Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

can't read SMFIC_MAIL reply packet header: Broken pipe

can't read SMFIC_MAIL reply packet header: Broken pipe

2017-08-09 by Mauricio Teixeira

Guys,

I've been getting this error at random times in my logs:

postfix/smtpd[18769]: warning: milter unix:/run/milter-greylist/milter-greylist.sock: can't read SMFIC_MAIL reply packet header: Broken pipe

Because of that, postfix drops the connection on the floor, and the sender gets a "Service unavailable error".

I don't see any other error messages around the same time that would give me any indication about what is going on. I am leaning around a possible racing condition with the milter-greylist software itself, maybe it's unable to cope with the amount of connections and the size of the database, but I am not sure, and I don't know how to debug the issue without enabling debug mode (which would fill out my logs with way more information than I can process).

This is affecting less than 1% of the incoming connections, but some times it happens with important senders, which make my customers pretty upset.

Anybody got any ideas?

--
Mauricio Teixeira
Raleigh/NC/USA
mauricio.teixeira{at}gmail.com
(irc: netmask on freenode)

Re: [milter-greylist] can't read SMFIC_MAIL reply packet header: Broken pipe

2017-08-13 by manu@...

Mauricio Teixeira mauricio.teixeira@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> I've been getting this error at random times in my logs:
> 
> postfix/smtpd[18769]: warning: milter
> unix:/run/milter-greylist/milter-greylist.sock: can't read SMFIC_MAIL reply
> packet header: Broken pipe

No log on milter-greylist side?

Do you use a network-based clause in your ACL, such as a DNSRBL? This
may be a timeout.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Re: [milter-greylist] can't read SMFIC_MAIL reply packet header: Broken pipe

2017-08-14 by Mauricio Teixeira

No extra logs on milter-greylist side.

We do heavily use DNSRBL, I think 5 or 6 checks. I was already suspicious this could be the issue, but how can I debug which one of the DNSRBL checks would be timing out?
Show quoted textHide quoted text
On Sun, Aug 13, 2017 at 7:41 PM, manu@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:

Mauricio Teixeira mauricio.teixeira@gmail.com [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> I've been getting this error at random times in my logs:
>
> postfix/smtpd[18769]: warning: milter
> unix:/run/milter-greylist/milter-greylist.sock: can't read SMFIC_MAIL reply
> packet header: Broken pipe

 No log on milter-greylist side?

Do you use a network-based clause in your ACL, such as a DNSRBL? This
may be a timeout.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...




--
Mauricio Teixeira
Raleigh/NC/USA
mauricio.teixeira{at}gmail.com
(irc: netmask on freenode)

Re: [milter-greylist] can't read SMFIC_MAIL reply packet header: Broken pipe

2017-08-14 by John_Damm_S=c3=b8rensen

Do you run a local caching name server?

If not I guess that might help you getting rid of the time outs.

/john


Den 14-08-2017 kl. 16:54 skrev Mauricio Teixeira 
mauricio.teixeira@... [milter-greylist]:
Show quoted textHide quoted text
> No extra logs on milter-greylist side.
>
> We do heavily use DNSRBL, I think 5 or 6 checks. I was already 
> suspicious this could be the issue, but how can I debug which one of 
> the DNSRBL checks would be timing out?
>
> On Sun, Aug 13, 2017 at 7:41 PM, manu@... 
> <mailto:manu@...> [milter-greylist] 
> <milter-greylist@yahoogroups.com 
> <mailto:milter-greylist@yahoogroups.com>> wrote:
>
>     Mauricio Teixeira mauricio.teixeira@...
>     <mailto:mauricio.teixeira@...> [milter-greylist]
>     <milter-greylist@yahoogroups.com
>     <mailto:milter-greylist@yahoogroups.com>> wrote:
>
>     > I've been getting this error at random times in my logs:
>     >
>     > postfix/smtpd[18769]: warning: milter
>     > unix:/run/milter-greylist/milter-greylist.sock: can't read
>     SMFIC_MAIL reply
>     > packet header: Broken pipe
>
>     No log on milter-greylist side?
>
>     Do you use a network-based clause in your ACL, such as a DNSRBL? This
>     may be a timeout.
>
>     -- 
>     Emmanuel Dreyfus
>     http://hcpnet.free.fr/pubz
>     manu@... <mailto:manu@...>
>
>
>
>
> -- 
> Mauricio Teixeira
> Raleigh/NC/USA
> mauricio.teixeira{at}gmail.com <http://gmail.com>
> (irc: netmask on freenode)
>

Re: [milter-greylist] can't read SMFIC_MAIL reply packet header: Broken pipe

2017-08-14 by Mauricio Teixeira

I was considering that. Will try it. Thanks.
Show quoted textHide quoted text
On Mon, Aug 14, 2017 at 12:55 PM, John Damm Sørensen john@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:

Do you run a local caching name server?

If not I guess that might help you getting rid of the time outs.

/john


Den 14-08-2017 kl. 16:54 skrev Mauricio Teixeira mauricio.teixeira@... [milter-greylist]:
No extra logs on milter-greylist side.

We do heavily use DNSRBL, I think 5 or 6 checks. I was already suspicious this could be the issue, but how can I debug which one of the DNSRBL checks would be timing out?

On Sun, Aug 13, 2017 at 7:41 PM, manu@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:

Mauricio Teixeira mauricio.teixeira@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> I've been getting this error at random times in my logs:
>
> postfix/smtpd[18769]: warning: milter
> unix:/run/milter-greylist/milter-greylist.sock: can't read SMFIC_MAIL reply
> packet header: Broken pipe

 No log on milter-greylist side?

Do you use a network-based clause in your ACL, such as a DNSRBL? This
may be a timeout.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...




 --
Mauricio Teixeira
Raleigh/NC/USA
mauricio.teixeira{at}gmail.com
(irc: netmask on freenode)




--
Mauricio Teixeira
Raleigh/NC/USA
mauricio.teixeira{at}gmail.com
(irc: netmask on freenode)

Re: [milter-greylist] can't read SMFIC_MAIL reply packet header: Broken pipe

2017-08-14 by manu@...

Mauricio Teixeira mauricio.teixeira@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> We do heavily use DNSRBL, I think 5 or 6 checks. I was already suspicious
> this could be the issue, but how can I debug which one of the DNSRBL checks
> would be timing out?

Using tcpdump? 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

milter-greylist passing useless queueid to spamd

2017-12-18 by John_Damm_S=c3=b8rensen

My maillog contains this type of of error for each processed mail when 
spamd runs as user root:
Dec 18 12:10:24 www spamd[5198]: spamd: handle_user (getpwnam) unable to 
find user: 'vBIBAIFU006181'
and this when spamd runs as user sa-milt:
Dec 18 17:14:25 www spamd[11859]: spamd: handle_user (userdir) unable to 
find user: 'vBIGEJAn012103'

Spamd is trying to change user ID to the ID of the user passed to spamd 
with this code in spamd.c:
 �snprintf(buffer, SPAMD_BUFLEN,
 ��������� "CHECK SPAMC/1.2\r\n"
 ��������� "Content-length: %d\r\n"
 ��������� "User: %s\r\n\r\n",
 ��������� (unsigned int)(priv->priv_msgcount + strlen(rcvhdr)),
 ���������� priv->priv_queueid);

priv->priv_queueid is picked up from the sendmail macro $i containing 
the queueid of the current mail i:
 From milter-greylist.c:
if ((priv->priv_queueid = smfi_getsymval(ctx, "{i}")) == NULL) {

It seems to me that the queueid is useless to spamd and I suggest it to 
be replaced/removed.

John

---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.