Re: [Mimedefang] Patch to mimedefang...
On Fri, 13 Jan 2006, David F. Skoll wrote: [snip] is probably not in the cards. One of the biggest complaints from people who've tried MIMEDefang is the number of Perl modules it requires. [snip] These people have obviously never installed RT :) MIMEDefangs' pre-requisites are perfectly sane for any large scale perl based framework, thanks mainly to the auto-detection. Thanks! -n -- --- nathan hruby [EMAIL PROTECTED] uga enterprise information technology services core services support --- In 1972 a crack commando unit was sent to prison by a military court for a crime they didn't commit ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Patch to mimedefang...
Philip Prindeville wrote: I suppose for people using RPM's with yum or smart, it might be different. The best way to handle that is to package the different filters in their own RPMs, and then *those* RPMs can specify the correct dependencies. So you know that if you want to use mimedefang-filter-magic-helo-processing, you'll need perl-Net-CIDR-Lite. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Perl dependencies (was Re: [Mimedefang] Patch to mimedefang...)
nathan r. hruby wrote: These people have obviously never installed RT :) Heh! We use RT here. Actually, if you really want to discover some dependency hell, try Catalyst plus Template Toolkit. Catalyst is a wonderful MVC-based Web development suite---gorgeous to use, but an absolute bear to install. (catalyst.perl.org, if you're interested.) -- David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mimedefang errors: What might be the cause?
Hi, I'm running Mimedefang/Spamassassin on a Redhat server with Sendmail. This has all been running fine for a couple of years now. Suddenly, this morning my customers were unable to send e-mail. Looking at /var/log/maillog, I saw lots of entries such as this: Jan 14 02:22:18 Raydeus-Dee mimedefang-multiplexor[1014]: No free slaves Jan 14 02:22:18 Raydeus-Dee mimedefang-multiplexor[1014]: No free slaves Jan 14 02:22:18 Raydeus-Dee mimedefang[10206]: Error from multiplexor: error: No free slaves Jan 14 02:22:18 Raydeus-Dee sendmail[10201]: k0E7MB2d010201: Please try again later Jan 14 02:22:18 Raydeus-Dee mimedefang[10100]: Error from multiplexor: error: No free slaves Jan 14 02:22:18 Raydeus-Dee sendmail[10098]: k0E7Lw2c010098: Please try again later Jan 14 02:22:27 Raydeus-Dee mimedefang[10243]: mfconnect: No free slaves Jan 14 02:22:27 Raydeus-Dee mimedefang[10246]: mfconnect: No free slaves Jan 14 02:22:27 Raydeus-Dee mimedefang[10247]: mfconnect: No free slaves Jan 14 02:22:27 Raydeus-Dee mimedefang[10248]: mfconnect: No free slaves Jan 14 02:22:27 Raydeus-Dee mimedefang[10249]: mfconnect: No free slaves I stopped and restarted Sendmail/Mimedefang but that did not help. Finally I just rebooted the Redhat box. Interestingly enough, when it came back up the problem was still there but a few minutes later it rresolved. I need to try to determine what might cause this and how to prevent it from happening again. Also - how do I find out how many slaves Mimedefang is configured to have and should I increase that? If so, how? Thanks, Lisa Casey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang errors: What might be the cause?
On 14/01/06, Lisa Casey [EMAIL PROTECTED] wrote: Hi, I'm running Mimedefang/Spamassassin on a Redhat server with Sendmail. This has all been running fine for a couple of years now. Suddenly, this morning my customers were unable to send e-mail. Looking at /var/log/maillog, I saw lots of entries such as this: Jan 14 02:22:18 Raydeus-Dee mimedefang-multiplexor[1014]: No free slaves ---SNIP signs of a busy mail server--- I need to try to determine what might cause this and how to prevent it from happening again. Likely you had more incoming connections than configured slaves. Also - how do I find out how many slaves Mimedefang is configured to have and should I increase that? If so, how? Check your startup script. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang errors: What might be the cause?
From: Lisa Casey Sent: Saturday, January 14, 2006 8:16 AM I'm running Mimedefang/Spamassassin on a Redhat server with Sendmail. Which versions? What sort of hardware (cpu type, speed, memory size) How many average messages/day? This has all been running fine for a couple of years now. Suddenly, this morning my customers were unable to send e-mail. Looking at /var/log/maillog, I saw lots of entries such as this: Jan 14 02:22:18 Raydeus-Dee mimedefang-multiplexor[1014]: No free slaves Jan 14 02:22:18 Raydeus-Dee mimedefang-multiplexor[1014]: No free slaves Unless you have a very active night shift, 2AM is not a typical time to expect a mail overload. Couple of things to check: 1. disk space: try 'df -h' and note if any file systems are full or near full. Especially the one that /tmp lives on. 2. check your version of SA. Versions 3.0.0 through 3.0.3 are subject to Denial of Service attacks. 3. Try running, 'md-mx-ctrl rawstatus', and check 'man md-mx-ctrl' for an explanation of the results. With some work, you could write a cron script that tails /var/log/maillog and looks for the 'no free slaves' and have it run some combination of 'top -b | head -20', 'md-mx-ctrl rawstatus' and any other commands that can give you some info. on what might be going on. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Mimedefang errors: What might be the cause?
