[Mimedefang] Installed Modules

2004-10-28 Thread Trevor Dodds 
Hi,
 
Can someone please tell me the command that will display all the modules
mimedefang 
is using.  
 
Thanks
Trevor

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Installed Modules

2004-10-28 Thread alan premselaar 
Trevor Dodds wrote:
Hi,
 
Can someone please tell me the command that will display all the modules
mimedefang 
is using.  
 
Thanks
Trevor
Trevor,
 I believe what you're looking for is "mimedefang.pl -features"
alan
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Is there a way to check body for specific text?

2004-10-28 Thread Stephane Lentz 
On Wed, Oct 27, 2004 at 11:59:57AM -0700, Alton Yu wrote:
> Is there a way to check body for specific text like say if it had the 
> text of a specific domain (viagra.com), to discard the message?
> 
> Someone used my email address as a envelope from address to spam and I 
> keep getting bounced messages. I haven't figured out how to do this in 
> mimedefang, but in postfix, I just use /etc/postfix/body_checks and have 
> in the file something like:
> /some text/   DISCARD SPAM
> 
> I would like to have a similar setup in Mimedefang.
> 
> Thanks!
> Alton
> 

If you use SpamAssassin with MIMEDefang then define a SA rule
and do a discard in mimedefang-filter if the score is greater than 100 : 

score BOUNCE_BODY 100.0
body  BOUNCE_BODY   /some text/i
describe BOUNCE_BODY Spam body Text for messages to discard


PS : you can also have a look at http://www.benzedrine.cx/milter-regex.html
which is another Milter aimed at offering body/header checks for sendmail
(without SpamAsassin requirements).

---
Stephane Lentz 
AES TSC
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Milter (mimedefang): to error state

2004-10-28 Thread Stefaan Van Hoornick 
Hello,

I receive following error:

Oct 28 12:51:44 mail sendmail[659]: [ID 801593 mail.error] i9SApiO659: Milter 
(mimedefang): local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe
Oct 28 12:51:44 mail sendmail[659]: [ID 801593 mail.info] i9SApiO659: Milter 
(mimedefang): to error state
Oct 28 12:51:44 mail sendmail[659]: [ID 801593 mail.info] i9SApiO659: from=<[EMAIL 
PROTECTED]>, size=1147, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=SMTP, 
daemon=MTA, relay=dmswks240.dms.int [192.168.0.156]
Oct 28 12:51:45 mail sendmail[661]: [ID 801593 mail.info] i9SApiO659: to=<[EMAIL 
PROTECTED]>, delay=00:00:01, xdelay=00:00:00, mailer=smtp, pri=121147, 
relay=dmssrv8.dms.int. [192.168.0.2], dsn=2.0.0, stat=Sent ( <[EMAIL PROTECTED]> 
Queued mail for delivery)

OS = Solaris 9
Sendmail Version = 8.13.1 (MILTER compiled)
Mimedefang Version = 2.45
Perl Version = 5.8.5 built for sun4-solaris

Sendmail.mc file

divert(0)dnl
VERSIONID(`Solaris 2.9 for A smtp-only setup')
OSTYPE(solaris2)dnl
DOMAIN(generic)dnl
define(`confBAD_RCPT_THROTTLE', `3')dnl
define(`confTO_IDENT',`0s')dnl
define(`confMILTER_LOG_LEVEL',`1')dnl
define(`confSMTP_LOGIN_MSG',`mailer ready')dnl
define(`confMAILER_NAME', [EMAIL PROTECTED]')dnl
define(confMAX_MESSAGE_SIZE,2000)dnl
define(confCONNECTION_RATE_THROTTLE, `6')dnl
define(confMAX_DAEMON_CHILDREN, `150')dnl
define(confPRIVACY_FLAGS, ``authwarnings, noexpn, novrfy, needmailhelo, needexpnhelo, 
needvrfyhelo, restrictmailq, restrictqrun'')dnl
divert(-1)
# FEATURE(`virtusertable',`dbm -o /etc/mail/virtusertable')dnl
divert(0)dnl
FEATURE(nouucp, `reject')
FEATURE(always_add_domain)
FEATURE(`access_db',`dbm -T /etc/mail/access')
FEATURE(`mailertable',`dbm -o /etc/mail/mailertable')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`local_procmail')dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, 
T=S:5m;R:5m')
MAILER(local)dnl
MAILER(smtp)dnl


Can anybody help me?

thx

Stefaan Van Hoornick
Network & Database Engineer
 
---
You may be disappointed if you fail,
but you are doomed if you don't try.
 -- Beverly Sills 
---


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Milter (mimedefang): to error state

2004-10-28 Thread Jason Gurtz 
On 10/28/2004 06:53, Stefaan Van Hoornick wrote:
> Hello,
> 
> I receive following error:
> 
> [...]local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe

My guess is that your permissions need a good going over.  Under Linux
mine looks like:

# ls -l | grep mimedefang.sock
srwxr-x---1 defang   defang  0 Oct 26 12:52 mimedefang.sock=

~Jason

-- 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] thread_create errors

2004-10-28 Thread B. Tolka 
Hello All, I am running Redhat AS3 with Mimedefang 2.45,
sendmail-8.12.11-4.RHEL3.1
and I keep getting this error. It just starting happening.   Sometimes
it gives me a socket unsafe error or the error below.

