Re: [Mimedefang] memory leak? is it an IBM x-series?
On Mon, 16 Feb 2004, Ron Peterson wrote: > > > Meanwhile, I've purchased a handful of Intel PRO/1000 MT adapters which > > I'm going to try. If I have the same problem with a completely different > > adapter, that should rule that out. > > Lost the machine again, but getting closer to the cause, I think. > > I had reset confMAX_DAEMON_CHILDREN to 60. I tried this, and I tried that, and finally got to the bottom of it. A kernel bug. Posted some stuff to lkml, and it's being looked into. Probably something to do with connection tracking module in netfilter. Anyway, backup up to 2.4.20, and everything has been working great for awhile now. Just thought I'd close this out, in case anyone was losing sleep or anything... :) _ Ron Peterson Network & Systems Manager Mount Holyoke College ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Network issues causing broken pipe errors (and subsequent tempfails)?
David F. Skoll wrote:
> On Fri, 27 Feb 2004, Michael Sims wrote:
>> Basically I say all this to ask a question. Is it possible that this
>> message is taking so long to transfer that the MD slave is dying
>> before it is fully received, and this is what is causing the broken
>> pipe error?
>
> Nope. No slave is even involved until the message has been received
> in
> its entirety.
After thinking about it some more, I suspected that this was the case. I
also suspect that explains why different slaves may handle filter_relay(),
filter_sender(), and filter_recipient() from the ones that handle
filter_begin(), filter(), and filter_end(), since you wouldn't want a slave
to hang around waiting for the DATA phase to complete...
> Right. The multiplexor knows nothing about the message until it has
> been completely collected. My guess is that there's a libmilter
> timeout somewhere that's terminating the milter thread. See
>
http://www.sendmail.com/partner/resources/development/milter_api/smfi_settim
eout.html
I've been digging around a bit in the sendmail source (milter.c). I always
assumed that these "to error state" log entries were being logged by
mimedefang, but I see that it's sendmail that these messages are coming
from. It doesn't appear that any of your code calls smfi_settimeout, and
the documentation that comes with 8.12.10 says the default is 7210 seconds
(instead of the 1800 that the documentation the above URL points to stated).
That's slightly over two hours, and each time the message in question was
tempfailed, sendmail logged a delay of well over two hours, so that makes
sense. I guess the reason I haven't seen this before is that it's pretty
rare for a message to take over 2 hours to deliver. :)
If I decided I wanted to troubleshoot this further, just for kicks, could I
simply add a call to smfi_settimeout before mimedefang.c calls smfi_main,
like this?
--- mimedefang.c.orig Fri Feb 27 19:14:11 2004
+++ mimedefang.cFri Feb 27 19:14:18 2004
@@ -1905,6 +1905,7 @@
} else {
syslog(LOG_WARNING, "Multiplexor unresponsive - entering main loop
anyway");
}
+smfi_settimeout(14400);
return smfi_main();
}
I barely know anything about C at all, but this doesn't look like rocket
science...
___
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Network issues causing broken pipe errors (and subsequent tempfails)?
On Fri, 27 Feb 2004, Michael Sims wrote: > Basically I say all this to ask a question. Is it possible that this > message is taking so long to transfer that the MD slave is dying before it > is fully received, and this is what is causing the broken pipe error? Nope. No slave is even involved until the message has been received in its entirety. (A C thread inside mimedefang just spools the message into /var/spool/MIMEDefang; only when it's all there is a slave activated.) The multiplexor is designed so that when a slave needs to do work, it has all the information at its disposal, and does not need to wait for anything from the SMTP peer. This makes it hard for an adversary to keep a slave busy for an arbitrarily long time. (Of course, this can be achieved in other ways by crafting a message that beats up on SpamAssassin's regular expressions, but it can't be done because of network characteristics.) > I am > using the "-l" option to the multiplexor and it is not logging anything for > this message, Right. The multiplexor knows nothing about the message until it has been completely collected. My guess is that there's a libmilter timeout somewhere that's terminating the milter thread. See http://www.sendmail.com/partner/resources/development/milter_api/smfi_settimeout.html Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Network issues causing broken pipe errors (and subsequent tempfails)?
