logs archiveIRC Archive / Freenode / #exim / 2010 / March / 10 / 1
djce
Yeretik: http://www.exim.org/exim-html-current/doc/html/spec_html/ch49.html#SECTlogselector
Joelio
Hi, I'm running exim on a number of mail bastions.. since the upgrade to Debian Lenny from Etch (both dist-upgrades and fresh installs on AMD64 and i386) there seems to be occasional timeouts when connecting to port 25
I've notced Nagios is picking up the alert, only about a minute of outage however
Anyone else here seen it? kernel is 2.6.26-2 and exim 4.68
petemc
anything in the logs?
is the load on the machine high when this happens?
Joelio
Nothing that I've noticed that sticks out
Not massively
we're doing av and spam scanning too..
There's a lot of incoming mail, but we've got about 7 bastions doing the mail processing, all fairly beefy
petemc
watch the logs more closely and look at which processes are consuming resources
Joelio
Strange thing is.. when we switch to the older Etch kernel on the dist-upgraded boxes, the issue goes away
petemc
anything in dmesg/syslog/messages?
Joelio
hmm, [1142382.901068] nf_conntrack: table full, dropping packet.
we've got some custom iptables stuff.. might be the issue
Jello_cm
Hello, can someone point me to some good sites/info/tut/documentation to the next item: I want to deny sending mails to a certain domain. A mail send to 'xxx.com' for example should be dropped. I can't find it. The issue is: MajorDomo gets a mail 'mailbox is full', majordomo responds: 'invalid responds', host replies: inbox full, etc. infinity loop. Any suggestions?
         

iamkoos
hello. anyone know how i can get exim to log recipients of messages that were deny'd after DATA and during MIME ACL checks?
log_selector = +received_recipients # doesn't seem to have the desired result
+all neither ...
solution: using log_message with $recipients
Orbixx_
I'm trying to use a chained certificate with exim in order to use tls.
Orbixx
However, when I add the root ca and intermediate, it refuses to advertise tls.
Zathraz
I have a system filter catching sender&topic and delivering things to shared mailboxes on Cyrus IMAP. This works fine except for 1 type of mail. It depends on who is sending to whom. Even if I just catch the subject the result (delivered to root, to :blackhole: or to the correct shared fodler) differs. How can I debug this please?
Orbixx
fyi, above
Certificate chain was in reverse.
petemc
Zathraz: exim -bh 1.2.3.4
Zathraz
petemc, all mail is send and received on localhost
petemc
ok, exim -bh 127.0.0.1
Zathraz
ok. so it resolves only the name in one case and I get an entry to the daemon?
http://pastebin.ca/1831886
so, the mail is caught by the filter but yet :blackhole:-d
Joelio
Hello, I asked yesterday but am still no closer to a resolution.. having issues with port 25 timeouts running Exim on Debian Lenny's kernel..
The boxes aren't that loaded
If I use Etch kernel, they're fine
petemc
you mentioned other network problems
so its likely not an exim issue
Joelio
Nothing iptables related I think
yea, just seeing if anyone else has seen it
and could offer advice
asked on other channels
no luck so fart
far even
haha
petemc
parp
Joelio
It's holding off upgrade work to the rest of the mail bastions as we don't want random timeouts we can't explain
petemc
you would need some logs for anyone to help you, otherwise its just guess work
Joelio
Removed the ipt_recent stuff I was talking about yesterdat, not made a different..
Yea, there's nothing in the logs though
exim still processes outbound mail
but incoming just stops
different hardware too
some have been fresh install, some dist-upgrades
petemc
i cant imagine exim just stopping without some indication of that in its logs
Joelio
It's not just stopping though
it's locking port 25, get timeouts
If I run a exiwhat | egrep incoming | wc -l I can see there's about 100 incoming on avergage
some of the etch boxes are doing 2x that without worring
It's really random
I asked on #kernel but they were less than helpful
oh well
petemc
you're too vague
what you're saying is all very hand wavey
so you wont get help
Joelio
I wish I could be more descriptive, this is all I have to go on though
when it does happe, it's only like for a minute or two, doesn't give a lot of time for diagnosis
I've got the times that nagios has picked up the timeouts. cross referenced that -+10Mins but nothing in logs
         

petemc
and in other logs for that time period?
syslog etc
Joelio
yes, giving a little extra either side for the monitoring lag
only about 5mins..
tai l
Ahh, happening now
incomign dropped to 1 connection..
[exim4] <defunct>
is that normal is a ps aux?
everything in a SYN_RECV state to port 25
fair amoutn of CLOSE_WAIT too
petemc
Joelio: i generally only see that when the machine has a high load
often caused by spamassassin
Joelio
15:54:35 up 1 day, 33 min, 1 user, load average: 0.01, 0.33, 0.84
petemc
any other processes having problems?
Joelio
nope
petemc
you could try deleting your hints files etc, see if that helps
otherwise, my advice would be not to use that kernel, as useful as that is
Joelio
Yea, might try a backported kernel.. see if it still happens
really clutching at straws now
definitely something kernel/stack related though
cheers for your help!
petemc
i havent helped much, but np
Zathraz
Joelio, what kernel are you using?
2.6.8 stock?
Joelio
2.6.26-2-amd64 (and i386)
stock lenny
Zathraz
I have no issues with that
(yes 2.6.8 was etch I believe)
Joelio
2.6.18 was etch
Zathraz
ah. missed the 1. sorry
Joelio
2.6.8 was sarge with 2.6 kernel
:)
Zathraz
have been using Debian for too long....
Joelio
Just fired a backported kernel on (.32) see how that goes
get the feeling I'm clutching at straws and it's some way out crazy implementation workd
works even
Wow, this server is running significantly hotter now.. load's 20 (was about 2).. going from bad to worse! :(
ls
oops wrong term
Zathraz
Joelio, iirc this is a known "feature" on some hardware. Check bugbase. Recommendation was to use a lower version kernel
do not know the current state/recommendation
Joelio
Zathraz: Sorted the load issue.. we use mysql to share statistics.. the table must have corrupted itself
run a mysiamchk.. load now at 0.32 :)
mebus
Hi ! Is it a problem if I got an MX record on a Domain that is the MX record of another domain ?
petemc
no
magneto
hello mail senders
mebus
petemc: I'm just wondering why some mails don't arrive.
magneto
i'm not looking for hand outs but I am a beginner... running exim as a send-only mail server means that i don't have to worry about the responsibility of guarding against spam viruses?
mebus
Is it a good idea to check wether a sender mail server has got a DNS A record ?
petemc
some places check forward and reverse
CunningPike
magneto: Ideally, you would scan your outbound mail for viruses
mebus: We gave it up - so many mail servers are not set up properly, and the bad ones fail other checks anyway
magneto
but i am starting small, just need it for my website user registration and password resets
CunningPike
mebus: It adds very little
mebus
CunningPike: hm. So I will remove it again.
CunningPike
mebus: If you think you're rejecting mail, look in your logs
magneto
thx for your help CunningPike, i will continue to research
unless sending automated e-mails for website user account management really does required virus scanning i will not do that over head for the time being as i start out
FabTG
hi everyone
which MDA do you advice to me to work with exim?
petemc
exim has its own
it works well
FabTG
ok so i don't need external program... do you know if it exists a web front end for delivery rules?
magneto
i just read the wiki that exim does not have a GUI so ... ( to FabTG)
petemc
FabTG: im not aware of any, there are some for sieve iirc
exim filter syntax is trivial tho
(which is what you use to configure the MDA)
FabTG
petemc: ok i will then have a look into the syntax, thanks
petemc
np
smitty519
X Anti Abuse Headers - How to remove?
or, better yet, what causes them to be inserted?
petemc
nothing in a default exim config
headers_remove can be used to remove headers
smitty519
petemc: Do you know why they get added?
petemc
no
smitty519
I've found documentation that says they'll only be added if you have a headers_add in the config.
I don't have a headers_add for them in my config, but they're added anyway.
next »