Try running, 'md-mx-ctrl rawstatus' 'md-mx-ctrl load' is also useful, and human readable. The various other commands described in 'man md-mx-ctrl' may also help provide some insight into what is going on. For example, 'md-mx-ctrl slaveinfo 0' will tell you which pid is assigned to slave 0. Then you can run 'strace -ppid' to follow the system calls it makes and try to understand where it may be running aground. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang errors: What might be the cause?
Hi, Also - how do I find out how many slaves Mimedefang is configured to have and should I increase that? If so, how? Check your startup script. I looked in the startup script: /etc/init.d/mimedefang The only things in there that have to do with slaves are: # MX_SLAVE_DELAY=3 # MX_MIN_SLAVE_DELAY=0 # MX_LOG_SLAVE_STATUS_INTERVAL seconds # MX_LOG_SLAVE_STATUS_INTERVAL=30 # MX_STATUS_UPDATES=yes # MX_MAX_RSS=1 # MX_MAX_AS=3 Quite honestly none of these look like settings I could tweak to increase the maximum number of slaves. In my maillog I have this: Jan 14 10:40:23 Raydeus-Dee mimedefang-multiplexor[1211]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 and I think the maxSlaves looks like it is low to me. By the way, I'm using RedHat 7.2, mimedefang version 2.48, and SpamAssassin version 3.0.1 running on Perl version 5.8.5 (I'm basically using MimeDefang to run Spamassassin). Guess I need more help then this to increase maxSlaves. Sorry. Lisa Casey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Including archetypal filters to include in release?
Damrose, Mark wrote: FYI: I added an example of using Net::CIDR::Lite to the Helo testing wiki at http://www.mimedefang.org/kwiki/index.cgi?UseHeloToCatchSpam Hmm Found some issues (shortcomings, whatever) with the API to Net::CIDR::Lite. First is that when you pass it bad parameters, it emits a message via confess, but doesn't bomb out or have an indicative return value... The second issue is that you can't add_range(0.0.0.0/0) as a catch-all. And lastly, it wasn't clear how you store into an element a reference to further external data that tells you what to do with that node (i.e. continue, discard, reject, ... a specific message to give with the reject, etc). Sigh. Contacted the author... -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Including archetypal filters to include in release?
Kevin A. McGrail wrote: I'm interested in the answer about the reverse DNS as well, BTW. Regards, KAM BTW: In the case where there is no rDNS for an incoming connection... what would be the approximate false positive rate be if we were to refuse those connections (unless of course they were authenticated or local)? If the user is authenticated... why would there not be a rDNS entry for their IP?? I guess if they are roaming but we usually recommend a webmail setup for most of those customers that fit the typical user profile, others know enough they don't need to call and make sure they setup for auth and STARTTLS, in either case.. I have yet to run this as an issue. I have been running the require_rdns.m4 hack with some minor modifications (I ONLY reject if there is no rDNS at all and with greet_pause enabled with a 4 sec delay for off-network MTA/MUAs) since I last mentioned it on this list some time ago with zero customer complaints, and only 2 or 3 contacts from other sys admins asking how they fix their DNS. So, as long as you are not draconian about it, it seems to work well. Now when I first implemented the hack on my test box... I implemented the whole thing... requiring the rDNS to match will cause you ALOT of false positives/cust complaints. Some quick and dirty stats off my test box: on avg over 10% of the 5XX rejects are for bad rDNS, when I first implemented I merely tagged and tracked these to confirm it was reall spam... during this time period I had zero false positives... but admitedly only tracked it for one week. When I started rejecting them using the require_rdns.m4 hack I simply saved myself a few more expensive MD/SA implementations as I also noticed these messages were invariably caught by MD/SA, I just stop them a little bit earlier now. The message breakdown on my test box is as folllows for the last few days: ./msgperday ' 9' grep ^Jan 9 /var/log/maillog UNIQ MSID: 13670 TO: 6561 Sent: 5670 5XX Rejects:8045 1113 of these were for no rDNS 4XX Rejects:36 Deferred: 887 Timeout:12 User Unknown: 101 Service Unavail:1 Header Forgery: 2 Host Unknown: 3 Processed (stat=): 6789 Rejected (eject=): 8081 ./msgperday 10 grep ^Jan 10 /var/log/maillog UNIQ MSID: 14503 TO: 6906 Sent: 5698 5XX Rejects:8602 1113 were for no rDNS 4XX Rejects:18 Deferred: 972 Timeout:12 User Unknown: 138 Service Unavail:2 Header Forgery: 6 Host Unknown: 4 Processed (stat=): 7047 Rejected (eject=): 8620 ./msgperday 11 grep ^Jan 11 /var/log/maillog UNIQ MSID: 14358 TO: 6765 Sent: 5589 5XX Rejects:8366 1086 were due to no rDNS 4XX Rejects:1 Deferred: 838 Timeout:37 User Unknown: 155 Service Unavail:3 Header Forgery: 4 Host Unknown: 1 Processed (stat=): 6916 Rejected (eject=): 8367 ./msgperday 12 grep ^Jan 12 /var/log/maillog UNIQ MSID: 14875 TO: 6948 Sent: 5883 5XX Rejects:9725 1206 were due to no rDNS 4XX Rejects:29 Deferred: 736 Timeout:24 User Unknown: 230 Service Unavail:1 Header Forgery: 8 Host Unknown: 1 Processed (stat=): 7141 Rejected (eject=): 9754 ./msgperday 13 grep ^Jan 13 /var/log/maillog UNIQ MSID: 14290 TO: 6086 Sent: 4975 5XX Rejects:9827 1377 were due to no rDNS 4XX Rejects:2 Deferred: 759 Timeout:15 User Unknown: 123 Service Unavail:7 Header Forgery: 9 Host Unknown: 4 Processed (stat=): 6185 Rejected (eject=): 9829 ./msgperday 14 grep ^Jan 14 /var/log/maillog INCOMPLETE DAY, Processed to 8:30pm EST UNIQ MSID: 10321 TO: 3481 Sent: 2421 5XX Rejects:8315 869 were due to no rDNS 4XX Rejects:15 Deferred: 670 Timeout:1 User Unknown: 100 Service Unavail:0 Header Forgery: 4 Host Unknown: 4 Processed (stat=): 3527 Rejected (eject=):
Re: [Mimedefang] poor performence from SA
Umm.. maybe you should try posting this to the SA list then.. [EMAIL PROTECTED] wrote: Hi list, I'm fed up with SA ! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] validating 'possibly forged' helo IP's?
Speaking of rDNS, check out this log entry (user name and sub-domain, obfuscated as 'fred'). Jan 10 09:09:02 intrepid sendmail[31995]: k0AH8pZE031992: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (1001/1001), delay=00:00:06, xdelay=00:00:03, mailer=esmtp, pri=151951, relay=mailhost.cotse.com. [216.112.42.58], dsn=4.0.0, stat=Deferred: 451 4.7.1 No RDNS: Sender IP address is not resolving: http://mail.cotse.net/cgi-bin/whitelist-request-form.cgi?h=nrdns The web page stats: Cotse.Net Whitelist Request Form You have been directed to this page either because your machine issued an attack on our server and was automatically blocked, because it has no rdns, or because it's rdns looks like an end user machine and not a mail server (due to massive numbers of spam zombied end user machines we've been forced to employ some common pattern matching). Fill out the form below to get automatically whitelisted. We're not on any RBL's, and haven't had any other complaints, so I assume they're being overly cuatious. Interesting approach though. PS: Although our name server handles the rDNS properly, however http://dnsstuff.com tells me that our upstream ISP-based NS does not. Perhaps that is what this site was complaining about. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang errors: What might be the cause?
On Sat, 14 Jan 2006, Lisa Casey wrote: Hi, Also - how do I find out how many slaves Mimedefang is configured to have and should I increase that? If so, how? Check your startup script. I looked in the startup script: /etc/init.d/mimedefang The only things in there that have to do with slaves are: # MX_SLAVE_DELAY=3 # MX_MIN_SLAVE_DELAY=0 # MX_LOG_SLAVE_STATUS_INTERVAL seconds # MX_LOG_SLAVE_STATUS_INTERVAL=30 # MX_STATUS_UPDATES=yes # MX_MAX_RSS=1 # MX_MAX_AS=3 Quite honestly none of these look like settings I could tweak to increase the maximum number of slaves. In my maillog I have this: Jan 14 10:40:23 Raydeus-Dee mimedefang-multiplexor[1211]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 and I think the maxSlaves looks like it is low to me. By the way, I'm using RedHat 7.2, mimedefang version 2.48, and SpamAssassin version 3.0.1 running on Perl version 5.8.5 (I'm basically using MimeDefang to run Spamassassin). Guess I need more help then this to increase maxSlaves. Sorry. Are MX_MINIMUM and MX_MAXIMUM set to the defaults? It's says in my config file (/etc/sysconfig/mimedefang) that The default value of 2 is probably too low. I set them as follows: MX_MINIMUM=4 MX_MAXIMUM=30 I got the same errors as you when my machines were under load and bumping these values made everything happy happy. -rick Lisa Casey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Including archetypal filters to include in release?
Thanks for the stats! If the user is authenticated... why would there not be a rDNS entry for their IP?? I guess if they are roaming but we usually recommend a webmail setup for most of those customers that fit the typical user profile, others know enough they don't need to call and make sure they setup for auth and STARTTLS, in either case.. I have yet to run this as an issue. I can't answer why from an ISPs perspective. I can simply tell you that it is a very common occurence in my experience. Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang