I'm having trouble sending email to a domain that uses exim 4.63. The problem occurs with sender verification.
I snooped the packets on my outgoing smtp server and saw the following exchange: ------------------------- I (198.144.198.191) open a connection from port 4500 to their (209.51.152.98) port 25. They try to connect to my port 113 for auth. I reply with an ICMP Destination Unreachable. Then we do a normal SMTP exchange. When I send "RCPT TO:", they start the sender verify: They open a connection from port 40774 to my port 25, sending SYN. I reply with SYN ACK. They reply with ACK, completing the opening of the connection. They send FIN ACK, immediately closing the connection. I reply to the initial open with an ACK, followed by the text "220 syzygy.com ESMTP". I then notice that they've closed the connection and send FIN ACK. They reply to my last ACK and data packets with a pair of RST packets, since they closed the connection without waiting for this data. Back on the port 4500 connection, they reply with "451 Could not complete sender verify callout". ----------------------------- Well, I looked at : http://www.exim.org/exim-html-3.00/doc/html/oview.html#SEC21 which says: Unfortunately, several mailers believe that any error response after the data for a message has been sent indicates a temporary error. Consequently, such mailers will continue to try to send a message that has been rejected as described above. To prevent this, whenever a message is rejected, Exim records the time, bad address, and host in a DBM database. If the same host sends the same bad address within 24 hours, it is rejected immediately at the MAIL FROM command. Sadly, even this doesn't stop some mailers from repeatedly trying to send the message. As a last resort, if the same host sends the same bad address for a third time in 24 hours, the MAIL FROM command is accepted, but all subsequent RCPT TO commands are rejected. If this does not stop a remote mailer then it is badly broken. Since my MAIL FROM command is being accepted, and the RCPT TO is being rejected, I'm guessing that I've landed in this DBM database. I know that qmail is retrying these messages. There are several curious things going on here. First, I have no idea why sender verify would have ever failed, since I've never seen any error other than the "451 Could not complete sender verify callout". There might be a configuration problem on my end, but I can't get any info to debug it. Second, the actual sender verify exchange doesn't seem to match what exim claims to do. I gather that it's supposed to actually present an email address and get back a yes/no reply from my side. Instead, it's just opening the connection and closing it, without waiting for my initial 220 string. Perhaps it's finding me in the database and decides it doesn't need to bother with the actual verification, so it just closes the connection. That would be very bad, since I wouldn't have any chance of fixing a problem once I got into that database. I'd have to flush my queue and not send any email to that domain for 24 hours. Most troubling, though, is that (according to the above link) exim expects me to stop retrying, and tells me this by giving me a 451 TRANSIENT error. Why would I stop trying when given a transient error? Does exim record the error in this database, and resend it each time with the same error code? That could explain the problem. Perhaps an actual transient error occurred, and I retried enough to get stuck in the database. Then, even though the error was fixed I still got an old copy of the transient error message. It seems far fetched. Can anyone tell from this what is going on? What other info is needed to figure this out? Thanks -eric -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
