Re: [exim] SMTP command timeout on connection - how to troub…

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Scott Neader
CC: exim-users, David Woodhouse
Subject: Re: [exim] SMTP command timeout on connection - how to troubleshoot
By any chance do you have a firewall (Cisco ASA for example) that you
block all or most ICMP?

A few years ago, I experienced issues with a few particular remote
sites and their erratice mail delivery to us. We had blocked most
ICMP types at the firewall for PCI compliance. We relaxed the rule
and blocked just a few specific ICMP types (the time query ones) and
all of a sudden those issues went away. It must have been breaking
path mtu discovery.

...Todd

On Thu, Feb 23, 2012 at 9:24 AM, Scott Neader <scott@???> wrote:
> Thanks, David, I'll send it to you direct.
>
> My concern on the timeouts is:
>
> 1) I have seen in the past that all of my Exim sockets can be consumed by
> misbehaving mail servers (or spam zombies) and thus we defer mail.  I'm
> open to discussion on this, if I'm doing something wrong, or
> misunderstanding.
>
> 2) The far-end customer (using EdgeWave) is reporting SOME fatal errors.
>  Most messages are getting through, but the reason I found the problem is
> after being contacted by their ISP asking why we aren't accepting some of
> their mail.
>
> 3) We have rate limits set up for misbehaving mail servers, and these
> timeouts are counted toward the rate limit.  I will need to research to
> find out how to stop counting timeouts toward rate limits, if I am to start
> ignoring these timeouts as non-issues.
>
> 4) It seems most servers with this timeout problem are either EdgeWave mail
> servers, or spam zombie home computers.  I'm hesitant to ignore these
> timeouts, but if the Exim community feels that I should, then I will.
>
> Thanks!!
>
> - Scott
>
> On Thu, Feb 23, 2012 at 1:49 AM, David Woodhouse <dwmw2@???>wrote:
>
>> On Wed, 2012-02-22 at 10:36 -0600, Scott Neader wrote:
>> > Are you willing to look at the cap file from their side, to see if they
>> are
>> > doing things right?  I'd like to be able to tell them... look, RFC XXX
>> says
>> > after we send the 250 OK, you should send a QUIT but your cap shows you
>> are
>> > not..." (or whatever) -- but I'm just not knowledgeable enough.
>>
>> By all means, send it my way. Note that the only "problem" this causes
>> is an extra line in your log and a small amount of memory used while
>> Exim is waiting to die, right?
>>
>> --
>> dwmw2
>>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/




--
SOPA: Any attempt to [use legal means to] reverse technological
advances is doomed.  --Leo Leporte