Re: [exim] Strange problem with hostlist

Góra strony
Delete this message
Reply to this message
Autor: Giddings, Bret
Data:  
Dla: Giddings, Bret, exim-users
Temat: Re: [exim] Strange problem with hostlist
Hello again,

(sorry if this is all trivial - our mail manager is away and so I am
just trying to understand something that may be obvious to seasoned exim
admins).

I now partially understand the failure...

The file blocked.hosts contained two domains. The second was a domain
that is currently resolving to an IP address only some of the time.
Assuming the domain was called somedomain.xyz (probably best not to name
and shame), when exim was able to accept email, the lookup was resolving
to an IP address. However, at times when exim was returning (at best)
the temporary failure, the resolution was failing. What is worrying is
that exim seems to have interpreted the failure to resolve this one IP
address as a total failure of the DNS when it wasn't. So, is this
behaviour expected and if so, is there a way to ensure that failure to
resolve an address due to problems elsewhere (presumably with
somedomain.xyz's nameservers being out of action) doesn't effectively
cause a local denial of service on our exim servers?

Regards,

Bret

-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]
On Behalf Of Giddings, Bret
Sent: 03 April 2008 12:42
To: exim-users@???
Subject: [exim] Strange problem with hostlist

Hello,

Since sometime on Tuesday, we experienced major problems with our
previously working exim configuration despite no changes being made
other than routine system upgrades. The problems were intermittent but
resulted in both

temporarily rejected RCPT

and

too many connections

errors in the logs. Curiously, the problems would affect all three of
our outward facing exim servers at approximately the same time and all
three would resolve themselves at approximately the same time. The
problems would last between 5 minutes and many hours and usually started
around 36 minutes past the hour. After eliminating possible internal
processes causing it, we concluded that it was most likely junk email
being sent in. We eventually tracked the problem down to a failure in
acl_smtp_rcpt. This had the line

deny hosts = +blocked_hosts

where blocked hosts was previously defined as

hostlist blocked_hosts = /essex/exim/blocked.hosts

The blocked.hosts file contained just two domainnames but hadn't been
edited since August 2006.

When the problem was active, lsof showed hundreds of exim processes had
the blocked.hosts file open. Commenting out the deny verb made the
problem go away.

Has anyone else seen this problem and know what the real cause might be.
I can supply detailed logs (-d+all) taking during a time when failures
were happening if anyone wants to see them!

OS version: Debian SID
Exim version information:

Exim version 4.69 #1 built 30-Jan-2008 09:41:07
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8

Regards,

Bret
--
Bret Giddings, Systems Manager, Computing Service, University of Essex
Tel: (01206) 872577 Email: bret@??? Fax: (01206) 860585 Room
4SW.5.19

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/