Exim - A lot of frozen messages without sender

Question

I'm new to Exim and I'm using it as a smarthost (to recive emails from users and send it to my ISP).

The system is working ok, but I have some problems with frozen messages. I watch the queue sometimes and there are some frozen messages without sender, so Exim cannot send them, because if there isn't sender it can't authenticate with the ISP.

Where can I start to debug this?

Thanks a millon.

Answer 1

These are bounce messages. Something is sending messages through your mail server, but the recipient is not accepting it, so your system generates a bounce message. Those bounce messages are being refused also, so they get "frozen" by the exim MTA. You need to figure out where the messages came from originally and stop the flow of those unauthorized messages.

exigrep 1UorWC-0002Nz-Mz /var/log/exim/main.log (or whatever your path is)

That will find the bounce message in the mail logs. I picked a frozen message in my mail queue as an example (1UosOk-0000ej-KG):

# exigrep 1UosOk-0000ej-KG /var/log/exim/main.log
+++ 1UosOk-0000ej-KG has not completed +++
2013-06-18 09:40:22 1UosOk-0000ej-KG <= <> R=1UosOf-0000bX-BV U=www P=local S=894 
2013-06-18 09:40:24 1UosOk-0000ej-KG ** [email protected] P=<> R=dnslookup_forwarder 
  T=remote_smtp_forwarder: SMTP error from remote mail server after RCPT TO:<[email protected]>: 
  host mail.example.biz [80.76.197.72]: 554 5.7.1 <[email protected]>: Relay access denied
2013-06-18 09:40:24 1UosOk-0000ej-KG Frozen (delivery error message)

The first line says that the bounce message 1UosOk-0000ej-KG was created in response to message 1UosOf-0000bX-B (that is what the R= phrase in the <= line means). Now search for THAT message id to find out where this message actually came from. In my case, it wasn't a bounce message, it was a customer's autoresponder:

# exigrep 1UosOf-0000bX-BV /var/log/exim/main.log
2013-06-18 09:40:18 1UosOf-0000bX-BV H=example.biz [62.189.29.157] Warning: SPF PASS (pass) to m.ivenue.com: 
  domain of example.biz designates 62.189.29.157 as permitted sender
2013-06-18 09:40:22 1UosOf-0000bX-BV <= [email protected] H=example.biz [62.189.29.157] P=esmtp S=17624
2013-06-18 09:40:22 1UosOf-0000bX-BV => /netapp3/mail/maildirs/b/o/y/boyexample.com/sarah/Maildir/ 
  ([email protected]) <[email protected]> P=<[email protected]> R=virtual_user T=address_directory
2013-06-18 09:40:22 1UosOf-0000bX-BV => sarah <[email protected]> P=<[email protected]> 
  R=autoresponder_always T=autoresponder_always_t
2013-06-18 09:40:22 1UosOf-0000bX-BV Completed

Once you find out what process is being used to send those messages through your system, you can take steps to prevent them, assuming they are not valid messages to begin with. What steps you take will very much depend on what you find.

Usually you will not want to try to resend these frozen messages. However, if the messages were frozen due to some temporary network or configuration error, and you want to make exim resend them, then you need to generate a list of frozen messages and tell Exim to deliver them. The easiest way is with the exiqgrep program:

exiqgrep -z -i | xargs -n 1 exim -M

Answer 2

Frozen mails are of no use in exim queue. You can remove all these to reduce the exim queue list.

The following command will remove all the frozen mails:

exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm

or

exiqgrep -z -i | xargs exim -Mrm

If you want to remove frozen mails older than a particular hours, for example 24 hours:

exiqgrep -zi -o 86400 | xargs exim -Mrm

86400 stands for 24 hours in seconds. That can be changed accordingly.

Answer 3

Frozen bounces can automatically be purged by exim by setting the configuration option ignore_bounce_errors_after to a suitable value, e.g.

ignore_bounce_errors_after = 12h

will automatically remove those bounce errors after 12 hours.