Re: [Mimedefang] Adding filter_helo support
On Tue, Jan 17, 2006 at 03:33:38PM -0800, Gary Funck wrote:
OK, and what about the question raised as to how incoming mailers
might react if, for example, tempfailed at HELO time, and related
questions?
I asked that merely out of curiousity, since it's not common to reject
after HELO, so it's probably not well tested. It's not a requirement for
integrating the patch (but if it causes surprising interaction with
other mail programs, that might be worth documenting).
It's good that mimedefang offers a more complete interface to the milter
API... only xxfi_abort and xxfi_close left to do (and I do see some good
use for those, so with any luck I'll add support for them later on).
--
#!perl -wpl # mmfppfmpmmpp mmpffm [EMAIL PROTECTED]
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}-(map{/p|f/i+/f/i}split//,$)+97):qw(m p f)[map{((ord$)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$;$f.eig;# Jan-Pieter Cornet
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves dying unexpectedly with signal 14
On Wed, Jan 18, 2006 at 08:37:31PM +1300, Roland Pope wrote:
I posted an email some time back asking about MD slaves that were
unexpectedly terminating with a signal 14. David Skoll mentioned at the time
that it was possibly a perl module generating this signal 14 which was
somehow not being handled and was causing the slaves to die.
At the time, I upgraded a few of the perl modules, and the problem seemed to
go away.
I assume signal 14 is a SIGALRM. If kill -l on your system doesn't show
14) SIGALRM in the output somewhere, then the below is invalid.
Unfortunately, it is back.
Once the errors start occuring, a restart seems to stop it happening for a
time, but eventually, it returns. This error is occuring on two seperate
mail exchangers (Which are running the same software versions).
I am running mimedefang 2.53 under CentOS linux 3.6
Can anyone give me any pointers at all as to how I can go about further
tracking down what is generating these signal 14's?? Can I arm some sort of
signal handler in my filter and generate some sort of trace back?
A traceback from the moment the signal is generated will not be helpful,
since the alarm() call that generated the signal is issued several seconds
before that (that's the whole point of the alarm() call).
If it's a perl module that uses alarm() and then fails to unset it,
you might be able to trace it by inserting something like this (UNTESTED)
use Carp qw(longmess);
my $buzz;
my $mess;
*CORE::GLOBAL::alarm = sub {
my $arg = shift || $_;
CORE::alarm($arg);
if ( $arg == 0 ) {
undef $buzz;
} else {
$buzz = time + $arg;
$mess = longmess;
}
};
# ... somewhere at the beginning or end of your filter code, where you
# are sure there should be no pending alarms going off..
if ( $buzz ) {
warn Alarm set to go off at . localtime($buzz) .
, set by alarm() call at: $mess;
}
--
#!perl -wpl # mmfppfmpmmpp mmpffm [EMAIL PROTECTED]
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}-(map{/p|f/i+/f/i}split//,$)+97):qw(m p f)[map{((ord$)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$;$f.eig;# Jan-Pieter Cornet
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves dying unexpectedly with signal 14
- Original Message -
From: Jan Pieter Cornet [EMAIL PROTECTED]
I assume signal 14 is a SIGALRM. If kill -l on your system doesn't show
14) SIGALRM in the output somewhere, then the below is invalid.
Yes 14 is SIGALRM
If it's a perl module that uses alarm() and then fails to unset it,
you might be able to trace it by inserting something like this (UNTESTED)
use Carp qw(longmess);
my $buzz;
my $mess;
*CORE::GLOBAL::alarm = sub {
my $arg = shift || $_;
CORE::alarm($arg);
if ( $arg == 0 ) {
undef $buzz;
} else {
$buzz = time + $arg;
$mess = longmess;
}
};
Thanks Jan for your response.
I inserted this code in near the start, and in the global section, of my
mimedefang-filter, and got the error:
snip
Jan 18 22:27:48 hosta mimedefang-multiplexor[6491]: Slave 5 stderr: Argument
at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Loc... isn't numeric
in alarm at /etc/mail/mimedefang-filter line 95.
/snip
When I added an 'md_syslog('info',alarm=$arg);' right after the
'CORE::alarm($arg);' statement, I got:
snip
alarm= at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Locker/Flock.pm
line 78 eval {...} called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Locker/Flock.pm line 73
Mail::SpamAssassin::Locker::Flock::safe_lock('Mail::SpamAssassin::Locker::Fl
ock=HASH(0xb0617a0)','/home/cyrus/.spamassassin/auto-whitelist',30,640)
called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DBBasedAddrList.pm line 72
Mail::SpamAssassin::DBBasedAddrList::new_checker('Mail::SpamAssassin::DBBase
dAddrList=HASH(0xc287378)','Mail::SpamAssassin=HASH(0x9fe2044)') called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/AutoWhitelist.pm line 95
Mail::SpamAssassin::AutoWhitelist::new('Mail::SpamAssassin::AutoWhitelist','
Mail::SpamAssassin=HASH(0x9fe2044)') called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/AWL.pm line 352
eval {...} called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/AWL.pm line 351
Mail::SpamAssassin::Plugin::AWL::check_from_in_auto_whitelist('Mail
/snip
Any ideas what could be changed in your sample code to avoid this error?
