[exim-dev] [Bug 2431] New: ACL smtp timeout related to callo…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2431] New: ACL smtp timeout related to callout (similar to 2174)
https://bugs.exim.org/show_bug.cgi?id=2431

            Bug ID: 2431
           Summary: ACL smtp timeout related to callout (similar to 2174)
           Product: Exim
           Version: 4.92
          Hardware: x86
               URL: https://bugs.debian.org/934761
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb@???
          Reporter: eximusers@???
                CC: exim-dev@???


Hello,

this was reported against Debian's 4.92-8+deb10u1 which is essentially 4.92.1 +
some patches from the fixes branch and 0a5441fcd93ae4145c07b3ed138dfe0e107174e0
("Fix smtp response timeout") from master branch:
https://salsa.debian.org/exim-team/exim4/tree/10_buster/debian/patches

Martin Duspiva <martin.duspiva@???> wrote:
---------------------------------------------
Dear Maintainer,

I think that the bug #887489, which is already archived, is still persist.
I have Debin 9 with backported Exim4 ( 4.92-8+deb10u1~bpo9+1 ) and the callout
funciton in rcpt acl has as the same bad behavior as described in bug #887489.

My acl rule in acl_smtp_rcpt :

  accept hosts =  +relay_from_hosts
        !verify = recipient/defer_ok/callout=30s,defer_ok,use_sender
        ratelimit = NONEX_LIM / NONEX_PERIOD / per_rcpt / relayuser-$acl_m_user
        continue = ${run{SHELL -c "echo $acl_m_user \
           >>$spool_directory/blocked_relay_users; \
           \N{\N echo Subject: relay user $acl_m_user blocked; echo; echo \
           because has sent mail to NONEX_LIM invalid recipients during
NONEX_PERIOD.; \
           \N}\N | NONEX_EXIMBINARY NONEX_WARNTO"}}
        control = freeze/no_tell
        control = submission/domain=
        add_header = X-Relayed-From: $acl_m_user


And relay hosts sometimes get te following 421 error when sending email:
"SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz)
[84.242.100.166]"


This is in Exim's debug log:

5272 tls_write(0x5639a0cfa550, 14)
5272 gnutls_record_send(SSL, 0x5639a0cfa550, 14)
5272 outbytes=14
5272 DSN: orcpt: NULL flags: 0
5272 Calling gnutls_record_recv(0x5639a0d8d410, 0x5639a11560e0, 4096)
5272 GnuTLS<3>: ASSERT: buffers.c[_gnutls_io_read_buffered]:587
5272 GnuTLS<3>: ASSERT: record.c[_gnutls_recv_int]:1473
5272 LOG: lost_incoming_connection MAIN
5272 SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz)
[84.242.100.166]
5272 SMTP>> 421 holub.aira.cz: SMTP command timeout - closing connection

The acl works well with comment out "callout" line.


exim4: 2) Callout timeout in recipient verify can result in the lost of the TLS
incoming connexion
---------------------------------------------

--
You are receiving this mail because:
You are on the CC list for the bug.