Brent Bloxam wrote: > I'm trying to figure out how this issue is occurring and how to stop it. > Somehow messages are getting into our inbound Exim spool without any \n > at the end. When our outbound Exim process tries to deliver these mails, > they fail as Exim outputs '.' on the same line as the one it just sent. > I've verified this by capturing the SMTP conversation from both sides > with tcpdump > > tcpdump shows the following being sent at the end: > >> <!--www.https://example.com--><!--www.https://example.com-->. > > Eventually the receiving MTA responds > >> 421 Lost incoming connection > > Passing the message in the spool through `od`, I see > >> 0011700 e . c o m - - > > > No \ns. These messages getting stuck in the spool seem to only ever be > spam. What I see in the outbound log, > >> /var/log/exim/eximout.log:2009-12-21 08:00:00 1NLolk-0003aD-3V == >> [email protected] >> R=Storage T=Storage defer (-46): SMTP error from remote mail server after >> end of >> data: host 192.168.1.3 [192.168.1.3]: 421 mda.local SMTP incoming data >> timeout - >> closing connection. > > Does anyone have any ideas? "message_suffix" sounded like it would have > been a good bandaid, but it only applies to appendfile and pipe. >
Where are these problematic messages originating? i.e. - local. 'non-smtp' on-box process? (less common, on-box smtp process..) - smtp incoming from a(n alleged) peer MTA? (you mentioned spam..) - AUTH'ed user with (compromised) MUA? 2 and 3 can be stopped easily in an ACL. The first needs a bit more work - but very much worth it. Once you block their arrival, all the other problems (queue, delivery) go away. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
