[policyd-users] problem with v1.80

Leonardo Rodrigues Magalhães Tue, 02 Jan 2007 08:48:53 -0800

    Hi People,

    I have found a minor problem in my logs, regarding policyd.


    I noticed some errors like:

Jan  2 10:18:35 topserver2 policyd: invalid triplet_array[11][5]: 
(blacklist helo): 
Jan  2 10:18:35 topserver2 policyd: invalid triplet_array[11][5]: 
(blacklist helo): 
Jan  2 10:19:10 topserver2 policyd: invalid triplet_array[12][5]: 
(blacklist helo): 
Jan  2 10:19:10 topserver2 policyd: invalid triplet_array[12][5]: 
(blacklist helo): 

    Seems that it's cause by a helo string filled with interrogation 
marks ... i dont know if that's the real helo sent by client or it's 
some translation done by postfix and passed to policyd ...

    Enabled DEBUG=2 and got (just lines i think it's relevant)

Jan  2 10:20:10 topserver2 policyd: DEBUG: fd: 9 
policy_array[9][0]:request=smtpd_access_policy
Jan  2 10:20:10 topserver2 policyd: DEBUG: fd: 9 
policy_array[9][5]:helo_name=??????
Jan  2 10:20:10 topserver2 policyd: invalid triplet_array[9][5]: 
(blacklist helo):

Jan  2 10:20:10 topserver2 postfix/smtpd[3094]: NOQUEUE: reject: RCPT 
from unknown[124.46.177.150]: 450 <[EMAIL PROTECTED]>: Recipient 
address rejected: Policy Rejection- Invalid data; 
from=<trucker'[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> 
proto=ESMTP helo=<??????>

    That's an 'Invalid Data' error ..... that's not the usual for 
greylist rejections, which would be: Please try later, greylisting in 
action.

    Watching the logs closely, it seems to me that all occurences of 
this helo=<?????> were from connections that are SPAM messages. I havent 
seen this happening on 'good' connections. Thus, this isnt generating a 
real problem, altough it's logging a problem situation.

    I have also enabled logging on MySQL and noticed that no query at 
all are made for those 'invalid data' connections. Seems that policyd 
get problems even assembling the queries .... because none at all are made.

-- 


        Atenciosamente,
        Leonardo Rodrigues
        Solutti Tecnologia
        (62) 3281 4200 / (62) 8407 0050
        Skype leonardo_solutti
        MSN: [EMAIL PROTECTED]



-- 


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        [EMAIL PROTECTED]
        My SPAMTRAP, do not email it





-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
policyd-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/policyd-users

[policyd-users] problem with v1.80

Reply via email to