Last night I saw an MIMEDefang error in my mail logs that I have never noticed before: ### TRACKING MESSAGE: i1R1dKT7023699 Feb 26 23:02:39 mx sendmail[23699]: i1R1dKT7023699: from=<[EMAIL PROTECTED]>, size=14033627, class=0, nrcpts=2, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=example.com [x.x.x.x] Feb 26 23:02:39 mx sendmail[23699]: i1R1dKT7023699: Milter (mimedefang): write(L) returned -1, expected 5: Broken pipe Feb 26 23:02:39 mx sendmail[23699]: i1R1dKT7023699: Milter (mimedefang): to error state Feb 26 23:02:39 mx sendmail[23699]: i1R1dKT7023699: Milter: data, reject=451 4.7.1 Please try again later Feb 26 23:02:39 mx sendmail[23699]: i1R1dKT7023699: to=<[EMAIL PROTECTED]>, delay=03:22:54, pri=14093627, stat=Please try again later Feb 26 23:02:39 mx sendmail[23699]: i1R1dKT7023699: to=<[EMAIL PROTECTED]>, delay=03:22:54, pri=14093627, stat=Please try again later After some more research I discovered that the broken pipe errors occur somewhat regularly, and usually correspond with such sendmail errors as "timeout waiting for input from servername during message collect". What made this one stand out is that it caused MD to tempfail the message. (In fact, the only reason I noticed it is that I have a script running that alerts me when my mail exchanger tempfails a message for any reason). Today the relay tried to redeliver the message and the same error occurred. The message is quite large (around 14 MB), but I have successfully received messages that were up to 2000 bytes in size (my server's limit) without issue. While trying to troubleshoot the problem, I temporarily placed a check for this particular relay in filter_relay() and had MD return accept and no more filtering to sendmail just in case there was a problem with my filter that was causing this broken pipe error. After doing that I noticed the relay once again tried to redeliver, but this time it failed with the "timeout waiting for input from servername during message collect". So apparently there was some network issue between our mail servers that was causing the message to timeout in transit. I had the sender of this huge message send it to a different address of mine to see if there was something in the message itself that was causing a problem. I received it and then did an MTA-level redirect through my MD box and received it without any problem. But I did the redirect from a host that is on the same physical network as my box, so the transfer was very fast (30 seconds versus 2 hours(!) for the original relay in question). Basically I say all this to ask a question. Is it possible that this message is taking so long to transfer that the MD slave is dying before it is fully received, and this is what is causing the broken pipe error? I am using the "-l" option to the multiplexor and it is not logging anything for this message, and there are no log entries to indicate that the slave is hitting is being killed, so I'm at a loss. Normally I would not care about this, if the slave just died and sendmail aborted, but MD is tempfailing because of this error and it appears to the sender that this is a problem with my mail server's filtering instead of a network issue. I'd appreciate any insight that can be offered... ___ Michael Sims Project Analyst - Information Technology Crye-Leike Realtors Office: (901)758-5648 Pager: (901)769-3722 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Performance parameters
For a quick change on a server in place with plenty of ram with tmpfs compiled and configured to /dev/shm, does anyone see a problem with just adding the following (or very similar) to the mimedefang startup script? cd /dev/shm mkdir MIMEDefang chmod 700 MIMEDefang chown defang.defang MIMEDefang ln -s /dev/shm/MIMEDefang /var/spool/MIMEDefang Regards, KAM > > You may want to see this posting regarding caching other things: > > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/019800.html ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Performance parameters
Jon R. Kibler said: > You may want to see this posting regarding caching other things: > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/019800.html Thanks for hte information on that Jon, I learned a little more about some good sendmail tweaks. Just put in my little 2 cents. (I'm a little tiny load site.) I also cache the bayes and awl database for spamassassin. I back it up to disk every night. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Performance parameters
[EMAIL PROTECTED] wrote: > > [EMAIL PROTECTED] wrote on 02/27/2004 01:25:55 > PM: > > > You cannot run a high-volume MIMEDefang server *without* a RAMdisk. > > Consider it mandatory. > > How should the ramdisk be sized? Besides /var/spool/MIMEDefang, what else > should be on it? Make RAM Disk as big as possible without impacting performance. You should also consider maxing out the RAM in these boxes. You may want to see this posting regarding caching other things: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/019800.html And this posting discusses some things you can do to help smooth out performance (suggested values probably low for your environment): http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/019685.html Also, since the time of this posting, we have implemented multiplexor queuing (queue size = 2x max number of sendmail daemons) and that too has helped handle large connection bursts. Hope this helps! Jon K. -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting problem with the default confTO_COMMAND
