Yes, perhaps we should stop using that.
Nevertheless, the problem I was trying to address is that
everyone is sharing /mail/tmp (see the scripts in /mail/lib,
although I'm sure you know them from memory :) ), and thus
if one has one problem, it can lock everyone else using /mail/tmp.
I'll take a look now to the countermeasures you suggest.
I think we are applying a few other measures, including
validatesender, but I'll take a look.
--- Begin Message ---
> The problem was that we had quite a number of upas/fs's and scanmails
> running and it was because one of them had a problem and kept a
> /mail/tmp/L.mbox file locked. All other ones kept waiting for that
> (although all of them were using different "mboxes" created by the
> piped script at /mail/tmp/$pid.blah.blah
>
i'm confused. doesn't this just make the problem smaller rather
than fixing it? i would think if scanmail has the same issue, then
mail will still go undelivered, right?
we don't run scanmail. since scanmail relies on building rules, it
needs constant maintence. and i didn't want to be on the hook
for that.
instead, i use mechanical defensive measures in smtpd and
validatesender. the most effective measure is enforcing the
rfc2821 rule that the ehlo string must look up in dns.
to appease imap4 clients, there's a flag to force auth
for clients ehlo'ing incorrectly.
spamhaus does a good job cleaning up what remains.
- erik
http://www.quanstro.net/magic/man2html/8/smtp
(yes, that's ugly!)
--- End Message ---
