I thought I'd post this so that it gets into the archive. Sites that use
the "delay" modifier in the RCPT ACL (either in conjunction with
"ratelimit" or otherwise) might run into problems with PIPELINING.
The PIPELINING extension to SMTP is supposed to make better use of the
network. Using PIPELINING, a client can send MAIL, RCPT, RCPT, ..., DATA
all at once, without waiting for a response in between. The client then
waits for the responses to come back, in order. The server does not need
to flush its output buffer until it has run out of input from the
client. The idea is that in many cases, all the commands from MAIL to
DATA will fit into a single packet, and likewise all the responses will
go back in a single packet. Without PIPELINING, there is a packet
exchange for each command.
Exim, as a server, advertises PIPELINING by default, and as a client, it
uses PIPELINING if the server advertises it. You can suppress the
advertisement (globally, or to specific hosts) by setting
pipelining_advertise_hosts.
A problem arises if the server starts applying delays when it responds
to RCPT commands, because the client won't see any response at all until
either the server's output buffer fills up, or DATA has been processed.
For example, if the client sends MAIL, RCPT, RCPT, RCPT, DATA all in one
packet, and the server applies a 1-minute delay to each RCPT, the client
will see a 3-minute delay before any response at all is received (it
will be waiting for a response to MAIL). It doesn't take too many small
delays to add up to 5 minutes - which is a typical client timeout time.
PIPELINING was invented to speed things up; delays were invented to slow
things down. They don't play well together. :-(
A feature of the next release of Exim (already in the snapshots) is
control = no_pipelining
This makes it possible to disable pipelining for certain clients based
on any criteria that an ACL supports, not just the host identity (which
is all you have with pipelining_advertise_hosts). However, you have to
disable before the response to EHLO is sent in order for it to work.
Bottom line: if you are using delays with RCPT commands, consider the
PIPELINING consequences.
A thought: as I wrote this, it occurred to me that maybe there is a way
that Exim can take note of having obeyed "delay", and if so, force out
its output buffer after it has written the next response, instead of
waiting until it has run out of input. If possible, that would solve
this issue automatically. Any views on this idea?
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book