4

I am using exim to deliver mail generated by a web app. The gmx.net, gmx.de and web.de domains are asking me to throttle the amount of mail I send but I have trouble in getting that configured in exim.

The scenario goes like this:

  1. my web app generates the emails
  2. they are submitted to exim running on localhost via phpmailer
  3. exim puts them in the queue right away (I have queue_smtp_domains = web.de : gmx.de : gmx.net in the config)
  4. on every queue run (every hour) it tries to deliver the mail
  5. after some successful deliveries each of these two domains returns a 421 error code (1.1.1.1 is my IP address in the original log entry which I replaced here). Exim claims that the error occurs strait after connecting to the server:
2019-09-12 14:50:41.157 [19619] 1i8OYb-00056H-01 H=mx01.emig.gmx.net [212.227.17.5]:25: SMTP error from remote mail server after initial connection: 421-gmx.net (mxgmx115) Nemesis ESMTP Service not available\n421-Service unavailable\n421-Reject due to policy restrictions.\n421 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=1.1.1.1&c=irlims

The link they give the advise to reduce the sending rate. That is what I am trying to do.

Every three hours a fixed amount of mail is accepted be the recieving mailserver before the same error message apears again.

I found one question but it looks like the acls will do the rate limiting at step 2 and I don't want that. I want to rate limit at point 4. And only for the two domains in question.

I also found the docs for special retry rules in exim. But I only want to apply a special rule if the domain and the error code match and it seems to me that I can not match the error 421 on connection (only as a reply of a MAIL or DATA or RCPT command can I match it).

How can I configure this kind of throtteling in exim or how else can I get these mails to be accepted at a faster rate?

Lucas
  • 173
  • 8
  • So you basically want exim to send `n` mails in one queue run and keep the rest in the queue, but only for two specific domains (at the moment) and that every hour? What happens with the kept-back mails? Wait for the next queue run one hour later? In this config your mailqueue will overflow – Lenniey Sep 12 '19 at 12:20
  • @Lenniey yes I want to either only send a fixed amount of mail to these specific domains on eache queue run or I want to send them at a lower rate (currently exim just sends one mail after another without delay). All mails that could not be send due to this throtteling should stay in the queue and be handled by the next queue run. – Lucas Sep 12 '19 at 13:12
  • @Lenniey I updated the question with some more info. – Lucas Sep 12 '19 at 13:27
  • do you really send such massive msil amounts to the public? – djdomi Sep 13 '19 at 17:07

2 Answers2

1

I have found this thread on the exim mailing list.

They discuss different hacks and workarounds for throtteling including

  • writing a shell script to manually sleep and deliver the messages (with exim -M)
  • postfix as a "smarthost" which apearently can do what we want
  • configuring a router that just sleeps for some seconds and then passes the message to the next router
Lucas
  • 173
  • 8
  • I am interested in similar things. What did you settle on in the end? I've found exim generally easier (it's *relative*) and more flexible than postfix to-date, so the shell script appeals to me as it's understandable. making a router sleep seems just wrong! – artfulrobot Nov 11 '20 at 18:01
  • If I remember correctly we contacted support of gmx with the form on their website that explains the error message. We asked them to trust our IP more. The problem was only that their contact form first replies with an autoresponse and only if you answer to that will you be able to really communicate and get things fixed. – Lucas Nov 18 '20 at 07:58
  • such a sad state of affairs! Thanks for reply though. – artfulrobot Nov 19 '20 at 08:48
0

A rather rough solution:

iptables -A OUTPUT -d 212.227.0.0/19 -m state --state NEW -m limit --limit 10/min -j ACCEPT
iptables -A OUTPUT -d 212.227.0.0/19 -m state --state NEW -j DROP

(Replace DROP with REJECT if this causes throttling sending to other mailservers as well)

This example is for gmx+web.de (united internet) - they are not only using 421, but starting with this month with 554 codes, which causes mail loss. Additionally, it seems that they did reset the exception for our IP starting this month. This time the support is also absolutely uncommunicative. And we started to warn users against using gmx/web.de. This happens on a non profit charity in the field of education with over 5000 members.

The mail server on the host retries the delivery for about a week.

mifritscher
  • 101
  • 1