Mailing List Archive: exim: users

sending to only one domain per connection

Index | Next | Previous | View Threaded

mstan at asesoft

Jun 26, 2012, 5:59 AM

Post #1 of 11 (885 views)
Permalink

sending to only one domain per connection

Hello,

I guess you're already aware of the new limits imposed by google-hosted mail servers:
"Multiple destination domains per transaction is unsupported"
This caused a LOT of bounces lately and I still haven't figured out what to do...

Any ideas on some transport/driver magic ?

Thanks,
Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D.H.Davis at bath

Jun 27, 2012, 6:29 AM

Post #2 of 11 (874 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On Tue, 26 Jun 2012, Marius Stan wrote:

> From: Marius Stan <mstan [at] asesoft>
> To: exim-users [at] exim
> Date: Tue, 26 Jun 2012 13:59:28
> Subject: [exim] sending to only one domain per connection
>
> I guess you're already aware of the new limits imposed by
> google-hosted mail servers:
> "Multiple destination domains per transaction is unsupported"

Nope, not seen this before.

> This caused a LOT of bounces lately and I still haven't figured
> out what to do...
>
> Any ideas on some transport/driver magic ?

What do they mean by "transaction"?

I've never tried this, but will setting:

multi_domain = false

on the appropriate smtp transport do what you want?

You may also need:

connection_max_messages = 1

if they're restricting a transaction to a single message per TCP/IP
connection.

...all sounds a bit primitive to me. Perhaps they should be using
exim as their smtp server...
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis [at] bath Phone: +44 1225 386101

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D.H.Davis at bath

Jun 27, 2012, 7:02 AM

Post #3 of 11 (867 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On Wed, 27 Jun 2012, Dennis Davis wrote:

> From: Dennis Davis <D.H.Davis [at] bath>
> To: Marius Stan <mstan [at] asesoft>
> Cc: exim-users [at] exim
> Date: Wed, 27 Jun 2012 14:29:54
> Subject: Re: [exim] sending to only one domain per connection

...

> ...all sounds a bit primitive to me. Perhaps they should be using
> exim as their smtp server...

Oh boy, strike out "a bit primitive" and submit phrases such as
"Mickey Mouse", "blatant incompetence" etc. And I should apologise
to Mickey Mouse as well. He isn't in the same company.

I had a message delivery failure for the message sent to:

Marius Stan <mstan [at] asesoft>

Here's the exim log:

2012-06-27 14:29:55 1SjsJf-0001iT-CI H=hinault.bath.ac.uk [138.38.56.28] I=[138.38.0.34]:587 Warning: X-mailer: id=<alpine.BSO.2.02.1206271422470.24739 [at] bath> Client=Alpine 2.02 (BSO 1266 2009-07-14) User=D.H.Davis [at] bath
2012-06-27 14:29:56 1SjsJf-0001iT-CI <= D.H.Davis [at] bath H=hinault.bath.ac.uk [138.38.56.28] I=[138.38.0.34]:587 P=esmtpsa X=TLSv1:DHE-RSA-AES256-SHA:256 A=cyrus_sasl_authenticator:ccsdhd S=1879 id=alpine.BSO.2.02.1206271422470.24739 [at] bath
2012-06-27 14:30:04 1SjsJf-0001iT-CI ** mstan [at] asesoft R=internet_domains T=internet_smtp: SMTP error from remote mail server after end of data: host mail.asesoft.ro [86.105.247.13]: 550-Your message Re: [exim] sending to only one domain per connection scored\n550-7.5 spam points. Report follows:\n550-Spam detection software, running on the system "mail", has\n550-identified this incoming email as possible spam. The original message\n550-has been attached to this so you can view it (if it isn't spam) or label\n550-similar future email. If you have any questions, see\n550-the administrator of that system for details.\n550-Content preview: On Tue, 26 Jun 2012, Marius Stan wrote: > From:\n550-Marius Stan\n550-<mstan [at] asesoft> > To: exim-users [at] exim > Date:\n550-Tue, 26 Jun 2012 13:59:28\n550-> Subject: [exim] sending to only one domain per connection > > I guess\n550-you're\n550-already aware of the new limits imposed by > google-hosted mail servers:\n550-> "Multiple destination domains per transaction is unsupported" [...]\n550-Content analysis details: (7.5 points, 5.0 required)\n550-pts r
2012-06-27 14:30:13 1SjsJf-0001iT-CI => exim-users [at] exim R=internet_domains T=internet_smtp H=tahini.csx.cam.ac.uk [131.111.8.192]
2012-06-27 14:30:14 1SjsJy-0001kd-9k <= <> R=1SjsJf-0001iT-CI U=exim P=local S=3686
2012-06-27 14:30:14 1SjsJf-0001iT-CI Completed

Look to me like they've set up Spamassassin, or something similar,
to score very highly because my message contained the lines:

To: Marius Stan <mstan [at] asesoft>
Cc: exim-users [at] exim

Certainly goes against the Spamassassin philosophy of not having one
thing cause a massive score.

If this is Google at work, then obviously it's their mail servers
and they can do what they like. And Google are big enough to throw
their weight about. Even though this is incompetent, bully-boy
tactics.

My advice is to not use such mail servers. Look for competence in
your service providers.

Tee-hee, this message also contains the lines:

To: Marius Stan <mstan [at] asesoft>
Cc: exim-users [at] exim

so I'm expecting another failure.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis [at] bath Phone: +44 1225 386101

D.H.Davis at bath

Jun 27, 2012, 7:11 AM

Post #4 of 11 (865 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On Wed, 27 Jun 2012, Dennis Davis wrote:

> From: Dennis Davis <D.H.Davis [at] bath>
> To: Marius Stan <mstan [at] asesoft>
> Cc: exim-users [at] exim
> Date: Wed, 27 Jun 2012 15:02:29
> Subject: Re: [exim] sending to only one domain per connection

...

> Tee-hee, this message also contains the lines:
>
> To: Marius Stan <mstan [at] asesoft>
> Cc: exim-users [at] exim
>
> so I'm expecting another failure.

And, sure enough, I got one.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis [at] bath Phone: +44 1225 386101

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

iane at sussex

Jun 27, 2012, 7:38 AM

Post #5 of 11 (869 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On 27 Jun 2012, at 15:02, Dennis Davis wrote:
>
> re's the exim log:
>
>
> 2012-06-27 14:29:55 1SjsJf-0001iT-CI H=hinault.bath.ac.uk [138.38.56.28] I=[138.38.0.34]:587 Warning: X-mailer: id=<alpine.BSO.2.02.1206271422470.24739 [at] bath> Client=Alpine 2.02 (BSO 1266 2009-07-14) User=D.H.Davis [at] bath
> 2012-06-27 14:29:56 1SjsJf-0001iT-CI <= D.H.Davis [at] bath H=hinault.bath.ac.uk [138.38.56.28] I=[138.38.0.34]:587 P=esmtpsa X=TLSv1:DHE-RSA-AES256-SHA:256 A=cyrus_sasl_authenticator:ccsdhd S=1879id=alpine.BSO.2.02.1206271422470.24739 [at] bath
> 2012-06-27 14:30:04 1SjsJf-0001iT-CI ** mstan [at] asesoft R=internet_domains T=internet_smtp: SMTP error from remote mail server after end of data: host mail.asesoft.ro [86.105.247.13]: Your message Re: [exim] sending to only one domain per connection scored\n7.5 spam points. Report follows:\nSpam detection software, running on the system "mail", has\nidentified this incoming email as possible spam. The original message\nhas been attached to this so you can view it (if it isn't spam) or label\nsimilar future email. If you have any questions, see\nthe administrator of that system for details.\nContent preview: On Tue, 26 Jun 2012, Marius Stan wrote: > From:\nMarius Stan\n<mstan [at] asesoft> > To: exim-users [at] exim > Date:\nTue, 26 Jun 2012 13:59:28\n> Subject: [exim] sending to only one domain per connection > > I guess\nyou're\nalready aware of the new limits imposed by > google-hosted mail servers:\n> "Multiple destination domains per transaction is unsupported" [...]\nContent analysis details: (7.5 points, 5.0 required)\npts r
> 2012-06-27 14:30:13 1SjsJf-0001iT-CI => exim-users [at] exim R=internet_domains T=internet_smtp H=tahini.csx.cam.ac.uk [131.111.8.192]
> 2012-06-27 14:30:14 1SjsJy-0001kd-9k <= <> R=1SjsJf-0001iT-CI U=exim P=local S=3686
> 2012-06-27 14:30:14 1SjsJf-0001iT-CI Completed
>
>
> Look to me like they've set up Spamassassin, or something similar,
> to score very highly because my message contained the lines:
>
> To: Marius Stan <mstan [at] asesoft>
> Cc: exim-users [at] exim

