Bug#261511: marked as done (exim4: possible very long delay with callout verification)

Debian Bug Tracking System owner@bugs.debian.org
Sun, 16 Jan 2005 12:18:21 -0800 

Your message dated Sun, 16 Jan 2005 21:08:19 +0100
with message-id <20050116200819.GA2970@downhill.at.eu.org>
and subject line exim4 4.43-3 uploaded to Debian unstable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jul 2004 13:01:42 +0000
>From ron@debian.org Mon Jul 26 06:01:42 2004
Return-path: <ron@debian.org>
Received: from dsl2-160.gw1.adl1.airnet.com.au (hank.shelbyville.oz) [202.174.37.160] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Bp56r-0004BD-00; Mon, 26 Jul 2004 06:01:42 -0700
Received: from ron by hank.shelbyville.oz with local (Exim 4.34)
	id 1Bp564-0004ME-AK; Mon, 26 Jul 2004 22:30:52 +0930
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ron <ron@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exim4: possible very long delay with callout verification
X-Mailer: reportbug 2.63
Date: Mon, 26 Jul 2004 22:30:52 +0930
Message-Id: <E1Bp564-0004ME-AK@hank.shelbyville.oz>
Sender: Ron <ron@debian.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.1 required=4.0 tests=BAYES_44,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: exim4
Version: 4.34-2
Severity: normal

Hi,

exim4 allows you to configure a timeout for each single attempt at
callout verification of receiver and sender addresses, but it places no
absolute limit on the time taken to process a single address, or (put
differently) on the number of mx's it will query before abandoning
verification temporarily or permanently.

I've been seeing spam with apparent senders from sites like mail333.com
and newsabuse.net which have a large number of mx hosts listed in dns
which are largely unresponsive.  If exim attempts to do a callout
verification on eg. foo@newsabuse.net [1], then it will take
sufficiently long to complete that a fetchmail process feeding it may
lose its pop connection due to inactivity (which in the most common
configuration will cause it to loop continually re-retrieving all the
messages in the remote spool up to the problem one).

Even with a callout time so short that usually responsive hosts may fail
to answer in time, newsabuse.net was able to break my fetchmail feeder in
this way until I disabled callout verification.

If would be nice to have this defer if no answer is received in a (hard
limited) configurable period, and perhaps to have a defer_fail option to
complement defer_ok -- though the latter I can emulate using a acl_mX
variable and two separate tests.

See (the tail of) #186739 for similar comments with a fetchmail bias.

callout verification is obviously more useful for a direct smtp
connection than a fetchmail feed, but that may still be useful to
people for mail filtering (it's too early for me to say how useful
with much confidence ...)

cheers,
Ron

[1] - exim -bt that one, then try to connect to a few to see what
      we're up against.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.21-pre5+acpi+swsusp
Locale: LANG=C, LC_CTYPE=C

Versions of packages exim4 depends on:
ii  exim4-base                    4.34-2     EXperimental Internal Mailer -- a 
ii  exim4-daemon-heavy            4.34-2     Exim (v4) with extended features, 

-- no debconf information

---------------------------------------
Received: (at 261511-done) by bugs.debian.org; 16 Jan 2005 20:08:38 +0000
>From ametzler@debian.org Sun Jan 16 12:08:37 2005
Return-path: <ametzler@debian.org>
Received: from m26s25.vlinux.de [83.151.30.59] ([VxU2E2fm6d954rEoodxcek70dy1UDTcS])
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CqGhR-00041q-00; Sun, 16 Jan 2005 12:08:37 -0800
Received: from m-134-246.adsl.univie.ac.at ([131.130.134.246])
	by m26s25.vlinux.de with asmtp (Exim 4.34)
	id 1CqGi7-0002fh-T0; Sun, 16 Jan 2005 20:09:36 +0000
Received: from ametzler by downhill.univie.ac.at with local (cert-ver=0) (Exim 4.43)
	id 1CqGh9-0000nI-R2; Sun, 16 Jan 2005 21:08:19 +0100
Date: Sun, 16 Jan 2005 21:08:19 +0100
From: Andreas Metzler <ametzler@debian.org>
To: 274246-done@bugs.debian.org, 267994-done@bugs.debian.org,
	262592-done@bugs.debian.org, 277817-done@bugs.debian.org,
	265818-done@bugs.debian.org, 241725-done@bugs.debian.org,
	260114-done@bugs.debian.org, 261511-done@bugs.debian.org,
	230545-done@bugs.debian.org, 237947-done@bugs.debian.org
Subject: exim4 4.43-3 uploaded to Debian unstable
Message-ID: <20050116200819.GA2970@downhill.at.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GPG-Fingerprint: BCF7 1345 BE42 B5B8 1A57  EE09 1D33 9C65 8B8D 7663
User-Agent: Mutt/1.5.6+20040907i
X-Spam-Score: 1.3 (+)
Delivered-To: 261511-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 5

I've uploaded exim4 4.43-3 to unstable a couple of hours ago, and can
close a couple of bugs fixed by the new upstream version.

  * New upstream version. (am) (Closes: #274246, #267994)
    - no more unescaped hyphens in exim.8. (Closes: #262592)
    - no more warnings in exipick.8 (Closes: #277817)
    - New option tls_on_connect_ports. (Closes: #265818)
    - better documentation about differences in configuring for GnuTLS or
      OpenSSL. (Closes: #241725)
    - verify = header_sender now respects callout options. (Closes: #260114)
    - There is now an overall timeout for performing a callout verification.
      (Closes: #261511)
    - Less typos in filter.txt. (Closes: #230545)
    - New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947)