Thanks
Roland
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Slaves dying unexpectedly with signal 14
On Wed, Jan 18, 2006 at 10:34:24PM +1300, Roland Pope wrote:
From: Jan Pieter Cornet [EMAIL PROTECTED]
I assume signal 14 is a SIGALRM. If kill -l on your system doesn't show
14) SIGALRM in the output somewhere, then the below is invalid.
Yes 14 is SIGALRM
If it's a perl module that uses alarm() and then fails to unset it,
you might be able to trace it by inserting something like this (UNTESTED)
use Carp qw(longmess);
my $buzz;
my $mess;
*CORE::GLOBAL::alarm = sub {
my $arg = shift || $_;
CORE::alarm($arg);
if ( $arg == 0 ) {
undef $buzz;
} else {
$buzz = time + $arg;
$mess = longmess;
}
};
Thanks Jan for your response.
I inserted this code in near the start, and in the global section, of my
mimedefang-filter, and got the error:
snip
Jan 18 22:27:48 hosta mimedefang-multiplexor[6491]: Slave 5 stderr: Argument
at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Loc... isn't numeric
in alarm at /etc/mail/mimedefang-filter line 95.
Wow, that's very brave. I said UNTESTED and I meant it. I just typed this
in as an example...
And indeed my code is flawed :) if the argument is 0 then shift is
false so it takes $_, but that's not the right criterium... alarm uses
$_ if there is no argument, not if there's a false argument... and it
seems any false argument to alarm (not just 0) also disables it... so,
attempt two... still LARGELY untested:
*CORE::GLOBAL::alarm = sub {
my $arg = @_ ? shift : $_;
CORE::alarm($arg);
if ( !$arg ) {
undef $buzz;
} else {
$buzz = time + $arg;
$mess = Carp::longmess;
}
};
/snip
When I added an 'md_syslog('info',alarm=$arg);' right after the
'CORE::alarm($arg);' statement, I got:
snip
alarm= at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Locker/Flock.pm
line 78 eval {...} called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Locker/Flock.pm line 73
Mail::SpamAssassin::Locker::Flock::safe_lock('Mail::SpamAssassin::Locker::Fl
ock=HASH(0xb0617a0)','/home/cyrus/.spamassassin/auto-whitelist',30,640)
called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DBBasedAddrList.pm line 72
Mail::SpamAssassin::DBBasedAddrList::new_checker('Mail::SpamAssassin::DBBase
dAddrList=HASH(0xc287378)','Mail::SpamAssassin=HASH(0x9fe2044)') called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/AutoWhitelist.pm line 95
Mail::SpamAssassin::AutoWhitelist::new('Mail::SpamAssassin::AutoWhitelist','
Mail::SpamAssassin=HASH(0x9fe2044)') called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/AWL.pm line 352
eval {...} called at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/AWL.pm line 351
Mail::SpamAssassin::Plugin::AWL::check_from_in_auto_whitelist('Mail
/snip
Any ideas what could be changed in your sample code to avoid this error?
Well my original code contained a warn, so results like this is exactly
what is needed...
However, looking at this spamassassin code, it seems like there was
already an alarm active the moment M::A::Locker::Flock was called...
unfortunately my code only remembers the last alarm() call with a non-zero
argument... Or...
Hmm... it could also be that perl somehow forgot to install the SIGALRM
handler... I suddenly recall that that was the case last time this came
up. Quick check is: is it solved if you disable embedded perl? If it is,
then you can either leave embedded perl off, send a bug report to
spamassassin, or try to debug it yourself... Which might get tricky.
--
#!perl -wpl # mmfppfmpmmpp mmpffm [EMAIL PROTECTED]
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}-(map{/p|f/i+/f/i}split//,$)+97):qw(m p f)[map{((ord$)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$;$f.eig;# Jan-Pieter Cornet
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.55-BETA-3 is available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55-BETA-3 is available at http://www.mimedefang.org/node.php?id=1 The biggest change since BETA-2 is support for the filter_helo function, courtesy of Philip Prindeville. Please note that in my tests with Sendmail 8.13.4, Sendmail still returns a 250 reply code after HELO, no matter what. If your filter_helo returns a failure or tempfail code, it seems that Sendmail remembers this and returns it in response to MAIL. Complete changes since 2.54 follow. If no-one reports problems, this will become 2.55-FINAL. Regards, David. 2006-01-18 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll [EMAIL PROTECTED] * Added support for filter_helo function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the fsav virus scanner with the --mime option. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) 2005-11-17 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip bare CR characters from e-mails by default. The new -c command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll [EMAIL PROTECTED] * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDzkTswYQuKhJvQuARAqrfAJ9eqoHDOXmw1sRzN/GLFB4XJprBvACY43Zb BrgKsp/h7Adjvqzn1l/G3Q== =DKpl -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Stream_by_domain
DFS wrote on 01/17/2006 03:35:08 PM: It's hairy, but manageable. Doing per-recipient content-filtering is a lot hairier and less managable; we have to use hacks like stream_by_domain or stream_by_recipient. Unfortunately, that's just how SMTP works. Speaking of stram_by_domain, Is there any way to get mail from the same source, but to different domains to be sent on different connections? I was wondering if setting different names on the MX records like the following would make a difference: domain1.com IN MX 10 filter.domain1.com filter.domain1.com IN A 1.2.3.4 someotherdomain.com IN MX 10 filter.someotherdomain.com filter.someotherdomain.com IN A 1.2.3.4 Do MTAs look at the name, or the IP when deciding to send messages on one connection? What would be the downside to binding 50 or more IP addresses, one for each domain handled to the NIC on an RHEL 3 box and giving each domain their own IP address on the box? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream_by_domain