I don't think it does. I had to unpack the message to read it properly. Converting the carriage returns, and stripping the 550-s etc, it reads thus:

Your message Re: [exim] sending to only one domain per connection scored 7.5 spam points.
Report follows: Spam detection software, running on the system "mail", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see the administrator of that system for details.
Content preview: On Tue, 26 Jun 2012, Marius Stan wrote:
> From: Marius Stan <mstan [at] asesoft>
> To: exim-users [at] exim
> Date: Tue, 26 Jun 2012 13:59:28
> Subject: [exim] sending to only one domain per connection
>
> I guess you're already aware of the new limits imposed by
> google-hosted mail servers:
> "Multiple destination domains per transaction is unsupported" [...]
Content analysis details: (7.5 points, 5.0 required) pts

I don't think that the content preview is related to the spam score. It just helps you to identify the message. The error tells you that you got 7.5 points, but doesn't give a reason.

Also, I don't see a connection between asesoft.ro and Google.

--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

graeme at graemef

Jun 27, 2012, 7:55 AM

Post #6 of 11 (868 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On Tue, 2012-06-26 at 15:59 +0300, Marius Stan wrote:
> I guess you're already aware of the new limits imposed by google-hosted mail servers:
> "Multiple destination domains per transaction is unsupported"
> This caused a LOT of bounces lately and I still haven't figured out what to do...
>
> Any ideas on some transport/driver magic ?

No, but I don't see that we need to. This only seems to be active on
servers under the name aspmx.l.google.com; in the same session Exim
falls back to the other MX records for the domain(s) in question and
send the remaining messages down that connection instead.

Although this is not strictly RFC compliant behaviour I have not seen it
actually cause any problems whatsoever - perhaps a one or two second
delay in delivery to Google, that's all.

I think I'll ask our work Google Apps contacts about it, see what they
say.

Graeme

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

iane at sussex

Jun 27, 2012, 8:03 AM

Post #7 of 11 (866 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On 27 Jun 2012, at 14:29, Dennis Davis wrote:
> On Tue, 26 Jun 2012, Marius Stan wrote:
>
>> From: Marius Stan <mstan [at] asesoft>
>> To: exim-users [at] exim
>> Date: Tue, 26 Jun 2012 13:59:28
>> Subject: [exim] sending to only one domain per connection
>>
>> I guess you're already aware of the new limits imposed by
>> google-hosted mail servers:
>> "Multiple destination domains per transaction is unsupported"
>
> Nope, not seen this before.
>
>> This caused a LOT of bounces lately and I still haven't figured
>> out what to do�

Well, they're 4xx errors, so unless you're sending messages to an awful lot of Google hosted domains, then you should look at your retry rules. Retry more frequently for better success.

>>
>> Any ideas on some transport/driver magic ?
>
> What do they mean by "transaction"?

Well, they certainly mean per message, which is reasonable. I see messages where ASPMX.L.GOOGLE
.COM has accepted the message for a recipient in one domain, then deferred for a different domain. I presume that this is so that they can have different content filtering policies for different domains.

That's a variation on a problem that we've discussed on this list in the past: how to allow different filtering per recipient, while still rejecting at SMTP time and not later.

The best solution with SMTP is to have filtering classes, and defer recipients when they have a different filtering class than the first recipient. Too many classes, and the message gets deferred too many times.

I don't remember discussing this in the context of a system hosting multiple domains, but it seems like a reasonable middle ground, to allow different domains administrators to have different filtering rules.

> I've never tried this, but will setting:
>
> multi_domain = false
>
> on the appropriate smtp transport do what you want?

That looks like it might be useful. It should get these messages delivered faster.

> You may also need:
>
> connection_max_messages = 1
>
> if they're restricting a transaction to a single message per TCP/IP
> connection.

Well, I think it's one recipient domain per SMTP session. I do see messages where the first Google hosted recipient is deferred. That seems over the top to me, but it might throw some spammers off track.

I'm not sure how Exim goes about gathering multiple messages for delivery through one SMTP session, but I'd experiment with multi_domain = false, and see how it goes. If you still see defers, then try this, too.

>
> ...all sounds a bit primitive to me. Perhaps they should be using
> exim as their smtp server...