I saw where David said this was libmilter issue.  is there anyway around
these errors.

Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
(mimedefang): read returned -1: Connection reset by thog.systems.wvu.edu
Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
(mimedefang): to error state
Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
(mimedefang): init failed to open
Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
(mimedefang): to error state
Oct 28 09:10:46 node1 mimedefang[30009]: MIMEDefang-2.45:
thread_create() failed: 12, try again


Thanks

Bryan Tolka


Bryan Tolka
Network Engineer
---
Robert C. Byrd Health Sciences Center
Morgantown, WV
304-293-4683
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Milter (mimedefang): to error state

2004-10-28 Thread Jan Pieter Cornet 
On Thu, Oct 28, 2004 at 08:48:17AM -0400, Jason Gurtz wrote:
> On 10/28/2004 06:53, Stefaan Van Hoornick wrote:
> > Hello,
> > 
> > I receive following error:
> > 
> > [...]local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe
> 
> My guess is that your permissions need a good going over.  Under Linux
> mine looks like:
> 
> # ls -l | grep mimedefang.sock
> srwxr-x---1 defang   defang  0 Oct 26 12:52 mimedefang.sock=

Another possibility is that the socket is missing, probably because
mimedefang isn't running at all.

Sendmail must be using a very strange meaning of the word "unsafe" that
I wasn't previously aware of, before seeing this error :)

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Milter (mimedefang): to error state

2004-10-28 Thread Jason Gurtz 
On 10/28/2004 09:24, Jan Pieter Cornet wrote:

> Another possibility is that the socket is missing, probably because
> mimedefang isn't running at all.
> 
> Sendmail must be using a very strange meaning of the word "unsafe" that
> I wasn't previously aware of, before seeing this error :)

Yea, sometimes sm's error messages aren't particularly accurate  :/

~Jason

-- 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] thread_create errors

2004-10-28 Thread Stephane Lentz 
On Thu, Oct 28, 2004 at 09:22:02AM -0400, B. Tolka wrote:
> Hello All, I am running Redhat AS3 with Mimedefang 2.45,
> sendmail-8.12.11-4.RHEL3.1
> and I keep getting this error. It just starting happening.   Sometimes
> it gives me a socket unsafe error or the error below.
> 
> I saw where David said this was libmilter issue.  is there anyway around
> these errors.
> 
> Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
> (mimedefang): read returned -1: Connection reset by thog.systems.wvu.edu
> Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
> (mimedefang): to error state
> Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
> (mimedefang): init failed to open
> Oct 28 09:10:46 node1 sendmail[444]: i9SD9tJK000444: Milter
> (mimedefang): to error state
> Oct 28 09:10:46 node1 mimedefang[30009]: MIMEDefang-2.45:
> thread_create() failed: 12, try again
> 
>
The error seems to be a big thread_create problem
occuring in libmilter/listener.c (libmilter). 
There are several attempts to create threads (16 ?)
and at the end it's given up issuing 
thread_create() failed: 12, try again 
Check the number (real-time, max) of threads on that 
machine ..

PS : a folk running Linux reported a similar problem
but he's not runing RH. On Mandrake/SuSE I've never
seen it. How much traffic do you process ? Which 
hardware ? Try to get some recommendations on 
system tuning from RH since you're paying  .

SL/
---
Stephane Lentz 
AES TSC 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Is there a way to check body for specific text?

2004-10-28 Thread Aleksandar Milivojevic 
Alton Yu wrote:
Is there a way to check body for specific text like say if it had the 
text of a specific domain (viagra.com), to discard the message?

Someone used my email address as a envelope from address to spam and I 
keep getting bounced messages. I haven't figured out how to do this in 
mimedefang, but in postfix, I just use /etc/postfix/body_checks and have 
in the file something like:
/some text/DISCARD SPAM

I would like to have a similar setup in Mimedefang.
I'd guess that you can use $entity argument (which is of type 
MIME::Entity, see documentation for details) to access body of the 
message (or just a particular part) in filter, filter_multipart, and 
filter_end functions.  Then, just do substr or regex match on it.  The 
advantage of doing it in filter would be that than you can program it to 
search only text/plain and text/html parts, and skip large binary 
attachments and such.

--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator   1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB  R3T 1L7
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Milter (mimedefang): to error state

2004-10-28 Thread John Nemeth 
On Mar 20,  7:28am, "Stefaan Van Hoornick" wrote:
} 
} I receive following error:
} 
} Oct 28 12:51:44 mail sendmail[659]: [ID 801593 mail.error] i9SApiO659: Milter 
(mimedefang): local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe

 For some strange reason, you will get this error when the socket
has gone away, i.e. MIMEDefang has crashed.

} OS = Solaris 9

 On Solaris, you need to use a recent version of Unix::Syslog;
otherwise, MIMEDefang will crash.  Check the output of "mimedefang.pl
-features".  I have:

IO::Socket: Version 1.26
MIME::Tools   : Version 5.413
MIME::Words   : Version 5.413
Digest::SHA1  : Version 2.10
Mail::SpamAssassin: Version 2.64
Anomy::HTMLCleaner: missing
File::Scan: Version 1.35
HTML::Parser  : Version 3.36
HTML::TokeParser  : Version 2.28
Unix::Syslog  : Version 0.99

}-- End of excerpt from "Stefaan Van Hoornick"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Milter (mimedefang): to error state

2004-10-28 Thread Stefaan Van Hoornick 
I've found the error. The mimedefang.sock wasn't there.

And I've added Unix::syslog 1.00 and recompiled MIMEdefang

All the problems are solved so far.

Thx

Stefaan Van Hoornick
Network & Database Engineer
email: [EMAIL PROTECTED]
 
ITServices nv.
G. Roelandtsstraat 1
B-8020 Oostkamp
Tel: +32 (0) 50 402064
Fax: +32 (0) 50 396303
Gsm: +32 (0) 485 542344
web: www.itservices.be
 
---
You may be disappointed if you fail,
but you are doomed if you don't try.
 -- Beverly Sills 
---
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Nemeth
Sent: donderdag 28 oktober 2004 16:46
To: [EMAIL PROTECTED]
Subject: Re: [Mimedefang] Milter (mimedefang): to error state

On Mar 20,  7:28am, "Stefaan Van Hoornick" wrote:
} 
} I receive following error:
} 
} Oct 28 12:51:44 mail sendmail[659]: [ID 801593 mail.error]
i9SApiO659: Milter (mimedefang): local socket name
/var/spool/MIMEDefang/mimedefang.sock unsafe

 For some strange reason, you will get this error when the socket
has gone away, i.e. MIMEDefang has crashed.

} OS = Solaris 9

 On Solaris, you need to use a recent version of Unix::Syslog;
otherwise, MIMEDefang will crash.  Check the output of "mimedefang.pl
-features".  I have:

IO::Socket: Version 1.26
MIME::Tools   : Version 5.413
MIME::Words   : Version 5.413
Digest::SHA1  : Version 2.10
Mail::SpamAssassin: Version 2.64
Anomy::HTMLCleaner: missing
File::Scan: Version 1.35
HTML::Parser  : Version 3.36
HTML::TokeParser  : Version 2.28
Unix::Syslog  : Version 0.99

}-- End of excerpt from "Stefaan Van Hoornick"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] thread_create errors

2004-10-28 Thread David F. Skoll 
On Thu, 28 Oct 2004, Stephane Lentz wrote:

> PS : a folk running Linux reported a similar problem
> but he's not runing RH. On Mandrake/SuSE I've never
> seen it. How much traffic do you process ? Which
> hardware ? Try to get some recommendations on
> system tuning from RH since you're paying  .

Here's some free advice:  On RHEL3, type "ulimit -s":

$ ulimit -s
10240

So each thread wants 10MB of stack space.  That can chew up your RAM pretty
quickly.  I recommend editing the MIMEDefang startup script and putting:

ulimit -s 2048

just before mimedefang (not the multiplexor!) is invoked.

Right now, the sample red hat script does it only if you have more than
100 slaves, but it should really do it unconditionally.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] OT Sendmail bad addresses

2004-10-28 Thread Button, Shawn 
thank you...I will do that...



From: [EMAIL PROTECTED] on behalf of Alexander Dalloz
Sent: Wed 10/27/2004 5:45 PM
To: [EMAIL PROTECTED]
Subject: Re: [Mimedefang] OT Sendmail bad addresses



Am Mi, den 27.10.2004 schrieb Button, Shawn um 18:48:

> We throttle invalid address attempts:
>
> define(`confBAD_RCPT_THROTTLE', `3')dnl
>
> But we are seeing more and more the same tactic used across multiple
> e-mails (1 per bad address) from the same mail server over about a 5
> second interval.

> Shawn

Not directly what you request, but do you have the greet_pause feature
active? I am seeing good results so far and read same reports by others
as well. Experiment with different greet_pause values, maybe between
3000 and 15000 milliseconds.

