Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] dump greylist.db on SIGTERM

2005-12-21 by Michael Menge

Emmanuel Dreyfus wrote:
> On Tue, Dec 20, 2005 at 11:44:09AM +0100, Michael Menge wrote:
>>>signal handling is forbidden by the milter API. We have a callback on exit,
>>>but AFAIK that does not work if you get a deadly signal.
>>Is there a SIGNAL which is not "deadly" and will call the atexit callback?

I havent found any hint that signal handling is forbidden by the milter 
API, AFAIK they say only that lib milter takes care of signal handling

> 
> It does not change anything is the signal is not fatal: we cannot catch 
> it anyway. The only way to solve that problem is to find a signal that
> is catched by libmilter and where the signal handler calls exit().
> 

In the Doc of libmilter they mention only Stop and Abort. If Abort is 
cought xxfi_abort callback is invoked.

>>>If we want to remote control milter-greylist dumping, we need to have
>>>a socket control. The easiest way is to reuse the MX sync protocol and 
>>>add a dump command. That would be easy.
>>This may be a work around, but you need a telnet connection to tell 
>>milter-greylist to dump his db
> 
> Not nescessarily, we could have a command line tool that does just that.
> something such as:
> mgctl 127.0.0.1 dump
> 
>>With about 180.000 eMails per Day like oure site this may be a problem.
>>If you add a dump and exit funktion to MX sync there could be some 
>>security problems.
> 
> Oh, you mean a rogue client requesting continous dumps? Then it's time to
> use RSA keys...
> 

The problem is that at the momen you can only add and remove db entries 
with the MX sync protocol. Even if someone wants to use this they cannot 
do mutch harm.

But if cou can do more things with the MX sync protocol you need 
authentifikation and authorisation. At the moment every user on one of 
the MX server could dump the db ore other features added to the MX sync 
protocol. With IP-Spoothing even more user could do this.

RSA Keys may e one way to solve the problem but i would think thinks 
will get more complicatet with RSA. Therefore i would prefere 
signalhandling, callbacks ore other not remote usable way



-- 
--------------------------------------------------------------------------------
M.Menge                                 Tel.: (49) 7071/29-70316
Universitaet Tuebingen                  Fax.: (49) 7071/29-5912
Zentrum fuer Datenverarbeitung          mail: menge@...-tuebingen.de
Waechterstrasse 76
72074 Tuebingen

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.