Quoting Paul Heinlein <[EMAIL PROTECTED]>: > On Fri, 27 Feb 2004 [EMAIL PROTECTED] wrote: > > > Which RFC(s) do these timeouts violate? > > RFC 1123, section 5.3.2. > > -- Paul Heinlein <[EMAIL PROTECTED]> I don't see any "MUST"s in there, just some "SHOULD"s. I don't think it violates it, since "there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course." One just has to know what one is doing before messing with this stuff, which is, in my opinion, a good rule to follow when it comes to email at all, and especially sendmail. -- Andrew ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting problem with the default confTO_COMMAND
On Fri, 27 Feb 2004 [EMAIL PROTECTED] wrote: > Which RFC(s) do these timeouts violate? RFC 1123, section 5.3.2. -- Paul Heinlein <[EMAIL PROTECTED]> ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Performance parameters
[EMAIL PROTECTED] wrote on 02/27/2004 01:25:55 PM: > You cannot run a high-volume MIMEDefang server *without* a RAMdisk. > Consider it mandatory. How should the ramdisk be sized? Besides /var/spool/MIMEDefang, what else should be on it? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Performance parameters
On Fri, 27 Feb 2004, Steve Moore wrote: > I am trying to plan for MD/SA deployment here. I would like to get the > benefit of experienced MD/SA users' concerning performance. Our site > processes up to 500,000 messages daily. Our average message size is > 30KB. Our max mail message size is 100MB. 100MB??? Wouldn't 5 or 10 be more reasonable? > We have two AIX 5.1 machines > running commercial sendmail behind a Cisco local director for load > balancing. One AIX machine is a dual processor with 4GB of memory and it > has cpu and i/o wait below 30%. The other machine is a uniprocessor with > 1GB of memory and it also has cpu and i/o wait below 30%. Both machines > have separate spindles for /var/spool. We do not do AV on these > machines. That is accomplished at another layer. Our plan is to tag and > pass all mail along to the client. The only content analysis we are > interested in at the moment is spam probability. > My questions are as follows. > 1) Is it possible to process the current workload with the two machines > listed above once MD/SA is added to the mix? It's pushing it. The single-CPU box worries me. > 2) Should I expect a 20% scan time improvement by adding RAMdisk? You cannot run a high-volume MIMEDefang server *without* a RAMdisk. Consider it mandatory. > How would you rank the performance cost of each of the checks below? How > would you rank the benefit of each of the checks in calculating spam > probability? > 1) SA rbl checks. Cheap in terms of CPU; killers in terms of memory because network latency keeps processes hanging around. Avoid if possible. > 2) SA Bayesian analysis. Very good if everyone has his/her own Bayes DB. Of dubious value if it's a shared DB. > 3) SA Razor checks. Network tests can kill you because of latency. Let's say you're doing 500K messages/day, or around 7/second. If the razor server takes 3 seconds to respond, that's 21 slaves that back up waiting for a response. > 4) SA dns availability. Not sure what that one means. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting problem with the default confTO_COMMAND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My intent is not to start a protracted argument over this but: The way I read RFC 1123, assuming you understand the implications of changing the sendmail timeout values and you are doing so for a valid reason, you are NOT in violation of the RFC to make those changes. /-From RFC 1123--/ Based on extensive experience with busy mail-relay hosts, the minimum per-command timeout values SHOULD be as follows: oInitial 220 Message: 5 minutes oMAIL Command: 5 minutes oRCPT Command: 5 minutes oDATA Initiation: 2 minutes oData Block: 3 minutes oDATA Termination: 10 minutes. A receiver-SMTP SHOULD have a timeout of at least 5 minutes while it is awaiting the next command from the sender.A *"SHOULD" This word or the adjective "RECOMMENDED" means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course. // - -- EKB Linux: Because rebooting is for adding new hardware. On Thu, 26 Feb 2004 at 17:35 -0700, Lucas Albers at [EMAIL PROTECTED] said: > Violates RFC. I have never had any complainst in the 8 months or so I have > been using it. > > #max file size accepted is 50m > dnl TIMEOUTS (MANY OF THESE)... > define(`confTO_INITIAL', `10s') > define(`confTO_CONNECT', `30s') > define(`confTO_ICONNECT', `8s') > dnl set next 4 to 1m for more conservative