Alexander


--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 01:42:58 up 7 days, 22:22, load average: 3.02, 5.51, 4.38

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang



___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.46 is released

2004-10-28 Thread David F. Skoll 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

MIMEDefang 2.46 is available at http://www.mimedefang.org/node.php?id=1

The main changes from 2.45 are:

o Better interpretation of Trend Micro virus-scanner return code.

o Much better algorithm for reconstructing messages that avoids creating
  useless multipart/mixed containers with only one sub-part.

o A few small security fixes.

o Refusal to tamper with S/MIME messages in append_boilerplate functions.

o Support for "csav" command-line anti-virus program.

o A mechanism for slaves to "report back" their status to the multiplexor.
  This lets you see exactly what each slave is doing.  For example, typing:

md-mx-ctrl busyslaves

  on a moderately-busy mail server might result in this output:

0 B 7006 (In filter_begin i9SHSo49007015)
2 B 6504 (Running SpamAssassin i9SHSoi2007020)
3 B 7035 (Running virus scanner i9SHSo6T007023)
4 B 7036 (Parsing Message i9SHSosS007014)
5 B 7038 (In filter_begin i9SHSoD2007026)

Full changelog to 2.45 follows.

Regards,

David.

2004-10-28  David F. Skoll  <[EMAIL PROTECTED]>

* Version 2.46 RELEASED

* mimedefang-multiplexor.c: Added mechanism for slaves to send
back "status reports" to the multiplexor.  The command
"md-mx-ctrl slaves" now shows the current status of busy slaves
(eg, "Running SpamAssassin", "recipok <[EMAIL PROTECTED]>", etc.)

* redhat/mimedefang-init.in: Unconditionally execute "ulimit -s 2048"
before invoking mimedefang.

2004-10-28 Bill Maidment <[EMAIL PROTECTED]>

* Added support for Command "csav" anti-virus.

2004-10-27  David F. Skoll  <[EMAIL PROTECTED]>

* Version 2.46-BETA-2 released.

* mimedefang.c: Print and log an error if we can't determine our
own IP address.

* mimedefang.pl.in: append_html_boilerplate and append_text_boilerplate
refuse to tamper with S/MIME messages.  They won't descend into
multipart/signed or multipart/encrypted parts.  Similarly for
remove_redundant_html_parts.

* mimedefang.pl.in: Split-and-rebuild algorithm is greatly improved.
In particular:  In filter_end, the $entity->head correctly contains
all message headers.  And we try to avoid creating useless
multipart containers -- if we would end up with a multipart/mixed
or multipart/alternative with only one sub-part, we "pop" the sub-part
up to the top level.

2004-10-26  David F. Skoll  <[EMAIL PROTECTED]>

* Version 2.46-BETA-1 released.

* mimedefang-filter.5.in: Corrected an error in one of the examples

* mimedefang.c: Add IP address of scanning host to X-Scanned-By:
header.

* SECURITY FIX: mimedefang.c: Tempfail message if RESULTS file
doesn't terminate with 'F' line.  (Detects disk-full condition.)

* mimedefang.pl.in (rebuild_entity): Add a Content-Type: header
if MIME part lacks one.  Some marginal e-mail software chokes on
a part with a missing content-type header.

* mimedefang.pl.in: flatten_mime removed.  Support for
$Stupidity{"flatten"} removed.  *** NOTE INCOMPATIBILITY ***

* action_add_part revamped completely; we try to preserve original
multipart type of message.  action_add_part now simply keeps a list
of parts to be added.  At the end:

a) If original message was multipart/mixed, we simply add
the part.

b) Otherwise, we make a new multipart/mixed container, put
original message as the first part of this new container, and
then add part to the multipart/mixed container.

*** NOTE INCOMPATIBILITY ***

* Proper multipart type passed to filter_end.

* All mimedefang.pl-generated messages have an
Auto-Submitted: auto-generated header.

* mimedefang.pl.in: Return codes of I/O operations are checked; we
die if any fail.  This is a security fix.

* mimedefang.pl.in (interpret_trend_code): Treat any code from
1 to 9 as indicative of a virus, upon recommendation of Stephane Lentz.

* mimedefang.pl.in (spam_assassin_init): Add a
LOCAL_RULES_DIR => @CONFDIR@/spamassassin argument to SpamAssassin
constructor.

2004-09-22  David F. Skoll  <[EMAIL PROTECTED]>

* Version 2.45 RELEASED



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFBgS72dB1gkTPXMwsRAhG1AJ9tKyaz/kJLcHga3O1O1lP849XzVACglXsO
DyzWeluWbGy30eOrlDIxJJU=
=vW9E
-END PGP SIGNATURE-
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] thread_create errors