Maybe they are, but it wouldn't help if they're doing what I think they're doing, for the reasons that I think they're doing it!

What would be nice would be an SMTP option to switch to LMTP. Then every recipient could have a different rule set.
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Jun 27, 2012, 2:39 PM

Post #8 of 11 (865 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On 2012-06-27 at 15:02 +0100, Dennis Davis wrote:
> Oh boy, strike out "a bit primitive" and submit phrases such as
> "Mickey Mouse", "blatant incompetence" etc. And I should apologise
> to Mickey Mouse as well. He isn't in the same company.

> 2012-06-27 14:30:04 1SjsJf-0001iT-CI ** mstan [at] asesoft
> R=internet_domains T=internet_smtp: SMTP error from remote mail server after end of data:
> host mail.asesoft.ro [86.105.247.13]: 550-Your message Re: ...

That IP address belongs to SC-2K-TELECOM-SRL in Romania. All of
Google's IP blocks are registered to them, when last I checked.

So this isn't Google.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Jun 27, 2012, 3:05 PM

Post #9 of 11 (869 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On 2012-06-27 at 15:55 +0100, Graeme Fowler wrote:
> No, but I don't see that we need to. This only seems to be active on
> servers under the name aspmx.l.google.com; in the same session Exim
> falls back to the other MX records for the domain(s) in question and
> send the remaining messages down that connection instead.

Hrm. It seems like multi_domain should be expanded so we can write:

domainlist singleton_servers = *.google.com
# ...
remote_smtp:
multi_domain = ${if match_domain{$host}{+singleton_servers} {yes}{no}}

but the way the code is written now, we set multi_domain early and use
it later in making decisions, such as picking the data structure which
contains the host list that will be used to set $host. Although
same_hosts() should protect us against that.

It will need more thought (and I don't have time right now) rather than
diving in, but this seems like it might be worth pursuing.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mstan at asesoft

Jun 28, 2012, 12:15 AM

Post #10 of 11 (866 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On 27.06.2012 18:03, Ian Eiloart wrote:
>
> multi_domain = false
>
> on the appropriate smtp transport do what you want?
> That looks like it might be useful. It should get these messages delivered faster.
>
Yup, that's what I needed. Thanks for the info.
Will wait & see. The problem is that not only google's servers do that,
but also some whm hostinc companies. thiss adds to a lot of recipients.

Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

iane at sussex

Jun 28, 2012, 3:31 AM

Post #11 of 11 (867 views)
Permalink

Re: sending to only one domain per connection [In reply to]

On 27 Jun 2012, at 15:55, Graeme Fowler wrote:
> On Tue, 2012-06-26 at 15:59 +0300, Marius Stan wrote:
>> I guess you're already aware of the new limits imposed by google-hosted mail servers:
>> "Multiple destination domains per transaction is unsupported"
>> This caused a LOT of bounces lately and I still haven't figured out what to do...
>>
>> Any ideas on some transport/driver magic ?
>
> No, but I don't see that we need to. This only seems to be active on
> servers under the name aspmx.l.google.com; in the same session Exim
> falls back to the other MX records for the domain(s) in question and
> send the remaining messages down that connection instead.
>
> Although this is not strictly RFC compliant behaviour I have not seen it
> actually cause any problems whatsoever - perhaps a one or two second
> delay in delivery to Google, that's all.
>
> I think I'll ask our work Google Apps contacts about it, see what they
> say.
>
> Graeme

Those are interesting observations. I guess if there's a quick retry that succeeds, then there's no problem, but the OP reported bounces.

hosted domains have this set of MX records:
eiloart.com mail is handled by 30 alt2.aspmx.l.google.com.
eiloart.com mail is handled by 40 aspmx2.googlemail.com.
eiloart.com mail is handled by 50 aspmx3.googlemail.com.
eiloart.com mail is handled by 10 aspmx.l.google.com.
eiloart.com mail is handled by 20 alt1.aspmx.l.google.com.

Each of those domains resolves to a single IP address. So, the fourth and fifth priority servers are picking up the pieces.

I've also seen the error message on the primary MX host for gmail.com domains. This smells like an experiment to me. It's a recent development. I first see the error message on 3 May this year. Though, I guess it could be the error message that changed that day.

If they're not doing it on all their servers, then I guess they can't be offering domain specific rejection settings. Not yet, anyway.

I guess SMTP over IPv6 would fix this for them.

--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads