Your message dated Sat, 29 Feb 2020 13:59:46 +0100 with message-id <[email protected]> and subject line Bug#948271: exim4-daemon-heavy: smtp_ratelimit_rcpt breaks connection instead of just delaying RCPT verbs has caused the Debian Bug report #948271, regarding exim4-daemon-heavy: smtp_ratelimit_rcpt breaks connection instead of just delaying RCPT verbs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 948271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948271 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: exim4-daemon-heavy Version: 4.89-2+deb9u6 Severity: normal Dear Maintainer, I have the following config snippet active to hamper spammers brute-force trying local-parts on my server: ----------- 8x ------------- smtp_ratelimit_hosts = * smtp_ratelimit_rcpt = 4,0.25s,1.2,4m ----------- 8x ------------- I tried to send a message from Thunderbird to 10 recipients, but instead of accepting the message an SMTP-level error occurred. Same happened with macOS Mail client. Apparently the implementation of Exim is faulty, because instead of just delaying RCPT verbs it seems to close the connection. Here's a network capture I made: ----------- 8x ------------- No. Time Source Destination Protocol Length Info 1 0.000000 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 86 63730 → 587 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 WS=256 SACK_PERM=1 2 0.013147 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 86 587 → 63730 [SYN, ACK] Seq=0 Ack=1 Win=28800 Len=0 MSS=1440 SACK_PERM=1 WS=128 3 0.013312 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=1 Ack=1 Win=132352 Len=0 4 0.029951 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 93 587 → 63730 [PSH, ACK] Seq=1 Ack=1 Win=28800 Len=19 5 0.070625 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 127 63730 → 587 [PSH, ACK] Seq=1 Ack=20 Win=132352 Len=53 6 0.085494 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 286 587 → 63730 [PSH, ACK] Seq=20 Ack=54 Win=28800 Len=212 7 0.086294 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 84 63730 → 587 [PSH, ACK] Seq=54 Ack=232 Win=132096 Len=10 8 0.122928 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 92 587 → 63730 [PSH, ACK] Seq=232 Ack=64 Win=28800 Len=18 9 0.126767 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TLSv1.2 591 Client Hello 10 0.156958 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 1514 Server Hello 11 0.157175 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 1514 Certificate [TCP segment of a reassembled PDU] 12 0.157273 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=581 Ack=3130 Win=132352 Len=0 13 0.157518 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 478 Server Key Exchange, Server Hello Done 14 0.166971 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TLSv1.2 200 Client Key Exchange, Change Cipher Spec, Finished 15 0.167892 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 156 C: EHLO [IPv6:2a00:6020:1eea:3420:0123:4567:89ab:cdef] 16 0.181976 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TLSv1.2 125 Change Cipher Spec, Finished 17 0.182685 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 301 S: 250-example.net Hello [IPv6:2a00:6020:1eea:3420:0123:4567:89ab:cdef] [2a00:6020:1eea:3420:0123:4567:89ab:cdef] | SIZE 52428800 | 8BITMIME | PIPELINING | AUTH PLAIN LOGIN CRAM-MD5 | HELP 18 0.182782 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=789 Ack=3812 Win=131584 Len=0 19 0.217679 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 118 C: AUTH CRAM-MD5 20 0.230962 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 145 S: 334 jkhdshkDHKJHSJHSdsd76dssgdhsgdsdds== 21 0.232729 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 165 C: DATA fragment, 62 bytes 22 0.251002 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 133 S: 235 Authentication succeeded 23 0.257750 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 151 C: MAIL FROM:<[email protected]> BODY=8BITMIME SIZE=575 24 0.273484 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 111 S: 250 OK 25 0.275312 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 132 C: RCPT TO:<[email protected]> 26 0.289253 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted 27 0.290401 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 28 0.305279 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted 29 0.308128 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 30 0.321868 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted 31 0.323324 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 32 0.337179 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted 33 0.338365 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 34 0.397162 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730 [ACK] Seq=4151 Ack=1287 Win=29952 Len=0 35 0.602293 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted 36 0.603927 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 37 0.617940 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 138 S: 421 example.net lost input connection 38 0.619110 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730 [FIN, ACK] Seq=4258 Ack=1344 Win=29952 Len=0 39 0.619218 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [ACK] Seq=1344 Ack=4259 Win=131328 Len=0 40 2.596770 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TLSv1.2 105 Alert (Level: Warning, Description: Close Notify) 41 2.596922 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 TCP 74 63730 → 587 [FIN, ACK] Seq=1375 Ack=4259 Win=131328 Len=0 42 2.617172 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730 [RST] Seq=4259 Win=0 Len=0 43 2.617302 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730 [RST] Seq=4259 Win=0 Len=0 ----------- 8x ------------- After the 5th occurence of an RCPT verb (for address "[email protected]" in this case) the server seems to close the connection: ----------- 8x ------------- 33 0.338365 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 34 0.397162 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef TCP 74 587 → 63730 [ACK] Seq=4151 Ack=1287 Win=29952 Len=0 35 0.602293 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 117 S: 250 Accepted 36 0.603927 2a00:6020:1eea:3420:0123:4567:89ab:cdef 2a01:4f8:fff:fff::2 SMTP 131 C: RCPT TO:<[email protected]> 37 0.617940 2a01:4f8:fff:fff::2 2a00:6020:1eea:3420:0123:4567:89ab:cdef SMTP 138 S: 421 example.net lost input connection ----------- 8x ------------- When I removed the above config snippet I could properly send the message with more than 5 recipients. Unfortunately at the moment I have no means of trying a more recent version of Exim -- I can only update to the latest oldstable version. Many thanks in advance for looking into this. Kind regards, Ralf -- Package-specific info: Exim version 4.89 #1 built 03-Sep-2019 18:01:38 Copyright (c) University of Cambridge, 1995 - 2017 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file is /etc/exim4/exim4.conf -- System Information: Debian Release: 9.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-11-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages exim4-daemon-heavy depends on: ii debconf [debconf-2.0] 1.5.61 ii exim4-base 4.89-2+deb9u6 ii libc6 2.24-11+deb9u4 ii libdb5.3 5.3.28-12+deb9u1 ii libgnutls30 3.5.8-5+deb9u4 ii libldap-2.4-2 2.4.44+dfsg-5+deb9u3 ii libmariadbclient18 10.1.41-0+deb9u1 ii libpam0g 1.1.8-3.6 ii libpcre3 2:8.39-3 ii libperl5.24 5.24.1-3+deb9u5 ii libpq5 9.6.15-0+deb9u1 ii libsasl2-2 2.1.27~101-g0780600+dfsg-3+deb9u1 ii libsqlite3-0 3.16.2-5+deb9u1 exim4-daemon-heavy recommends no packages. exim4-daemon-heavy suggests no packages. -- debconf information: exim4-daemon-heavy/drec:
--- End Message ---
--- Begin Message ---Version: 4.93-1 On 2020-01-11 Andreas Metzler <[email protected]> wrote: > On 2020-01-06 "Ralf G. R. Bergs" <[email protected]> wrote: [...] > I cannot reproduce this with 4.93, it just works as expected. Marking as fixed accordingly.
--- End Message ---
