Re: [exim] timing out messages in the queue

Top Page
Delete this message
Reply to this message
Author: David S. Madole
Date:  
To: 'ron@parktree.net'
CC: 'Exim-users@exim.org'
Subject: Re: [exim] timing out messages in the queue
> From Ron Gorodetzky Wednesday, July 04, 2007 8:27 PM
>
> I've never really had the need to tweak default settings too
> much though after investigating a bit more, I'm not sure why
> not. I'm going to have to reevaluate my other setups.
>
> These are the settings I've chosen for timeouts. Are they
> too ambitious?
> command_timeout = 20s
> connect_timeout = 20s
> data_timeout = 30s
> final_timeout = 1m


Yes, too ambitious in my opinion. You will probably quite a few hosts that you connect to that cannot keep up with this. Systems doing callouts may not be able to reply to a RCPT TO or MAIL FROM command in 20 seconds, systems going SMTP-time virus and spam scanning may have delays during the data and final phases. You can't assume that other systems are doing nothing but simply spooling mail to disk.


> I found that at least one of the misbehaving messages was
> hanging on the
> following:
>
> initializing GnuTLS as a client
> generating 512 bit RSA key...
> selecting on subprocess pipes
> selecting on subprocess pipes
> ...
>
> After searching a bit online, some said to make sure (on
> debian) gnutls was installed, or to make sure you don't have
> entropy starvation, pregenerating exim.key and exim.crt
> files, etc. Nothing seemed to make any difference. So I
> decided to just turn off tls for remote_smtp. Like
> so:
>
> hosts_avoid_tls = *
>
> That seemed to do the trick. I'm not entirely sure why the
> other supposed fixes didn't work. I certainly support the
> use of tls (I use it for smtp between client apps when I
> setup a mail server with
> authentication) so it feels odd turning it off. Is it common
> practice to leave it on for server to server mail exchange?
> Should I expect a lot of rejected mail using this setting?


I doubt you will see any rejected mail. Most public mail hosts use TLS on a "best effort" basis and fall back to unencrypted if it is not supported.

You may well have an entropy issue. I don't know the specifics of what to do about it on Debian.

David