On 26/07/17 13:08, Christian Balzer wrote: > 2017-07-26 17:47:11 1daHyG-0006wE-On <= somebodyredacted.com U=mail > P=spam-scanned S=8615 > id=ps1pr0302mb2521ea6d93330dc628d6b68a8d...@ps1pr0302mb2521.apcprd03.prod.outlook.com > 2017-07-26 17:47:12 1daHyG-0006wE-On => [email protected] > <redacted> R=dnslookup T=remote_smtp S=8727 H=mb11.dentaku.gol.com > [203.216.5.41] I=[203.216.5.87] C="250 OK id=1daHyK-000PFY-JI" > 2017-07-26 19:58:42 1daHyG-0006wE-On > H=redacted-com.mail.protection.outlook.com [23.103.139.138] TLS error on > connection (gnutls_handshake): timed out > 2017-07-26 19:58:42 1daHyG-0006wE-On TLS session failure: delivering > unencrypted to redacted-com.mail.protection.outlook.com [23.103.139.138] (not > in hosts_require_tls) > 2017-07-26 19:58:43 1daHyG-0006wE-On => [email protected] <redacted> > R=dnslookup T=remote_smtp S=8727 H=redacted-com.mail.protection.outlook.com > [23.103.139.138] I=[203.216.5.87] C="250 2.6.0 > <ps1pr0302mb2521ea6d93330dc628d6b68a8d...@ps1pr0302mb2521.apcprd03.prod.outlook.com> > [InternalId=50470160698992, > Hostname=KL1PR0301MB2056.apcprd03.prod.outlook.com] 19008 bytes in 0.213, > 87.128 KB/sec Queued mail for delivery" > 2017-07-26 19:58:43 1daHyG-0006wE-On Completed QT=2h11m35s > --- > > 2nd line is an instant local delivery, then should be the forward to the > outsourced hell domain, but nothing for 2 hours.
Hmm. We'd need a debug trace to be certain. There's an alarm set, smtp_receive_timeout (default 5 minutes) during the tls-connect; the only way I can see that not firing is if GnuTLS subverts it or your config sets it to zero to disable it. "exim -bP smtp_receive_timeout" would show the latter. Background questions: - How often do you run the queue? - Is the offending IP always the same, and does it always offend? - What GnuTLS version (from "exim -d-all+tls -bV") ? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
