> From: g18c > > We have a Kayako helpdesk, when e-mails come in from customers notifications > are sent out by Kayako to a number of staff whose mailboxes are hosted on > Rackspace mail servers. > > Rackspace policy is 5 connections to their mx1 and 3 connections to mx2. > > I noticed a large number of queued messages in Exim - when looking in Exim > logs I can see many lines?2012-10-13 20:06:56 1TN72s-0007Cw-1l SMTP error > from remote mail server after initial connection: host mx2.emailsrvr.com > [173.203.2.32]: 421 Too many concurrent connections from this client. > > For our requirements if we send 1 email every 10 seconds or so, this would be > OK. > > Messages to all other servers should go through a normal rates, only > mx1.emailsrvr.com and mx2.emailsrvr.com should have this connection limit > policy applied. So, one connection is OK for you. Then in transport:
remote_smtp: driver = smtp serialize_hosts = mx1.emailsrvr.com : mx2.emailsrvr.com At reboot: `rm -f /var/spool/exim/db/misc*` > > Is this possible? > > Many thanks, > > Chris > > ------------------------------ > > Message: 11 > Date: Sat, 13 Oct 2012 14:40:24 -0700 > From: Phil Pennock <[email protected]> > To: James Mills <[email protected]> > Cc: "[email protected]" <[email protected]>, Todd Lyons > <[email protected]> > Subject: Re: [exim] strange resolver issue > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > On 2012-10-13 at 16:56 +0000, James Mills wrote: > > Thanks Todd, spot on! > > Todd's great. :) > > > Got rid of the mdns entries in nsswitch.conf and all is fine now. > > You should probably try to transition away from assuming that .local is > available via regular DNS -- consider this a wake-up call that there's > an issue here, and changing nsswitch.conf has bought you time to manage > a transition gracefully. > > Going forward, .local is de facto used for multicast DNS and that's not > going to change, and is going to be embedded in more and more devices. > > I say this as someone who _likes_ zeroconf, mostly, and thinks it's a > good idea. Home users adding devices to a network should not need to > mess with zone-files; printers, media devices, ~everything just using > multicast DNS just makes life easier. So this is going to continue. > For businesses, cheap devices you buy are still going to assume zeroconf > by default. Fighting that is making work for yourself, when there's so > many other things that need time and attention. It likely makes more > business sense to just abandon the domain and spend expensive staff time > fighting issues that _need_ fighting. > > In July, IANA created a registry of "Special-Use Domain Names": > > https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xml > > Avoid anything in that, and if something you use appears in that, then > you're fighting a losing battle and just plan on graceful evacuation. > > Note that with the swing to HTTPS/TLS for "everything" and wanting > TLS certificates for internal services, I recommend that companies avoid > using private TLDs for their internal network. If you manage your own > in-house CA, you're probably okay, but otherwise you should plan on > being able to buy a (cheap) cert even for internal services. > > Using a TLD such as .biz works; register example.biz and use that. So > many people have .biz in blacklists for email, etc, that you'll not want > to use that for a public-facing site, and it's not too hard to train > non-technical folks that "company.com is public, company.biz is > internal". > > -Phil > > > > ------------------------------ > > Message: 12 > Date: Sat, 13 Oct 2012 14:47:54 -0700 > From: Phil Pennock <[email protected]> > To: Jonathan White <[email protected]> > Cc: [email protected] > Subject: Re: [exim] Centos Application Applience Routing mail to relay > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > On 2012-10-13 at 12:41 +0100, Jonathan White wrote: > > When I run a debug it looks like Exim is trying to perform a DNS > > lookup of 127.0.0.1 > > > Eventually the lookup times out and the mail is sent. What's correct > > way to resolve the issue? Is there further lookups to disable or can > > exim resolve 127.0.0.1 via another method other than a DNS server? > > Put it in /etc/hosts. > > That _should_ work. > > Note that part of the issue here is that Exim assumes it can resolve the > local hostname. "@" is Exim for "the hostname of the host that I'm > running on". > > If you keep hitting DNS issues on the appliance, you might consider > something like dnsmasq -- it's a server designed to be very small, for > use on home routers where memory is tight. You can configure it with > appropriate dummy data. > > (Note that /etc/hosts is not normally a good solution for DNS issues, > just a way to store up issues for later, but I tend to believe that > localhost and the hostname of the machine itself should be in > /etc/hosts, so that basic self-resolution can work without a network > connection). > > -Phil > > > > ------------------------------ > > Message: 13 > Date: Sat, 13 Oct 2012 14:51:23 -0700 > From: Phil Pennock <[email protected]> > To: Damien Moore <[email protected]> > Cc: [email protected] > Subject: Re: [exim] how to implement a blacklist of IP addresses > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > On 2012-10-13 at 16:10 +0100, Damien Moore wrote: > > I am using Exim 4.72 on Debian 6.0.6. I have dumped the Debian > > configuration scheme and composed my own exim4.conf file based on the > > sample supplied. I have successfully implemented a blacklist of sending > > domains which works like this: > > > > acl_smtp_mail = acl_check_mail > > acl_check_mail: > > deny message = Domain blacklisted locally > > sender_domains = lsearch;/etc/exim4/senderdomains.blacklist > > > > where the file senderdomains.blacklist contains a list of this format: > > > > dirtyspammers.org > > spamserver.lots-o-spam.net > > dishitout.spammers.com > > In this case, you don't want "lsearch;", you just want to specify the > file path itself, so that the matching is "one per line". lsearch is a > way, loosely speaking, of looking for "key: value" lines by key and > grabbing the value for use. > > > My question is how to do something similar with a list of IP addresses. > > Would a similar structure be appropriate and where would it be put? Hope > > this is not too easy. > > It should be: > deny hosts = /etc/exim4/senderhosts.blacklist > > And don't worry about "too easy". If people complain about "too easy", > I can cough at them and ask for people to help maintain the FAQ. :-D > > -Phil > > > > ------------------------------ > > Message: 14 > Date: Sat, 13 Oct 2012 15:08:13 -0700 > From: Phil Pennock <[email protected]> > To: g18c <[email protected]> > Cc: [email protected] > Subject: Re: [exim] ?421 Too many concurrent connections from this > client > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8 > > On 2012-10-14 at 00:50 +0400, g18c wrote: > > We have a Kayako helpdesk, when e-mails come in from customers > > notifications are sent out by Kayako to a number of staff whose mailboxes > > are hosted on Rackspace mail servers. > > > > Rackspace policy is 5 connections to their mx1 and 3 connections to mx2. > > > > I noticed a large number of queued messages in Exim - when looking in Exim > > logs I can see many lines?2012-10-13 20:06:56 1TN72s-0007Cw-1l SMTP error > > from remote mail server after initial connection: host mx2.emailsrvr.com > > [173.203.2.32]: 421 Too many concurrent connections from this client. > > > > For our requirements if we send 1 email every 10 seconds or so, this would > > be OK. > > > > Messages to all other servers should go through a normal rates, only > > mx1.emailsrvr.com and mx2.emailsrvr.com should have this connection limit > > policy applied. > > > > Is this possible? > > You can increase the _likelihood_ of limiting yourself to a maximum > number of connections per IP, but not be _sure_ to prevent it. > > If you can build a list of domains, then the easy way is to set the > "queue_smtp_domains" option to a domain-list (which can be a lookup, per > normal domain-list rules); mails to those domains won't be immediately > delivered, but routing will have been done. A later queue runner will > collect all emails to the same IP destination and shove them down one > SMTP connection (subject to various maximum limits). > > So you then run a queue runner once per minute. If you _really_ need to > pump more often, write a small script which sleeps 10 seconds between > calling "exim -R @domain.to.trigger" (to avoid retrying messages for > other domains). > > I might be missing a really easy way to extend this to hosts instead, > but I'd try a dnsdb lookup for the special "mxh" keytype. > > Assuming Exim 4.77 or more recent, for the inlisti operation: > > queue_smtp_domains = ${if forany{${lookup > dnsdb{mxh=$domain}}}{inlisti{$item}{mx1.emailsrvr.com:mx2.emailsrvr.com}} > {*}{}} > > (untested!) > > That says "if, for any of the hostnames resulting from looking up the > domain's MX records in DNS and taking the hostname part of the MX > records, that hostname is in the list consisting of these two hosts, > then '*', else the empty string", and results in a domainlist of one or > zero items, used for matching. > > If you're using an older Exim release then: > (1) I of course encourage you to use Exim 4.80 and in general to stay > up-to-date > (2) in the meantime, you can nest a second forany{} inside the first > one, and try to stay sane while doing so. That way lies madness > and despair in your debugging. Use inlisti{needle}{hay:stack} > instead. The "i" is case-Insensitive matching. > > -Phil > > > > ------------------------------ > > Message: 15 > Date: Sat, 13 Oct 2012 23:10:54 +0100 > From: "Jonathan White" <[email protected]> > To: <[email protected]> > Subject: Re: [exim] Centos Application Applience Routing mail to relay > Message-ID: <C96DF0418C7944E69191F92CA86DE06B@T500> > Content-Type: text/plain; format=flowed; charset="iso-8859-1"; > reply-type=original > > Thanks for the the reply Phil. > > I did think the /ect/hosts file would have been sufficient for Exim to > resolve 127.0.0.1 or localhost but I do not think Exim is trying the hosts > file first. > > This is what I have > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 host01 localhost.localdomain localhost > ::1 localhost6.localdomain6 localhost6 > > I can ping localhost but not nslookup which I would expect as nslookup uses > a DNS server to resolve the address. > > Do I need to tell Exim to use the hosts file? > Is there an option to turn off all lookups and accept mail submitted by > localhost? > > Best regards > > J > > -----Original Message----- > From: Phil Pennock > Sent: Saturday, October 13, 2012 10:47 PM > To: Jonathan White > Cc: [email protected] > Subject: Re: [exim] Centos Application Applience Routing mail to relay > > On 2012-10-13 at 12:41 +0100, Jonathan White wrote: > > When I run a debug it looks like Exim is trying to perform a DNS > > lookup of 127.0.0.1 > > > Eventually the lookup times out and the mail is sent. What's correct > > way to resolve the issue? Is there further lookups to disable or can > > exim resolve 127.0.0.1 via another method other than a DNS server? > > Put it in /etc/hosts. > > That _should_ work. > > Note that part of the issue here is that Exim assumes it can resolve the > local hostname. "@" is Exim for "the hostname of the host that I'm > running on". > > If you keep hitting DNS issues on the appliance, you might consider > something like dnsmasq -- it's a server designed to be very small, for > use on home routers where memory is tight. You can configure it with > appropriate dummy data. > > (Note that /etc/hosts is not normally a good solution for DNS issues, > just a way to store up issues for later, but I tend to believe that > localhost and the hostname of the machine itself should be in > /etc/hosts, so that basic self-resolution can work without a network > connection). > > -Phil > > > > > ------------------------------ > > Message: 16 > Date: Sat, 13 Oct 2012 15:55:35 -0700 > From: Todd Lyons <[email protected]> > To: Jonathan White <[email protected]> > Cc: [email protected] > Subject: Re: [exim] Centos Application Applience Routing mail to relay > Message-ID: > <CAFG21ojPgdKwSxTEhdvawi_kTm1=zsr+n3bgu6plbtcwa6h...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > On Sat, Oct 13, 2012 at 3:10 PM, Jonathan White <[email protected]> wrote: > > Thanks for the the reply Phil. > > > > I did think the /ect/hosts file would have been sufficient for Exim to > > resolve 127.0.0.1 or localhost but I do not think Exim is trying the hosts > > file first. > > As a wild guess, what does your hosts: line look like in your > /etc/nsswitch.conf? > > ...Todd > -- > The total budget at all receivers for solving senders' problems is $0. > If you want them to accept your mail and manage it the way you want, > send it the way the spec says to. --John Levine > > > > ------------------------------ > > -- > > ## List details at https://lists.exim.org/mailman/listinfo/exim-users Exim > details at http://www.exim.org/ ## > > > End of Exim-users Digest, Vol 101, Issue 14 > ******************************************* -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
