Hi,
I am running Debian + exim + dkimproxy for more than 10 years without any issues. dkimproxy listens on the same host on 127.0.0.1:10028, signs the mails accordingly with DKIM and relays them back to exim via 127.0.0.1:10029. For that reason, exim listens on 10029 as well:
local_interfaces = <; 0.0.0.0.25 ; ::0.25 ; 0.0.0.0.465 ; ::0.465 ; 0.0.0.0.587 ; ::0.587 ; 127.0.0.1.10029
tls_advertise_hosts = ${if eq{$received_port}{10029} {:}{*}}
As one of the first routers (after the stock domain_literal and hubbed_hosts routers) I have:
dkimproxy:
driver = manualroute
domains = ! +local_domains
condition = "${lookup{$sender_address_domain}lsearch{/etc/dkimproxy/sender.map}{${if eq {$interface_port}{10029}{0}{1}}}{0}}"
transport = dkimproxy_smtp
route_list = "* localhost byname"
self = send
and the transport:
dkimproxy_smtp:
driver = smtp
port = 10028
allow_localhost
As can be seen, all received mails which do not come from port 10029 (signed by dkimproxy) and come from one of the domains in sender.map are relayed to dkimproxy_smtp which subsequently sends them back to exim where they progress normally.
This setup worked flawlessly since 2009 (and was upgraded over multiple Debian versions). Recently I upgradded to Debian 10 (buster; exim 4.89, dkimproxy 1.4.1) and it seems as soon as I send emails to multiple external recipients, the mail is stuck in the queue although successfully delivered!
Example: User lukas@??? on my system sends an email to recipient1@??? and recipient2@???. From the logs below, it can be seen that the message (1jEJOC-0001UM-Td) is successfully accepted and then passed on to dkimproxy which re-delivers it from port 10029. The new message is 1jEJOF-0001UU-Cz and is successfully delivered to the google servers:
2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: SAEximRunCond expand returned: 'true'
2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: check succeeded, running spamc
2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td SA: Action: scanned but message isn't spam: score=0.0 required=5.0 (scanned in 2/2 secs | Message-Id: 4e9b6968-84b0-5188-bfd3-2b541e2fb918@???). From <lukas@???> (host=gate.example.net [83.73.2.170]) for recipient1@???, recipient2@???
2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td <= lukas@??? H=gate.example.net ([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587 P=esmtpsa X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no SNI="mail.example.net" A=plain_dovecot_authdaemon:lukas S=2885 M8S=8 id=4e9b6968-84b0-5188-bfd3-2b541e2fb918@??? from <lukas@???> for recipient1@gmail recipient2@???
2020-03-17 22:04:43 [19955] SMTP connection from [127.0.0.1]:44870 I=[127.0.0.1]:10029 (TCP/IP connection count = 6)
2020-03-17 22:04:43 [5726] SMTP connection from gate.example.net ([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587 closed by QUIT
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<recipient1@???> acceptance
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<recipient2@???> acceptance
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Debug: SAEximRunCond expand returned: ''
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1jEJOF-0001UU-Cz). From <lukas@???> (host=localhost [127.0.0.1]) for recipient1@???, recipient2@???
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz <= lukas@??? H=localhost (mail.example.net) [127.0.0.1]:44870 I=[127.0.0.1]:10029 P=esmtp PRDR S=3767 M8S=0 id=4e9b6968-84b0-5188-bfd3-2b541e2fb918@??? from <lukas@???> for recipient1@??? recipient2@???
2020-03-17 22:04:43 [5737] 1jEJOF-0001UU-Cz H=gmail-smtp-in.l.google.com [2a00:1450:400c:c08::1b]:25 No route to host
2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz => recipient1@??? F=<lukas@???> P=<lukas@???> R=dnslookup T=remote_smtp S=3835 H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0 I=[83.73.2.172]:33460 X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250 2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz -> recipient2@??? F=<lukas@???> P=<lukas@???> R=dnslookup T=remote_smtp S=3835 H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0 I=[83.73.2.172]:33460 X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250 2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz Completed QT=1s
Now this is as expected, and the mail should not be in the queue. However:
$ mailq:
4m 2.8K 1jEJOC-0001UM-Td <lukas@???>
recipient1@???
recipient2@???
The mail is stuck in the mail queue forever. Whenever the message reaches the retry limit (every 24 hours), it is redelivered to the external recipients until I manually do "exim4 -Mrm 1jEJOC-0001UM-Td".
Interestingly this only seems to happen if the message has multiple external destinations.
How can this happen so randomly after ten years without any problems? Is there a default that has been changed in exim that causes the message to be stuck in the queue?
Thanks,
Lukas