Package: exim4 Version: 4.92-8+deb10u1~bpo9+1 Severity: normal Tags: upstream
Dear Maintainer, I think that the bug #887489, which is already archived, is still persist. I have Debin 9 with backported Exim4 ( 4.92-8+deb10u1~bpo9+1 ) and the callout funciton in rcpt acl has as the same bad behavior as described in bug #887489. My acl rule in acl_smtp_rcpt : accept hosts = +relay_from_hosts !verify = recipient/defer_ok/callout=30s,defer_ok,use_sender ratelimit = NONEX_LIM / NONEX_PERIOD / per_rcpt / relayuser-$acl_m_user continue = ${run{SHELL -c "echo $acl_m_user \ >>$spool_directory/blocked_relay_users; \ \N{\N echo Subject: relay user $acl_m_user blocked; echo; echo \ because has sent mail to NONEX_LIM invalid recipients during NONEX_PERIOD.; \ \N}\N | NONEX_EXIMBINARY NONEX_WARNTO"}} control = freeze/no_tell control = submission/domain= add_header = X-Relayed-From: $acl_m_user And relay hosts sometimes get te following 421 error when sending email: "SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz) [84.242.100.166]" This is in Exim's debug log: 5272 tls_write(0x5639a0cfa550, 14) 5272 gnutls_record_send(SSL, 0x5639a0cfa550, 14) 5272 outbytes=14 5272 DSN: orcpt: NULL flags: 0 5272 Calling gnutls_record_recv(0x5639a0d8d410, 0x5639a11560e0, 4096) 5272 GnuTLS<3>: ASSERT: buffers.c[_gnutls_io_read_buffered]:587 5272 GnuTLS<3>: ASSERT: record.c[_gnutls_recv_int]:1473 5272 LOG: lost_incoming_connection MAIN 5272 SMTP command timeout on TLS connection from of.aira.cz (remote.aira.cz) [84.242.100.166] 5272 SMTP>> 421 holub.aira.cz: SMTP command timeout - closing connection The acl works well with comment out "callout" line. exim4: 2) Callout timeout in recipient verify can result in the lost of the TLS incoming connexion -- Package-specific info: Exim version 4.92 #3 built 21-Jul-2019 09:43:55 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated Configuration file is /etc/exim4/exim4.conf # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='local' dc_other_hostnames='holub.aira.cz' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' mailname:holub.aira.cz # /etc/default/exim4 EX4DEF_VERSION='' # 'combined' - one daemon running queue and listening on SMTP port # 'no' - no daemon running the queue # 'separate' - two separate daemons # 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4. # 'nodaemon' - no daemon is started at all. # 'queueonly' - only a queue running daemon is started, no SMTP listener. # setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4 QUEUERUNNER='combined' # how often should we run the queue QUEUEINTERVAL='10m' # options common to quez-runner and listening daemon COMMONOPTIONS='' # more options for the daemon/process running the queue (applies to the one # started in /etc/ppp/ip-up.d/exim4, too. QUEUERUNNEROPTIONS='' # special flags given to exim directly after the -q. See exim(8) QFLAGS='' # options for daemon listening on port 25 SMTPLISTENEROPTIONS='' -- System Information: Debian Release: 9.9 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages exim4 depends on: ii debconf [debconf-2.0] 1.5.61 ii exim4-base 4.92-8+deb10u1~bpo9+1 ii exim4-daemon-heavy 4.92-8+deb10u1~bpo9+1 exim4 recommends no packages. exim4 suggests no packages. -- debconf information: exim4/drec: