[exim] Problem with retry database and redundant remote MTAs

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Jeremy Harris at ->
Delete this message
Reply to this message
Author: Franz-Werner Gergen
Date:  
To: exim-users
Subject: [exim] Problem with retry database and redundant remote MTAs
Hi all, 

Yesterday, one of my users ran into a problem sending mail to some 
recipients of a domain. The remote site has 2 MX records:
imt-atlantique.fr    mail exchanger = 30 mx-imta-fr-02.enst-bretagne.fr.
imt-atlantique.fr    mail exchanger = 10 dns.imt-atlantique.fr.


On August, 17th my MTA sent mails at 12:50 to the host
dns.imt-atlantique.fr (MX 10) for the imt-atlantique.fr domain and was
greylisted. At 12:51 my MTA retried the delivery and was successful at
host mx-imta-fr-02.enst-bretagne.fr (MX 30).

Between August, 17th and Yesterday no mail was sent from my MTA (only 2
replies from imt-atlantique.fr to my user). Yesterday, my MTA sent again
mail to this domain at 13:08. The delivery process was greylisted by
dns.imt-atlantique.fr and no further delivery attempts were made because
the retry timeout exceeded and a bouncing message was sent to the sender.

I've fixed the problem using exim_tidydb. Is there any possibility to
overcome this problem, that a delivery process fails due to greylisting
but will succeed later for a redundant MTA and the failed MTA remains on
the failing retry list and the next delivery attempt will stop after the
first retry due to exceeded retry timeout?

My exim version is
Exim version 4.94.2 #2 built 05-May-2021 09:27:53
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007
- 2018
Berkeley DB: Berkeley DB 4.8.30: (June 27, 2017)
Support for: crypteq iconv() Expand_dlfunc OpenSSL Content_Scanning DANE
DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql
Authenticators: plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline

An extract of the mainlog of the communication between my MTA and the
MTAs for imt-atlantique.fr is appended. 

Thanks in advance,
Franz-Werner Gergen
-- 
Franz-Werner Gergen
Max-Planck-Institut fuer Intelligente Systeme, IT Gruppe
Heisenbergstr. 3    70569 Stuttgart
Tel: 0711-689-1861  Email: gergen@???

