https://bugs.exim.org/show_bug.cgi?id=2137
Bug ID: 2137
Summary: Temporary rejection of the random callout check causes
actual callout to be skipped
Product: Exim
Version: 4.89
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: jgh146exb@???
Reporter: chirila@???
CC: exim-dev@???
After an upgrade from 4.86.2 to 4.89 I noticed that whenever a callout check is
being done, if the route returns a 4XX instead of 5XX at the random check the
next check in the callout is skipped.
After the random check a QUIT is sent immediately in this case, instead of the
normal RSET and the next MAIL FROM and RCPT TO.
Version information:
--------------------
Basic Debian + custom build options
==========
$ exim -bV
Exim version 4.89 #3 built 23-Jun-2017 10:19:01
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 Perl Expand_dlfunc OpenSSL Content_Scanning
DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open Experimental_SPF
Experimental_SRS Experimental_DANE Experimental_DMARC
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz
dnsdb mysql
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/incoming-config.autogenerated
==========
Exim configuration:
-------------------
In RCPT ACL:
=====
acl_check_rcpt:
deny
!verify = recipient/callout=2m,random
accept
set acl_m_verification = success
=====
In router:
=====
begin routers
spamexperts:
debug_print = "R: spamexperts for $local_part@$domain"
driver = manualroute
host_find_failed = ignore
host_all_ignored = freeze
transport = remote_smtp_se
route_list = $domain "<, mail.simplyspamfree.com"
=====
In transport:
=====
begin transports
remote_smtp_se:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
hosts_verify_avoid_tls = *
=====
Debugging with -bhc option
--------------------------
With temporary rejection from the remote server
=====
>>> check !verify = recipient/callout=2m,random
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing test@???
>>> R: spamexperts for test@???
>>> calling spamexperts router
>>> defer.simplyspamfree.com in "defer.simplyspamfree.com"? yes (matched "defer.simplyspamfree.com")
>>> routed by spamexperts router
>>> Attempting full verification using callout
>>> callout cache: no domain record found for defer.simplyspamfree.com
>>> callout cache: no address record found for test@???
>>> 2a01:4f8:161:124b::173 in hosts_require_dane? no (option unset)
>>> interface=NULL port=25
>>> Connecting to mail.simplyspamfree.com [2a01:4f8:161:124b::173]:25 ... 2a01:4f8:161:124b::173 in hosts_try_fastopen? no (option unset)
>>> connected
>>> SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Fri, 23 Jun 2017 12:41:02 +0200
>>> 2a01:4f8:161:124b::173 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO server1.test26.simplyspamfree.com
>>> cmd buf flush 40 bytes
>>> SMTP<< 250-mail.simplyspamfree.com Hello server1.test26.simplyspamfree.com [2a01:4f8:161:124b::4026]
>>> 250-SIZE 52428800
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250 HELP
>>> 2a01:4f8:161:124b::173 in hosts_require_tls? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_avoid_pipelining? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_require_auth? no (option unset)
>>> SMTP>> MAIL FROM:<> SIZE=1023
>>> SMTP>> RCPT TO:<server1.test26.simplyspamfree.com-1498214462-testing@???>
>>> cmd buf flush 113 bytes
>>> SMTP<< 250 OK
>>> SMTP<< 451 Temporary rejection instead of permanent
>>> SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>> SMTP<< 221 mail.simplyspamfree.com closing connection
>>> SMTP(close)>>
>>> 5.9.235.173 in hosts_require_dane? no (option unset)
>>> interface=NULL port=25
=====
With permanent rejection:
=====
>>> check !verify = recipient/callout=2m,random
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing test@???
>>> R: spamexperts for test@???
>>> calling spamexperts router
>>> simplyspamfree.com in "simplyspamfree.com"? yes (matched "simplyspamfree.com")
>>> routed by spamexperts router
>>> Attempting full verification using callout
>>> callout cache: no domain record found for simplyspamfree.com
>>> callout cache: no address record found for test@???
>>> 2a01:4f8:161:124b::173 in hosts_require_dane? no (option unset)
>>> interface=NULL port=25
>>> Connecting to mail.simplyspamfree.com [2a01:4f8:161:124b::173]:25 ... 2a01:4f8:161:124b::173 in hosts_try_fastopen? no (option unset)
>>> connected
>>> SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Fri, 23 Jun 2017 12:45:41 +0200
>>> 2a01:4f8:161:124b::173 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO server1.test26.simplyspamfree.com
>>> cmd buf flush 40 bytes
>>> SMTP<< 250-mail.simplyspamfree.com Hello server1.test26.simplyspamfree.com [2a01:4f8:161:124b::4026]
>>> 250-SIZE 52428800
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250 HELP
>>> 2a01:4f8:161:124b::173 in hosts_require_tls? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_avoid_pipelining? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_require_auth? no (option unset)
>>> SMTP>> MAIL FROM:<> SIZE=1023
>>> SMTP>> RCPT TO:<server1.test26.simplyspamfree.com-1498214741-testing@???>
>>> cmd buf flush 107 bytes
>>> SMTP<< 250 OK
>>> SMTP<< 550 We do not accept message for server1.test26.simplyspamfree.com-1498214741-testing
>>> SMTP>> RSET
>>> cmd buf flush 6 bytes
>>> SMTP<< 250 Reset OK
>>> SMTP>> MAIL FROM:<> SIZE=1023
>>> SMTP>> RCPT TO:<test@???>
>>> cmd buf flush 59 bytes
>>> SMTP<< 250 OK
>>> SMTP<< 250 Accepted
>>> SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>> SMTP<< 221 mail.simplyspamfree.com closing connection
>>> SMTP(close)>>
>>> wrote callout cache domain record for simplyspamfree.com:
>>> result=1 postmaster=0 random=2
=====
I've also ran the test on previous version:
====
$ exim -bV
Exim version 4.86 #3 built 26-Apr-2017 07:29:51
Copyright (c) University of Cambridge, 1995 - 2015
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2015
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 Perl Expand_dlfunc OpenSSL Content_Scanning
DKIM DNSSEC PRDR OCSP Experimental_SPF Experimental_SRS Experimental_DANE
Experimental_DMARC Experimental_Event Experimental_SOCKS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz
dnsdb mysql
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/incoming-config.autogenerated
====
====
>>> 2a01:4f8:161:124b::173 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO server1.test38.simplyspamfree.com
>>> SMTP<< 250-mail.simplyspamfree.com Hello server1.test38.simplyspamfree.com [2a01:4f8:10b:101::8038]
>>> 250-SIZE 52428800
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250 HELP
>>> 2a01:4f8:161:124b::173 in hosts_require_tls? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_require_auth? no (option unset)
>>> SMTP>> MAIL FROM:<>
>>> SMTP<< 250 OK
>>> SMTP>> RCPT TO:<server1.test38.simplyspamfree.com-1498215015-testing@???>
>>> SMTP<< 451 Temporary rejection instead of permanent
>>> SMTP>> RSET
>>> SMTP<< 250 Reset OK
>>> SMTP>> MAIL FROM:<>
>>> SMTP<< 250 OK
>>> SMTP>> RCPT TO:<test@???>
>>> SMTP<< 250 Accepted
>>> SMTP>> QUIT
====
--
You are receiving this mail because:
You are on the CC list for the bug.