[exim-dev] [Bug 2431] New: ACL smtp timeout related to callout (similar to 2174)

Thu, 15 Aug 2019 04:55:52 -0700 

https://bugs.exim.org/show_bug.cgi?id=2431

            Bug ID: 2431
           Summary: ACL smtp timeout related to callout (similar to 2174)
           Product: Exim
           Version: 4.92
          Hardware: x86
               URL: https://bugs.debian.org/934761
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146...@wizmail.org
          Reporter: eximus...@bebt.de
                CC: exim-dev@exim.org

Hello,

this was reported against Debian's 4.92-8+deb10u1 which is essentially 4.92.1 +
some patches from the fixes branch and 0a5441fcd93ae4145c07b3ed138dfe0e107174e0
("Fix smtp response timeout") from master branch:
https://salsa.debian.org/exim-team/exim4/tree/10_buster/debian/patches

Martin Duspiva <martin.dusp...@aira.cz> wrote:
---------------------------------------------
Dear Maintainer,

I think that the bug #887489, which is  already archived, is still persist.
I have Debin 9 with backported Exim4 ( 4.92-8+deb10u1~bpo9+1 ) and the callout
funciton in rcpt acl has  as the same bad behavior as described in bug #887489.

My acl rule in acl_smtp_rcpt :

  accept hosts =  +relay_from_hosts
        !verify = recipient/defer_ok/callout=30s,defer_ok,use_sender
        ratelimit = NONEX_LIM / NONEX_PERIOD / per_rcpt / relayuser-$acl_m_user
        continue = ${run{SHELL -c "echo $acl_m_user \
           >>$spool_directory/blocked_relay_users; \
           \N{\N echo Subject: relay user $acl_m_user blocked; echo; echo \
           because has sent mail to NONEX_LIM invalid recipients during
NONEX_PERIOD.; \
           \N}\N | NONEX_EXIMBINARY NONEX_WARNTO"}}
        control = freeze/no_tell
        control = submission/domain=
        add_header = X-Relayed-From: $acl_m_user

And relay hosts sometimes get te following 421 error when sending email:
"SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz)
[84.242.100.166]"


This is in Exim's debug log:

 5272 tls_write(0x5639a0cfa550, 14)
 5272 gnutls_record_send(SSL, 0x5639a0cfa550, 14)
 5272 outbytes=14
 5272 DSN: orcpt: NULL  flags: 0
 5272 Calling gnutls_record_recv(0x5639a0d8d410, 0x5639a11560e0, 4096)
 5272 GnuTLS<3>: ASSERT: buffers.c[_gnutls_io_read_buffered]:587
 5272 GnuTLS<3>: ASSERT: record.c[_gnutls_recv_int]:1473
 5272 LOG: lost_incoming_connection MAIN
 5272   SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz)
[84.242.100.166]
 5272 SMTP>> 421 holub.aira.cz: SMTP command timeout - closing connection

The acl works well with comment out "callout" line. 


exim4: 2) Callout timeout in recipient verify can result in the lost of the TLS
incoming connexion 
---------------------------------------------

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Reply via email to