Exim - A lot of frozen messages without sender

Tomás Crespo García picture Tomás Crespo García · Jun 18, 2013 · Viewed 37.4k times · Source

I'm new to Exim and I'm using it as a smarthost (to recive emails from users and send it to my ISP). enter image description here

The system is working ok, but I have some problems with frozen messages. I watch the queue sometimes and there are some frozen messages without sender, so Exim cannot send them, because if there isn't sender it can't authenticate with the ISP.

Where can I start to debug this?

Thanks a millon.

Answer

Todd Lyons picture Todd Lyons · Jun 18, 2013

These are bounce messages. Something is sending messages through your mail server, but the recipient is not accepting it, so your system generates a bounce message. Those bounce messages are being refused also, so they get "frozen" by the exim MTA. You need to figure out where the messages came from originally and stop the flow of those unauthorized messages.

exigrep 1UorWC-0002Nz-Mz /var/log/exim/main.log (or whatever your path is)

That will find the bounce message in the mail logs. I picked a frozen message in my mail queue as an example (1UosOk-0000ej-KG):

# exigrep 1UosOk-0000ej-KG /var/log/exim/main.log
+++ 1UosOk-0000ej-KG has not completed +++
2013-06-18 09:40:22 1UosOk-0000ej-KG <= <> R=1UosOf-0000bX-BV U=www P=local S=894 
2013-06-18 09:40:24 1UosOk-0000ej-KG ** [email protected] P=<> R=dnslookup_forwarder 
  T=remote_smtp_forwarder: SMTP error from remote mail server after RCPT TO:<[email protected]>: 
  host mail.example.biz [80.76.197.72]: 554 5.7.1 <[email protected]>: Relay access denied
2013-06-18 09:40:24 1UosOk-0000ej-KG Frozen (delivery error message)

The first line says that the bounce message 1UosOk-0000ej-KG was created in response to message 1UosOf-0000bX-B (that is what the R= phrase in the <= line means). Now search for THAT message id to find out where this message actually came from. In my case, it wasn't a bounce message, it was a customer's autoresponder:

# exigrep 1UosOf-0000bX-BV /var/log/exim/main.log
2013-06-18 09:40:18 1UosOf-0000bX-BV H=example.biz [62.189.29.157] Warning: SPF PASS (pass) to m.ivenue.com: 
  domain of example.biz designates 62.189.29.157 as permitted sender
2013-06-18 09:40:22 1UosOf-0000bX-BV <= [email protected] H=example.biz [62.189.29.157] P=esmtp S=17624
2013-06-18 09:40:22 1UosOf-0000bX-BV => /netapp3/mail/maildirs/b/o/y/boyexample.com/sarah/Maildir/ 
  ([email protected]) <[email protected]> P=<[email protected]> R=virtual_user T=address_directory
2013-06-18 09:40:22 1UosOf-0000bX-BV => sarah <[email protected]> P=<[email protected]> 
  R=autoresponder_always T=autoresponder_always_t
2013-06-18 09:40:22 1UosOf-0000bX-BV Completed

Once you find out what process is being used to send those messages through your system, you can take steps to prevent them, assuming they are not valid messages to begin with. What steps you take will very much depend on what you find.

Usually you will not want to try to resend these frozen messages. However, if the messages were frozen due to some temporary network or configuration error, and you want to make exim resend them, then you need to generate a list of frozen messages and tell Exim to deliver them. The easiest way is with the exiqgrep program:

exiqgrep -z -i | xargs -n 1 exim -M