[Pkg-exim4-users] rspamd spam scanning fails after upgrade to 4.88 bpo on jessie

Thomas Hager duke at sigsegv.at
Wed Jan 25 21:09:33 UTC 2017

On Wed, 2017-01-25 at 08:19 +0100, Andreas Metzler wrote:
> Thomas Hager <duke at sigsegv.at> wrote:
> > I updated Exim on my jessie box to 4.88-4~bpo8+1 a few days ago and
> > discovered about now that the update broke spam scanning with
> > rspamd.
> > From the logs:
> > 2017-01-22 08:59:55 1cVD46-0004AB-QI spam acl condition: spamd:
> > failed
> > to connect to any address for Broken pipe
> > 2017-01-22 08:59:55 1cVD46-0004AB-QI spam acl condition: all spamd
> > servers failed
> [...]
> > Before I take this to the upstream list I'd like to verify if this
> > is
> > an issue with the 4.88 bpo package on jessie.
> Hello,
> I would be surprised if this was Debian specific. There was a similar
> report in December.
> http://lists.alioth.debian.org/pipermail/pkg-exim4-users/2016-Decembe
> r/002368.html
Hi Andreas,

I cc the Exim users list now, because I found the code, which causes
the described connection failures.

To begin with, reverting the patch described in
https://bugs.exim.org/show_bug.cgi?id=1802 didn't fix the error.

So I dug deeper and found commit fb05276a ("TCP Fast Open"). 

If TCP_FASTOPEN is defined in netinet/tcp.h, Exim 4.88 uses
MSG_FASTOPEN for STREAM sockets. If TFO is not available, the code in
ip.c catches an EOPNOTSUPP error in the call to sendto() and falls back
to connect(). On jessie, sendto() doesn't raise an EOPNOTSUPP error
when Exim tries to connect to rspamd with MSG_FASTOPEN, but raises an
EPIPE error instead.

This error is not caught and Exim is unable to connect to the rspamd
process running on my box.

A small patch fixed this error (see below), but I don't know if this is
the best approach. Maybe Exim should verify if TFO is available and
enabled before using TFO at all on a Linux server.


diff --git a/src/src/ip.c b/src/src/ip.c
index 8bb6bed..9d82e49 100644
--- a/src/src/ip.c
+++ b/src/src/ip.c
@@ -236,7 +236,7 @@ connect in FASTOPEN mode but with zero data.
 if (fastopen)
   if (  (rc = sendto(sock, NULL, 0, MSG_FASTOPEN, s_ptr, s_len)) < 0
-     && errno == EOPNOTSUPP
+     && (errno == EOPNOTSUPP || errno == EPIPE )

Thomas "Duke" Hager                               duke at sigsegv.at
GPG: 2048R/791C5EB1            http://www.sigsegv.at/gpg/duke.gpg
"Never Underestimate the Power of Stupid People in Large Groups."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20170125/976dff92/attachment.sig>

More information about the Pkg-exim4-users mailing list