settings > define(`confTO_HELO', `30s') > define(`confTO_MAIL', `30s') > define(`confTO_RCPT', `30s') > define(`confTO_DATAINIT', `30s') > define(`confTO_DATABLOCK', `1m') > define(`confTO_DATAFINAL', `3m') > define(`confTO_RESET', `1m') > define(`confTO_QUIT', `1m') > define(`confTO_MISC', `1m') > define(`confTO_COMMAND', `1m') > dnl #define(`confTO_IDENT', `1m') > define(`confTO_IDENT', `1s') > define(`confTO_FILEOPEN', `1m') > define(`confTO_CONTROL', `1m') > define(`confTO_HOSTSTATUS', `3m') > dnl DOS stuff > define(`confCONNECTION_RATE_THROTTLE', `8') > define(`confTO_IDENT', `0')dnl > dnl security stuff > dnl WARNING > dnl this is a mail relay so sendmail can ONLY WRITE TO /var > define(`confSAFE_FILE_ENV',`/var')dnl > define(`confMAX_HEADERS_LENGTH', `16384') > define(`confMAX_MIME_HEADER_LENGTH', `256/128') > define(`confMAX_DAEMON_CHILDREN', `12') > dnl 50meg max size > define(`confMAX_MESSAGE_SIZE', `50485760')dnl > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAP4wSdY33sSC+/BERAqRVAJ9G8BRsgLd4RrH1d/zjoY5ZEuW3uACfchmu Lw0FGNE9oT+34kNxXs0DGUo= =Y+AS -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Performance parameters
I am trying to plan for MD/SA deployment here. I would like to get the benefit of experienced MD/SA users' concerning performance. Our site processes up to 500,000 messages daily. Our average message size is 30KB. Our max mail message size is 100MB. We have two AIX 5.1 machines running commercial sendmail behind a Cisco local director for load balancing. One AIX machine is a dual processor with 4GB of memory and it has cpu and i/o wait below 30%. The other machine is a uniprocessor with 1GB of memory and it also has cpu and i/o wait below 30%. Both machines have separate spindles for /var/spool. We do not do AV on these machines. That is accomplished at another layer. Our plan is to tag and pass all mail along to the client. The only content analysis we are interested in at the moment is spam probability. My questions are as follows. 1) Is it possible to process the current workload with the two machines listed above once MD/SA is added to the mix? 2) Should I expect a 20% scan time improvement by adding RAMdisk? How would you rank the performance cost of each of the checks below? How would you rank the benefit of each of the checks in calculating spam probability? 1) SA rbl checks. 2) SA Bayesian analysis. 3) SA Razor checks. 4) SA dns availability. I know I am asking for a lot but hopefully others can benefit from your wisdom. Thanks in advance for any comments. Steve Moore Senior Software Coordinator Miami University 113 B Hoyt Hall Oxford, OH 45056 email:[EMAIL PROTECTED] voice:513-529-1452 fax:513-529-9665 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting problem with the default confTO_COMMAND
[EMAIL PROTECTED] wrote on 02/27/2004 11:15:36 AM: > On Fri, 27 Feb 2004 [EMAIL PROTECTED] wrote: > > > Which RFC(s) do these timeouts violate? > > RFC 1123, section 5.3.2. Which states "Based on extensive experience with busy mail-relay hosts, the minimum per-command timeout values SHOULD be as follows:" The timeouts mentioned previously are much lower than the ones listed int eh RFC, but I don't see that as violating it. Network connections are also many orders of magnitude faster than they were in 1989, so adjusting the timeouts lower is probably not unreasonable. Back then, 9.6kb/s was screaming. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Greylisting problem with the default confTO_COMMAND
This whole section is advisory, being full of "SHOULD" entries, rather than "MUST" entries - see section 1.3.2 for details of the terminology. In addition, it has been superceded by technology, as the idea of waiting at least five minutes for a remote server to send a command is now simply ludicrous - in this age, anything which takes more than about five seconds can be assumed to have failed, and since we then give up on them and they try again, a temporary failure of an intervening connection is not good cause for us to keep a port open for five minutes in the vain hope that it will come back up again and also be able to carry on from where it left off. Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting problem with the default confTO_COMMAND
On Fri, 27 Feb 2004 [EMAIL PROTECTED] wrote: > Which RFC(s) do these timeouts violate? RFC 1123, section 5.3.2. -- Paul Heinlein <[EMAIL PROTECTED]> ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Question about what to do with discovered spam.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of James Beal
>
> What I would prefer is to create a new mail message which has
> the same subject as the original, which has its body as the
> spam report and has the original email as an attachment. Any
> guidance would be appreciated.
I use the following, which does exactly that. Well, actually it creates 2
attachments. The first is the original email in text form - ideal for
reporting spam. The second is the original email as if it was forwarded -
ideal for reading it if mis-tagged.
