Mailing List Archive

On Wed, 20 Jun 2007, Jochen Topf wrote:

> There seems to be no warning or default for the retry section in the exim
> config file.

There *is* a retry section in the default Exim config.

> If this section is missing no warning or error is logged

If you remove the section, it is assumed you want no retries.

> I suggest to add a warning to the panic log and/or a default retry
> setup.

I am not sure this is right, but what do others think?



--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

In article <Pine.LNX.4.64.0706201702410.17154@xoanon.csi.cam.ac.uk> you wrote:
> Newsgroups: gmane.mail.exim.devel

> On Wed, 20 Jun 2007, Jochen Topf wrote:

> > There seems to be no warning or default for the retry section in the exim
> > config file.

> There *is* a retry section in the default Exim config.

> > If this section is missing no warning or error is logged
> If you remove the section, it is assumed you want no retries.

This is bad. I think - default retry 1h is should used.

> > I suggest to add a warning to the panic log and/or a default retry
> > setup.
> I am not sure this is right, but what do others think?
Default setup is right.

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On 20/06/07, Andrey Melnikoff <temnota+news@kmv.ru> wrote:
> In article <Pine.LNX.4.64.0706201702410.17154@xoanon.csi.cam.ac.uk> you wrote:
> > Newsgroups: gmane.mail.exim.devel
>
> > On Wed, 20 Jun 2007, Jochen Topf wrote:
>
> > > There seems to be no warning or default for the retry section in the exim
> > > config file.
>
> > There *is* a retry section in the default Exim config.
>
> > > If this section is missing no warning or error is logged
> > If you remove the section, it is assumed you want no retries.
>
> This is bad. I think - default retry 1h is should used.

Why? And how would you configure for no retries?

Peter


--
Peter Bowyer
Email: peter@bowyer.org

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Wed, 2007-06-20 at 17:10 +0100, Philip Hazel wrote:
> There *is* a retry section in the default Exim config.

...which is present in almost all of the packaged versions of Exim I've
come across, unaltered.

> > If this section is missing no warning or error is logged
>
> If you remove the section, it is assumed you want no retries.
>
> > I suggest to add a warning to the panic log and/or a default retry
> > setup.
>
> I am not sure this is right, but what do others think?

I agree with Philip. There are several sections of the Exim config which
it is possible to remove and still have a fully functioning system.

Consider ACLs - the documentation describes a complete ACL section which
only has three lines (see Ch.40). It is possible to remove all the
defaults and replace them with:

acl_smtp_rcpt = do_not_use_this_acl

begin acl
do_not_use_this_acl:
accept

Success using that will depend on config in the routers, but it
illustrates the idea.

You could also completely remove the authenticators and rewrites, and
all the routers except dnslookup, and all the transports except
remote_smtp and *still* have a functioning system - crippled, but
technically functioning.

I can think of a number of situations where it's quite possible no
retries at all would want to be done - think time-critical delivery such
as for alarm systems (although using SMTP for alarm propagation is a bad
idea, I know of several fire alarm systems that use it!).

Perhaps the docs need to be amended to state categorically that:

Removal (or omission) of the retry section, or inclusion of the section
with no rules, results in there being no retry attempts on any sort of
error condition. All errors will, therefore, immediately be treated as
permanent.

Graeme


--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Thu, 21 Jun 2007, Graeme Fowler wrote:

> I agree with Philip. There are several sections of the Exim config which
> it is possible to remove and still have a fully functioning system.

Indeed. There are also many ways in which you can configure Exim to
shoot yourself in both feet. The default configuration is "safe". If you
change it, you need to know what you are doing - that's my "hard-line"
attitude, I think.

> only has three lines (see Ch.40). It is possible to remove all the
> defaults and replace them with:
>
> acl_smtp_rcpt = do_not_use_this_acl

Or even

acl_smtp_rcpt = accept

> I can think of a number of situations where it's quite possible no
> retries at all would want to be done - think time-critical delivery such
> as for alarm systems (although using SMTP for alarm propagation is a bad
> idea, I know of several fire alarm systems that use it!).

Actually, Exim being the flexible thing that it is, one can configure
that explicitly with this retry rule:

* *

That is, for all hosts/addresses, for all errors, give up immediately
(no retry times). But I still don't like the idea of putting a default
into the code.

> Perhaps the docs need to be amended to state categorically that:
>
> Removal (or omission) of the retry section, or inclusion of the section
> with no rules, results in there being no retry attempts on any sort of
> error condition. All errors will, therefore, immediately be treated as
> permanent.

It already says (chapter 32) "If there are no retry rules, temporary
errors are treated as permanent", but I will expand on that, and also
re-iterate it in section 7.5 ("Default retry rule").

