Hello again, (sorry if this is all trivial - our mail manager is away and so I am just trying to understand something that may be obvious to seasoned exim admins).
I now partially understand the failure... The file blocked.hosts contained two domains. The second was a domain that is currently resolving to an IP address only some of the time. Assuming the domain was called somedomain.xyz (probably best not to name and shame), when exim was able to accept email, the lookup was resolving to an IP address. However, at times when exim was returning (at best) the temporary failure, the resolution was failing. What is worrying is that exim seems to have interpreted the failure to resolve this one IP address as a total failure of the DNS when it wasn't. So, is this behaviour expected and if so, is there a way to ensure that failure to resolve an address due to problems elsewhere (presumably with somedomain.xyz's nameservers being out of action) doesn't effectively cause a local denial of service on our exim servers? Regards, Bret -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Giddings, Bret Sent: 03 April 2008 12:42 To: [email protected] Subject: [exim] Strange problem with hostlist Hello, Since sometime on Tuesday, we experienced major problems with our previously working exim configuration despite no changes being made other than routine system upgrades. The problems were intermittent but resulted in both temporarily rejected RCPT and too many connections errors in the logs. Curiously, the problems would affect all three of our outward facing exim servers at approximately the same time and all three would resolve themselves at approximately the same time. The problems would last between 5 minutes and many hours and usually started around 36 minutes past the hour. After eliminating possible internal processes causing it, we concluded that it was most likely junk email being sent in. We eventually tracked the problem down to a failure in acl_smtp_rcpt. This had the line deny hosts = +blocked_hosts where blocked hosts was previously defined as hostlist blocked_hosts = /essex/exim/blocked.hosts The blocked.hosts file contained just two domainnames but hadn't been edited since August 2006. When the problem was active, lsof showed hundreds of exim processes had the blocked.hosts file open. Commenting out the deny verb made the problem go away. Has anyone else seen this problem and know what the real cause might be. I can supply detailed logs (-d+all) taking during a time when failures were happening if anyone wants to see them! OS version: Debian SID Exim version information: Exim version 4.69 #1 built 30-Jan-2008 09:41:07 Copyright (c) University of Cambridge 2006 Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007) Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_Scanning Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Regards, Bret -- Bret Giddings, Systems Manager, Computing Service, University of Essex Tel: (01206) 872577 Email: [EMAIL PROTECTED] Fax: (01206) 860585 Room 4SW.5.19 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
