[exim] Disable PRDR for specific router/transport (was: Exim…

Página Inicial
Delete this message
Reply to this message
Autor: Lukas Haase
Data:  
Para: exim-users
Assunto: [exim] Disable PRDR for specific router/transport (was: Exim4 keeps mails with multiple recipients infinitely in queue)
Hi,

I debugged with ngrep and it seems that the version upgrade from Debian 9 to Debian 10 enabled a feature called PRDR (Per Recipient Data Response) that was not there before.

Can I disable this feature for a particular router or transport such that it won't be used at all?
For example, exim should NOT use PRDR when sending messages via to this router to the following transport:

dkimproxy:
        driver = manualroute
        domains = ! +local_domains
        condition = "${if eq {$interface_port}{10029}{0}{1}}"
        transport = dkimproxy_smtp
        route_list = "* 127.0.0.1 byname"
        self = send


dkimproxy_smtp:
        driver = smtp
        port = 10028
        allow_localhost
        # Want: disable_prdr; DO NOT USE PRDR, no matter if it's advertised or not



Reason: It seems that the receiving SMTP server (dkimproxy) does not understand PRDR and messes things up. Connections hang at "353 PRDR content analysis beginning".

Alternatively, it might be possible to not advertise ("250-PRDR") when connecting to a certain port (10029). For example, to not advertise TLS for a certain port, I use already:

tls_advertise_hosts = ${if eq{$received_port}{10029} {:}{*}}

However, for PRDR the info is pretty sparse and all I can find is a simple global option "prdr_enable = true".

Thanks,
Lukas









> Gesendet: Dienstag, 17. März 2020 um 17:30 Uhr
> Von: "Lukas Haase" <lukashaase@???>
> An: exim-users@???
> Betreff: Exim4 keeps mails with multiple recipients infinitely in queue
>
> Hi,
>
> I am running Debian + exim + dkimproxy for more than 10 years without any issues. dkimproxy listens on the same host on 127.0.0.1:10028, signs the mails accordingly with DKIM and relays them back to exim via 127.0.0.1:10029. For that reason, exim listens on 10029 as well:
>
> local_interfaces = <; 0.0.0.0.25 ; ::0.25 ; 0.0.0.0.465 ; ::0.465 ; 0.0.0.0.587 ; ::0.587 ; 127.0.0.1.10029
> tls_advertise_hosts = ${if eq{$received_port}{10029} {:}{*}}
>
> As one of the first routers (after the stock domain_literal and hubbed_hosts routers) I have:
>
> dkimproxy:
>     driver = manualroute
>     domains = ! +local_domains
>     condition = "${lookup{$sender_address_domain}lsearch{/etc/dkimproxy/sender.map}{${if eq {$interface_port}{10029}{0}{1}}}{0}}"
>     transport = dkimproxy_smtp
>     route_list = "* localhost byname"
>     self = send

>
> and the transport:
>
> dkimproxy_smtp:
>     driver = smtp
>     port = 10028
>     allow_localhost

>
> As can be seen, all received mails which do not come from port 10029 (signed by dkimproxy) and come from one of the domains in sender.map are relayed to dkimproxy_smtp which subsequently sends them back to exim where they progress normally.
>
>
> This setup worked flawlessly since 2009 (and was upgraded over multiple Debian versions). Recently I upgradded to Debian 10 (buster; exim 4.89, dkimproxy 1.4.1) and it seems as soon as I send emails to multiple external recipients, the mail is stuck in the queue although successfully delivered!
>
> Example: User lukas@??? on my system sends an email to recipient1@??? and recipient2@???. From the logs below, it can be seen that the message (1jEJOC-0001UM-Td) is successfully accepted and then passed on to dkimproxy which re-delivers it from port 10029. The new message is 1jEJOF-0001UU-Cz and is successfully delivered to the google servers:
>
> 2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: SAEximRunCond expand returned: 'true'
> 2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: check succeeded, running spamc
> 2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td SA: Action: scanned but message isn't spam: score=0.0 required=5.0 (scanned in 2/2 secs | Message-Id: 4e9b6968-84b0-5188-bfd3-2b541e2fb918@???). From <lukas@???> (host=gate.example.net [83.73.2.170]) for recipient1@???, recipient2@???
> 2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td <= lukas@??? H=gate.example.net ([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587 P=esmtpsa X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no SNI="mail.example.net" A=plain_dovecot_authdaemon:lukas S=2885 M8S=8 id=4e9b6968-84b0-5188-bfd3-2b541e2fb918@??? from <lukas@???> for recipient1@gmail recipient2@???
> 2020-03-17 22:04:43 [19955] SMTP connection from [127.0.0.1]:44870 I=[127.0.0.1]:10029 (TCP/IP connection count = 6)
> 2020-03-17 22:04:43 [5726] SMTP connection from gate.example.net ([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587 closed by QUIT
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<recipient1@???> acceptance
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<recipient2@???> acceptance
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Debug: SAEximRunCond expand returned: ''
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1jEJOF-0001UU-Cz). From <lukas@???> (host=localhost [127.0.0.1]) for recipient1@???, recipient2@???
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz <= lukas@??? H=localhost (mail.example.net) [127.0.0.1]:44870 I=[127.0.0.1]:10029 P=esmtp PRDR S=3767 M8S=0 id=4e9b6968-84b0-5188-bfd3-2b541e2fb918@??? from <lukas@???> for recipient1@??? recipient2@???
> 2020-03-17 22:04:43 [5737] 1jEJOF-0001UU-Cz H=gmail-smtp-in.l.google.com [2a00:1450:400c:c08::1b]:25 No route to host
> 2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz => recipient1@??? F=<lukas@???> P=<lukas@???> R=dnslookup T=remote_smtp S=3835 H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0 I=[83.73.2.172]:33460 X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250 2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
> 2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz -> recipient2@??? F=<lukas@???> P=<lukas@???> R=dnslookup T=remote_smtp S=3835 H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0 I=[83.73.2.172]:33460 X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250 2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
> 2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz Completed QT=1s
>
> Now this is as expected, and the mail should not be in the queue. However:
>
> $ mailq:
>  4m  2.8K 1jEJOC-0001UM-Td <lukas@???>
>           recipient1@???
>           recipient2@???

>
> The mail is stuck in the mail queue forever. Whenever the message reaches the retry limit (every 24 hours), it is redelivered to the external recipients until I manually do "exim4 -Mrm 1jEJOC-0001UM-Td".
>
> Interestingly this only seems to happen if the message has multiple external destinations.
>
> How can this happen so randomly after ten years without any problems? Is there a default that has been changed in exim that causes the message to be stuck in the queue?
>
> Thanks,
> Lukas
>
>
>
>