<advert>
...and also try to remember to make a point of it in the forthcoming Exim
course next month. If you want to come but haven't registered, the
deadline is looming: http://www-tus.csx.cam.ac.uk/courses/exim/
</advert>

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Thu, Jun 21, 2007 at 09:30:01AM +0100, Graeme Fowler wrote:
> On Wed, 2007-06-20 at 17:10 +0100, Philip Hazel wrote:
> > There *is* a retry section in the default Exim config.
>
> ...which is present in almost all of the packaged versions of Exim I've
> come across, unaltered.

I was not talking about the default exim config file, but suggesting a
default retry config when there is no retry section in the config file.
So this would be hardcoded in the software.

> > > If this section is missing no warning or error is logged
> >
> > If you remove the section, it is assumed you want no retries.
> >
> > > I suggest to add a warning to the panic log and/or a default retry
> > > setup.
> >
> > I am not sure this is right, but what do others think?
>
> I agree with Philip. There are several sections of the Exim config which
> it is possible to remove and still have a fully functioning system.

Dropping mails on the floor when they can't be delivered on the first
try is not "fully functional" in my book. There might be cases when this
is what people want (and they can configure their retry section to do
just that). All I am saying is that this is unusual and unexpected so it
should not be the default behaviour (or at least merit a warning).

I wouldn't have brought this up if there hadn't been two people I know
who independently fell into the same trap and then came to me (their
local exim "expert") to help them find out why Exim was not retrying
mails seemingly without any reason. So this is clearly a somewhat
surprising behaviour.

> Perhaps the docs need to be amended to state categorically that:
>
> Removal (or omission) of the retry section, or inclusion of the section
> with no rules, results in there being no retry attempts on any sort of
> error condition. All errors will, therefore, immediately be treated as
> permanent.

That would be the least we can do.

Jochen
--
Jochen Topf jochen@remote.org http://www.remote.org/jochen/ +49-721-388298


--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Peter Bowyer wrote:
> On 20/06/07, Andrey Melnikoff <temnota+news@kmv.ru> wrote:
>> This is bad. I think - default retry 1h is should used.
>
> Why?

Seconded. The exim specification says about "32. Retry configuration" in
the second sentence: "If there are no retry rules, temporary errors are
treated as permanent."
I think that makes it quite clear what happens. Further, to me the
current behaviour seems appropriate and does what people might expect.

OTOH one could think about writing a logline if any of exims config
sections are missing completely. (And maybe too if they are functional
empty.)

> And how would you configure for no retries?

Using a retry section with just one line containing "* * "?

lg,
daniel

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

> > > > If this section is missing no warning or error is logged
> > > If you remove the section, it is assumed you want no retries.
> >
> > This is bad. I think - default retry 1h is should used.
>
> Why? And how would you configure for no retries?

RFC 2821 could be worded better, but in section 4.5.4.1 "Sending
Strategy":

The sender MUST delay retrying a particular destination after one
attempt has failed. In general, the retry interval SHOULD be at
least 30 minutes; however, more sophisticated and variable strategies
will be beneficial when the SMTP client can determine the reason for
non-delivery.

Retries continue until the message is transmitted or the sender gives
up; the give-up time generally needs to be at least 4-5 days. The
parameters to the retry algorithm MUST be configurable.

Exim IS configurable, and if you remove all retry rules, you configured it
not to retry delivery attempts. That does not lose mail, it bounces it.
The log tells what happened, and if people don't check their logs, they
wouldn't see a warning concerning a missing or empty retry section either.

I understand people might expect a default retry rule. If they expect
a default router, director and transport, too, I guess Smail is for them. ;)

Michael

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Thu, 21 Jun 2007, Michael Haardt wrote:

> I understand people might expect a default retry rule. If they expect
> a default router, director and transport, too, I guess Smail is for them. ;)

But they GET a default router and transport ... just in the config file,
not screwed into the code.

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On Thu, 21 Jun 2007, Jochen Topf wrote:

> > Perhaps the docs need to be amended to state categorically that:
> >
> > Removal (or omission) of the retry section, or inclusion of the section
> > with no rules, results in there being no retry attempts on any sort of
> > error condition. All errors will, therefore, immediately be treated as
> > permanent.
>
> That would be the least we can do.

As I and an OP pointed out, it does already say that, but I will make it
say it more loudly. I will also write a warning into the default
configuration.

People's expectations obviously differ. Mine is "no retry config => no
retry"; other people perhaps expect things to be different. But I don't
want to make an exception for retries. After all, "no routers => no
routing", "no authenticators => no authentication", and "no rewrite
rules => no rewriting", so why should retrying be different?

Exim has been the way it is for over 10 years; if only two people have
been confused, I'm not too worried. :-)

--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book

--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##