Hi guys.

 I have several mail relays with Exim-4.92 on Debian, running with
 "verify = sender/callout=300s". Today one incoming mail passed this
 sender verify procedure on 1st relay (highest priority MX), then
 hit greylisting (got 451) and came to the 2nd relay, where it was
 rejected with

Aug 15 16:04:25 citrine exim[25920]: 2019-08-15 16:04:25.148 [25920] 
H=relay.seldon.ru []:49727 I=[]:25 sender verify 
fail for <prvs=113054f968=usern...@seldon.ru>: relay.seldon.ru [] 
: SMTP error from remote mail server after RCPT 
TO:<prvs=113054f968=usern...@seldon.ru>: 550 5.1.1 Backscatter Protection 
detected an invalid or expired email address

 (real user address is mangled). Investigation shows that sender's MX host
 does not pass sender verify if address contain uppercase letters:

220 relay.seldon.ru ESMTP MDaemon 18.0.2; Thu, 15 Aug 2019 18:05:39 +0300
mail from: <>
250 2.1.0 Sender OK
rcpt to: <prvs=113054f968=usern...@seldon.ru>
250 2.1.5 Recipient OK
rcpt to: <prvs=113054f968=usern...@seldon.ru>
550 5.1.1 Backscatter Protection detected an invalid or expired email address

 Well, this is obvious violation of the case insensitivity principle for
 domain part. But MDaemon bugs are not targets for this discussion.
 I was surprised that sender's MTA came to my 1st relay with lowercase
 domain in env_from address (seldon.ru), which passed sender verify, and
 since several seconds came to came to 2nd relay with uppercase letters
 in domain part. Logs have different register for env_from domain
 of the same mail.

 Maybe this is some other MDaemon bug resulting in case change during
 relay's traversal, but this scenario does not explain all facts below.
 First, I see something strange with callout cache on the 2nd relay:

# exim_dumpdb /var/spool/exim4 callout | fgrep -i seldon
15-Aug-2019 16:04:24 prvs=113054f968=usern...@seldon.ru callout=accept
15-Aug-2019 16:04:25 prvs=113054f968=usern...@seldon.ru callout=reject

 Only one mail was logged around 16:04:25 from this address, and it was
 rejected. Why callout cache have TWO different entries with very close
 timestamps but different cases for domain part and different results?

 I made some experiments, feeding some env_from addresses to my relays
 and watching network traffic. Results are:
 1. Callout entries for mail addresses have the same case as in MAIL FROM.
 2. Callout entries for host names are always in low case.
 3. Single env_from results in a single SMTP callout.
 I failed to reproduce duplication of callout records and case inversions.
 However, there are duplicates in cache, for different domains.

# exim_dumpdb /var/spool/exim4 callout | fgrep -i nore...@cnews.ru
25-Jul-2019 15:06:55 nore...@cnews.ru callout=accept
25-Jul-2019 15:06:56 nore...@cnews.ru callout=accept

# exim_dumpdb /var/spool/exim4 callout | fgrep -i c...@cnews.ru 
25-Jul-2019 11:15:52 c...@cnews.ru callout=accept
25-Jul-2019 11:15:52 c...@cnews.ru callout=accept

# exim_dumpdb /var/spool/exim4 callout | fgrep -i osp.ru
18-Jul-2019 17:39:36 bounce-264727...@bounce.email.osp.ru callout=accept
18-Jul-2019 17:39:35 bounce-264727...@bounce.email.osp.ru callout=accept
18-Jul-2019 17:39:36 bounce.email.osp.ru callout=accept postmaster=unknown 

 Logs for these 3 mails contain addresses with lowcase domain parts.
 Case inversions+duplicates are not rare, they count to ~ 25% mails
 on my hosts:

# exim_dumpdb /var/spool/exim4 callout | fgrep -v random= | egrep '[A-Z]\.' | 
wc -l

# exim_dumpdb /var/spool/exim4 callout | fgrep -v random= | egrep -v '[A-Z]\.' 
| wc -l

 Have anybody idea why could it happen? Is it a bug?
 Eugene Berdnikov

## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to