Author: Evgeniy Berdnikov Date: To: exim-users Subject: [exim] Callout cache duplicates + case invertions
Hi guys.
I have several mail relays with Exim-4.92 on Debian, running with
"verify = sender/callout=300s". Today one incoming mail passed this
sender verify procedure on 1st relay (highest priority MX), then
hit greylisting (got 451) and came to the 2nd relay, where it was
rejected with
Aug 15 16:04:25 citrine exim[25920]: 2019-08-15 16:04:25.148 [25920] H=relay.seldon.ru [185.179.199.32]:49727 I=[192.168.10.13]:25 sender verify fail for <prvs=113054f968=username@???>: relay.seldon.ru [185.179.199.32] : SMTP error from remote mail server after RCPT TO:<prvs=113054f968=username@???>: 550 5.1.1 Backscatter Protection detected an invalid or expired email address
(real user address is mangled). Investigation shows that sender's MX host
does not pass sender verify if address contain uppercase letters:
220 relay.seldon.ru ESMTP MDaemon 18.0.2; Thu, 15 Aug 2019 18:05:39 +0300
[...]
mail from: <>
250 2.1.0 Sender OK
rcpt to: <prvs=113054f968=username@???>
250 2.1.5 Recipient OK
rcpt to: <prvs=113054f968=username@???>
550 5.1.1 Backscatter Protection detected an invalid or expired email address
Well, this is obvious violation of the case insensitivity principle for
domain part. But MDaemon bugs are not targets for this discussion.
I was surprised that sender's MTA came to my 1st relay with lowercase
domain in env_from address (seldon.ru), which passed sender verify, and
since several seconds came to came to 2nd relay with uppercase letters
in domain part. Logs have different register for env_from domain
of the same mail.
Maybe this is some other MDaemon bug resulting in case change during
relay's traversal, but this scenario does not explain all facts below.
First, I see something strange with callout cache on the 2nd relay:
Only one mail was logged around 16:04:25 from this address, and it was
rejected. Why callout cache have TWO different entries with very close
timestamps but different cases for domain part and different results?
I made some experiments, feeding some env_from addresses to my relays
and watching network traffic. Results are:
1. Callout entries for mail addresses have the same case as in MAIL FROM.
2. Callout entries for host names are always in low case.
3. Single env_from results in a single SMTP callout.
I failed to reproduce duplication of callout records and case inversions.
However, there are duplicates in cache, for different domains.
Examples: