On 09/05/2022 22:44, Jesse Hathaway via Exim-users wrote:
Just recently, starting on May 4th, we began bouncing some messages from
Gmail with the following error:
2022-05-09 15:32:48 H=mail-lj1-x234.google.com
[2a00:1450:4864:20::234]:46864 I=[2620:0:861:3:208:80:154:76]:25
X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no
F=<[email protected]> rejected RCPT
<[email protected]>: Previous (cached) callout verification failure
You receiving from G, doing a verify, would have been a callout
but using a cached previous-fail record. Can't tell if R- or S-verify.
What does your config require, for verifies?
2022-05-09 15:32:48 SMTP protocol error in "BDAT 18952 LAST"
H=mail-lj1-x234.google.com [2a00:1450:4864:20::234]:46864
I=[2620:0:861:3:208:80:154:76]:25 BDAT command used when CHUNKING not
advertised
You receiving from G, same conn as above. We claim G did
something wrong...
2022-05-09 15:32:48 SMTP syntax error in "Received: by
mail-lj1-x234.google.com with SMTP id 16so17499146lju.13"
H=mail-lj1-x234.google.com [2a00:1450:4864:20::234]:46864
I=[2620:0:861:3:208:80:154:76]:25 unrecognized command
Now we're just confused, interpreting message header data
as an SMTP command. We're out-of-sync by now.
2022-05-09 15:32:48 SMTP syntax error in " for
<[email protected]>; Mon, 09 May 2022 08:32:48 -0700 (PDT)"
H=mail-lj1-x234.google.com [2a00:1450:4864:20::234]:46864
I=[2620:0:861:3:208:80:154:76]:25 unrecognized command
2022-05-09 15:32:48 SMTP syntax error in "X-Google-DKIM-Signature:
v=1; a=rsa-sha256; c=relaxed/relaxed;" H=mail-lj1-x234.google.com
[2a00:1450:4864:20::234]:46864 I=[2620:0:861:3:208:80:154:76]:25
unrecognized command
ditto
2022-05-09 15:32:48 SMTP call from mail-lj1-x234.google.com
[2a00:1450:4864:20::234]:46864 I=[2620:0:861:3:208:80:154:76]:25
dropped: too many syntax or protocol errors (last command was
"X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;",
C=EHLO,STARTTLS,EHLO,MAIL,RCPT,BDAT,RSET,NOOP,MAIL,RCPT,BDAT)
and we finally recognise that and drop the conn. We recorded
the sequence of SMTP commandss used on the conn; it looks reasonable,
it would be useful to know if this source IP did have a good
message reception immediately before, or not.
If it did, then that reception did use chunking, which implies
we did advertise it - so the later later claim we did not
seems like our bug (exposed by some recent G change).
If it did not... do you think your config *should* be advertising
chunking to G ?
We are currently running exim 4.94 on Debian. In trying to understand the root
cause of the issue I noticed a recent commit included in 4.96:
JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the
the facility was not passed across execs, and only the first message passed
over a connection could use BDAT; any further ones using DATA.
Is this commit at all related?
I don't think so. We're looking at receiving from G here, and that
was dealing with sending.
Is there a chance Gmail changed their sending
behavior?
Entirely possible. You imply you've see more than one of these.
How often? Are you in a position to build and use 4.96 (we have
neater debug tooling there)?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
