I’ve shrunk the .forward now and some of the problematic emails started getting
delivered.
Still I don’t have root cause.
But I’m told that the backup that you see me saving things into it’s immediate
but rather delayed hence the messages don’t end up there either.
The biggest contributor maki
On Fri, 2 Jun 2023, Robert Nicholson via Exim-users wrote:
I’ve shrunk the .forward now and some of the problematic emails
started getting delivered.
Still I don’t have root cause.
But I’m told that the backup that you see me saving things into it’s
immediate but rather delayed hence the messa
Here I’m testing with an earlier message that originally failed.
It eventually came thru after I simplified the .forward.
2023-06-02 12:36:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc
1q5AZm-0002cJ-0b
2023-06-02 12:36:42 1q5AZm-0002cJ-0b <= bbar...@matlensilver.com
H=mail-lf1-f42.google.c
On 2023-06-01, Julian Bradfield via Exim-users
wrote:
> In response to the recent RCPT-flooding attacks, I changed my
> acl_check_rcpt verification check to say:
>deny
> domains = +local_domains
> !local_parts = postmaster
> !verify = recipient
> message = Unknown user
>
On 03/06/2023 17:48, Julian Bradfield via Exim-users wrote:
Having switched on acl debugging at the 70th denied RCPT, what I see
in the logs is:
check delay = 5s
delay modifier requests 5-second delay
delay cancelled by peer close
As far as I can see, this only makes any sense if the attacker
On 2023-06-03, Jeremy Harris via Exim-users wrote:
> On 03/06/2023 17:48, Julian Bradfield via Exim-users wrote:
>> Having switched on acl debugging at the 70th denied RCPT, what I see
>> in the logs is:
>>
>>
>> check delay = 5s
>> delay modifier requests 5-second delay
>> delay cancelled by pe
On 03/06/2023 18:52, Julian Bradfield via Exim-users wrote:
What happens in the debug log after the last acl check is:
SMTP>> 421 london.jcbradfield.org lost input connection
LOG: lost_incoming_connection MAIN
unexpected disconnection while reading SMTP command from ([58.53.131.26])
[58.53.1
Dňa 3. júna 2023 17:52:10 UTC používateľ Julian Bradfield via Exim-users
napísal:
>> Yes. But you didn't show us that bit.
>
>Because it isn't there.
You can use notquit ACL to produce log line on that
case(s), including notquit reason...
But anyway, you cannot expect nice (RFC compliant)
beh
On 2023-06-03, Jeremy Harris via Exim-users wrote:
> On 03/06/2023 18:52, Julian Bradfield via Exim-users wrote:
>> What happens in the debug log after the last acl check is:
>>
>> SMTP>> 421 london.jcbradfield.org lost input connection
>> LOG: lost_incoming_connection MAIN
>>unexpected disco
On 03/06/2023 19:15, Julian Bradfield via Exim-users wrote:
On 2023-06-03, Jeremy Harris via Exim-users wrote:
On 03/06/2023 18:52, Julian Bradfield via Exim-users wrote:
What happens in the debug log after the last acl check is:
SMTP>> 421 london.jcbradfield.org lost input connection
LOG: lo
On Sat, 3 Jun 2023, Julian Bradfield via Exim-users wrote:
Here's what's in the main log. (The actual domain is redacted because
it's an address leakage detector which I don't want appearing on the web.)
2023-06-03 17:23:55 SMTP connection from [58.53.131.26] (TCP/IP connection
count = 1)
202
On 2023-06-03, Jeremy Harris via Exim-users wrote:
SMTP>> 421 london.jcbradfield.org lost input connection
LOG: lost_incoming_connection MAIN
unexpected disconnection while reading SMTP command from
([58.53.131.26]) [58.53.131.26] D=10s
>>>
>>> Good, that's as expected.
>>
On 2023-06-03, Andrew C Aitchison via Exim-users
wrote:
> If all the recipients are pipelined in one blast,
> will the "recipient denied" messages will all be logged before the delay
> kicks in, or does exim actually twiddle its thumbs when there is a block
> of pipelined data waiting to be re
On 03/06/2023 21:29, Julian Bradfield via Exim-users wrote:
The delay on each recipient is triggered, but then cancelled because
exim's smtp_out connection has been shut down.
Thanks - that's the item of info I was missing and
hadn't realised.
Dumping the previously-received input once we've
s
Dňa 3. júna 2023 20:29:11 UTC používateľ Julian Bradfield via Exim-users
napísal:
>Nonetheless, I think that a pipeline should be aborted if you already
>know that the far end is closed.
IMO you are confused. That RCPT rejection was logged,
doesn't mean that it was send, and even if, i am sure
On 2023-06-03, Jeremy Harris via Exim-users wrote:
> On 03/06/2023 21:29, Julian Bradfield via Exim-users wrote:
>> The delay on each recipient is triggered, but then cancelled because
>> exim's smtp_out connection has been shut down.
>
> Thanks - that's the item of info I was missing and
> hadn't
16 matches
Mail list logo
