Exim - retry time not reached for any host

Mike Clarke jmc-freebsd2 at milibyte.co.uk
Mon Jun 22 16:15:38 UTC 2020


On Monday, 22 June 2020 11:27:30 BST Daniel Lysfjord via freebsd-questions wrote:

> In your route_list, you have mail3.gridhost.co.uk, not that it should
> matter,

For some reason the service provider quotes mail3.gridhost.co.uk in their email setup instructions 
despite it advertising itself as mail.gridhost.co.uk.

> but you could try changing that to mail.gridhost.co.uk (or,
> possibly 95.142.156.18).

I have replaced mail3.gridhost.co.uk with 95.142.156.18 and tried another test while monitoring 
with wireshark. The output showed only 3 packets being transmitted:

No.	Time	Source	Destination	Protocol	Length	Info
1	0	192.168.1.13	95.142.156.18	TCP	74	
25272  >  465 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 
TSval=3438884996 TSecr=0
2	0.021859743	95.142.156.18	192.168.1.13	TCP	74	
465  >  25272 [SYN, ACK] Seq=0 Ack=1 Win=43440 Len=0 MSS=1452 SACK_PERM=1 
TSval=4269392837 TSecr=3438884996 WS=2048
3	0.021872274	192.168.1.13	95.142.156.18	TCP	54	
25272  >  465 [RST] Seq=1 Win=0 Len=0

And that was all there was, absolutely nothing after the RST packet.

I then tried your earlier suggestion of 'exim -Rf @gmail.com' and much to my surprise the email 
was sent

No.	Time	Source	Destination	Protocol	Length	Info
1	0.000000000	192.168.1.13	95.142.156.18	TCP	74	
12424 → 465 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 
TSval=2845252007 TSecr=0
2	0.021910067	95.142.156.18	192.168.1.13	TCP	74	
465 → 12424 [SYN, ACK] Seq=0 Ack=1 Win=43440 Len=0 MSS=1452 SACK_PERM=1 
TSval=4253626233 TSecr=2845252007 WS=2048
3	0.021923963	192.168.1.13	95.142.156.18	TCP	66	
12424 → 465 [ACK] Seq=1 Ack=1 Win=66752 Len=0 TSval=2845252029 TSecr=4253626233
4	0.033580346	192.168.1.13	95.142.156.18	TLSv1.2	364	
Client Hello
5	0.055654137	95.142.156.18	192.168.1.13	TCP	66	
465 → 12424 [ACK] Seq=1 Ack=299 Win=45056 Len=0 TSval=4253626267 TSecr=2845252041
6	0.064630882	95.142.156.18	192.168.1.13	TLSv1.2	1506	
Server Hello
7	0.065507499	95.142.156.18	192.168.1.13	TCP	1506	
465 → 12424 [PSH, ACK] Seq=1441 Ack=299 Win=45056 Len=1440 TSval=4253626276 
TSecr=2845252041 [TCP segment of a reassembled PDU]
8	0.065515730	192.168.1.13	95.142.156.18	TCP	66	
12424 → 465 [ACK] Seq=299 Ack=2881 Win=65344 Len=0 TSval=2845252073 
TSecr=4253626276
9	0.065646720	95.142.156.18	192.168.1.13	TLSv1.2	823	
Certificate, Server Key Exchange, Server Hello Done
10	0.066717836	192.168.1.13	95.142.156.18	TLSv1.2	192	
Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
11	0.088334588	95.142.156.18	192.168.1.13	TCP	66	
465 → 12424 [ACK] Seq=3638 Ack=425 Win=45056 Len=0 TSval=4253626299 
TSecr=2845252074
12	0.088559696	95.142.156.18	192.168.1.13	TLSv1.2	117	
Change Cipher Spec, Encrypted Handshake Message
13	0.188244024	192.168.1.13	95.142.156.18	TCP	66	
12424 → 465 [ACK] Seq=425 Ack=3689 Win=66752 Len=0 TSval=2845252196 
TSecr=4253626300
14	0.209855921	95.142.156.18	192.168.1.13	TLSv1.2	132	
Application Data

... and continued with more traffic until completion.

Just in case I'd got lucky with the random way that retries appear to work I tried the same process 
again. This time the first 'exim -Rf' failed to release the email but a second attempt worked.

So it looks as if, for me at least, exim 4.94 has a high probability of failing to set up a SSL 
connection, especially on it's first attempt.

The wireshark output for the successful connection shows the same pattern as I see with 4.93 
which always connects successfully at the first attempt.

> It seems like your successful attempt are at
> 95.142.156.18(mail.gridhost.co.uk), but fails at
> 95.142.156.8(mail-beta.gridhost.co.uk),
> 95.142.156.16(mail1-a.eqx.gridhost.co.uk) and
> 95.142.156.28(mail4-e.eqx.gridhost.co.uk).
> 
> Could it be that you're finding a corner case in exim, because of that
> circular dns resolving? mail.gridhost.co.uk does have multiple A
> records, one of those has a PTR back to mail.gridhost.co.uk, where the
> rest does not.

I don't think there's any significance of the successful connection being made with 95.142.156.18, 
probably just the luck of the draw that it was that one that came up first that time. There were just 
as many failures with that address as with the other three over repeated retries in the test in my 
earlier post in this thread. Anyway my latest tests restricted exim to use only 95.142.156.18.

> What SSL library is your exim compiled with?

I installed exim from packages and can't see any obvious reference to which SSL library it uses but I 
assume it will be the standard version in base.

-- 
Mike Clarke


More information about the freebsd-questions mailing list