Re: [exim] "no immediate delivery" vs. queuing

Inizio della pagina
Delete this message
Reply to this message
Autore: Mike Cardwell
Data:  
To: exim-users
Oggetto: Re: [exim] "no immediate delivery" vs. queuing
* on the Mon, Apr 21, 2014 at 12:33:41PM +0200, Yves Goergen wrote:

> Recently somebody misused one of the accounts on my mail server to send
> out large amounts of spam. Reading the logs, it came all from a single
> IP address, in a single SMTP connection.
>
> I found the following log line:
>
> no immediate delivery: more than 10 messages received in one connection
>
> Do I understand it correctly that Exim decided to no longer try to
> deliver e-mails on the same originating SMTP connection and report any
> failures immediately, but instead blindly accept all incoming e-mails
> and report each failure with a "Mail delivery failed" message in the
> poor user's inbox?


No, your understanding is incorrect. Once Exim has decided that it will
accept a message, it will will drop the message in the queue and usually
try it's first delivery attempt straight away. If you see that message,
all that means is that it was dropped in the queue and left for the next
available queue runner to handle it.

> The queue had over 300,000 files when I had to apply some black magic to
> delete it completely. It was almost impossible to handle at all with
> Linux means. The user's inbox had over 20,000 error messages, constantly
> increasing for hours. No MUA was able to handle that. I don't want to
> face that situation ever again even if an account is misused.


The problem seems to be that you don't apply rate limiting. If an account
is abused to send spam, the flow should be restricted by rate limiting,
and you should put some process in place to scan the logs for such events
and notify you. Read:

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTratelimiting

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4