2004-10-28 Thread B. Tolka 
Thanks
David

Now after about an hour of implementing the ulimit change


Now I getting these errors

Oct 28 13:40:12 node1 sendmail[28013]: i9SHeC9g028013: Milter: connect:
host=newsletter.integinc.com, addr=12.152.97.69, temp failing commands
Oct 28 13:40:15 node1 mimedefang[14719]: MXCommand: socket: Too many
open files
Oct 28 13:40:15 node1 mimedefang[14719]: mfconnect: Error communicating
with multiplexor
Oct 28 13:40:15 node1 sendmail[28017]: i9SHeFVR028017: Milter: connect:
host=BV2-24.207.198.233.charter-stl.com, addr=24.207.198.233, temp
failing commands
Oct 28 13:40:18 node1 mimedefang[14719]: MXCommand: socket: Too many
open files
Oct 28 13:40:18 node1 mimedefang[14719]: mfconnect: Error communicating
with multiplexor
Oct 28 13:40:18 node1 sendmail[28019]: i9SHeI9p028019: Milter: connect:
host=thog.systems.wvu.edu, addr=157.182.232.210, temp failing commands
Oct 28 13:40:18 node1 mimedefang[14719]: MXCommand: socket: Too many
open files
Oct 28 13:40:18 node1 mimedefang[14719]: mfconnect: Error communicating
with multiplexor
Oct 28 13:40:18 node1 sendmail[28021]: i9SHeIFu028021: Milter: connect:
host=mail7.uptilt.com, addr=66.35.204.217, temp failing commands
Oct 28 13:40:20 node1 mimedefang[14719]: MXCommand: socket: Too many
open files
Oct 28 13:40:20 node1 mimedefang[14719]: mfconnect: Error communicating
with multiplexor
Oct 28 13:40:20 node1 sendmail[28023]: i9SHeKU5028023: Milter: connect:
host=r212.fix3.com, addr=65.240.152.212, temp failing commands
Oct 28 13:40:20 node1 sendmail[26802]: i9SHYoAr026802:
from=<[EMAIL PROTECTED]>, size=2520,
class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>,
proto=SMTP, daemon=MTA, relay=em.prewards.com [64.28.76.5]
Oct 28 13:40:20 node1 mimedefang[14719]: i9SHYoAr026802: Could not open
/var/spool/MIMEDefang/mdefang-i9SHYoAr026802/HEADERS: Too many open
files
Oct 28 13:40:20 node1 sendmail[26802]: i9SHYoAr026802: Milter: data,
reject=451 4.7.1 Please try again later
Oct 28 13:40:20 node1 sendmail[26802]: i9SHYoAr026802:
to=<[EMAIL PROTECTED]>, delay=00:00:05, pri=32520, stat=Please try
again later
Oct 28 13:40:23 node1 sendmail[28025]: i9SHeMeK028025:
from=<[EMAIL PROTECTED]>, size=2674, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=SMTP,
daemon=MTA, relay=mail.4sttsuite.co.uk [194.73.244.198]
Oct 28 13:40:23 node1 mimedefang[14719]: i9SHeMeK028025: Could not open
/var/spool/MIMEDefang/mdefang-i9SHeMeK028025/INPUTMSG: Too many open
files


Thanks so much,   What a great product Mimedefang.

FYI, being a educational institution we get Redhat for like $25.


Bryan Tolka


 
>>>[EMAIL PROTECTED] 10/28 11:54 am >>> 
On Thu, 28 Oct 2004, Stephane Lentz wrote: 
 
>PS : a folk running Linux reported a similar problem 
>but he's not runing RH. On Mandrake/SuSE I've never 
>seen it. How much traffic do you process ? Which 
>hardware ? Try to get some recommendations on 
>system tuning from RH since you're paying  . 
 
Here's some free advice:  On RHEL3, type "ulimit -s": 
 
$ ulimit -s 
10240 
 
So each thread wants 10MB of stack space.  That can chew up your RAM
pretty 
quickly.  I recommend editing the MIMEDefang startup script and putting:

 
ulimit -s 2048 
 
just before mimedefang (not the multiplexor!) is invoked. 
 
Right now, the sample red hat script does it only if you have more than 
100 slaves, but it should really do it unconditionally. 
 
Regards, 
 
David. 
 
Visit http://www.mimedefang.org and http://www.canit.ca 
MIMEDefang mailing list 
[EMAIL PROTECTED] 
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] whitelisting in Mimedefang?

2004-10-28 Thread scohen 

I know I can whitelist with /etc/mail/access.db and I know I can whitelist
in sa-mimedefang.cf for the spamassassin tests, but is there anyway to
whitelist at the begining of mimedefang-filter so no tests are performed?
Btw, if I whitelist in the access.db does the email get sent through the
socket to mimedefang?

Thanks,

Steve Cohen

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang + SpamAssassin AWL

2004-10-28 Thread Aleksandar Milivojevic 
I just wanted to check if what I did was correct.  To get AWL working, I 
first attempted to only uncomment couple of lines in mimedefang-filter 
as instructed in comments:

  # If you want to use auto-whitelisting:
  if (defined($SASpamTester)) {
use Mail::SpamAssassin::DBBasedAddrList;
my $awl = Mail::SpamAssassin::DBBasedAddrList->new();
$SASpamTester->set_persistent_address_list_factory($awl) if 
defined($awl);
  }

Hower, it didn't work, so I added these to sa-mimedefang.cf
auto_whitelist_path/var/spool/MIMEDefang/mimedefang-awl
auto_whitelist_file_mode   0640
After that, things started to work (or at least it looks like that). 
Question is, is this correct way to do it?

