Re: [exim] Exim gets constantly the same mail, sent from our…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MThomas Hochstein at <-
MThomas Hochstein at ->
Delete this message
Reply to this message
Author: Arthur Hagen
Date:  
To: exim-users
Subject: Re: [exim] Exim gets constantly the same mail, sent from ourcustomer (gagabay)
On Sun, 2007-04-01 at 17:00 +0200, Thomas Hochstein wrote:
> Bob Johnson schrieb:
>
> > I think the sending system should have a timeout longer than 60 seconds,
>
> It is *required* to have a much longer timeout.

There's many things that are required according to RFCs that are
impractical on the modern day Internet. The mandated 10 minute timeout
is one of these -- if you run a web server, you then quickly end up with
tens of thousands processes in FIN_WAIT status, because of clients who
don't play nice and just go away (which saves the *client* a
millisecond). Similar for mail, where spammers in particular don't play
nice, and may not bother about niceties like QUIT and a TCP negotiated
FIN/FIN+ACK/ACK sequence, but just drop the connection to save a few
milliseconds. To hell with the server; the spammer saving time is much
more important to the spammer.

So no, for several years now, the RFC recommended timeout values have
been obsolete.

> > but even so, this is a bug in Exim.
>
> No, it isn't. It is a bug in the remote installation, and perhaps a
> poor configuration of the local SpamAssassin, but not an Exim-bug.

Or the infamous Cisco PIX firewall bug which causes a timeout (and dupe
deliveries) if the final <CR><LF>.<CR><LF> isn't all part of one TCP/IP
packet due to an unlucky combination of the email size and the max MTU
size between sender and recipient.

Or the similarly infamous PIX firewall problem if someone is using PIX
Mailguard in front of a server that does ESMTP -- then the sending MTA
will never get a 2xx or 5xx return on the ESMTP commands (IIRC, PIX
returns "OK" after filtering, instead of "500 something" which it
should), and eventually timeout unless the sending MTA sends a CR every
now and then when inactive (many do, just because of this). In that
case, there shouldn't be dupes, though.

In either case, the correct fix (IMHO) is to thump the PIX device
repeatedly over the head of whoever decided to buy it, while chanting
"do not ever buy black box security devices".

Regards,
--
*Art


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim gets constantly the same mail, sent from our customer (gagabay)[exim] Maildir Naming Format->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)