Exim4 does not respond to some hosts

To: debian-user@lists.debian.org
Subject: Exim4 does not respond to some hosts
From: Nick Wright <nick@lsd.net.nz>
Date: Tue, 1 Aug 2006 16:44:53 +1200
Message-id: <[🔎] 20060801044453.GA22240@highgate.net.nz>
Mail-followup-to: Nick Wright <nick@lsd.net.nz>, debian-user@lists.debian.org

Hi,

I'm having issue with my mail server (exim4) recieveing incoming
connections from certain hosts.

When telnetting to my machine on port 25 from the particular problem
host I get:

Escape character is '^]'.

The EXIM banner never shows (after waiting 5 minutes the connection
gets closed due to exim's SMTP timeout)

>From a different machine I get:

Escape character is '^]'.
220 localhost.localdomain ESMTP Exim 4.50 Tue, 01 Aug 2006 15:57:23
+1200

as expected. I can recieve mail directly from that machine.

I found in the exim faq:

<paste>
Q0020:  Why do connections to my machine's SMTP port take a long time
to respond with the banner, when connections to other ports respond
instantly? The delay is sometimes as long as 30 seconds.

A0020:  These kinds of delay are usually caused by some kind of
network problem that affects outgoing calls made by Exim at the start
of an incoming connection. Configuration options that cause outgoing
calls are:

(1)  rfc1413_hosts and rfc1413_query_timeout (for ident
     calls). Firewalls sometimes block ident connections so that they
     time out, instead of refusing them immediately. This can cause
     this problem. See Q5023 for a discussion of the usefulness of
     ident.

(2)  The host_lookup option, the host_reject_connection option, or a
     condition in the ACL that runs at connection time requires the
     remote host's name to be looked up from its IP address. Sometimes
     these DNS lookups time out. You can get this effect with ACL
     statements like this:

   deny  hosts = *.x.example
</paste>

1. I have set rfc query timeout to 0s (in 02_exim4-config_options) and
   then restarted exim (do I need to change anything else for this to
   be picked up?? exim has crazy configuration files). But to no
   avail.

2. I still have default options (plus what I configured through
   debconf) for all the acl denies -- there are some rather cryptic
   looking entries for that stuff so maybe there's som DNS timeouts
   happening I dont know.

The sending machine eventually gives up and returns my mails as failed
deliveries. I can send direct from other machines though, such as
gmail, and the machine that recieves the banner succesfully above.

My exim log for all these instances (and there are a few different
hosts that do it) show this (for example):

2006-08-01 16:39:54 SMTP command timeout on connection from
monty-python.gnu.org [199.232.76.173]

Which is the result of the sending host sitting on the conneciton
waiting for the mail banner to show and eventually timing out.

Reply to:

Prev by Date: kernel upgrade disaster, hotplug and linux-image-2.6.15-1-686
Previous by thread: kernel upgrade disaster, hotplug and linux-image-2.6.15-1-686
Index(es):
- Date
- Thread