Re: [exim] Help using cutthrough_delivery

Wed, 29 Jun 2016 15:09:18 -0700 

On 6/29/2016 5:24 PM, Rob Szarka wrote:

On 6/29/2016 5:01 PM, Heiko Schlittermann wrote:


How many recipients does the message in question have? The cutthrough
delivery works only if all the recipients have the same destination.



I think in all cases there is a single recipient, but at the least 
they are all destined for the same domain on the same remote host. 
Here's an (anonymized) example transaction:



2016-06-29 17:09:19 1bIMjW-0003KP-SZ <= [email protected] 
H=(host-196.202.44.217-static.tedata.net) [196.202.44.217] P=esmtp 
S=11906 id=20162906230915.UV41268@MYCUSTOMER T="Documents copies" from 
<[email protected]> for chenet.torres@MYCUSTOMER
2016-06-29 17:09:19 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 
1bIMjW-0003KP-SZ
2016-06-29 17:09:20 1bIMjW-0003KP-SZ ** chenet.torres@MYCUSTOMER 
F=<[email protected]> R=lookuphost T=remote_smtp H=CUSTOMERHOST 
X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from 
remote mail server after end of data: 550 permanent failure for one or 
more recipients (chenet.torres@MYCUSTOMER:blocked)
2016-06-29 17:09:20 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem 
-oi -f <> -E1bIMjW-0003KP-SZ
2016-06-29 17:09:20 1bIMjY-0003Ka-9u <= <> R=1bIMjW-0003KP-SZ U=mail 
P=local S=13470 T="Mail delivery failed: returning message to sender" 
from <> for [email protected]

2016-06-29 17:09:20 1bIMjW-0003KP-SZ Completed



Can you tcpdump your connection to check if there is at least the
cutthrough attempt?


Let me give it a try...



Following up on the above... Assuming that I am reading the tcpdump 
output correctly (it has been a long time!), here's what I *think* I'm 
seeing:


1. Spammer connects to me and sends the EHLO, MAIL FROM, RCPT TO, and DATA.
2. I reply with 250.
3. Spammer starts sending message data.
4. I connect to my customer's system and start sending the message.

5. While I am still in the DATA phase with my customer, spammer sends 
the last packet and I send 250 Accepted.

6. I finish DATA with my customer and it rejects the message.


I'm guessing that my customer's system (via Barracuda) is waiting until 
the end of DATA to reject each message even if the RCPT address is 
invalid. It seems like my system may wait until the FROM and RCPT are 
accepted, interprets that as a verification of the recipient, but 
doesn't wait to find out whether the message actually got accepted by 
the destination system before acknowledging it to the spammer.



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/





















					Reply via email to