Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
suspected mail loop - Not
exim-users at exim
Feb 16, 2023, 5:54 AM
Post #1 of 4 (210 views)
Permalink
I received a message frozen warning.

The following address(es) have yet to be delivered:
graeme.home@ybox.xxx:*Too many "Received" headers* - suspected mail loop

So I took it at face value, maybe I have a mail loop?

However, tracking the original message down, it was from IBM and contains e.g.

*29 matches for "Received" in buffer: 1670514307.H745399P3100673.ybox.xxx *

and they all appear legitimate** , it really did pass through 29 servers !

In the past (e.g. with ! style addressing) this used to happen, but less so with recent email.
So I guess the question is:

1:*Is there a tunable somewhere?*
2:*Is the current default reasonable?*


I can post the headers (or indeed the mail) but I'll need to redact a small bit as I suspect they've exposed a mail relay which was intended to be hidden.


--

Graeme


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: suspected mail loop - Not [ In reply to ]
exim-users at exim
Feb 17, 2023, 1:13 AM
Post #2 of 4 (208 views)
Permalink
> The following address(es) have yet to be delivered:
> graeme.home@ybox.xxx:*Too many "Received" headers* - suspected mail loop
> [...]
> 1:*Is there a tunable somewhere?*

received_headers_max

> 2:*Is the current default reasonable?*

That's hard to answer. The following is set on our servers:

$ exim -bP received_headers_max
received_headers_max = 50

In very rare cases, this limit is also reached. Without exception, however,
it is spam where someone has overdone it with the header forgery.

Heiko

Heiko Schlichting Freie Universit?t Berlin
heiko.schlichting@fu-berlin.de Zentraleinrichtung f?r Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstra?e 32
Telefax +49 30 838454327 14195 Berlin

Attached Files:

Re: suspected mail loop - Not [ In reply to ]
exim-users at exim
Feb 17, 2023, 8:18 AM
Post #3 of 4 (207 views)
Permalink
On Thu, Feb 16, 2023 at 01:54:23PM +0000, graeme vetterlein via Exim-users wrote:

> However, tracking the original message down, it was from IBM and contains e.g.
>
> *29 matches for "Received" in buffer: 1670514307.H745399P3100673.ybox.xxx *
>
> and they all appear legitimate** , it really did pass through 29 servers !

An impressive hop count, did it go through mailing lists and then get
forwarded from a user's portable email address (an alumni alias or
similar) to their current actual mailbox?

On Fri, Feb 17, 2023 at 10:13:28AM +0100, Heiko Schlichting via Exim-users wrote:

> That's hard to answer. The following is set on our servers:
>
> $ exim -bP received_headers_max
> received_headers_max = 50

FWIW, this (50) matches the Postfix default:

http://www.postfix.org/postconf.5.html#hopcount_limit

--
Viktor.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: suspected mail loop - Not [ In reply to ]
exim-users at exim
Mar 3, 2023, 5:42 AM
Post #4 of 4 (203 views)
Permalink
> Re: [exim] suspected mail loop - Not.eml
>
> Subject:
> Re: [exim] suspected mail loop - Not
> From:
> Viktor Dukhovni <exim-users@dukhovni.org>
> Date:
> 17/02/2023, 16:18
>
> To:
> graeme vetterlein via Exim-users <exim-users@exim.org>
>
>
> On Thu, Feb 16, 2023 at 01:54:23PM +0000, graeme vetterlein via
> Exim-users wrote:
>
>> However, tracking the original message down, it was from IBM and
>> contains e.g.
>>
>> *29 matches for "Received" in buffer:
>> 1670514307.H745399P3100673.ybox.xxx *
>>
>> and they all appear legitimate** , it really did pass through 29
>> servers !
> An impressive hop count, did it go through mailing lists and then get
> forwarded from a user's portable email address (an alumni alias or
> similar) to their current actual mailbox?

It was an "office admin post"  (Office closed, water leak)  I guess it
started on somebody's laptop, then to his incoming gateway, hence to

a central(ish) mail server, out to some group server, hence to mail
automation, then a "mailing list" sender, couple more virus checks etc,
finally my MX record, which is a relay/rewriter , to my ISP and finally
my mail server.


..problem being , it will likely always follow this route (so I'll use
the advice from Heiko [below]). Just wondering if the current default is
OK for recent usecases (maybe this is is unusual ? or Maybe it's getting
common?)



>
> On Fri, Feb 17, 2023 at 10:13:28AM +0100, Heiko Schlichting via
> Exim-users wrote:
>
>> That's hard to answer. The following is set on our servers:
>>
>> $ exim -bP received_headers_max
>> received_headers_max = 50
> FWIW, this (50) matches the Postfix default:
>
> http://www.postfix.org/postconf.5.html#hopcount_limit
>
> -- Viktor.


# exim -bP received_headers_max
received_headers_max = 30


OK, looks like I'll go to 50 too. Thanks Heiko & Viktor.



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal