https://bugs.exim.org/show_bug.cgi?id=2710
Bug ID: 2710
Summary: Delivering multiple emails on a continuous sequence
resets proxy_session/proxy_local_address value
Product: Exim
Version: 4.94
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Logging
Assignee: unallocated@???
Reporter: george@???
CC: exim-dev@???
Steps to reproduce:
1. Use 2 servers 1 with exim 4.92 installed on it and the second one as a socks
proxy(e.g. danted)
2. Edit /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp adding these at
the end of the file:
socks_proxy = <; The.ip.of.socks_proxy
helo_data = ${lookup
dnsdb{defer_never,ptr=$proxy_external_address}{${tr{$value}{\n}{;}}}{$primary_hostname}}
3. In this same file hardcode the interface to one of the available interfaces
of the exim server
interface = W.X.Y.Z
4.Change log selector to look like this
log_selector = -connection_reject -delay_delivery -dnslist_defer -etrn
-host_lookup_failed -lost_incoming_connection -queue_run -rejected_header
-retry_defer -sender_verify_fail -acl_warn_skipped -size_reject -skip_delivery
-tls_cipher +incoming_interface +outgoing_interface +pid +proxy
+tls_certificate_verified
5. Regenerate the new config and restart exim
6. To make sure socks_proxy it's used, reject connections on port 25 to the
destination mx
iptables -I OUTPUT -p tcp --dport 25 -d mx.example.com -j REJECT
ip6tables -I OUTPUT -p tcp --dport 25 -d mx.example.com -j REJECT
7. Send some emails and watch the logs, you should be able to send emails using
the proxy (PRX=[ip of server used as proxy])
8.If you want to want to end up using a continuous stream reject connections to
the socks_proxy server
iptables -I OUTPUT -p tcp --dport XYZ -d server.set.as.proxy.com -j REJECT
ip6tables -I OUTPUT -p tcp --dport XYZ -d server.set.as.proxy.com -j REJECT
9. Send several emails that will fail (since they can't connect to proxy for
delivery)
10. Redo step 8 using ACCEPT (instead of reject) to enable connection to
socks_proxy server
11. Force a queue delivery (e.g. exim4 -qff)
12. See in logs how a continuous stream is used
2021-03-26 08:50:18 [2509] 1lPiAX-0000eP-Lb =>
test@??? R=dnslookup_relay_to_domains T=remote_smtp
H=the.above.mx.test [13.49.183.143] PRX=[13.53.188.21] I=[10.0.111.176] CV=yes
C="250 OK id=1lPiAb-0005cs-W9"
2021-03-26 08:50:18 [2509] 1lPiAX-0000eP-Lb Completed
2021-03-26 08:50:18 [2512] 1lPi8p-0000Ro-Uq =>
test@??? R=dnslookup_relay_to_domains T=remote_smtp
H=the.above.mx.test [13.49.183.143] I=[10.0.111.176]* CV=no C="250 OK
id=1lPiAc-0005cs-Sl"
Notice that PRX is missing in the second log (even though the socks_proxy it's
actually used) and this makes the proxy_session and proxy_local_address for
that specific email(1lPiAc-0005cs-Sl) to be NULL.
--
You are receiving this mail because:
You are on the CC list for the bug.