[EMAIL PROTECTED] wrote: Speaking of stram_by_domain, Is there any way to get mail from the same source, but to different domains to be sent on different connections? It depends on the MTA. I believe Sendmail is smart enough to notice that both MX hosts have the same IP address, and send the mail over one SMTP session. What would be the downside to binding 50 or more IP addresses, one for each domain handled to the NIC on an RHEL 3 box and giving each domain their own IP address on the box? Well, the downsides are you'd use up 50 or more IP addresses (which may or may not be a concern for you), and you'd use more bandwidth. If you're a very large site, you'd probably annoy people who send mail to lots of your domains (though most of those people are spammers anyway.) As a means of avoiding stream_by_domain, it's a good idea. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream_by_domain
DFS wrote on 01/18/2006 10:41:06 AM: It depends on the MTA. I believe Sendmail is smart enough to notice that both MX hosts have the same IP address, and send the mail over one SMTP session. I sort of expected that to be the case. That's why I asked the follow up question. Well, the downsides are you'd use up 50 or more IP addresses (which may or may not be a concern for you), and you'd use more bandwidth. If you're a very large site, you'd probably annoy people who send mail to lots of your domains (though most of those people are spammers anyway.) I'll have to see if I can get away with that. I'm not that concerned with the bandwidth. Much of the spam comes in over night when our BFPs (Big Fat Pipes) are idle. As a means of avoiding stream_by_domain, it's a good idea. That's what I want to do. I hate the idea of accepting mail and then remailing it and creating the bounce if it is spam. I'd much rather issue the tempfail to someone else's server. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Stream_by_domain
WBrown wrote: DFS wrote on 01/17/2006 03:35:08 PM: What would be the downside to binding 50 or more IP addresses, one for each domain handled to the NIC on an RHEL 3 box and giving each domain their own IP address on the box? That sounds like a good idea, if you have the IP addresses to spare... if not you'll need to do some SWIPing. It will definitely solve the stream_by_domain issue. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Stream_by_domain
[EMAIL PROTECTED] wrote on 01/18/2006 11:02:37 AM: That sounds like a good idea, if you have the IP addresses to spare... if not you'll need to do some SWIPing. I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Stream_by_domain
WBrowne wrote: Matthew van Eerde wrote on 01/18/2006 11:02:37 AM: That sounds like a good idea, if you have the IP addresses to spare... if not you'll need to do some SWIPing. I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? Linux in general - according to this guy you can get up to 100K IP addresses on a single NIC with no problem: http://www.perturb.org/display/entry/708/favicon.ico RHEL in particular... no idea. Maybe a Red Hat discussion list would be a better place to ask? This is also done to host multiple web sites on a single server without requiring the HTTP/1.1 Host: header, so there might be some web hosters out there who could better answer this question. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Stream_by_domain
-Original Message- From: [EMAIL PROTECTED] That sounds like a good idea, if you have the IP addresses to spare... if not you'll need to do some SWIPing. I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? I haven't run that many, but I don't think it will be a problem. According to this wiki, you just duplicate the device files in the sysconfig directory. http://www.linode.com/wiki/index.php/Multiple_IPs I'd add to that, that you probably only want 1 default gateway (or none, if you use a routing protocol directly). I have a Fedora C4 DNS DHCP server with 2 network cards, using VLAN to have an IP in each of my networks - about a dozen virtual interfaces IP on each NIC. I've noticed no problems related to that. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream_by_domain
I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? Linux in general - according to this guy you can get up to 100K IP addresses on a single NIC with no problem: http://www.perturb.org/display/entry/708/favicon.ico I'm at 71 on one single box and never seen or had a problem reported. Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] bad_filename: mim
It looks like a new virus spreads using (among others) .mim files... this could be a good candidate for bad_filename. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] bad_filename: mim
It's W32/Blackmal.e from symantec and W32/[EMAIL PROTECTED] from NAI. I believe that NAI just released an update for it in just the past 2 minutes. dat-4677.zip was punblished at 8AM their time and then removed and republished at 10AM. Regards, KAM - Original Message - From: [EMAIL PROTECTED] To: mimedefang@lists.roaringpenguin.com Sent: Wednesday, January 18, 2006 12:44 PM Subject: [Mimedefang] bad_filename: mim It looks like a new virus spreads using (among others) .mim files... this could be a good candidate for bad_filename. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Ignore My previous - I misread the sequence -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mack Sent: 18 January 2006 18:06 To: mimedefang@lists.roaringpenguin.com Subject: RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available Does this mean that filter_recipient still get's called if you issue the reject in in filter_helo ? If so, I'm not sure what advantage this gives as the code in filter_recipent can check the helo value and reject/tempfail quite happily ? or can you use return if message_rejected(); # Avoid unnecessary work within filter_recipient ? to save any extra processing ? Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 18 January 2006 13:39 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55-BETA-3 is available -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55-BETA-3 is available at http://www.mimedefang.org/node.php?id=1 The biggest change since BETA-2 is support for the filter_helo function, courtesy of Philip Prindeville. Please note that in my tests with Sendmail 8.13.4, Sendmail still returns a 250 reply code after HELO, no matter what. If your filter_helo returns a failure or tempfail code, it seems that Sendmail remembers this and returns it in response to MAIL. Complete changes since 2.54 follow. If no-one reports problems, this will become 2.55-FINAL. Regards, David. 2006-01-18 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll [EMAIL PROTECTED] * Added support for filter_helo function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the fsav virus scanner with the --mime option. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) 2005-11-17 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip bare CR characters from e-mails by default. The new -c command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll [EMAIL PROTECTED] * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDzkTswYQuKhJvQuARAqrfAJ9eqoHDOXmw1sRzN/GLFB4XJprBvACY43Zb BrgKsp/h7Adjvqzn1l/G3Q== =DKpl -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a
Re: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Mack wrote: Does this mean that filter_recipient still get's called if you issue the reject in in filter_helo ? No. Rejecting in filter_helo means no more callbacks into MIMEDefang. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Does this mean that filter_recipient still get's called if you issue the reject in in filter_helo ? If so, I'm not sure what advantage this gives as the code in filter_recipent can check the helo value and reject/tempfail quite happily ? or can you use return if message_rejected(); # Avoid unnecessary work within filter_recipient ? to save any extra processing ? Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 18 January 2006 13:39 To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55-BETA-3 is available -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55-BETA-3 is available at http://www.mimedefang.org/node.php?id=1 The biggest change since BETA-2 is support for the filter_helo function, courtesy of Philip Prindeville. Please note that in my tests with Sendmail 8.13.4, Sendmail still returns a 250 reply code after HELO, no matter what. If your filter_helo returns a failure or tempfail code, it seems that Sendmail remembers this and returns it in response to MAIL. Complete changes since 2.54 follow. If no-one reports problems, this will become 2.55-FINAL. Regards, David. 2006-01-18 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll [EMAIL PROTECTED] * Added support for filter_helo function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the fsav virus scanner with the --mime option. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) 2005-11-17 David F. Skoll [EMAIL PROTECTED] * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip bare CR characters from e-mails by default. The new -c command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll [EMAIL PROTECTED] * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDzkTswYQuKhJvQuARAqrfAJ9eqoHDOXmw1sRzN/GLFB4XJprBvACY43Zb BrgKsp/h7Adjvqzn1l/G3Q== =DKpl -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
RE: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Your on the ball tonight David lol - replied before my almost instant reply to ignore me being stoopid! Cheers Mack -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: 18 January 2006 18:11 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] MIMEDefang 2.55-BETA-3 is available Mack wrote: Does this mean that filter_recipient still get's called if you issue the reject in in filter_helo ? No. Rejecting in filter_helo means no more callbacks into MIMEDefang. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This Email Has Been Anti-Virus Scanned ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream_by_domain
[EMAIL PROTECTED] wrote: I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? From experience I can say that RH7.3 handles that just fine (actually, at one point that box had 200 IPs bound to one NIC). WBEL should be pretty much the same. It *does* get a little loopy about outbound connections of any knd though; it will likely pick the highest IP in the range as the source IP sooner or later. I've never figured out why. I should note that this does NOTHING to help or hinder with respect to multi-domain emails; everything still travels through a single sendmail/mimedefang instance. Can you describe what you're trying to do in a little more detail? It sounds a little like a system I've had running for a while, but it also sounds like you might be trying to virtualize hosted domains a little more completely that I've bothered with. -kgd ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream_by_domain