--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator   1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB  R3T 1L7
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang 2.46-BETA-2 is available

2004-10-28 Thread Aleksandar Milivojevic 
David F. Skoll wrote:
Hi,
MIMEDefang 2.46-BETA-2 is available at http://www.mimedefang.org/node.php?id=1
This release addresses the problems identified by Aleksandar Milivojevic.
It greatly improves the sanity of the message-rebuilding algorithm.  Also,
I've changed it so the append_boilerplate functions refuse to monkey with
S/MIME signed or encrypted parts.
I've just compiled and tested it.  Seems to work nicely.  The only 
(rather minor thing) is that if there's no content-type header in the 
message, $entity->head->get() will return multipart/mixed (plus 
internally generated boundary), while $sa_stat->get() (where $sa_stat is 
of type Mail::SpamAssasin::PerMsgStatus from my workaround) will 
correctly return undef.

--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator   1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB  R3T 1L7
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] whitelisting in Mimedefang?

2004-10-28 Thread Jeff Rife 
On 28 Oct 2004 at 14:01, scohen wrote:

> I know I can whitelist with /etc/mail/access.db and I know I can
> whitelist in sa-mimedefang.cf for the spamassassin tests, but is
> there anyway to whitelist at the begining of mimedefang-filter so no
> tests are performed? Btw, if I whitelist in the access.db does the
> email get sent through the socket to mimedefang? 

Yes, it does.

You can tie to the /etc/mail/access.db using Perl to stop processing 
early in your mimedefang-filter.  Don't ask me exactly *how* to do this 
(no Perl guru here), but the archives for this list should have 
something.



--
Jeff Rife|  
SPAM bait:   | http://www.netfunny.com/rhf/jokes/99/Apr/columbine.html 
[EMAIL PROTECTED] |  
[EMAIL PROTECTED] |  


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang 2.46-BETA-2 is available

2004-10-28 Thread David F. Skoll 
On Thu, 28 Oct 2004, Aleksandar Milivojevic wrote:

> I've just compiled and tested it.  Seems to work nicely.  The only
> (rather minor thing) is that if there's no content-type header in the
> message, $entity->head->get() will return multipart/mixed (plus
> internally generated boundary),

That's a feature, not a bug.  We always wrap the message in a multipart/mixed
container if it wasn't multipart originally.  (It simplifies later processing
steps.)

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang 2.46-BETA-2 is available

2004-10-28 Thread David F. Skoll 
On Thu, 28 Oct 2004, Aleksandar Milivojevic wrote:

> Anyhow, I've noticed messages like this in my log files, after upgrading
> to 2.46 (final).  Haven't noticed them before.  I guss this is related
> to new reports from slaves.

Rats... you shouldn't be seeing those.  Are your slaves printing anything
else to STDERR?

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang 2.46-BETA-2 is available

2004-10-28 Thread Aleksandar Milivojevic 
David F. Skoll wrote:
That's a feature, not a bug.  We always wrap the message in a multipart/mixed
container if it wasn't multipart originally.  (It simplifies later processing
steps.)
I always like to have features, eh ;-)
Anyhow, I've noticed messages like this in my log files, after upgrading 
to 2.46 (final).  Haven't noticed them before.  I guss this is related 
to new reports from slaves.  Are slaves supposed to send reports 
periodically, or multiplexor is quering them periodically?  Or was it 
something multiplexor hasn't expected, so it wrote it to logs?  The 
thing that makes me feel it is later, is presence of "stderr" string, 
and basically all spaces are encoded (looks kind of URL encoding scheme).

Slave 1 stderr: Pe0L013829 MD-MX-STATUS 
In%20rebuild%20loop%20i9SJPe0L013829 MD-MX-STATUS 
In%20filter_end%20i9SJPe0L013829 MD-MX-STATUS 
Running%20SpamAssassin%20i9SJPe0L013829

--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator   1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB  R3T 1L7
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MD 2.46 a bit of a brown-paper-bag release

2004-10-28 Thread David F. Skoll 
Hi,

So, 2.46 is a bit of a brown-paper-bag release.  There isn't a serious
problem with it, but it will clutter up your logs with slave update
messages that the multiplexor misses.

2.47 will be out soon to fix this.  It will use a separate file
descriptor for the update messages.  Because this means an extra file
descriptor per slave, the update mechanism will be off by default; you'll
have to enable it with a command-line option.

Sorry about that!

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] HELP: filter_sender() not working

2004-10-28 Thread Yang Xiao 
Hi all,
I modified the filter_sender() function showed in the man page :

#
# Filter Sender who says they are OHPP.COM
#
sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;
if ($helo =~ /ohpp\.com$/i) {
return (REJECT, "goaway.");
}
return (CONTINUE,"OK");
}


This is not working, can someone please help?

