Re: [exim] Spurious "BDAT command used when CHUNKING not ad…

Pàgina inicial
Delete this message
Reply to this message
Autor: Jesse Hathaway
Data:  
A: Jeremy Harris
CC: exim-users
Assumpte: Re: [exim] Spurious "BDAT command used when CHUNKING not advertised"?
On Mon, May 9, 2022 at 5:32 PM Jeremy Harris via Exim-users
<exim-users@???> wrote:
> What does your config require, for verifies?


begin acl:
  ...snip...
  # If the destination domain is a domain we relay for,
  # check if the local part exists at the destination,
  # reject if it doesn't.
  # Accept if the destination cannot be reached within 30s.
  deny domains = +relay_domains
          ! verify = recipient/callout=10s,maxwait=30s,defer_ok


# Check whether the sender address domain exists
require verify = sender

# Gsuite accounts
gsuite_account:
        driver = manualroute
        domains = wikimedia.org
        local_part_suffix = +*
        local_part_suffix_optional
        transport = remote_smtp
        route_list = *  aspmx.l.google.com


> and we finally recognise that and drop the conn. We recorded
> the sequence of SMTP commandss used on the conn; it looks reasonable,
> it would be useful to know if this source IP did have a good
> message reception immediately before, or not.


>From looking at the logs I don't see any successful receives from that

IP, though we had some successful receives for other IPs, where we
emitted the same error message. One curious piece is that almost all of
the errors are preceded by a similar callout failure:

2022-05-08 19:56:59 H=mail-oa1-x2f.google.com
[2001:4860:4864:20::2f]:41512 I=[2620:0:861:3:208:80:154:76]:25
X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no
F=<translations+caf_=jsoby=wikimedia.org@???> rejected RCPT
<jsoby@???>: Previous (cached) callout verification failure

> If it did, then that reception did use chunking, which implies
> we did advertise it - so the later later claim we did not
> seems like our bug (exposed by some recent G change).
>
> If it did not... do you think your config *should* be advertising
> chunking to G ?


Yes it was enabled, as we did not override the default, and we verified
with a manual test

> > Is there a chance Gmail changed their sending
> > behavior?
>
> Entirely possible. You imply you've see more than one of these.
> How often? Are you in a position to build and use 4.96 (we have
> neater debug tooling there)?


We were getting a pretty constant rate, until we disabled chunking, e.g.
we had 2466 of these messages on May 8th. I'm happy to test a 4.96
build, just let me know what logging options would be helpful.

Thanks for all the help, Jesse