On Wed, 2006-01-18 at 11:16, Kevin A. McGrail wrote: I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? Linux in general - according to this guy you can get up to 100K IP addresses on a single NIC with no problem: http://www.perturb.org/display/entry/708/favicon.ico I'm at 71 on one single box and never seen or had a problem reported. There is probably some performance hit related to what else is on the wire but not enough to matter. It will end up having to put the card in promiscuous mode and matching up the addresses in software. A switch port will have sorted it out for you anyway. What's going to happen to outbound mail being received on some address as a relay that happens to be addressed to a domain that you've MX'd and expect to receive on a different address? Or is this a 'receive-only' box? -- Les Mikesell [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream_by_domain
On Wed, 2006-01-18 at 12:59, Kris Deugau wrote: From experience I can say that RH7.3 handles that just fine (actually, at one point that box had 200 IPs bound to one NIC). WBEL should be pretty much the same. It *does* get a little loopy about outbound connections of any knd though; it will likely pick the highest IP in the range as the source IP sooner or later. I've never figured out why. If you add: NO_ALIASROUTING=yes to the /etc/sysconfig/network-scripts/ifcfg-eth* files it will use the primary address as the outbound source instead of an alias. I'm not sure if this is still true in later versions but I'd like to know if there is real documentation somewhere. -- Les Mikesell [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Stream_by_domain
Kris Deugau wrote: [EMAIL PROTECTED] wrote: I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? I should note that this does NOTHING to help or hinder with respect to multi-domain emails; everything still travels through a single sendmail/mimedefang instance. No? How so? If there's a way to detect what local address the connection is bound to, then RCPT TO's can be checked whether the MX for that address matches the local address. Mismatch - REJECT This IP is not an MX for @twenty-three.example.com -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] BIG problems with mimedefang
Hi, I'm running Redhat 7.2 This computer functions as a Radius server (cistron radius 1.6.7) and as a mail server (sendmail 8.12.6) which also runs MIMEDefang 2.48 and SpamAssassin version 3.0.1 running on Perl version 5.8.5. This setup has been working great up until this past weekend. I posted about problems with mimedefang over the weekend. Mimedefang was running out of free slaves and mail was stopping. I discovered that my max slaves was set to 10 and increased that to 30 hoping that would solve the problem. It hasn't. Here's what I'm seeing. Things will be going along ok, then suddenly the server load will shoot up from 0.something to over 30! When that happens mail stops. A top shows something like this: 2:14pm up 22:19, 4 users, load average: 31.11, 25.02, 12.31 216 processes: 211 sleeping, 2 running, 1 zombie, 2 stopped CPU states: 7.5% user, 56.0% system, 0.0% nice, 36.4% idle Mem: 512900K av, 509840K used, 3060K free, 0K shrd, 1800K buff Swap: 522072K av, 520104K used, 1968K free 5204K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 11917 root 14 0 1140 1140 804 R 7.0 0.2 0:02 top 4 root 11 0 0 0 0 SW 6.5 0.0 6:12 kswapd 11859 defang 10 0 30572 20M 1852 D 6.3 4.0 0:10 mimedefang.pl 11657 defang 10 0 30172 9252 1820 D 3.0 1.8 0:07 mimedefang.pl 11652 defang 9 0 29184 8400 1832 D 2.9 1.6 0:07 mimedefang.pl 11759 defang 9 0 1 7480 1748 D 1.5 1.4 0:06 mimedefang.pl 7243 root 9 0 2300 1716 1588 S 1.3 0.3 0:00 sendmail 11705 defang 9 0 18884 5336 1828 D 1.3 1.0 0:06 mimedefang.pl 11104 defang 9 0 31484 5416 1888 D 1.2 1.0 0:13 mimedefang.pl 11665 defang 9 0 30236 10M 1860 D 1.2 2.0 0:08 mimedefang.pl 11756 defang 9 0 1 8252 1748 D 1.2 1.6 0:06 mimedefang.pl 11768 defang 9 0 1 7756 1756 D 1.2 1.5 0:06 mimedefang.pl 11780 defang 9 0 19204 11M 1788 D 1.2 2.3 0:07 mimedefang.pl 6497 defang 9 0 33040 4848 2000 D 1.0 0.9 0:18 mimedefang.pl 11655 defang 9 0 29084 8816 1840 D 1.0 1.7 0:09 mimedefang.pl 11815 defang 9 0 19164 10M 1752 D 1.0 2.0 0:06 mimedefang.pl 11664 defang 11 0 30260 9164 1872 D 0.8 1.7 0:08 mimedefang.pl 11666 defang 9 0 30240 10M 1872 D 0.8 2.0 0:08 mimedefang.pl 11766 defang 9 0 1 9104 1844 D 0.5 1.7 0:07 mimedefang.pl 11787 defang 9 0 18884 8712 1752 D 0.5 1.6 0:06 mimedefang.pl 11844 defang 9 0 15384 9648 1756 D 0.5 1.8 0:06 mimedefang.pl 11918 root 9 0 1180 1180 1120 S 0.5 0.2 0:00 sendmail 30668 root 9 0 2748 2696 2620 S 0.3 0.5 0:01 radiusd 127 root 9 0 0 0 0 DW 0.1 0.0 5:53 kjournald 1530 root 9 0 1024 724 636 R 0.1 0.1 0:10 sshd 7244 defang 9 0 2104 1092 736 D 0.1 0.2 0:00 mimedefang 1 root 0 0 440 392 388 S 0.0 0.0 0:05 init 2 root 9 0 0 0 0 SW 0.0 0.0 0:00 keventd and I see stuff like this in /var/log/maillog: Jan 18 12:11:25 Raydeus-Dee sendmail[21674]: k0IH6FP3021674: Milter (mimedefang): timeout before data read Jan 18 12:11:26 Raydeus-Dee sendmail[21747]: k0IH6HP3021747: Milter (mimedefang): timeout before data read Jan 18 12:11:26 Raydeus-Dee sendmail[21744]: k0IH6GP3021744: Milter (mimedefang): timeout before data read Jan 18 12:45:46 Raydeus-Dee sendmail[22534]: runqueue: Skipping queue run -- load average too high Jan 18 12:47:03 Raydeus-Dee sendmail[26841]: k0IHfigC026841: Milter (mimedefang): timeout before data read Jan 18 12:47:05 Raydeus-Dee sendmail[17179]: k0IGktP3017179: timeout waiting for input from [61.248.170.203] during server cmd read Jan 18 12:47:36 Raydeus-Dee sendmail[26845]: k0IHfkgC026845: Milter (mimedefang): to error state Jan 18 12:47:37 Raydeus-Dee sendmail[26904]: k0IHfpgC026904: Milter (mimedefang): to error state and an md-mx-ctrl status looks something like this: [EMAIL PROTECTED] init.d]# md-mx-ctrl status Max slaves: 30 Slave 0: busy Slave 1: busy Slave 2: busy Slave 3: busy Slave 4: busy Slave 5: busy Slave 6: busy Slave 7: busy Slave 8: busy Slave 9: busy Slave 10: busy Slave 11: busy Slave 12: busy Slave 13: busy Slave 14: busy Slave 15: busy Slave 16: busy Slave 17: busy Slave 18: busy Slave 19: busy Slave 20: busy Slave 21: busy Slave 22: busy Slave 23: busy Slave 24: busy Slave 25: busy Slave 26: busy Slave 27: busy Slave 28: busy Slave 29: busy For the time being I have reverted my sendmail back to one that does not use mimedefang and mimedefang is not running. But my customers are really going to start complaining about spam. How can I figure out what is happening with mimedefang and fix it so I can use it again? Thanks, Lisa Casey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Stream_by_domain
