On 6/8/05, Tim Jackson <[EMAIL PROTECTED]> wrote: > On Tue, 7 Jun 2005 19:27:08 -0700 > Tony Marques <[EMAIL PROTECTED]> wrote: > > > An Exim server should only try to send two messages after which it > > should stop -- freezing (or whatever) the first message and the > > generated bounce. > > As others have said, I've never seen Exim exhibit bad behaviour like > you're describing. Exim definitely doesn't keep retrying after 5xx > errors. Whilst there's always the possibility of a bug, I'm pretty sure > it would have been picked up by now considering the huge deployment and > long history of Exim.
People on this list, people that know how to configure Exim and rewrite and recompile Exim, probably don't have this "ignore_bounce_errors" parameter set and probably aren't operating open relays or doing any number of other bad things. Unfortunately, it seems this isn't a bug that can be fixed -- it's humans, we should get rid of them all. > However, can I point out an alternative suggestion. Exim is > incorporated into at least one (and probably more) "control panel" > products (Cpanel), where at least some parts of the system are pre- Yeah, I considered as much. > There are two things I would note about this: > > a) This seems more likely given that you are complaining about bogus > virus bounces and similar (which are indeed a PITA - see > http://www.timj.co.uk/linux/bogus-virus-warnings.cf ). Well- configured > Exim machines don't spew crap like this out. And "well- configured" in Well, I can imagine situations where a user with a full mail box recieves a legitimate notification or a list message which they can't reply to that would initiate this behavior. If they were on a misconfigured server, it would try to send a bounces repeatedly despite being told not to with 55x errors. Nothing bogus. I too was forced to incorporate bogus filters years ago. Errors we intercept that seem to be virus related get "550 We couldn't have sent the virus" responses (I only wish server/filter software everywhere used MAIL FROM <> and "Content-Type: multipart/report...report-type=delivery-status headers" exclusively). This filter is one of the reasons why I was able to find all these Exim examples. If you have a comprable filter you too may be able to find your own examples, but you 55x them and may not keep them so you wouldn't see this -- you have a properly configured Exim and you reject examples. Other people may see 20 rejected messages and assume that it wasn't the server that sent 20 rejections, but that the virus sent them 20 viruses causing those 20 messages. Other people have servers that accept all messages either normally or through a backup-mx that will try to forward it to the main server so there is only one bounce from the Exim server and everything works according to spec. Most of the time there are no bounces or there are bounces to legitimate addresses. I can easily imagine this problem going unnoticed for a long time. Last month with Sober.P and a server that exploded the 52 RCPT TO so it sent out 52 responses, I found myself very annoyed. I could have used that server and the email address I found to mailbomb all my enemies. > b) More pertinently, the example you cited in an earlier mail did > indeed exhibit signs of being a "pre-configured" machine. Here goes Yes, but I mainly used bob.xstreamhost.com as an example because it was recent, and because it had the latest version of Exim I found. I wouldn't want to be here complaining about Exim 3.34 -- even fewer people would take this seriously. In the list, 3 of the 20 machines didn't have X-AntiAbuse headers so this may be the fault of Cpanel or a similar control panel or plug in. I can certainly blame control panels and server operators. It isn't Microsoft's fault if nobody knows how to configure Windows securely. Thank's everyone for helping me try to get to the bottom of this. It may not be a bug, but it does seem to be stupid, and from my experience it is not uncommon and it doesn't reflect well on Exim. -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
