Here's a copy of the message I sent to [EMAIL PROTECTED] regarding a bug in the flame.org patch; since it's fairly serious (rejecting valid messages that follow identified spam in a single SMTP conversation) I thought I'd post it here in case others were using it. Brian ---------- Forwarded message ---------- Date: Thu, 14 Sep 2000 11:08:15 -0700 (PDT) From: Brian Behlendorf <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: bug in flame-patches-1.03-1.6.2.diff, patch provided. Uh, there appears to be a serious bug in your flame patches - if a remote MTA transfers multiple messages over the same SMTP conversation (i.e., sends a message, and instead of closing the SMTP conversation, starts a new message) then if one message in that stream exceeded the badheader threshold and is rejected, then all subsequent ones in that stream will also be rejected. I noticed this when the apache.org mail box was down for a little bit and when it came back up, the backup MX streamed a bunch of messages to it, and a whole series of them failed. Here's a good illustration of the problem: Sep 13 11:41:10 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:11 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:19 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:21 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R Sep 13 11:41:41 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:41 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R Sep 13 11:41:51 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:52 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R Sep 13 11:41:54 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:54 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <> <[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R Sep 13 11:41:55 locus qmail-smtpd[43346]: Received: from unknown (HELO zuul.interlinksystems.com) Sep 13 11:41:55 locus qmail-smtpd[43346]: REJECT JUNK_THRESHOLD <> <[EMAIL PROTECTED]> [63.161.32.6, unknown] (HELO zuul.interlinksystems.com) 0/1000/R As you can see, the [EMAIL PROTECTED] was a badheaders spam, but the rest of the ones after that also failed. Baaad. I think the following patch appears to fix it: locus# diff -C3 qmail-smtpd.c.old qmail-smtpd.c *** qmail-smtpd.c.old Thu Sep 14 11:07:06 2000 --- qmail-smtpd.c Thu Sep 14 11:04:31 2000 *************** *** 843,848 **** --- 843,849 ---- if (remotehost) log_helo(); headerthresh = 0; + headeralways = ALWAYS_RATE; blast(&hops); hops = (hops >= MAXHOPS); if (hops) qmail_fail(&qqt); I tested it and it appears to not block subsequent requests if the first one fails. I could be misunderstanding your code though. Thoughts? Brian