Matthew van Eerde wrote: Kris Deugau wrote: [EMAIL PROTECTED] wrote: I may be able to get them. How well does RHEL 3 handle 50 addresses bound to one NIC? I should note that this does NOTHING to help or hinder with respect to multi-domain emails; everything still travels through a single sendmail/mimedefang instance. If there's a way to detect what local address the connection is bound to, then RCPT TO's can be checked whether the MX for that address matches the local address. Mismatch - REJECT This IP is not an MX for @twenty-three.example.com Or more simply... without the local address requirement... you could just reject after DATA if @Recipients contains multiple domains. No legitimate sender would send such an email (unless, perhaps, they're internal, and the server is their smart-host... in which case there should be a way to check for that.) -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] BIG problems with mimedefang
Lisa Casey wrote: I discovered that my max slaves was set to 10 and increased that to 30 hoping that would solve the problem. It hasn't. Here's what I'm seeing. Things will be going along ok, then suddenly the server load will shoot up from 0.something to over 30! When that happens mail stops. A top shows something like this: ... Mem: 512900K av, 509840K used, 3060K free, 0K shrd, 1800K buff Swap: 522072K av, 520104K used, 1968K free 5204K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND ... 11859 defang 10 0 30572 20M 1852 D 6.3 4.0 0:10 mimedefang.pl 11657 defang 10 0 30172 9252 1820 D 3.0 1.8 0:07 mimedefang.pl 11652 defang 9 0 29184 8400 1832 D 2.9 1.6 0:07 mimedefang.pl 11759 defang 9 0 1 7480 1748 D 1.5 1.4 0:06 mimedefang.pl 11705 defang 9 0 18884 5336 1828 D 1.3 1.0 0:06 mimedefang.pl ... You never want to descend into swap on a mail server - it just makes things go from bad to worse. Your mimdefang threads are around 25MB each (well, 20-30MB) You have 512MB of memory. Assuming that ALL of your memory goes to MIMEDefang, this means you should have an absolute max of (500 / 25) 20 mimedefang threads - you should set your MX_MAXIMUM to nothing higher than this. In practice, you need memory for other things too... so probably 16 is a good number for you. There are optimizations you can put in place to: * make your mimedefang threads process mail faster so they become available faster run a local DNS server run the spool on tmpfs (and /tmp if you're using SpamAssassin) * prescreen email more cheaply so that mimedefang has less to scan add virus checks before MIMEDefang add RBLs in sendmail add address verification ... various other tricks... check the wiki http://www.mimedefang.org/kwiki/ -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] BIG problems with mimedefang
Matthew.van.Eerde wrote: Lisa Casey wrote: Mem: 512900K av, 509840K used, 3060K free, 0K shrd, 1800K buff Swap: 522072K av, 520104K used, 1968K free 5204K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND ... 11859 defang 10 0 30572 20M 1852 D 6.3 4.0 0:10 mimedefang.pl 11657 defang 10 0 30172 9252 1820 D 3.0 1.8 0:07 mimedefang.pl 11652 defang 9 0 29184 8400 1832 D 2.9 1.6 0:07 mimedefang.pl 11759 defang 9 0 1 7480 1748 D 1.5 1.4 0:06 mimedefang.pl 11705 defang 9 0 18884 5336 1828 D 1.3 1.0 0:06 mimedefang.pl ... There are optimizations you can put in place As an alternative to optimizing your configuration, you may wish to consider upgrading your hardware. More RAM is the quickest fix... is the server maxed out? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] BIG problems with mimedefang
Lisa Casey wrote: [classic symptoms of an overloaded system.] First question: do you have /var/spool/MIMEDefang on a RAMdisk? If not, fix it now! Next: It looks like you have 512MB of memory. You don't want to increase MX_MAXIMUM much beyond around 20, or the server will start swapping. How much mail does the machine process per day? Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] BIG problems with mimedefang
Hi, I'm running Redhat 7.2 This computer functions as a Radius server (cistron radius 1.6.7) and as a mail server (sendmail 8.12.6) which also runs MIMEDefang 2.48 and SpamAssassin version 3.0.1 running on Perl version 5.8.5. . . . I have seen the same thing happen when the SA Bayes database gets corrupt. Basically, SA hangs until MD times it out which causes the whole slave to hang. Maybe someone here can give you a better solution, but mine was to delete the database and relearn all my corpus. SA rebuilds never seemed to fix the problem. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] BIG problems with mimedefang
Hi, . . . I have seen the same thing happen when the SA Bayes database gets corrupt. Basically, SA hangs until MD times it out which causes the whole slave to hang. Maybe someone here can give you a better solution, but mine was to delete the database and relearn all my corpus. SA rebuilds never seemed to fix the problem. To delete the bayes database do I just delete /var/spool/spamassassin/bayes_seen /var/spool/spamassassin/bayes_toks /var/spool/spamassassin/_seen /var/spool/spamassassin/_toks ??? Thanks for the info. I'll try that, I've setup a caching DNS server on the box and I'll look at some of the other optimization ideas in the wiki. Lisa Casey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] SOT: Net::CIDR::Lite
I was looking at this module, and noticed a couple of short-comings.
