Bug#887489: exim4: callout timeout in recipient verify can result in the lost of the TLS incoming connexion

Yvon Lafaille yvon.lafaille at unilim.fr
Wed Jan 17 10:11:51 UTC 2018 

Package: exim4
Version: 4.89-2+deb9u2
Severity: normal
Tags: upstream

Dear Maintainer,

This bug was discoverd in a complex configuration.
This configuration is an artificial simple configuration which only purpose is to reproduce the bug.
The bug is showing when a message is sent to an address routed to an unreachable MTA (for instance a stopped one) and when, for the recipient domain,  exists an ACL with a verify recipient callout with a short timeout.
It is expected that message will be queued
In fact, an error 421 is returned.

The interesting part of the debug output  :
...
end of ACL "acl_local_check_rcpt": ACCEPT
SMTP>> 250 Accepted
tls_do_write(0x5617a4424e90, 14)
gnutls_record_send(SSL, 0x5617a4424e90, 14)
outbytes=14
DSN: orcpt: NULL  flags: 0
Calling gnutls_record_recv(0x5617a472e630, 0x5617a4b4ea00, 4096)
Got tls read timeout
SMTP>> 421 smtp-dev.unilim.fr lost input connection
tls_do_write(0x5617a4424e90, 46)
gnutls_record_send(SSL, 0x5617a4424e90, 46)
outbytes=46
LOG: lost_incoming_connection MAIN
  unexpected disconnection while reading SMTP command from dsiport-yl.unilim.fr (164.81.3.93) [164.81.3.93]
SMTP>>(close on process exit)
...

The most significant lines are :
Calling gnutls_record_recv(0x5617a472e630, 0x5617a4b4ea00, 4096)
Got tls read timeout

Probable cause :
Il seems that the timeout of the callout is interfering with the timeout of the TLS incoming connection.

How to reproduce ?
Detail of the procedure to reproduce the bug :

Working on a test server with a test configuration only made to reproduce the bug

Add this acl at the beginning of  acl_check_rcpt
accept
   domains = <an existing domain - for instance gmail.com>
   verify = recipient/defer_ok/callout=1s,defer_ok

Add this router at the beginning  of the router list
test_route:
   driver = manualroute
   domains = gmail.com
   transport  = remote_smtp
   route_data = <stopped or unreacheable server - This server has to resolve in dns>

Try to connect whith SSL and send a message to "this-address.does-not-exist at gmail.com"
You are expecting that your message will be queued ,
In fact it will produce the lost of the incoming connection
Il is a very bad behaviour especially with MUA.
Command from a client workstation to reproduce the bug :

$ openssl s_client -connect  <your test server>:465 -quiet
MAIL FROM: <postmaster@<your domain>>
RCPT TO:  <this-address.does-not-exist at gmail.com>
DATA

Here your are receiving an error indicating that the incoming connection is lost

Example of the command with the responses :

$ openssl s_client -connect  smtp-dev.unilim.fr:465 -quiet
depth=1 C = NL, ST = Noord-Holland, L = Amsterdam, O = TERENA, CN = TERENA SSL CA 3
verify error:num=20:unable to get local issuer certificate
verify return:0
220 smtp-dev.unilim.fr ESMTP Exim 4.89 Tue, 10 Oct 2017 12:32:14 +0200
MAIL FROM: <postmaster at unilim.fr>
250 OK
RCPT TO:  <this-address.does-not-exist at gmail.com>
250 Accepted
DATA
421 smtp-dev.unilim.fr lost input connection
read:errno=0

I am thinking that the timeout on the callout is interfering with the tls timeout on the incoming connection. 

Sincerely



-- Package-specific info:
Exim version 4.89 #1 built 28-Nov-2017 21:58:00
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 9.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  exim4-base             4.89-2+deb9u2
ii  exim4-daemon-heavy     4.89-2+deb9u2

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

More information about the Pkg-exim4-maintainers mailing list