Re: [exim] Retries and greylisting

Top Page
Delete this message
Reply to this message
Author: Lutz Preßler
Date:  
To: exim-users
Subject: Re: [exim] Retries and greylisting
Hello,
On Don, 15 Feb 2007, Philip Hazel wrote:
> On Thu, 15 Feb 2007, Renaud Allard wrote:
>
> > Indeed I forgot to remove the hints database as you suggested. So far the test
> > emails passed so I guess the problem is solved with the patch Philip posted
> > formerly.
> Phew! Thanks for reporting.

[and earlier in the thread:]
..>> This may be another instance of the address_retry_include_sender bug,
..>> introduded in 4.64 and fixed in CVS:

I don't think so, I'm afraid. At least I have a setup with Exim 4.51
and a remote domain which leads to the same (similar?) problem.
I can dig out the raw logs later, if necessary (the output of
exim_dumpdb I looked into has been unexpectedly lost though).

This is the setup and my interpretation:

System S with Exim 4.51 (delay_after_cutoff default = true, default retry rule)
regularly but not very often sends mail to users at Domain dom.ain.
There are two MX with different for Domain dom.ain: MX1 and MX2.
Both of those are doing greylisting for dom.ain, MX1 (primary mx) is handling
quite a lot of mail and seems to have a quite short time span configured
for whitelisted entries until they are invalidated again. (MX2 is
the final destination for dom.ain and uses another greylist implementation
with more "normal" timeouts.

Suppose no relevant greylisting entries on MX1 or MX2 and no retry entries an S.
Exim on S tries to send a message to user@???.
It successfully contacts MX1, but gets 451 because of greylisting.
MX2 contacted immediately afterwards, also responding with 451.
Both 451 responses are remembered in the retry database, I suppose.
At the next queue run after the first retry interval, exim tries MX1 again
and succeeds because whitelisting happend on MX1. MX2 is not consulted again
for this mail.

Some time later (long enough, so that the whitelisting entry expired at MX1)
another mail to user@??? (or maybe user2@??? ?) is to be delivered
again at S. MX1 is tried and responds with 451. MX2 is tried and responds with 451.
But now exim interprets this as permanent failure:

2007-01-26 16:54:00 1HATOX-0004aU-IZ SMTP error from remote mail server after RCPT TO:<user@???>:
host MX1 [1.2.3.1]: 451 Greylisted/d, please come back in a while.
2007-01-26 16:54:01 1HATOX-0004aU-IZ == user@??? <user@???>
R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<user@???>:
host MX2 [1.2.3.2]: 451-9.8.7.6 is not yet authorized to deliver mail from\n451-<sen@???> to
<user@???>.\n451 Please try later.
2007-01-26 16:54:01 1HATOX-0004aU-IZ ** user@???: retry timeout exceeded

I think this is a (the) bug. If it's not a bug but a configuration problem: any idea how
to handle this situation?

Thanks a lot,
Lutz


-- 
Lutz Preßler  <Lutz.Pressler@???>    http://www.SerNet.DE/
SerNet Service Network GmbH, Bahnhofsallee 1b, D-37081 Göttingen
Tel.: +49-551-370000-2,      FAX: +49-551-370000-9
AG Göttingen, HRB 2816,      GF: Dr. Johannes Loxen