Re: [exim] Help using cutthrough_delivery

Top Pagina
Delete this message
Reply to this message
Auteur: Rob Szarka
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Help using cutthrough_delivery
On 6/29/2016 5:24 PM, Rob Szarka wrote:
> On 6/29/2016 5:01 PM, Heiko Schlittermann wrote:
>>
>> How many recipients does the message in question have? The cutthrough
>> delivery works only if all the recipients have the same destination.
>
> I think in all cases there is a single recipient, but at the least
> they are all destined for the same domain on the same remote host.
> Here's an (anonymized) example transaction:
>
> 2016-06-29 17:09:19 1bIMjW-0003KP-SZ <= FAKEDSENDER@???
> H=(host-196.202.44.217-static.tedata.net) [196.202.44.217] P=esmtp
> S=11906 id=20162906230915.UV41268@MYCUSTOMER T="Documents copies" from
> <FAKEDSENDER@???> for chenet.torres@MYCUSTOMER
> 2016-06-29 17:09:19 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc
> 1bIMjW-0003KP-SZ
> 2016-06-29 17:09:20 1bIMjW-0003KP-SZ ** chenet.torres@MYCUSTOMER
> F=<FAKEDSENDER@???> R=lookuphost T=remote_smtp H=CUSTOMERHOST
> X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from
> remote mail server after end of data: 550 permanent failure for one or
> more recipients (chenet.torres@MYCUSTOMER:blocked)
> 2016-06-29 17:09:20 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem
> -oi -f <> -E1bIMjW-0003KP-SZ
> 2016-06-29 17:09:20 1bIMjY-0003Ka-9u <= <> R=1bIMjW-0003KP-SZ U=mail
> P=local S=13470 T="Mail delivery failed: returning message to sender"
> from <> for FAKEDSENDER@???
> 2016-06-29 17:09:20 1bIMjW-0003KP-SZ Completed
>
>
>> Can you tcpdump your connection to check if there is at least the
>> cutthrough attempt?
>
> Let me give it a try...


Following up on the above... Assuming that I am reading the tcpdump
output correctly (it has been a long time!), here's what I *think* I'm
seeing:

1. Spammer connects to me and sends the EHLO, MAIL FROM, RCPT TO, and DATA.
2. I reply with 250.
3. Spammer starts sending message data.
4. I connect to my customer's system and start sending the message.
5. While I am still in the DATA phase with my customer, spammer sends
the last packet and I send 250 Accepted.
6. I finish DATA with my customer and it rejects the message.

I'm guessing that my customer's system (via Barracuda) is waiting until
the end of DATA to reject each message even if the RCPT address is
invalid. It seems like my system may wait until the FROM and RCPT are
accepted, interprets that as a verification of the recipient, but
doesn't wait to find out whether the message actually got accepted by
the destination system before acknowledging it to the spammer.