9.2.4 <<>> clsmail.com aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3436
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION:
;clsmail.com.                   IN      AAAA


;; ANSWER SECTION:
clsmail.com.            3594    IN      AAAA    ::


;; Query time: 0 msec
;; SERVER: 192.168.2.45#53(192.168.2.45)
;; WHEN: Mon Aug 21 11:06:42 2006
;; MSG SIZE rcvd: 57

Here we see the problem, the AAAA record for clsmail.com is setup
incorrectly. The temporary workaround is to stop exim for a minute to
let the email timeout in looping to itself, however, as soon as an
autosearch for this user is run again the email loop starts up. Now I'm
trying to figure out the best permanent workaround. I did some research
and basic googling on the matter and found:
http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch13.html#id2569429

disable_ipv6 appears to have been added after Exim version 4.43, so I
can't use that. Instead I added the following to exim.conf:

# turn off IPv6 lookups
dns_ipv4_lookup = true

However, that didn't seem to help any, the email loop resurfaces. I'm
hoping that I won't have to build my own custom installation of Exim to
fix this problem as this is installed on a heavily used production
system and a new Exim installation would be a huge variable I'd like to
avoid. Does anyone know of a permanent workaround to disable IPv6 AAAA
lookups with the stock RHEL4 version of Exim?

Thanks in advance,

J. Ryan Earl
Systems/Network Engineer
dynaConnections Corp
512.306.9898


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Spam and maillinglistsRe: [exim] localhost mail loop created by bad IPv6 AAAA DNS record->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)