Hi,
I debugged with ngrep and it seems that the version upgrade from Debian 9 to
Debian 10 enabled a feature called PRDR (Per Recipient Data Response) that was
not there before.
Can I disable this feature for a particular router or transport such that it
won't be used at all?
For example, exim should NOT use PRDR when sending messages via to this router
to the following transport:
dkimproxy:
driver = manualroute
domains = ! +local_domains
condition = "${if eq {$interface_port}{10029}{0}{1}}"
transport = dkimproxy_smtp
route_list = "* 127.0.0.1 byname"
self = send
dkimproxy_smtp:
driver = smtp
port = 10028
allow_localhost
# Want: disable_prdr; DO NOT USE PRDR, no matter if it's advertised or
not
Reason: It seems that the receiving SMTP server (dkimproxy) does not understand
PRDR and messes things up. Connections hang at "353 PRDR content analysis
beginning".
Alternatively, it might be possible to not advertise ("250-PRDR") when
connecting to a certain port (10029). For example, to not advertise TLS for a
certain port, I use already:
tls_advertise_hosts = ${if eq{$received_port}{10029} {:}{*}}
However, for PRDR the info is pretty sparse and all I can find is a simple
global option "prdr_enable = true".
Thanks,
Lukas
> Gesendet: Dienstag, 17. März 2020 um 17:30 Uhr
> Von: "Lukas Haase" <[email protected]>
> An: [email protected]
> Betreff: Exim4 keeps mails with multiple recipients infinitely in queue
>
> Hi,
>
> I am running Debian + exim + dkimproxy for more than 10 years without any
> issues. dkimproxy listens on the same host on 127.0.0.1:10028, signs the
> mails accordingly with DKIM and relays them back to exim via 127.0.0.1:10029.
> For that reason, exim listens on 10029 as well:
>
> local_interfaces = <; 0.0.0.0.25 ; ::0.25 ; 0.0.0.0.465 ; ::0.465 ;
> 0.0.0.0.587 ; ::0.587 ; 127.0.0.1.10029
> tls_advertise_hosts = ${if eq{$received_port}{10029} {:}{*}}
>
> As one of the first routers (after the stock domain_literal and hubbed_hosts
> routers) I have:
>
> dkimproxy:
> driver = manualroute
> domains = ! +local_domains
> condition =
> "${lookup{$sender_address_domain}lsearch{/etc/dkimproxy/sender.map}{${if eq
> {$interface_port}{10029}{0}{1}}}{0}}"
> transport = dkimproxy_smtp
> route_list = "* localhost byname"
> self = send
>
> and the transport:
>
> dkimproxy_smtp:
> driver = smtp
> port = 10028
> allow_localhost
>
> As can be seen, all received mails which do not come from port 10029 (signed
> by dkimproxy) and come from one of the domains in sender.map are relayed to
> dkimproxy_smtp which subsequently sends them back to exim where they progress
> normally.
>
>
> This setup worked flawlessly since 2009 (and was upgraded over multiple
> Debian versions). Recently I upgradded to Debian 10 (buster; exim 4.89,
> dkimproxy 1.4.1) and it seems as soon as I send emails to multiple external
> recipients, the mail is stuck in the queue although successfully delivered!
>
> Example: User [email protected] on my system sends an email to
> [email protected] and [email protected]. From the logs below, it can be
> seen that the message (1jEJOC-0001UM-Td) is successfully accepted and then
> passed on to dkimproxy which re-delivers it from port 10029. The new message
> is 1jEJOF-0001UU-Cz and is successfully delivered to the google servers:
>
> 2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: SAEximRunCond expand
> returned: 'true'
> 2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: check succeeded,
> running spamc
> 2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td SA: Action: scanned but message
> isn't spam: score=0.0 required=5.0 (scanned in 2/2 secs | Message-Id:
> [email protected]). From <[email protected]>
> (host=gate.example.net [83.73.2.170]) for [email protected],
> [email protected]
> 2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td <= [email protected]
> H=gate.example.net ([192.168.200.209]) [83.73.2.170]:56470
> I=[83.73.2.172]:587 P=esmtpsa X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no
> SNI="mail.example.net" A=plain_dovecot_authdaemon:lukas S=2885 M8S=8
> [email protected] from <[email protected]>
> for recipient1@gmail [email protected]
> 2020-03-17 22:04:43 [19955] SMTP connection from [127.0.0.1]:44870
> I=[127.0.0.1]:10029 (TCP/IP connection count = 6)
> 2020-03-17 22:04:43 [5726] SMTP connection from gate.example.net
> ([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587 closed by QUIT
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<[email protected]>
> acceptance
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<[email protected]>
> acceptance
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Debug: SAEximRunCond expand
> returned: ''
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Action: Not running SA
> because SAEximRunCond expanded to false (Message-Id: 1jEJOF-0001UU-Cz). From
> <[email protected]> (host=localhost [127.0.0.1]) for [email protected],
> [email protected]
> 2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz <= [email protected] H=localhost
> (mail.example.net) [127.0.0.1]:44870 I=[127.0.0.1]:10029 P=esmtp PRDR S=3767
> M8S=0 [email protected] from
> <[email protected]> for [email protected] [email protected]
> 2020-03-17 22:04:43 [5737] 1jEJOF-0001UU-Cz H=gmail-smtp-in.l.google.com
> [2a00:1450:400c:c08::1b]:25 No route to host
> 2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz => [email protected]
> F=<[email protected]> P=<[email protected]> R=dnslookup T=remote_smtp S=3835
> H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0
> I=[83.73.2.172]:33460 X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes
> DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250
> 2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
> 2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz -> [email protected]
> F=<[email protected]> P=<[email protected]> R=dnslookup T=remote_smtp S=3835
> H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0
> I=[83.73.2.172]:33460 X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes
> DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250
> 2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
> 2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz Completed QT=1s
>
> Now this is as expected, and the mail should not be in the queue. However:
>
> $ mailq:
> 4m 2.8K 1jEJOC-0001UM-Td <[email protected]>
> [email protected]
> [email protected]
>
> The mail is stuck in the mail queue forever. Whenever the message reaches the
> retry limit (every 24 hours), it is redelivered to the external recipients
> until I manually do "exim4 -Mrm 1jEJOC-0001UM-Td".
>
> Interestingly this only seems to happen if the message has multiple external
> destinations.
>
> How can this happen so randomly after ten years without any problems? Is
> there a default that has been changed in exim that causes the message to be
> stuck in the queue?
>
> Thanks,
> Lukas
>
>
>
>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
