Milter-greylist

Hello all,

I just noticed the 31 byte limit / truncation problem with domain
names has been fixed, great!

There is another problem, as I see it, with domain exceptions.
The mail host for a domain is not necessarily a member of the
domain.  Consequently, when you add an exception for foobar.com,
thinking you are allowing mail from foobar.com, that may not
actually be the case.  I've gotten caught on this more than once.

I'm wondering if there are any plans to add an option, say
"include_mx_domain" or something like that, which would look
up the mx records for each domain, and add them in as well.
Granted, it would take some extra time and resources, but if
one were concerned with that one could do the manual lookups
and add them in and turn the switch off.  However, doing so
would cause potential errors if the mx records were changed.

As it stands, whenever one adds a domain, one has to do a manual
lookup on the mx records to be sure nothing is missing.

Gary

On Mon, Oct 25, 2004 at 09:06:19AM -0600, Gary Aitken wrote:
> I'm wondering if there are any plans to add an option, say
> "include_mx_domain" or something like that, which would look
> up the mx records for each domain, and add them in as well.

That's that the SPF support is for.

> As it stands, whenever one adds a domain, one has to do a manual
> lookup on the mx records to be sure nothing is missing.

You actually only have to bug the admin to add SPF records. :-)

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/

Gary Aitken <greylist@...> wrote:

> I'm wondering if there are any plans to add an option, say
> "include_mx_domain" or something like that, which would look
> up the mx records for each domain, and add them in as well.

Well, it seems you have a plan. Do you want to implement it? It
shouldn't be very difficult, and it's true it would help for domains
that don't have SPF records.

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...

I am not sure how best to proceed with the following:

I have 3 Servers running Sendmail/MailScanner/Milter-Greylist after 4-6
hours the greylist daemon bails causing socket errors in sendmail. One of
the servers is so badly affected that it kills the ability to log in even
from the console.

At first I was using the Multi-MX sync feature but found that failed
within 4 hours or so with messages indicating that 1024 connections where
queued. I reconfigured my Load Balancers to have simple persistence based
on sender IP and set each server up to run without MX sync and we got
greater time between failures. Looking at an active server that had just
become unstable I noticed that it had 250ish greylist processes and
Sendmail could not connect to any of them.

My thoughts are that its a process/thread limit rather than a memory issue
since each machine has 1024 Meg.

Any suggestions?

Thanks for the help.


Garry Davies

garry@... ("Garry Davies") writes:

> I have 3 Servers running Sendmail/MailScanner/Milter-Greylist after
> 4-6 hours the greylist daemon bails causing socket errors in sendmail.

Do you have SPF support enabled? libspf has a poor code quality and
segfaults on certain SPF records (e.g. reproducible for ebay.com).



Enrico

On Tue, Oct 26, 2004 at 08:52:14AM -0400, Garry Davies wrote:
> I have 3 Servers running Sendmail/MailScanner/Milter-Greylist after 4-6
> hours the greylist daemon bails causing socket errors in sendmail. One of
> the servers is so badly affected that it kills the ability to log in even
> from the console.

Check ressource limits, especially file descriptors.

-- 
Emmanuel Dreyfus
manu@...

>
>
> Do you have SPF support enabled? libspf has a poor code quality and
> segfaults on certain SPF records (e.g. reproducible for ebay.com).
>
>
>
> Enrico
>

No I don't but thanks for the help.

>
> Check ressource limits, especially file descriptors.
>
> --
> Emmanuel Dreyfus
> manu@...

Ok so I looked at the file descriptors and the overall setting for the
system is 8k with any one user having just 1k. What would you suggest
these need to be?

Thanks for all your help.


Garry Davies

we had to bump ours up to 2048 from 1024.

-- 
----------------------------------
 Ethan Burnside - Founding Member
 Kattare Internet Services
 WWW: http://www.kattare.com
 E-mail: burnside@...
----------------------------------



Quoting Garry Davies <garry@...>:

> 
> >
> > Check ressource limits, especially file descriptors.
> >
> > --
> > Emmanuel Dreyfus
> > manu@...
> 
> Ok so I looked at the file descriptors and the overall setting for
> the
> system is 8k with any one user having just 1k. What would you
> suggest
> these need to be?
> 
> Thanks for all your help.
> 
> 
> Garry Davies
> 
> 
> ------------------------ Yahoo! Groups Sponsor
> --------------------~--> 
> $9.95 domain names from Yahoo!. Register anything.
> http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/W4wwlB/TM
> --------------------------------------------------------------------~->
> 
> 
>  
> Yahoo! Groups Links
> 
> 
> 
>  
> 
> 
>

Hello,

I am running a *very old* OS : RedHat 7.2 with sendmail 8.11.6. I know, I
should have upgraded yesterday and even before - well, I will as soon as I
have time. Meanwhile, I wish to evaluate this milter : will it be possible
that I test the current version with my prehistoric sendmail ? Or are these
versions incompatible ?

