Hi,
I am running Debian + exim + dkimproxy for more than 10 years without any
issues. dkimproxy listens on the same host on 127.0.0.1:10028, signs the mails
accordingly with DKIM and relays them back to exim via 127.0.0.1:10029. For
that reason, exim listens on 10029 as well:
local_interfaces = <; 0.0.0.0.25 ; ::0.25 ; 0.0.0.0.465 ; ::0.465 ; 0.0.0.0.587
; ::0.587 ; 127.0.0.1.10029
tls_advertise_hosts = ${if eq{$received_port}{10029} {:}{*}}
As one of the first routers (after the stock domain_literal and hubbed_hosts
routers) I have:
dkimproxy:
driver = manualroute
domains = ! +local_domains
condition =
"${lookup{$sender_address_domain}lsearch{/etc/dkimproxy/sender.map}{${if eq
{$interface_port}{10029}{0}{1}}}{0}}"
transport = dkimproxy_smtp
route_list = "* localhost byname"
self = send
and the transport:
dkimproxy_smtp:
driver = smtp
port = 10028
allow_localhost
As can be seen, all received mails which do not come from port 10029 (signed by
dkimproxy) and come from one of the domains in sender.map are relayed to
dkimproxy_smtp which subsequently sends them back to exim where they progress
normally.
This setup worked flawlessly since 2009 (and was upgraded over multiple Debian
versions). Recently I upgradded to Debian 10 (buster; exim 4.89, dkimproxy
1.4.1) and it seems as soon as I send emails to multiple external recipients,
the mail is stuck in the queue although successfully delivered!
Example: User [email protected] on my system sends an email to
[email protected] and [email protected]. From the logs below, it can be
seen that the message (1jEJOC-0001UM-Td) is successfully accepted and then
passed on to dkimproxy which re-delivers it from port 10029. The new message is
1jEJOF-0001UU-Cz and is successfully delivered to the google servers:
2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: SAEximRunCond expand
returned: 'true'
2020-03-17 22:04:41 [5726] 1jEJOC-0001UM-Td SA: Debug: check succeeded, running
spamc
2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td SA: Action: scanned but message
isn't spam: score=0.0 required=5.0 (scanned in 2/2 secs | Message-Id:
[email protected]). From <[email protected]>
(host=gate.example.net [83.73.2.170]) for [email protected],
[email protected]
2020-03-17 22:04:43 [5726] 1jEJOC-0001UM-Td <= [email protected]
H=gate.example.net ([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587
P=esmtpsa X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no
SNI="mail.example.net" A=plain_dovecot_authdaemon:lukas S=2885 M8S=8
[email protected] from <[email protected]>
for recipient1@gmail [email protected]
2020-03-17 22:04:43 [19955] SMTP connection from [127.0.0.1]:44870
I=[127.0.0.1]:10029 (TCP/IP connection count = 6)
2020-03-17 22:04:43 [5726] SMTP connection from gate.example.net
([192.168.200.209]) [83.73.2.170]:56470 I=[83.73.2.172]:587 closed by QUIT
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<[email protected]>
acceptance
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz PRDR R=<[email protected]>
acceptance
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Debug: SAEximRunCond expand
returned: ''
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz SA: Action: Not running SA because
SAEximRunCond expanded to false (Message-Id: 1jEJOF-0001UU-Cz). From
<[email protected]> (host=localhost [127.0.0.1]) for [email protected],
[email protected]
2020-03-17 22:04:43 [5734] 1jEJOF-0001UU-Cz <= [email protected] H=localhost
(mail.example.net) [127.0.0.1]:44870 I=[127.0.0.1]:10029 P=esmtp PRDR S=3767
M8S=0 [email protected] from
<[email protected]> for [email protected] [email protected]
2020-03-17 22:04:43 [5737] 1jEJOF-0001UU-Cz H=gmail-smtp-in.l.google.com
[2a00:1450:400c:c08::1b]:25 No route to host
2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz => [email protected]
F=<[email protected]> P=<[email protected]> R=dnslookup T=remote_smtp S=3835
H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0 I=[83.73.2.172]:33460
X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes
DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250
2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz -> [email protected]
F=<[email protected]> P=<[email protected]> R=dnslookup T=remote_smtp S=3835
H=gmail-smtp-in.l.google.com [74.125.133.26]:25 PRX=[]:0 I=[83.73.2.172]:33460
X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes
DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" C="250
2.0.0 OK 1584479084 w128si540721wmb.55 - gsmtp" QT=1s DT=1s
2020-03-17 22:04:44 [5735] 1jEJOF-0001UU-Cz Completed QT=1s
Now this is as expected, and the mail should not be in the queue. However:
$ mailq:
4m 2.8K 1jEJOC-0001UM-Td <[email protected]>
[email protected]
[email protected]
The mail is stuck in the mail queue forever. Whenever the message reaches the
retry limit (every 24 hours), it is redelivered to the external recipients
until I manually do "exim4 -Mrm 1jEJOC-0001UM-Td".
Interestingly this only seems to happen if the message has multiple external
destinations.
How can this happen so randomly after ten years without any problems? Is there
a default that has been changed in exim that causes the message to be stuck in
the queue?
Thanks,
Lukas
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
