Bug#934761: exim4: 2) Callout timeout in recipient verify can result in the lost of the TLS incoming connexion
Andreas Metzler
ametzler at bebt.de
Thu Aug 15 14:14:26 BST 2019
On 2019-08-14 Martin Duspiva <martin.duspiva at aira.cz> wrote:
[...]
> I think that the bug #887489, which is already archived, is still persist.
> I have Debin 9 with backported Exim4 ( 4.92-8+deb10u1~bpo9+1 ) and the callout funciton in rcpt acl has as the same bad behavior as described in bug #887489.
> My acl rule in acl_smtp_rcpt :
> accept hosts = +relay_from_hosts
> !verify = recipient/defer_ok/callout=30s,defer_ok,use_sender
[...]
> And relay hosts sometimes get te following 421 error when sending email:
> "SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz) [84.242.100.166]"
> This is in Exim's debug log:
> 5272 tls_write(0x5639a0cfa550, 14)
> 5272 gnutls_record_send(SSL, 0x5639a0cfa550, 14)
> 5272 outbytes=14
> 5272 DSN: orcpt: NULL flags: 0
> 5272 Calling gnutls_record_recv(0x5639a0d8d410, 0x5639a11560e0, 4096)
> 5272 GnuTLS<3>: ASSERT: buffers.c[_gnutls_io_read_buffered]:587
> 5272 GnuTLS<3>: ASSERT: record.c[_gnutls_recv_int]:1473
> 5272 LOG: lost_incoming_connection MAIN
> 5272 SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz) [84.242.100.166]
> 5272 SMTP>> 421 holub.aira.cz: SMTP command timeout - closing connection
> The acl works well with comment out "callout" line.
Hello Martin,
can you please clarify where/which host saw what error message and to
what part of the connection the above debug log belongs?
I only see two hosts holub.aira.cz = remote.aira.cz and of.aira.cz) but
would have expected three (1 mail server, that is were exim runs. 2 a
remote host trying to submit a message to exim. 3 the remote host exim
is calling out to.)
I would appreciate if you could reply directly on the upstream report
https://bugs.exim.org/show_bug.cgi?id=2431
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list