There appears to be a fairly major bug in the logic of exim 4.63
Scenario
********
Lots of emails on server A trying to send out though smarthost
Server B is smarthost but has a logfile greater than max allowed size
Expected Result
***************
Server B reports fatal error when server A trys to send email. Mail is
queued on server A
Actual Result
*************
Server A sends message to server B, Server B queues message for delivery
but without logging. Server A records
defer (-18): Remote host eric.netmindz.net [78.129.143.156] closed
connection in response to end of data
Server A will keep resending the email as per the retry settings until
either the 4 day period kicks in or the log file is rotated on server B.
Server B will go ahead and deliver one copy of the email per attempt to
deliver by server A
Realworld Result
****************
Mailout to 70,000 people turned into over 500,000 messages
I understand that it would be bad for an MTA to loose mail, but it's
also bad to deliver a message that you told the sending server you were
unable to accept. I am of course aware that this issue is partly "my"
fault as it was triggered by logrotate not functioning correctly due to
a bad config installed by another application, but it's still very bad
behavior for exim
--
Will Tatam
*******************************************
Unite against human rights abuse in the 'war on terror'
http://www.unsubscribe-me.org
Amnesty International
