Exim retry times after being greylisted seems to be random

[Gino Viroli]

In my "WHM > Server Configuration > Tweak Settings" the "Email delivery retry time" is set to 15 m (default)

But when I look at "WHM > Email > Mail Delivery Reports", I see retry times that sometimes happen after couple of minutes and other time after 15 minutes.

See the screenshot below; it tried to send at 1:00:01 AM and then retried at 1:02:01 AM (after only few minutes, instead of waiting 15 minutes)




Later on it worked correctly, it retried twice (at 12:17 and 12:32) after 15 minutes each, see screenshot:

 

[keat63]

Whilst I can't comment on the problem you are facing, I personally feel that Greylisting is flawed, and probably not the best solution to fight spam.

Big corporations could have many IP addresses for thier mailservers.

A mail exchange tries to send your server a genuine email, this IP is greylistyed for 15 minutes.
The same mail exchange tries again in 15 minutes, but this time uses a different IP address, this IP is then greylisted.
And on it goes.

We had some emails taking many many hours to arrive.

 

[Gino Viroli]

I personally feel that Greylisting is flawed, and probably not the best solution to fight spam.

Big corporations could have many IP addresses for thier mailservers.

A mail exchange tries to send your server a genuine email, this IP is greylistyed for 15 minutes.
The same mail exchange tries again in 15 minutes, but this time uses a different IP address, this IP is then greylisted.
And on it goes.

Here it's our server sending out an email and the recipient's server putting the message in greylist and asking our server to retry; so our server retries to send the message, but instead of retrying after 15 minutes, it seems to retry after few minutes.

 

[keat63]

I'm not 100% certain it works this way, however, i'm pretty sure someone with more knowledge will comment shortly

When a mail server greylists your server, it doesn't send a message to your server and say 'come back in 15 minutes'
I believe what happens, is the other server will just reject any attempts to deliver from your IP for 15 minutes.
Your server can retry as many times as it likes, but the one at the other end is blocking you for 15 minutes.

I'm no expert, but pretty sure, the behavour that your describing from your server is normal, and known as MTA retry.

 

[Infopro]

The docs may be of some use:
Greylisting - Version 80 Documentation - cPanel Documentation

 

[Gino Viroli]

When a mail server greylists your server, it doesn't send a message to your server and say 'come back in 15 minutes'
I believe what happens, is the other server will just reject any attempts to deliver from your IP for 15 minutes.
Your server can retry as many times as it likes, but the one at the other end is blocking you for 15 minutes.

I'm no expert, but pretty sure, the behavour that your describing from your server is normal, and known as MTA retry.

Yes but the MTA retry is supposed to retry after 15 minutes (or whatever you set in "WHM > Server Configuration > Tweak Settings > Email delivery retry time").
In my original post I showed a screenshot that proves that EXIM retries after few minutes instead of wating for 15 minutes.

The docs may be of some use:
Greylisting - Version 80 Documentation - cPanel Documentation

This documentation would be useful if I wanted to turn on Greylisting on my incoming mail.
My issue here is not for incoming mail, but for outgoing mail from my EXIM mail server to another erver that has a sort of Graylisting service active, and my EXIM server instead of retrying after 15 minutes retries to send after few minutes.

 

[cPanelLauren]

Exim will retry after the first minute every fifteen minutes:

This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

So you attempt to send, it fails and within 1 minute it will try again and the retry time afterwards will be every 15 minutes for 2 hours.

 

[Gino Viroli]

Exim will retry after the first minute every fifteen minutes:

So you attempt to send, it fails and within 1 minute it will try again and the retry time afterwards will be every 15 minutes for 2 hours.

So is it normal behaviour?
If yes this thread is solved.

 

[cPanelLauren]

Hi @Gino Viroli

This is normal behavior, yes.


Thanks!

 

[247forever]

Exim will retry after the first minute every fifteen minutes:

This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

So you attempt to send, it fails and within 1 minute it will try again and the retry time afterwards will be every 15 minutes for 2 hours.

Hi Lauren:

In relation to the above I have a couple of questions about retries:

1. If the email recipient has blacklisted your email, or ip, would the email issuer get a failed delivery message?
2. If one emails to a blackhole address (not knowingly) would they get a failed delivery message? I am thinking no unless blackhole is configure to issue a rejection (not the same as a failed delivery message I know).

We have an hosting customer who had been issuing email for some time to related party. They had to serve legal papers upon the related party this yr and per a court requirement they sent them an email indicating they had been served. The related party is claiming they did not receive the email although they had received and responded to many emails before and after the court required one. Our client realized to late they could go to track delivery for confirmation it had been received by the server on the other side - the log is 10 days and more then 30 had past when they contacted us.

Our hosting customer did not get a failed delivery message and our gut check is the recipient host and their customer did receive the email and are simply lying about not receiving it. We figured this is a good time to also confirm our understanding of some of the conditions of failed delivery.

Finally is there a way to change the log from 10 days to a longer period of time?

Thank you in advance for your response.

 

[keat63]

From my experience, if you are blacklisted or your IP is blocked, then your message would fail to be delivered and you should receive a notification of such.

But if it falls into a back hole, then it depends on how the black hole is configured.
If the black hole is configured to accept and just delete, then as far as your server is concerned, it did its job, the message was delivered.

I'd be inclined to go on your gut feeling.

To find older logs, take a look inside var/log you may find archive copies going back about 30 days