Watch out for line wrapping!
# Record who it was for
action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
# Remove original recipients
foreach $recip (@Recipients) {
delete_recipient($recip);
}
# Send to the postmaster
add_recipient('[EMAIL PROTECTED]');
# A container for the original message
my $raw_container = MIME::Entity->build(
Type=> 'text/plain',
Description => 'Raw message',
Data=> [ "" ],
);
my $container = MIME::Entity->build(
Type=> 'message/rfc822',
Description => 'Original message',
Data=> [ "" ],
);
my $parser = new MIME::Parser;
open(IN, '< INPUTMSG');
my $original = $parser->parse(\*IN);
close(IN);
$original->head()->replace('X-Relay-Addr', $RelayAddr);
$RelayHostname ||= 'N/A';
$original->head()->replace('X-Relay-Host', $RelayHostname);
$original->head()->replace('X-Relay-Time', scalar(localtime));
# Add the original message to the container
$raw_container->add_part($original);
$container->add_part($original);
my $reportPart = MIME::Entity->build(
Type=> 'text/plain',
Description => 'spam warning',
Data=> [
$report
],
);
$entity->parts([$reportPart]);
$entity->head()->mime_attr('content-type' => 'multipart/mixed');
$entity->head()->mime_attr('content-type.boundary'
=> '=_' . scalar(time) .
"-$$-nikc");
$entity->add_part($raw_container);
$entity->add_part($container);
action_change_header('Subject', "SPAM ($hits): $Subject");
action_rebuild();
It's based heavily on somebody else's work, sadly I don't remember who.
PLEASE - keep list traffic on the list. Email sent directly to me may be
ignored utterly.
--
Rob | What part of "no" was it you didn't understand?
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] cannot send mail after MIMEDefang and SpamAssasin installed
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of David Va > > Dear experts, > > I have just installed MIMEDefang and SpamAssassin onto > newly upgraded sendmail 8.12 on my RH 7.2. I have not > configured much yet in mimedefang-filter, just admin's > name and e-mail. > > Then I cannot send a mail from my Outlook account. I > checked mailq and saw there were many mails deferred. > Also I tail maillog and saw: > > Feb 26 14:23:34 mailserver sendmail[2014]: 1iQ22233: > to=<[EMAIL PROTECTED]>, delay=04:12:09, > xdelay=00:00, mailer=esmtp, pri=859545, > relay=mail.mydomain.com, dsn=4.0.0, stat=Deferred: > Connection refused by mail.mydomain.com. Looks like you've borked your sendmail setup. I take it you've just upgraded to Sendmail 8.12 from 8.11 or older? Check you've started BOTH sendmail daemons (see the source - sendmail/SECURITY). Worth looking at your mail log to see what's logged there. PLEASE - keep list traffic on the list. Email sent directly to me may be ignored utterly. -- Rob | What part of "no" was it you didn't understand? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] cannot send mail after MIMEDefang and SpamAssasin installed
Dear experts, I have just installed MIMEDefang and SpamAssassin onto newly upgraded sendmail 8.12 on my RH 7.2. I have not configured much yet in mimedefang-filter, just admin's name and e-mail. Then I cannot send a mail from my Outlook account. I checked mailq and saw there were many mails deferred. Also I tail maillog and saw: Feb 26 14:23:34 mailserver sendmail[2014]: 1iQ22233: to=<[EMAIL PROTECTED]>, delay=04:12:09, xdelay=00:00, mailer=esmtp, pri=859545, relay=mail.mydomain.com, dsn=4.0.0, stat=Deferred: Connection refused by mail.mydomain.com. Please help me. Thanks in advance, David __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Disclaimer messages - no text part
I've been working on adding disclaimers to messages based on the recipient domain. To do this, I'm using a table lookup to get a message based on the value of Domain as returned by stream_by_domain and using this in the append_text_boilerplate in filter_end. It all works as expected with the correct stamp being appended to the end of the first text part of the message. Different recipients get the correct stamp for their domain. Where it all falls apart is if the mail message doesn't have a text part. I've tried to get around this by using action_add_part to add a text/plain part with the disclaimer text in it e.g. action_add_part($entity, "text/plain", "-suggest", "$disclaim", "", "inline",-2); The text part gets inserted as expected as the first part of the message but the $disclaim variable is not inserted. If I change the "$disclaim" to a string of text, it does get inserted. Can anyone suggest a way around this? The table that I do the domain to text lookup is in the filter_end section if that is relevant. Regards Geoff ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting problem with the default confTO_COMMAND
[EMAIL PROTECTED] wrote on 02/26/2004 07:35:21 PM: > I use these timeouts on a 5k a day mail server. > Got original timeouts from list that. Works for me. > Your mileage may vary. > Before I had timeouts modified I had too many slaves just hanging around > on my system. > > Violates RFC. I have never had any complainst in the 8 months or so I have > been using it. Which RFC(s) do these timeouts violate? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Question about what to do with discovered spam.
Using the example mimedefang filter when a message gets tagged as spam we do the
following.
action_change_header("X-Spam-Score", " ($score) $hits $names");
md_graphdefang_log('spam', $hits, $RelayAddr);
# If you find the SA report useful, add it, I guess...
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
In outlook at least this adds a mime part that is the spam report.
What I would prefer is to create a new mail message which has the same subject as the
original, which has its body as the spam report and has the original email as an
attachment. Any guidance would be appreciated.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Installing Mimedefang without Spammassassin
Dear all
i want to install mimedefang on Solaris 9 Sparc Platform without using
spammassassin
what changes i have to do in mimedefang-filter or it will just it self to
current enviroment
or User Murat Posted a filter_begin without using spamassassin ( which is
pasted at below )
Any suggestion will be helpful
Thanks and Regards
Talha
if (open (INF, "./HEADERS")) {
my $bad = 0;
while (my $line = ) {
$line =~ s/\n//g;
if ($line =~ /^Subject:\s+.*hastalavistababy.*$/) {
$bad = 1;
last;
}
}
close(INF);
return action_bounce('Unwanted Subject') if ($bad);
}
if (open (INF, "./INPUTMSG")) {
my $bad = 0;
while (my $line = ) {
$line =~ s/\n//g;
if ($line =~ /hastalavistababy/) {
$bad = 1;
last;
}
}
close(INF);
return action_bounce('Unwanted Body') if ($bad);
}
Right above
# Virus scan
if ($FoundVirus) {
in filter_begin.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Tracing/Debugging MIMEDefang
- Original Message -
From: "Michael Sims" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 27, 2004 1:24 AM
Subject: RE: [Mimedefang] Tracing/Debugging MIMEDefang
> Yes, although I would suggest something like this:
>
> action_add_header('X-Debug-Msg', "Deleting recipient $recip");
>
> Remember when using this trick that messages other than the ones you are
> sending as tests might get these headers inserted. I like to use X
headers
> like 'X-Debug-Msg' in order to play nice with other MTA's that my message
> might pass through. They should ignore any X header that they don't
> recognize, but a header like "Deleting recipient:" might cause issues.
>
You're dead right there, as soon as I put it in I took it out, as the
mimedefang.pl -test I did on the filter spat the dummy on that line.
Instead, I just used the md_syslog entries instead which I found just as
helpful.
> You can still do all of the normal MD checks (including virus checks)
while
> skipping just the SpamAssassin scan. That's what I do...
>
I'll have a look into this, although at the moment I'm pretty happy. If
anything I'm sending legitimately is getting canned I'll have to put
something like this in place.
I always configure my email as plain text, or at least as much as I can with
Outlook Express anyway, so this shouldn't be an issue hopefully. I'm just in
the process of setting up my Linux workstation (also Debian Sarge of
course!), so Sylpheed will ensure only plain text ever gets sent out.
> > Well I've now been through your tips and I believe it is working. Just
> > waiting on some external spam to test :-)
> [...]
> > Thanks again for all your help, (and same thanks to you Rob)
>
> No problem...
>
> ___
> Michael Sims
> Project Analyst - Information Technology
> Crye-Leike Realtors
> Office: (901)758-5648 Pager: (901)769-3722
> ___
>
Thanks again,
Pete
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] attachment detection
I need to convert this procmail recipe for use in
mimedefang-filter:
:0BHc
* !^X-Spam: YES
* !^X-Loop: TRUE
* ^Content-Type: multipart/mixed;
| formail -a "X-Loop: TRUE" -i "To: mailchk" -i "Subject: *** Attachment *** " -
I "Apparently-To: " -I "Bcc: " -I "Cc: " | /usr/lib/sendmail -t -oi
I'm thinking of putting something like the following at the end of
filter_end():
if ($entity->mime_type eq 'multipart/mixed') {
add_recipient('mailchk');
}
Would the above do the trick? I realise that it isn't quite the same
thing and that I would have to generate a new message in order to
change the headers.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