2021-08-17 12:50:45 1mFwg9-0002Zv-Ov <= sender@??? H=localhost (mail.is.mpg.de) [127.0.0.1] P=smtp S=65571 DKIM=is.mpg.de id=FE1DE77D-DE3E-4F9F-9630-EB604C222E46@???
2021-08-17 12:50:45 cwd=/raid/spool/exim_10025 5 args: /usr/local/exim-4.94.2/exim -C /abt/exim/configure.mail.10025 -Mc 1mFwg9-0002Zv-Ov
2021-08-17 12:50:52 1mFwg9-0002Zv-Ov [192.44.76.66] SSL verify error: certificate name mismatch: DN="/O=Sendmail/OU=Sendmail Server/CN=spad.emn.fr/emailAddress=admin@???" H="dns.imt-atlantique.fr"
2021-08-17 12:50:52 1mFwg9-0002Zv-Ov [192.44.76.66] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=spad.emn.fr/emailAddress=admin@???
2021-08-17 12:50:57 1mFwg9-0002Zv-Ov H=dns.imt-atlantique.fr [192.44.76.66]: SMTP error from remote mail server after RCPT TO:<recip1@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-17 12:50:57 1mFwg9-0002Zv-Ov H=dns.imt-atlantique.fr [192.44.76.66]: SMTP error from remote mail server after RCPT TO:<recip2@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-17 12:51:03 1mFwg9-0002Zv-Ov [192.108.117.12] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=mx-imta-fr-02.enst-bretagne.fr/emailAddress=admin@???
2021-08-17 12:51:05 1mFwg9-0002Zv-Ov => recip1@??? R=extern T=remote_smtp H=mx-imta-fr-02.enst-bretagne.fr [192.108.117.12] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no C="250 2.0.0 17HAp2qv005278 Message accepted for delivery"
2021-08-17 12:51:05 1mFwg9-0002Zv-Ov Completed
2021-08-17 12:51:05 1mFwg9-0002Zv-Ov -> recip2@??? R=extern T=remote_smtp H=mx-imta-fr-02.enst-bretagne.fr [192.108.117.12] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no C="250 2.0.0 17HAp2qv005278 Message accepted for delivery"
2021-08-23 13:08:32 1mI7oe-00057s-BF <= sender@??? H=localhost (mail.is.mpg.de) [127.0.0.1] P=smtp S=29434 DKIM=is.mpg.de id=A6F18FA4-FBB3-46F8-B816-3AC9BF3F7487@???
2021-08-23 13:08:32 cwd=/raid/spool/exim_10025 5 args: /usr/local/exim-4.94.2/exim -C /abt/exim/configure.mail.10025 -Mc 1mI7oe-00057s-BF
2021-08-23 13:08:39 1mI7oe-00057s-BF [192.44.76.66] SSL verify error: certificate name mismatch: DN="/O=Sendmail/OU=Sendmail Server/CN=spad.emn.fr/emailAddress=admin@???" H="dns.imt-atlantique.fr"
2021-08-23 13:08:39 1mI7oe-00057s-BF [192.44.76.66] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=spad.emn.fr/emailAddress=admin@???
2021-08-23 13:08:39 1mI7oe-00057s-BF [192.44.76.67] SSL verify error: certificate name mismatch: DN="/O=Sendmail/OU=Sendmail Server/CN=fokker.emn.fr/emailAddress=admin@???" H="fokker.imt-atlantique.net"
2021-08-23 13:08:39 1mI7oe-00057s-BF [192.44.76.67] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=fokker.emn.fr/emailAddress=admin@???
2021-08-23 13:08:42 1mI7oe-00057s-BF H=dns.imt-atlantique.fr [192.44.76.66]: SMTP error from remote mail server after RCPT TO:<recip1@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:42 1mI7oe-00057s-BF H=dns.imt-atlantique.fr [192.44.76.66]: SMTP error from remote mail server after RCPT TO:<recip2@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:42 1mI7oe-00057s-BF H=dns.imt-atlantique.fr [192.44.76.66]: SMTP error from remote mail server after RCPT TO:<recip3@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:42 1mI7oe-00057s-BF H=fokker.imt-atlantique.net [192.44.76.67]: SMTP error from remote mail server after RCPT TO:<recip4@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:49 1mI7oe-00057s-BF [192.108.117.12] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=mx-imta-fr-02.enst-bretagne.fr/emailAddress=admin@???
2021-08-23 13:08:49 1mI7oe-00057s-BF [192.108.117.13] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=mx-imta-org-02.enst-bretagne.fr/emailAddress=admin@???
2021-08-23 13:08:50 1mI7oe-00057s-BF == recip4@??? R=extern T=remote_smtp defer (-44) H=mx-imta-org-02.enst-bretagne.fr [192.108.117.13]: SMTP error from remote mail server after RCPT TO:<recip4@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:50 1mI7oe-00057s-BF ** recip1@???: retry timeout exceeded
2021-08-23 13:08:50 1mI7oe-00057s-BF == recip1@??? R=extern T=remote_smtp defer (-44) H=mx-imta-fr-02.enst-bretagne.fr [192.108.117.12]: SMTP error from remote mail server after RCPT TO:<recip1@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:50 1mI7oe-00057s-BF ** recip2@???: retry timeout exceeded
2021-08-23 13:08:50 1mI7oe-00057s-BF == recip2@??? R=extern T=remote_smtp defer (-44) H=mx-imta-fr-02.enst-bretagne.fr [192.108.117.12]: SMTP error from remote mail server after RCPT TO:<recip2@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:50 1mI7oe-00057s-BF ** recip3@???: retry timeout exceeded
2021-08-23 13:08:50 1mI7oe-00057s-BF == recip3@??? R=extern T=remote_smtp defer (-44) H=mx-imta-fr-02.enst-bretagne.fr [192.108.117.12]: SMTP error from remote mail server after RCPT TO:<recip3@???>: 451 4.7.1 Greylisting in action, please come back later
2021-08-23 13:08:50 1mI7ow-00058T-8d <= <> R=1mI7oe-00057s-BF U=mail P=local S=32248
2021-08-23 13:08:50 cwd=/raid/spool/exim_10025 9 args: /usr/local/exim-4.94.2/exim -C /abt/exim/configure.mail.10025 -t -oem -oi -f <> -E1mI7oe-00057s-BF
2021-08-23 13:19:28 1mI7oe-00057s-BF == recip4@??? routing defer (-51): retry time not reached
2021-08-23 13:34:34 1mI7oe-00057s-BF [192.44.76.67] SSL verify error: certificate name mismatch: DN="/O=Sendmail/OU=Sendmail Server/CN=fokker.emn.fr/emailAddress=admin@???" H="fokker.imt-atlantique.net"
2021-08-23 13:34:34 1mI7oe-00057s-BF [192.44.76.67] SSL verify error: depth=0 error=self signed certificate cert=/O=Sendmail/OU=Sendmail Server/CN=fokker.emn.fr/emailAddress=admin@???
2021-08-23 13:34:35 1mI7oe-00057s-BF => recip4@??? R=extern T=remote_smtp H=fokker.imt-atlantique.net [192.44.76.67] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no C="250 2.0.0 17NBYXY9032552 Message accepted for delivery"
2021-08-23 13:34:35 1mI7oe-00057s-BF Completed
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Differences exim 4.93 and 4.94Re: [exim] Problem with retry database and redundant remote MTAs->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)