Bug#948271: exim4-daemon-heavy: smtp_ratelimit_rcpt breaks connection instead of just delaying RCPT verbs
Ralf G. R. Bergs
Ralf+Debian at Bergs.biz
Mon Jan 6 10:30:36 GMT 2020
Package: exim4-daemon-heavy
Version: 4.89-2+deb9u6
Severity: normal
Dear Maintainer,
I have the following config snippet active to hamper spammers
brute-force trying local-parts on my server:
----------- 8x -------------
smtp_ratelimit_hosts = *
smtp_ratelimit_rcpt = 4,0.25s,1.2,4m
----------- 8x -------------
I tried to send a message from Thunderbird to 10 recipients, but
instead of accepting the message an SMTP-level error occurred. Same
happened with macOS Mail client.
Apparently the implementation of Exim is faulty, because instead of
just delaying RCPT verbs it seems to close the connection.
Here's a network capture I made:
----------- 8x -------------
No. Time Source Destination
Protocol Length Info
1 0.000000 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 86 63730 → 587 [SYN] Seq=0
Win=64800 Len=0 MSS=1440 WS=256 SACK_PERM=1
2 0.013147 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 86 587 → 63730
[SYN, ACK] Seq=0 Ack=1 Win=28800 Len=0 MSS=1440 SACK_PERM=1 WS=128
3 0.013312 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=1 Ack=1
Win=132352 Len=0
4 0.029951 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 93 587 → 63730
[PSH, ACK] Seq=1 Ack=1 Win=28800 Len=19
5 0.070625 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 127 63730 → 587 [PSH, ACK] Seq=1
Ack=20 Win=132352 Len=53
6 0.085494 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 286 587 → 63730
[PSH, ACK] Seq=20 Ack=54 Win=28800 Len=212
7 0.086294 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 84 63730 → 587 [PSH, ACK] Seq=54
Ack=232 Win=132096 Len=10
8 0.122928 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 92 587 → 63730
[PSH, ACK] Seq=232 Ack=64 Win=28800 Len=18
9 0.126767 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TLSv1.2 591 Client Hello
10 0.156958 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 1514 Server Hello
11 0.157175 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 1514 Certificate
[TCP segment of a reassembled PDU]
12 0.157273 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=581
Ack=3130 Win=132352 Len=0
13 0.157518 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 478 Server Key
Exchange, Server Hello Done
14 0.166971 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TLSv1.2 200 Client Key Exchange, Change
Cipher Spec, Finished
15 0.167892 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 156 C: EHLO
[IPv6:2a00:6020:1eea:3420:0123:4567:89ab:cdef]
16 0.181976 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 125 Change Cipher
Spec, Finished
17 0.182685 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 301 S:
250-example.net Hello [IPv6:2a00:6020:1eea:3420:0123:4567:89ab:cdef]
[2a00:6020:1eea:3420:0123:4567:89ab:cdef] | SIZE 52428800 | 8BITMIME |
PIPELINING | AUTH PLAIN LOGIN CRAM-MD5 | HELP
18 0.182782 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=789
Ack=3812 Win=131584 Len=0
19 0.217679 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 118 C: AUTH CRAM-MD5
20 0.230962 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 145 S: 334
jkhdshkDHKJHSJHSdsd76dssgdhsgdsdds==
21 0.232729 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 165 C: DATA fragment, 62 bytes
22 0.251002 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 133 S: 235
Authentication succeeded
23 0.257750 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 151 C: MAIL FROM:<Ralf at example.com>
BODY=8BITMIME SIZE=575
24 0.273484 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 111 S: 250 OK
25 0.275312 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 132 C: RCPT TO:<ralf+10 at example.org>
26 0.289253 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted
27 0.290401 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+9 at example.org>
28 0.305279 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted
29 0.308128 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+8 at example.org>
30 0.321868 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted
31 0.323324 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+7 at example.org>
32 0.337179 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted
33 0.338365 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+6 at example.org>
34 0.397162 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730
[ACK] Seq=4151 Ack=1287 Win=29952 Len=0
35 0.602293 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted
36 0.603927 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+5 at example.org>
37 0.617940 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 138 S: 421
example.net lost input connection
38 0.619110 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730
[FIN, ACK] Seq=4258 Ack=1344 Win=29952 Len=0
39 0.619218 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=1344
Ack=4259 Win=131328 Len=0
40 2.596770 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TLSv1.2 105 Alert (Level: Warning,
Description: Close Notify)
41 2.596922 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [FIN, ACK] Seq=1375
Ack=4259 Win=131328 Len=0
42 2.617172 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730
[RST] Seq=4259 Win=0 Len=0
43 2.617302 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730
[RST] Seq=4259 Win=0 Len=0
----------- 8x -------------
After the 5th occurence of an RCPT verb (for address
"ralf+6 at example.org" in this case) the server seems to close the
connection:
----------- 8x -------------
33 0.338365 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+6 at example.org>
34 0.397162 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730
[ACK] Seq=4151 Ack=1287 Win=29952 Len=0
35 0.602293 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted
36 0.603927 2a00:6020:1eea:3420:0123:4567:89ab:cdef
2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<ralf+5 at example.org>
37 0.617940 2a01:4f8:fff:fff::2
2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 138 S: 421
example.net lost input connection
----------- 8x -------------
When I removed the above config snippet I could properly send the
message with more than 5 recipients.
Unfortunately at the moment I have no means of trying a more recent
version of Exim -- I can only update to the latest oldstable version.
Many thanks in advance for looking into this.
Kind regards,
Ralf
-- Package-specific info:
Exim version 4.89 #1 built 03-Sep-2019 18:01:38
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
-- System Information:
Debian Release: 9.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-11-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages exim4-daemon-heavy depends on:
ii debconf [debconf-2.0] 1.5.61
ii exim4-base 4.89-2+deb9u6
ii libc6 2.24-11+deb9u4
ii libdb5.3 5.3.28-12+deb9u1
ii libgnutls30 3.5.8-5+deb9u4
ii libldap-2.4-2 2.4.44+dfsg-5+deb9u3
ii libmariadbclient18 10.1.41-0+deb9u1
ii libpam0g 1.1.8-3.6
ii libpcre3 2:8.39-3
ii libperl5.24 5.24.1-3+deb9u5
ii libpq5 9.6.15-0+deb9u1
ii libsasl2-2 2.1.27~101-g0780600+dfsg-3+deb9u1
ii libsqlite3-0 3.16.2-5+deb9u1
exim4-daemon-heavy recommends no packages.
exim4-daemon-heavy suggests no packages.
-- debconf information:
exim4-daemon-heavy/drec:
More information about the Pkg-exim4-maintainers
mailing list