Re: [exim] Exim not obeying "delay = " in acl_smtp_connect

Top Page
Delete this message
Reply to this message
Author: Sebastian Arcus
Date:  
To: exim-users
Subject: Re: [exim] Exim not obeying "delay = " in acl_smtp_connect

On 27/12/17 11:01, Jeremy Harris wrote:
> On 27/12/17 10:19, Sebastian Arcus via Exim-users wrote:
>> Apologies for posting for the third time in three days. I have the
>> following acl in acl_smtp_connect, which appears to be ignoring
>> completely the "delay =" setting:
>>
>> drop message     = Reverse DNS record incorrect or missing
>>        ! condition = ${if eq{$received_port}{587}}
>>        ! verify    = reverse_host_lookup
>>        delay       = 600s
>>
>> The acl is working, I can see the messages in the logs, but the
>> connections get dropped almost instantly - maybe 1-2 seconds max. I've
>> tried DENY instead of DROP, I tried 3m instead of 600s. I've even tried
>> moving it to acl_smtp_helo, and it does the same thing. I've googled,
>> but all the results refer to the standard use of DELAY =, nobody seems
>> to complain that theirs is not working. I am on Exim 4.89
>>
>> Edit: in fact, I just realised that none of the acl's in acl_smtp_helo
>> obey the delay either.
>>
>
> Run your daemon with the debug option "-d-all+acl". It'll run in
> foreground, and output debug info on the ACL flow to stderr.
> Check that it is indeed that ACL verb that is executing (and
> failing to delay) and not some other one.


Thank you for the suggestion. I think the following are the relevant
lines of output:

</snip>

processing "drop"
  5976   message: Reverse DNS record incorrect or missing
  5976 check !condition = ${if eq{$received_port}{587}}
  5976                  =
  5976 check !verify = reverse_host_lookup
  5976 looking up host name to force name/address consistency check
  5976 drop: condition test deferred in ACL "acl_check_connect"
  5976 LOG: connection_reject MAIN REJECT
  5976   H=[196.207.181.208]:57629 I=[192.168.15.2]:25 temporarily 
rejected connection in "connect" ACL: host lookup deferred for reverse 
lookup check
  5888 child 5976 ended: status=0x0
  5888   normal exit, 0



</snip>

I'm not quite following the above - does it mean that the reverse dns
lookup fails somewhere, or is it deferred for some reason by the remote
end? No mention of the DELAY anywhere, though