On Thu, Feb 23, 2012 at 1:27 PM, Todd Lyons <tlyons@???> wrote:
> By any chance do you have a firewall (Cisco ASA for example) that you
> block all or most ICMP?
>
My Exim server does not. However, the far end EdgeWave server
(66.43.215.27) does have a Cisco 7201 in front of it, and the server is not
ping-able.
>
> A few years ago, I experienced issues with a few particular remote
> sites and their erratice mail delivery to us. We had blocked most
> ICMP types at the firewall for PCI compliance. We relaxed the rule
> and blocked just a few specific ICMP types (the time query ones) and
> all of a sudden those issues went away. It must have been breaking
> path mtu discovery.
>
Thanks for that... that is the second suggestion that it could be the
customer's firewall/router causing these problems. I am relaying to them.
- Scott
>
>
> On Thu, Feb 23, 2012 at 9:24 AM, Scott Neader <scott@???> wrote:
> > Thanks, David, I'll send it to you direct.
> >
> > My concern on the timeouts is:
> >
> > 1) I have seen in the past that all of my Exim sockets can be consumed by
> > misbehaving mail servers (or spam zombies) and thus we defer mail. I'm
> > open to discussion on this, if I'm doing something wrong, or
> > misunderstanding.
> >
> > 2) The far-end customer (using EdgeWave) is reporting SOME fatal errors.
> > Most messages are getting through, but the reason I found the problem is
> > after being contacted by their ISP asking why we aren't accepting some of
> > their mail.
> >
> > 3) We have rate limits set up for misbehaving mail servers, and these
> > timeouts are counted toward the rate limit. I will need to research to
> > find out how to stop counting timeouts toward rate limits, if I am to
> start
> > ignoring these timeouts as non-issues.
> >
> > 4) It seems most servers with this timeout problem are either EdgeWave
> mail
> > servers, or spam zombie home computers. I'm hesitant to ignore these
> > timeouts, but if the Exim community feels that I should, then I will.
> >
> > Thanks!!
> >
> > - Scott
> >
> > On Thu, Feb 23, 2012 at 1:49 AM, David Woodhouse <dwmw2@???
> >wrote:
> >
> >> On Wed, 2012-02-22 at 10:36 -0600, Scott Neader wrote:
> >> > Are you willing to look at the cap file from their side, to see if
> they
> >> are
> >> > doing things right? I'd like to be able to tell them... look, RFC XXX
> >> says
> >> > after we send the 250 OK, you should send a QUIT but your cap shows
> you
> >> are
> >> > not..." (or whatever) -- but I'm just not knowledgeable enough.
> >>
> >> By all means, send it my way. Note that the only "problem" this causes
> >> is an extra line in your log and a small amount of memory used while
> >> Exim is waiting to die, right?
> >>
> >> --
> >> dwmw2
> >>
> > --
> > ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> > ## Exim details at http://www.exim.org/
> > ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
>
> --
> SOPA: Any attempt to [use legal means to] reverse technological
> advances is doomed. --Leo Leporte
>