Regards

  .-.   Robert GRASSO - CEDRAT S.A.
  /v\   15, Chemin de Malacher - ZIRST - 38246 MEYLAN Cedex - FRANCE
 // \\  Tel: +33 (0)4 76 90 50 45 Fax: +33 (0)4 76 90 16 09
/(   )\ mailto:Robert.Grasso@...
 ^^-^^
UNIX was not designed to stop you from doing stupid things, because
  that would also stop you from doing clever things. -- Doug Gwyn
---
Support service       : mailto:support@...
Commercial service : mailto:cedrat@...
Web site                  : http://www.cedrat.com

> -----Original Message-----
> From: Ethan Burnside [mailto:burnside@...]
> Sent: Tuesday, October 26, 2004 9:22 PM
> To: milter-greylist@yahoogroups.com; Garry Davies
> Subject: Re: [milter-greylist] Milter-greylist Dies after several hours
>
>
>
> we had to bump ours up to 2048 from 1024.
>
> --
> ----------------------------------
>  Ethan Burnside - Founding Member
>  Kattare Internet Services
>  WWW: http://www.kattare.com
>  E-mail: burnside@...
> ----------------------------------
>
>
>
> Quoting Garry Davies <garry@...>:
>
> >
> > >
> > > Check ressource limits, especially file descriptors.
> > >
> > > --
> > > Emmanuel Dreyfus
> > > manu@...
> >
> > Ok so I looked at the file descriptors and the overall setting for
> > the
> > system is 8k with any one user having just 1k. What would you
> > suggest
> > these need to be?
> >
> > Thanks for all your help.
> >
> >
> > Garry Davies
> >
> >
> > ------------------------ Yahoo! Groups Sponsor
> >
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>

On Wed, Oct 27, 2004 at 10:50:25AM +0200, Robert Grasso wrote:
> I am running a *very old* OS : RedHat 7.2 with sendmail 8.11.6. I know, I
> should have upgraded yesterday and even before - well, I will as soon as I
> have time. Meanwhile, I wish to evaluate this milter : will it be possible
> that I test the current version with my prehistoric sendmail ? Or are these
> versions incompatible ?

The configure script has some provisions for building with sendmail 8.11, 
but I did not tested it for a while.

Note that if it fails, you can install latest libmilter while still using
sendmail 8.11.

-- 
Emmanuel Dreyfus
manu@...

thanks, I will test it.

  .-.   Robert GRASSO - CEDRAT S.A.
  /v\   15, Chemin de Malacher - ZIRST - 38246 MEYLAN Cedex - FRANCE
 // \\  Tel: +33 (0)4 76 90 50 45 Fax: +33 (0)4 76 90 16 09
/(   )\ mailto:Robert.Grasso@...
 ^^-^^
UNIX was not designed to stop you from doing stupid things, because
  that would also stop you from doing clever things. -- Doug Gwyn
---
Support service       : mailto:support@...
Commercial service : mailto:cedrat@...
Web site                  : http://www.cedrat.com

> -----Original Message-----
> From: Emmanuel Dreyfus [mailto:manu@...]
> Sent: Wednesday, October 27, 2004 10:54 AM
> To: milter-greylist@yahoogroups.com
> Subject: Re: [milter-greylist] testing milter greylist on a very old OS
>
>
>
> On Wed, Oct 27, 2004 at 10:50:25AM +0200, Robert Grasso wrote:
> > I am running a *very old* OS : RedHat 7.2 with sendmail 8.11.6.
> I know, I
> > should have upgraded yesterday and even before - well, I will
> as soon as I
> > have time. Meanwhile, I wish to evaluate this milter : will it
> be possible
> > that I test the current version with my prehistoric sendmail ?
> Or are these
> > versions incompatible ?
>
> The configure script has some provisions for building with sendmail 8.11,
> but I did not tested it for a while.
>
> Note that if it fails, you can install latest libmilter while still using
> sendmail 8.11.
>
> --
> Emmanuel Dreyfus
> manu@...
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>