On 09/05/2022 22:44, Jesse Hathaway via Exim-users wrote:
> Just recently, starting on May 4th, we began bouncing some messages from
> Gmail with the following error:
>
> 2022-05-09 15:32:48 H=mail-lj1-x234.google.com
> [2a00:1450:4864:20::234]:46864 I=[2620:0:861:3:208:80:154:76]:25
> X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no
> F=<translations+caf_=jsoby=wikimedia.org@???> rejected RCPT
> <jsoby@???>: Previous (cached) callout verification failure
You receiving from G, doing a verify, would have been a callout
but using a cached previous-fail record. Can't tell if R- or S-verify.
What does your config require, for verifies?
> 2022-05-09 15:32:48 SMTP protocol error in "BDAT 18952 LAST"
> H=mail-lj1-x234.google.com [2a00:1450:4864:20::234]:46864
> I=[2620:0:861:3:208:80:154:76]:25 BDAT command used when CHUNKING not
> advertised
You receiving from G, same conn as above. We claim G did
something wrong...
> 2022-05-09 15:32:48 SMTP syntax error in "Received: by
> mail-lj1-x234.google.com with SMTP id 16so17499146lju.13"
> H=mail-lj1-x234.google.com [2a00:1450:4864:20::234]:46864
> I=[2620:0:861:3:208:80:154:76]:25 unrecognized command
Now we're just confused, interpreting message header data
as an SMTP command. We're out-of-sync by now.
> 2022-05-09 15:32:48 SMTP syntax error in " for
> <jsoby@???>; Mon, 09 May 2022 08:32:48 -0700 (PDT)"
> H=mail-lj1-x234.google.com [2a00:1450:4864:20::234]:46864
> I=[2620:0:861:3:208:80:154:76]:25 unrecognized command
> 2022-05-09 15:32:48 SMTP syntax error in "X-Google-DKIM-Signature:
> v=1; a=rsa-sha256; c=relaxed/relaxed;" H=mail-lj1-x234.google.com
> [2a00:1450:4864:20::234]:46864 I=[2620:0:861:3:208:80:154:76]:25
> unrecognized command
ditto
> 2022-05-09 15:32:48 SMTP call from mail-lj1-x234.google.com
> [2a00:1450:4864:20::234]:46864 I=[2620:0:861:3:208:80:154:76]:25
> dropped: too many syntax or protocol errors (last command was
> "X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;",
> C=EHLO,STARTTLS,EHLO,MAIL,RCPT,BDAT,RSET,NOOP,MAIL,RCPT,BDAT)
and we finally recognise that and drop the conn. We recorded
the sequence of SMTP commandss used on the conn; it looks reasonable,
it would be useful to know if this source IP did have a good
message reception immediately before, or not.
If it did, then that reception did use chunking, which implies
we did advertise it - so the later later claim we did not
seems like our bug (exposed by some recent G change).
If it did not... do you think your config *should* be advertising
chunking to G ?
>
> We are currently running exim 4.94 on Debian. In trying to understand the root
> cause of the issue I noticed a recent commit included in 4.96:
>
> JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the
> the facility was not passed across execs, and only the first message passed
> over a connection could use BDAT; any further ones using DATA.
>
> Is this commit at all related?
I don't think so. We're looking at receiving from G here, and that
was dealing with sending.
> Is there a chance Gmail changed their sending
> behavior?
Entirely possible. You imply you've see more than one of these.
How often? Are you in a position to build and use 4.96 (we have
neater debug tooling there)?
--
Cheers,
Jeremy