Autor: Arthur Hagen Data: Para: exim-users Asunto: Re: [exim] Exim gets constantly the same mail,
sent from ourcustomer (gagabay)
On Sun, 2007-04-01 at 17:00 +0200, Thomas Hochstein wrote: > Bob Johnson schrieb:
>
> > I think the sending system should have a timeout longer than 60 seconds,
>
> It is *required* to have a much longer timeout.
There's many things that are required according to RFCs that are
impractical on the modern day Internet. The mandated 10 minute timeout
is one of these -- if you run a web server, you then quickly end up with
tens of thousands processes in FIN_WAIT status, because of clients who
don't play nice and just go away (which saves the *client* a
millisecond). Similar for mail, where spammers in particular don't play
nice, and may not bother about niceties like QUIT and a TCP negotiated
FIN/FIN+ACK/ACK sequence, but just drop the connection to save a few
milliseconds. To hell with the server; the spammer saving time is much
more important to the spammer.
So no, for several years now, the RFC recommended timeout values have
been obsolete.
> > but even so, this is a bug in Exim.
>
> No, it isn't. It is a bug in the remote installation, and perhaps a
> poor configuration of the local SpamAssassin, but not an Exim-bug.
Or the infamous Cisco PIX firewall bug which causes a timeout (and dupe
deliveries) if the final <CR><LF>.<CR><LF> isn't all part of one TCP/IP
packet due to an unlucky combination of the email size and the max MTU
size between sender and recipient.
Or the similarly infamous PIX firewall problem if someone is using PIX
Mailguard in front of a server that does ESMTP -- then the sending MTA
will never get a 2xx or 5xx return on the ESMTP commands (IIRC, PIX
returns "OK" after filtering, instead of "500 something" which it
should), and eventually timeout unless the sending MTA sends a CR every
now and then when inactive (many do, just because of this). In that
case, there shouldn't be dupes, though.
In either case, the correct fix (IMHO) is to thump the PIX device
repeatedly over the head of whoever decided to buy it, while chanting
"do not ever buy black box security devices".