(1) it doesn't return a failure code, only blurts a message via confess
with things go wrong;
(2) it doesn't allow you to save a pointer into each address block/range
and then retrieve it later and allow you to use it as a cookie or a
handle
to another object.
(3) it doesn't allow you to insert 0.0.0.0/0 into the list.
These are issues that will need to be resolved before this package is
more generally useful.
I wanted to put a prototype filter up on the wiki, but adding workarounds
to these deficiences in Net::CIDR::Lite ended up being almost as long as
the useful part of the filter itself.
Anyone want to work with me on getting patches worked out, tested,
and integrated into the next version? I can attach what I've done so far...
-Philip
*** Lite.pm.bak 2005-05-21 01:53:57.0 -0600
--- Lite.pm 2006-01-14 17:59:28.0 -0700
***
*** 2,14
use strict;
use vars qw($VERSION);
- use Carp qw(confess);
$VERSION = '0.18';
my %masks;
my @fields = qw(PACK UNPACK NBITS MASKS);
# Preloaded methods go here.
sub new {
--- 2,15
use strict;
use vars qw($VERSION);
$VERSION = '0.18';
my %masks;
my @fields = qw(PACK UNPACK NBITS MASKS);
+ my $errstr = '';
+
# Preloaded methods go here.
sub new {
***
*** 35,46
sub add {
my $self = shift;
my ($ip, $mask) = split /, shift;
! $self-_init($ip) || confess Can't determine ip format unless %$self;
! confess Bad mask $mask
! unless $mask =~ /^\d+$/ and 2 = $mask and $mask = $self-{NBITS};
$mask += 8;
! my $start = $self-{PACK}-($ip) $self-{MASKS}[$mask]
! or confess Bad ip address: $ip;
my $end = $self-_add_bit($start, $mask);
++$$self{RANGES}{$start} || delete $$self{RANGES}{$start};
--$$self{RANGES}{$end} || delete $$self{RANGES}{$end};
--- 36,56
sub add {
my $self = shift;
my ($ip, $mask) = split /, shift;
! unless ($self-_init($ip) || %$self) {
! $errstr = Can't determine ip format;
! return undef;
! }
!
! unless ($mask =~ /^\d+$/ and 2 = $mask and $mask = $self-{NBITS}) {
! $errstr = Bad mask $mask;
! return undef;
! }
$mask += 8;
! my $start = $self-{PACK}-($ip) $self-{MASKS}[$mask];
! unless ($start) {
! $errstr = Bad IP address: $ip;
! return undef;
! }
my $end = $self-_add_bit($start, $mask);
++$$self{RANGES}{$start} || delete $$self{RANGES}{$start};
--$$self{RANGES}{$end} || delete $$self{RANGES}{$end};
***
*** 181,188
sub add_ip {
my $self = shift;
my $ip = shift;
! $self-_init($ip) || confess Can't determine ip format unless %$self;
! my $start = $self-{PACK}-($ip) or confess Bad ip address: $ip;
my $end = $self-_add_bit($start, $self-{NBITS});
++$$self{RANGES}{$start} || delete $$self{RANGES}{$start};
--$$self{RANGES}{$end} || delete $$self{RANGES}{$end};
--- 191,205
sub add_ip {
my $self = shift;
my $ip = shift;
! unless ($self-_init($ip) || %$self) {
! $errstr = Can't determine ip format;
! return undef;
! }
! my $start = $self-{PACK}-($ip);
! unless ($start) {
! $errstr = Bad IP address: $ip;
! return undef;
! }
my $end = $self-_add_bit($start, $self-{NBITS});
++$$self{RANGES}{$start} || delete $$self{RANGES}{$start};
--$$self{RANGES}{$end} || delete $$self{RANGES}{$end};
***
*** 194,207
my $self = shift;
local $_ = shift;
my ($ip_start, $ip_end, $crud) = split /\s*-\s*/;
! confess Only one hyphen allowed in range if defined $crud;
! $self-_init($ip_start) || confess Can't determine ip format
! unless %$self;
! my $start = $self-{PACK}-($ip_start)
! or confess Bad ip address: $ip_start;
! my $end = $self-{PACK}-($ip_end)
! or confess Bad ip address: $ip_end;
! confess Start IP is greater than end IP if $start gt $end;
$end = $self-_add_bit($end, $$self{NBITS});
++$$self{RANGES}{$start} || delete $$self{RANGES}{$start};
--$$self{RANGES}{$end} || delete $$self{RANGES}{$end};
--- 211,238
my $self = shift;
local $_ = shift;
my ($ip_start, $ip_end, $crud) = split /\s*-\s*/;
! if (defined $crud) {
! $errstr = Only one hyphen allowed in range;
! return undef;
! }
! unless ($self-_init($ip_start) || %$self) {
! $errstr = Can't determine ip format;
! return undef;
! }
! my $start = $self-{PACK}-($ip_start);
! unless ($start) {
! $errstr = Bad IP address: $ip_start;
! return undef;
! }
! my $end = $self-{PACK}-($ip_end);
! unless ($end) {
! $errstr = Bad IP address: $ip_end;
! return undef;
! }
! if ($start gt $end) {
!