Many thanks!

Yang
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.47 is available

2004-10-28 Thread David F. Skoll 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

MIMEDefang 2.47 is available at http://www.mimedefang.org/node.php?id=1

It simply fixes a silly bug introduced in 2.46 which would spew lots
of noise to the error log.  With version 2.47, the "status update" feature
is off by default.  You need to supply the "-Z" option to the multiplexor
to enable it.

Regards,

David.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFBgV22dB1gkTPXMwsRAtqsAJ9GigomrywdMkSBVGO69rP8vx+FDACg1hQ/
QL5XEpki6VR1IFpUox4WHIQ=
=njPl
-END PGP SIGNATURE-
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] HELP: filter_sender() not working

2004-10-28 Thread Keith Patton 
Did you  turn on sender checking?
MX_SENDER_CHECK=yes
or on the command line?
-Keith
Yang Xiao wrote:
Hi all,
I modified the filter_sender() function showed in the man page :
#
# Filter Sender who says they are OHPP.COM
#
sub filter_sender {
   my ($sender, $ip, $hostname, $helo) = @_;
   if ($helo =~ /ohpp\.com$/i) {
   return (REJECT, "goaway.");
   }
   return (CONTINUE,"OK");
}
This is not working, can someone please help?
Many thanks!
Yang
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
 


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang 2.46-BETA-2 is available

2004-10-28 Thread Aleksandar Milivojevic 
David F. Skoll wrote:
Rats... you shouldn't be seeing those.  Are your slaves printing anything
else to STDERR?
Only MD-MX-STATUS messages, as the one I reported.  Sometimes they are 
broken over several lines, sometimes they look like interpolated from 
several slaves.

Another thing I noticed is that (sometimes, not every time) if I run 
md-mx-ctrl busyslaves, I'm getting this message logged (from multiplexor):

reply_to_mimedefang: EventTcp_WriteBuf failed: Interrupted system call
And no output from md-mx-ctrl.  If I get output from md-mx-ctrl, there's 
no error logged.

I'd say probability of getting response from slaves vs getting that 
error message logged is somewhere around fifty-fifty.

--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator   1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB  R3T 1L7
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] HELP: filter_sender() not working

2004-10-28 Thread David F. Skoll 
On Thu, 28 Oct 2004, Keith Patton wrote:

> Did you  turn on sender checking?
> MX_SENDER_CHECK=yes

Actually, his problem is that:

return (REJECT, "goaway");

is wrong.  It should be:

return("REJECT", "goaway");

Similarly, CONTINUE should be "CONTINUE" -- the return values are strings.

--
David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] VERY Newbie Question

2004-10-28 Thread Yang Xiao 
Hi all,
I'm a little confused as to how to insert a custom function into the
filter. Can someone please give me a pointer or two?

Ok, for something like this, a sample function on the FAQ site that
filters HELO line

sub filter_sender {
  my($sender, $ip, $name, $helo) = @_;
  return(1, "OK") if ($ip eq "127.0.0.1");   # no further checking if localhost
  if ($helo =~ /(^|.)abc.com$/i) {
if ($ip !~ /^123.123.123./) {
  return(0, "Connect rejected - $ip is not abc.com");
}
  }
  return(1, "OK");
}

How do I integrate this into the filter file ?

Many thanks, flames ok too.

Yang
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] HELP: filter_sender() not working

2004-10-28 Thread Alexander Dalloz 
Am Do, den 28.10.2004 schrieb David F. Skoll um 23:15:

> Actually, his problem is that:
> 
>   return (REJECT, "goaway");
> 
> is wrong.  It should be:
> 
>   return("REJECT", "goaway");
> 
> Similarly, CONTINUE should be "CONTINUE" -- the return values are strings.

> David.

Maybe a stupid question, but does it matter to use single quotes for the
action rather than double quotes? The mimedefang-filter manpage says to
use 

return('REJECT', "goaway");

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 23:50:21 up 8 days, 20:29, load average: 0.64, 0.57, 0.37 

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] HELP: filter_sender() not working

2004-10-28 Thread Matthew.van.Eerde 
Alexander Dalloz wrote:
> Am Do, den 28.10.2004 schrieb David F. Skoll um 23:15:
>>  return (REJECT, "goaway");
>> 
>> is wrong.  It should be:
>> 
>>  return("REJECT", "goaway");
>> 
>> Similarly, CONTINUE should be "CONTINUE" -- the return values are
>> strings. 
> 
> Maybe a stupid question, but does it matter to use single quotes for
> the action rather than double quotes? The mimedefang-filter manpage
> says to use
> 
> return('REJECT', "goaway");

Either are fine - or qw/REJECT/ or qq{REJECT} or q|REJECT|...

You could even go so far as to do something like

sub REJECT(); sub REJECT() { return "REJECT"; }
sub CONTINUE(); sub CONTINUE() { return "CONTINUE"; }

which would allow you to get away with a later
return (REJECT, "goaway");

but this is not to be recommended

Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Brown paper bag, take 2...

2004-10-28 Thread David F. Skoll 
Hi, all.

There's a problem with MIMEDefang 2.47.

Don't use the -Z option to the multiplexor. :-(  If you do
"md-mx-ctrl reread", the multiplexor socket gets closed if you're
using embedded Perl.

If you don't use -Z, or you're not using embedded Perl, it should be OK.

A fix will be forthcoming tomorrow.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Pounded by spam

2004-10-28 Thread Rich West 
We just got the living daylights pounded out of us by a spam host 
running at 69.6.66.103.

While I know it can be easy to simply block the host, I was wondering if 
there was some way to avoid the problem all together by potentially 
identifying hosts attempting to overload the server (Denial Of Service) 
by throttling down the amount of allowed inbound connections (from 
external sources) from a single host.

Admittedly, this is a bit off topic.. Mimedefang.pl was the process that 
was getting hammered (and subsequently drove the CPU load to >16 before 
we shut down email all together), but I do not think that the fault lies 
with mimedefang (in fact, I don't think there is any 'fault' here).. 
it's more a configuration issue at the MTA level (in this case, sendmail).

-Rich
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Pounded by spam

2004-10-28 Thread Ben Kamen 

You can always blackhole the ip or range for a time you see fit and then
remove the blackhole...

use the 'route' command for that...

on AIX it's:

route add -net ipaddr -prefix maskbits 127.0.0.1 -blackhole

or -host or whatever.

Have fun...

 -Ben


On Thu, 28 Oct 2004, Rich West wrote:

> We just got the living daylights pounded out of us by a spam host
> running at 69.6.66.103.
>
> While I know it can be easy to simply block the host, I was wondering if
> there was some way to avoid the problem all together by potentially
> identifying hosts attempting to overload the server (Denial Of Service)
> by throttling down the amount of allowed inbound connections (from
> external sources) from a single host.
>
> Admittedly, this is a bit off topic.. Mimedefang.pl was the process that
> was getting hammered (and subsequently drove the CPU load to >16 before
> we shut down email all together), but I do not think that the fault lies
> with mimedefang (in fact, I don't think there is any 'fault' here)..
> it's more a configuration issue at the MTA level (in this case, sendmail).
>
> -Rich
> ___
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> [EMAIL PROTECTED]
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>

-- 
Ben Kamen - O.D.T., S.P.
--
Home: [EMAIL PROTECTED]   http://www.benjammin.net
Work: [EMAIL PROTECTED]
gPG Pub Key - http://www.benjammin.net/www/pages/library

***
* NOTE: Opinions and Views discussed via email are my own and not that*
* of the State of Illinois, University of Illinois or the Illinois Dept   *
* of Natural Resources.   *
***

'/usr/games/fortune' says:
It looks like blind screaming hedonism won out.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Pounded by spam

2004-10-28 Thread John 
At 08:58 PM 10/28/2004, you wrote:
We just got the living daylights pounded out of us by a spam host running 
at 69.6.66.103.
Happens on occasion.

While I know it can be easy to simply block the host, I was wondering if 
there was some way to avoid the problem all together by potentially 
identifying hosts attempting to overload the server (Denial Of Service) by 
throttling down the amount of allowed inbound connections (from external 
sources) from a single host.
Yes.  Sendmail >=8.13.0 has several nice options.
FEATURE(`ratecontrol',`nodelay',`terminate')dnl
FEATURE(`conncontrol')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`60')dnl
I am the SysAdmin for an ISP here in Billings.  I am unafraid of using 
these controls and they have really helped our situation.  I limit 25 
Connections/sec period.  I also limit 3 connections from any one external 
host/min.

Read all about these and understand exactly what they mean in the Sendmail 
Doc's.  You have all kinds of options in the access file.  Of course, you 
open these through the access file for your authorized nets that you are an 
MX for.  We also use a 10 sec. delay in response that drops anything 
attempting to jam mail down your throat before receiving a welcome banner 
from our mail servers.

I occasionally get the "25" connections and deferring at that rate in my 
logs, but not enough to worry me and we handle ~200,000 emails a 
day.  Adjust your connection/defer times accordingly to your normal load.

Have fun and knock them dead at the gate.

Admittedly, this is a bit off topic.. Mimedefang.pl was the process that 
was getting hammered (and subsequently drove the CPU load to >16 before we 
shut down email all together), but I do not think that the fault lies with 
mimedefang (in fact, I don't think there is any 'fault' here).. it's more 
a configuration issue at the MTA level (in this case, sendmail).

-Rich
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

John Jaeger - Billings, Montana
EMail To: 
Home Page   : 
PGP:
RSA Key ID: 0xAAEC7751  
"Our liberty is protected by four boxes...
The ballot box, the jury box, the soap box, and the cartridge box."
   - Anonymous
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang