[exim] Exim 4.69 SMTP timeout issue - "unexpected disconnect…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Ted Dively
Dátum:  
Címzett: exim-users
Tárgy: [exim] Exim 4.69 SMTP timeout issue - "unexpected disconnection while reading SMTP command"
Hi all.

I've searched the docs and the rest of the Internet for some insights
into this issue, but so far no answers have come to light. A sender
from wamu.net is being bounced by my system, which is very annoying to
the folks eagerly wanting to correspond with him. Here's the error
message I see in exim_main.log:

2008-11-17 10:18:44 unexpected disconnection while reading SMTP
command from mtav141.wamu.net (wamu.net) [167.88.162.70] (error:
Operation timed out)

The people hosted on my box can send email to this guy, but we can't
seem to receive his replies.

My research shows that others who've experienced the problem set
smtp_receive_timeout from five minutes to ten. I didn't have that line
in my Exim configuration file at all, so on the off chance it might
help, I added it just above the message_size_limit line, like this:
smtp_receive_timeout = 10m. I also commented out the rfc1413 lines,
and just for thoroughness, I commented out the reverse DNS lookup
warning, all to no avail.

The box trying to send to us, mtav141.wamu.net [167.88.162.70] doesn't
have proper rDNS, but it's important that we receive mail from these
people, despite their poorly-configured mail server(s).

I'm in digest mode, so please contact me directly. All suggestions are
welcome!

For the record, here's our current Exim configure file:
# $captainnet: /usr/local/exim/configure, 2007/3/24 maxo Exp $

##################################################################################
#                     
CAPTAINNET.NET                                              #
#                    Exim  
4.69                                                   #
#                    /usr/local/exim/bin/exim -bd - 
q30m                          #
##################################################################################
#                    Runtime configuration file for  
Exim                         #
##################################################################################
#                    MAIN CONFIGURATION  
SETTINGS                                 #
##################################################################################


  SERVER_IP           = 209.209.81.138


  primary_hostname    = gdc.groupd.com


hide mysql_servers = localhost::(/var/mysql/mysql.sock)/db name
removed/user name removed/password removed

#---------------------------------------------------------------------------------
  VIRTUAL_DOMAINS     = SELECT DISTINCT domain FROM domains \
                        WHERE type = 'local' AND enabled = '1' \
                        AND domain = '${quote_mysql:$domain}'


  RELAY_DOMAINS       = SELECT DISTINCT domain FROM domains \
                        WHERE type = 'relay' \
                        AND domain = '${quote_mysql:$domain}'


  ALIAS_DOMAINS       = SELECT DISTINCT alias FROM domainalias \
                        WHERE alias = '${quote_mysql:$domain}'
#---------------------------------------------------------------------------------
hostlist    listen_ip         = SERVER_IP


domainlist local_domains      = @ : \
                                 ${lookup mysql{VIRTUAL_DOMAINS}} : \
                                 ${lookup mysql{ALIAS_DOMAINS}}


domainlist relay_to_domains = ${lookup mysql{RELAY_DOMAINS}}

hostlist   relay_from_hosts   = localhost : \
                                 127.0.0.1 : \
                gdc.groupd.com : \
                                 lists.groupd.com : \
                                 lists.artsandmedia.net
#---------------------------------------------------------------------------------


smtp_banner = "$primary_hostname ESMTP Exim $version_number
$tod_full By connecting to this server, you agree to be open relay
tested. NO UCE."

pipelining_advertise_hosts = :

acl_smtp_helo = acl_check_helo
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_mime = acl_check_mime
acl_smtp_data = acl_check_data

spamd_address = /tmp/spamd

av_scanner    = clamd:/tmp/clamd


#-------------------------------------------------------------------------
# tls_advertise_hosts = *
# tls_certificate = /etc/ssl/exim.crt
# tls_privatekey = /etc/ssl/exim.pem
# tls_on_connect_ports = 465
daemon_smtp_ports = 25 : 465 : 587
#-------------------------------------------------------------------------

#qualify_domain =
#qualify_recipient =
#allow_domain_literals

exim_user = exim
exim_group = staff
never_users = root

trusted_users = courier:www:mailman

# host_lookup = *

#rfc1413_hosts = !*
#rfc1413_query_timeout = 0s

# sender_unqualified_hosts =
# recipient_unqualified_hosts =
# percent_hack_domains =

helo_allow_chars = _

auto_thaw = 1h
ignore_bounce_errors_after = 2d
timeout_frozen_after = 2d

smtp_receive_timeout = 10m
message_size_limit = 100M

#MESSAGE_SIZE_SPAM_MAX = 1M

bounce_return_message = false
#return_size_limit = 50K

smtp_enforce_sync                  = false
smtp_return_error_details          = true


smtp_accept_max                    = 400
smtp_accept_max_per_connection     = 20
smtp_accept_max_per_host           = 100
smtp_accept_queue                  = 75
smtp_accept_queue_per_connection   = 400


smtp_accept_reserve                = 20
smtp_reserve_hosts                 = SERVER_IP : 127.0.0.1
smtp_accept_max_nonmail            = 10
smtp_accept_max_nonmail_hosts      = 10
queue_run_max                      = 400


system_filter = /usr/local/exim/system_filter.exim
system_filter_file_transport = sort_delivery

#split_spool_directory = true
#helo_try_verify_hosts = *
#log_selector = +all

MAILMAN_HOME=/usr/share/mailman
MAILMAN_WRAP=MAILMAN_HOME/mail/mailman
MAILMAN_USER=mailman
MAILMAN_GROUP=mailman


##################################################################################
#                              ACL  
CONFIGURATION                                 #
#             Specifies access control lists for incoming SMTP  
mail              #
##################################################################################


begin acl

#---------------------------------------------------------------------------------

acl_check_helo:

     accept hosts = :


     accept hosts = SERVER_IP : +relay_from_hosts


   drop condition = ${if match{$sender_helo_name}{SERVER_IP}{yes}{no} }
          message = "Dropped spammer pretending to be us"


   deny condition = ${if isip {$sender_helo_name}{true}{false}}
          message = "IP address in HELO greeting"


# The following lines were commented out to allow sloppy mobile
devices to relay through us. Change made 04/11/2008 by Ted <ted@???
>


#  deny condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$ 
\N}}
#         message = "See RFC2821 section 4.1.2 for legal domain syntax"
#     log_message = invalid HELO syntax 1 $sender_helo_name


# Commented out to try to solve the rDNS issue of a wamu.net mail  
server 11/17/2008 by Ted <ted@???>
#    warn !verify = reverse_host_lookup
#     log_message = No reverse DNS record for ${sender_host_address} \
#                   (claimed to be ${sender_helo_name}).


#    control = no_pipelining


accept


#---------------------------------------------------------------------------------

acl_check_rcpt:

accept hosts = : 127.0.0.1

   deny    message       = Restricted characters in address
           domains       = +local_domains
           local_parts   = ^[.] : ^.*[@%!/|]


   deny    message       = Restricted characters in address
           domains       = !+local_domains
           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


   deny    message       = Connection denied for $sender_address
           senders       = lsearch;/usr/local/exim/bouncelist


   deny    hosts         = net-iplsearch;/usr/local/exim/reject- 
hosts.txt
           message       = Connection Denied for $sender_host_address


   accept  local_parts   = postmaster
           domains       = +local_domains


#  require verify        = sender


#  require verify        = recipient


   accept  hosts         = +relay_from_hosts
         # control       = submission


   accept  authenticated = *
         # control       = submission


   require message       = authentication required - relay not permitted
           domains       = +local_domains : +relay_to_domains


#---------------------------------------------------------------------------------
#  Uncomment the following if you want to check against RBL
#---------------------------------------------------------------------------------
      deny message       = DNSBL listed at $dnslist_domain\n 
$dnslist_text
         !sender_domains = lsearch;/usr/local/exim/domain_whitelist
         dnslists        = zen.spamhaus.org : \
                           bl.spamcop.net : \
                           combined.njabl.org : \
#                          dnsbl.ahbl.org : \
#                          dnsbl.sorbs.net : \
#                          spam.dnsbl.sorbs.net : \
                           russia.blackholes.us : \
                           cn-kr.blackholes.us : \
                           nigeria.blackholes.us : \
                           short.rbl.jp
#---------------------------------------------------------------------------------


   accept  domains       = +local_domains
           endpass
           verify        = recipient
           set acl_m0    = $local_part@$domain


  #require verify        = csa


accept

#---------------------------------------------------------------------------------

acl_check_mime:

   deny    message       = File type unacceptable (filename:  
$mime_filename)
           condition     = ${lookup{${lc:${sg{$mime_filename}{^.+\\. 
([a-zA-Z0-9]+)\$}{\$1}}}} \
                             lsearch{/usr/local/exim/ 
rejected_file_type}{yes}{no}}


accept

#---------------------------------------------------------------------------------

acl_check_data:

    # Hosts and authenticated clients listed here will not be scanned  
by SA & ClamAV


   accept  hosts         = +relay_from_hosts : \
                           groupd.com : lh-sf.com : SERVER_IP


accept authenticated = *


    # Reject virus infested messages.


   deny    malware       = *
           message       = This message contains malware ($malware_name)



    # Reject messages containing certain words...


   deny    message       = This message matches a blacklisted regular  
expression \
                            ($regex_match_string)
             regex       = Rolex : Pharmacy : Viagra : Cialis



    # SpamAssassain settings are set on a per domain basis.


   warn    message       = X-Spam-Status: $spam_report\n\
                           X-New-Subject: [***POSSIBLE SPAM***]  
$h_subject:
           condition     = ${if <{$message_size}{100000}{1}{0}}
          !authenticated = *
           spam          = $acl_m0:true/defer_ok


#-------------------------------------------------------------------------
#   Reject spam messages with score over 10, using an extra condition.
#-------------------------------------------------------------------------
# deny    message        = This message scored $spam_score points.
#         spam           = nobody:true
#         condition      = ${if >{$spam_score_int}{100}{1}{0}}
#-------------------------------------------------------------------------


#-------------------------------------------------------------------------
#   Reject spam messages with score over 8.0, using an extra condition.
#-------------------------------------------------------------------------
#  deny    message        = This message scored $spam_score points.  
Congratulations! \
#                           If you're a real person, and you think you  
were screened \
#                           in error, please contact abuse at groupd  
dot com.
#          spam           = nobody:true
#          condition      = ${if >{$spam_score_int}{80}{1}{0}}
#-------------------------------------------------------------------------


    # Stamp each message about virus scan time and version.


   warn    message = :after_received:X-Virus-Check: \
           ${run{/usr/local/clamav/sbin/clamd --version}\
           {${extract{1}{/}{$value}}/${extract{2}{/}{$value}}}\
           {unchecked}} on $primary_hostname; $tod_full


accept

##################################################################################
#                             ROUTERS  
CONFIGURATION                              #
#                      Specifies how addresses are  
handled                       #
##################################################################################
#            THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS  
IMPORTANT!            #
#        An address is passed to each router in turn until it is  
accepted.       #
##################################################################################


begin routers

#---------------------------------------------------------------------------------
dnslookup:
   driver = dnslookup
   domains = ! +local_domains
   transport = remote_smtp
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
   no_more
#---------------------------------------------------------------------------------
mailman_router:
   driver = accept
   require_files = MAILMAN_HOME/lists/$local_part/config.pck
   local_part_suffix_optional
   local_part_suffix = -bounces : -bounces+* : \
                       -confirm+* : -join : -leave : \
                       -owner : -request : -admin
   transport = mailman_transport
#---------------------------------------------------------------------------------
mysql_vacation:
   driver = accept
   condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk| 
list}} \
                          {eq {${lookup mysql{select users.on_vacation  
from users,domains \
                         where localpart = '${quote_mysql: 
$local_part}' \
                         and domain = '${quote_mysql:$domain}' \
                         and users.on_vacation = '1' \
                         and users.domain_id=domains.domain_id}}} 
{1} }} {yes}{no} }
   no_verify
   no_expn
   unseen
   transport = virtual_vacation_delivery
#---------------------------------------------------------------------------------
mysql_forward:
   driver = redirect
   check_ancestor
   data = ${lookup mysql{select forward from users,domains \
     where localpart='${quote_mysql:$local_part}' \
     and domain='${quote_mysql:$domain}' \
     and users.domain_id=domains.domain_id \
     and on_forward = '1'}}
   # We explicitly make this condition NOT forward mailing list mail!
#  condition = ${if and { {!match {$h_precedence:}{(?i)junk|bulk| 
list}} \
#                         {eq {${lookup mysql{select users.on_forward  
from users,domains \
#                        where localpart = '${quote_mysql: 
$local_part}' \
#                        and domain = '${quote_mysql:$domain}' \
#                        and users.on_forward = '1' \
#                        and users.domain_id=domains.domain_id}}} 
{1} }} {yes}{no} }
#---------------------------------------------------------------------------------
mysql_aliases:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup mysql{select smtp from users,domains \
     where localpart='${quote_mysql:$local_part}' \
     and domain='${quote_mysql:$domain}' \
     and users.domain_id=domains.domain_id \
     and users.type='alias'}}
#---------------------------------------------------------------------------------
mysql_user:
   driver = accept
   condition = ${if eq{} {${lookup mysql {SELECT smtp FROM  
users,domains \
         WHERE username = '${quote_mysql:$local_part}@${quote_mysql: 
$domain}'}}} {no}{yes}}
   retry_use_local_part
   transport = virtual_delivery
#---------------------------------------------------------------------------------
mysql_catchall:
   driver = redirect
   allow_fail
   data = ${lookup mysql{select smtp from users,domains where  
localpart = '*' \
         and domain = '${quote_mysql:$domain}' \
         and users.domain_id = domains.domain_id}}
   retry_use_local_part
   file_transport = virtual_delivery
   reply_transport = address_reply
#---------------------------------------------------------------------------------
virtual_domain_alias:
   driver = redirect
   allow_fail
   data = ${lookup mysql{select concat('${quote_mysql:$local_part}@',  
domain) \
         from domains,domainalias where domainalias.alias = '$ 
{quote_mysql:$domain}' \
         and domainalias.domain_id = domains.domain_id}}
   retry_use_local_part




##################################################################################
#                             TRANSPORTS  
CONFIGURATION                           #
##################################################################################
#                              ORDER DOES NOT  
MATTER                             #
#            Only one appropriate transport is called for each  
delivery.         #
##################################################################################



begin transports

#---------------------------------------------------------------------------------
remote_smtp:
   driver = smtp
#---------------------------------------------------------------------------------
virtual_delivery:
   driver = appendfile
   maildir_format = true
   create_directory = true
   directory = ${lookup mysql{select smtp from users,domains \
         where localpart = '${quote_mysql:$local_part}' \
         and domain = '${quote_mysql:$domain}' \
         and users.domain_id = domains.domain_id}}
   user = 100
   group = 100
   quota = ${lookup mysql{select users.quota from users,domains \
         where localpart = '${quote_mysql:$local_part}' \
         and domain = '${quote_mysql:$domain}' \
         and users.domain_id = domains.domain_id}{${value}M}}
   quota_is_inclusive = false
   quota_size_regex = ,S=(\d+):
   quota_warn_threshold = 75%
   maildir_use_size_file = false
   quota_warn_message = "To: $local_part@$domain\n\
         Subject: Mailbox quota warning\n\n\
         This message was automatically generated by the mail delivery  
software.\n\n\
         You are now using over 75% of your allocated mail storage  
quota.\n\n\
         If your mailbox fills completely, further incoming messages  
will be automatically\n\
         returned to their senders.\n\n\
         Please take note of this and remove unwanted mail , and/or  
large attachments, from \n\n\
         your mailbox. Alternately, you may contact Group D at (415)  
334-8331 to purchase \n\n\
         additional mail storage.\n\"
#---------------------------------------------------------------------------------
virtual_vacation_delivery:
   driver   = autoreply
   log = /var/spool/exim/log/exim_vacation.log
   once =/var/spool/exim/db/vacation.db
   once_repeat = 1d
   from     = "${local_part}@${domain}"
   to       = ${sender_address}
   subject  = "Autoreply from ${local_part}@${domain}"
   text     = ${lookup mysql{select vacation from users,domains \
         where domain='${quote_mysql:$domain}' \
         and localpart='${quote_mysql:$local_part}' \
         and users.domain_id=domains.domain_id}}
#---------------------------------------------------------------------------------        
mailman_transport:
   driver = pipe
   command = MAILMAN_WRAP \
             '${if def:local_part_suffix \
                   {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                   {post}}' \
             $local_part
   current_directory = MAILMAN_HOME
   home_directory = MAILMAN_HOME
   user = MAILMAN_USER
   group = MAILMAN_GROUP
#---------------------------------------------------------------------------------
address_file:
   driver = appendfile
   delivery_date_add
   envelope_to_add
   return_path_add
#---------------------------------------------------------------------------------
address_reply:
   driver = autoreply




##################################################################################
#                             RETRY  
CONFIGURATION                                #
##################################################################################


begin retry


# Domain               Error       Retries
# ------               -----       -------
*                      quota
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h




##################################################################################
#                             REWRITE  
CONFIGURATION                              #
##################################################################################


begin rewrite



##################################################################################
#                          AUTHENTICATION  
CONFIGURATION                          #
##################################################################################


begin authenticators

plain_login:
         driver = plaintext
         public_name = PLAIN
         server_condition = ${lookup mysql{SELECT '1' FROM users \
                 WHERE username = '${quote_mysql:$2}' \
                 AND clear = '${quote_mysql:$3}'} {yes}{no}}
         server_set_id = $2


fixed_login:
         driver = plaintext
         public_name = LOGIN
         server_prompts = "Username:: : Password::"
         server_condition = ${lookup mysql{SELECT '1' FROM users \
                 WHERE username = '${quote_mysql:$1}' \
                 AND clear = '${quote_mysql:$2}'} {yes}{no}}
         server_set_id = $1


fixed_cram:
         driver = cram_md5
         public_name = CRAM-MD5
         server_secret = ${lookup mysql{SELECT clear FROM users \
                 WHERE username = '${quote_mysql:$1}'}{$value}fail}
         server_set_id = $1



# End of Exim configuration file

Ted Dively
--
Group D Communications, LLC
Technology Consulting: IT, Databases, Web Sites, Hosting
www.groupd.com
415-334-8331 x202
P.O. Box 170697
San Francisco, CA 94117-0697