Re: [Mimedefang] MIMEDefang 2.55-BETA-3 is available
Philip Prindeville wrote: Give me 3 hours to bang out some updates to the man page. No need; I already did it. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] BIG problems with mimedefang
From: Lisa Casey Sent: Wednesday, January 18, 2006 12:02 PM To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] BIG problems with mimedefang Hi, I'm running Redhat 7.2 This computer functions as a Radius server (cistron radius 1.6.7) and as a mail server (sendmail 8.12.6) which also runs MIMEDefang 2.48 and SpamAssassin version 3.0.1 running on Perl version 5.8.5. [...] 11859 defang 10 0 30572 20M 1852 D 6.3 4.0 0:10 mimedefang.pl 11657 defang 10 0 30172 9252 1820 D 3.0 1.8 0:07 mimedefang.pl 11652 defang 9 0 29184 8400 1832 D 2.9 1.6 0:07 mimedefang.pl Try running strace on one of those busy slaves to see what sort of system calls it is making. Also, you might be able to ascertain what the errant process is doing by running the debugger on the errant processes (can the perl debugger be pointed to a particular process?), by looking at the various artifacts under /proc/pid. Perhaps others here can offer more extensive debugging tips. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] BIG problems with mimedefang
Gary Funck wrote: Lisa Casey wrote: 11859 defang 10 0 30572 20M 1852 D 6.3 4.0 0:10 mimedefang.pl 11657 defang 10 0 30172 9252 1820 D 3.0 1.8 0:07 mimedefang.pl 11652 defang 9 0 29184 8400 1832 D 2.9 1.6 0:07 mimedefang.pl Try running strace on one of those busy slaves to see what sort of system calls it is making. They're all in D state -- waiting for disk I/O. I bet /var/spool/MIMEDefang is not on a ramdisk. -- David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] BIG problems with mimedefang
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Wednesday, January 18, 2006 2:03 PM To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] BIG problems with mimedefang Gary Funck wrote: Lisa Casey wrote: 11859 defang 10 0 30572 20M 1852 D 6.3 4.0 0:10 mimedefang.pl 11657 defang 10 0 30172 9252 1820 D 3.0 1.8 0:07 mimedefang.pl 11652 defang 9 0 29184 8400 1832 D 2.9 1.6 0:07 mimedefang.pl Try running strace on one of those busy slaves to see what sort of system calls it is making. They're all in D state -- waiting for disk I/O. I bet /var/spool/MIMEDefang is not on a ramdisk. Might be a good guess, but why did this suddenly start becoming a problem? Maybe 'strace' (combined with info. from 'lsof') would offers some insight into which files are being accessed? Any other ways to debug running Perl processes? Can the mimedefang master somehow start the slaves so they can later be debugged, or is there a related technique? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] BIG problems with mimedefang
Gary Funck wrote: If I recall correctly, 2/3 years ago, there was a particular version of the Berkeley DB implementation that was bugging, esp. with respect to locking (or lack thereof). It might've been in the Perl DB wrapper. Could you be thinking of this bug? https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=116192 That wasn't a locking bug. It was a weird bug whereby Berkeley DB would, for no reason at all, sleep for one second whenever it needed to allocate memory! It's still present in Fedora Core 1, I believe. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] BIG problems with mimedefang
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David F. Skoll Sent: Wednesday, January 18, 2006 12:22 PM To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] BIG problems with mimedefang Lisa Casey wrote: [classic symptoms of an overloaded system.] First question: do you have /var/spool/MIMEDefang on a RAMdisk? If not, fix it now! Please note that if you're running FreeBSD, moving to a 'ram disk' won't help and will likely hurt. Make sure your /var/spool filesystem has softupdates enabled. You may want to try the 'noatime' option as well. Next: It looks like you have 512MB of memory. You don't want to increase MX_MAXIMUM much beyond around 20, or the server will start swapping. How much mail does the machine process per day? 40K messages isn't all that much, we've done more than double that on a Celeron 2.0 with 512MB RAM. You'll want to check the logs to see if sendmail is throttling the connection inappropriately; we tuned for 10 perl slaves and found sendmail constantly bumping into the load average limit at 12. We reconfigured with define(`confQUEUE_LA', `16') define(`confREFUSE_LA', `20') and the problems went away; mimedefang was able to keep the system loaded and the perl slaves busy without sendmail backing off inappropriately. You'll need to understand how load averages work on your system to make much sense of this. Good luck and keep hacking. -- Wes ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] BIG problems with mimedefang
David F. Skoll wrote: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=116192 That wasn't a locking bug. It was a weird bug whereby Berkeley DB would, for no reason at all, sleep for one second whenever it needed to allocate memory! It's still present in Fedora Core 1, I believe. So, is there a possibility that this bug might be manifesting itself in Lisa's case on a memory constrained RH 7.2 system? I guess if 'rpm -q db4' comes up with db4-4.1.25-8, she should consider upgrading, and should recheck the Perl module versions that MdF 2.48 depends upon? Lisa wrote: Jan 14 10:40:23 Raydeus-Dee mimedefang-multiplexor[1211]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 and I think the maxSlaves looks like it is low to me. By the way, I'm using RedHat 7.2, mimedefang version 2.48, and SpamAssassin version 3.0.1 running on Perl version 5.8.5 (I'm basically using MimeDefang to run Spamassassin). ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
