[Mimedefang] MIMEDefang 2.59-BETA-2 is Available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.59-BETA-2 is available at http://www.mimedefang.org/node.php?id=1 This release includes a spiffy new tool for monitoring a cluster of MIMEDefang machines. Man page is man watch-multiple-mimedefangs and since we all love screenshots, there's one at http://www.roaringpenguin.com/watch-multiple-mimedefangs.png Complete changelog since 2.58 follows. Regards, David. 2007-01-12 David F. Skoll [EMAIL PROTECTED] * VERSION 2.59-BETA-2 * Added a new tool (watch-multiple-mimedefangs.tcl) for monitoring a cluster of MIMEDefang scanners * mimedefang.pl.in: (dmo) Change use POSIX; to use POSIX (); to save several hundred kilobytes of memory per slave. * mimedefang.pl.in: (dmo) Remove useless use Getopt::Std; * mimedefang.pl.in: (dmo) Some code refactoring. 2006-12-18 David F. Skoll [EMAIL PROTECTED] * VERSION 2.59-BETA-1 * Modify multiplexor and mimedefang.pl.in so slave status updates work correctly (the -Z multiplexor flag.) Previously, the slave status wasn't being reset correctly. * Modify multiplexor so slave status changes are broadcast using the notification facility (-O multiplexor flag). A new S message is used for slave status changes. * mimedefang.pl.in(read_commands_file): If the COMMANDS file did not end with an F, the slave would give up and become idle, but not inform the multiplexor. As a result, the multiplexor would think the slave was busy, and the slave would be unavailable until the busy timeout elapsed and it was killed by the multiplexor. This bug has been fixed. * redhat/mimedefang-spec.in: Changes as suggested by Philip Prindeville for cleaning up RPM builds and detecting proper libraries on x86-64 systems. 2006-11-07 David F. Skoll [EMAIL PROTECTED] * VERSION 2.58 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFp6uYwYQuKhJvQuARAskyAJ4lBg8fweKrinP0S+5jJEQjdcNKsgCaA7qI vQKizdBkl02ATP9ET6MiXfQ= =kPch -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Strange tempfails
Group, Below I have pasted log entries demonstrating some unexplainable tempfails I've been seeing in the last couple days. I've tallied about a dozen different senders to whom this has happened, but there seems to be one sending domain in particular, that is getting hit by this when they try to send to us. The messages ultimately do come through, but only after dozens of attempts, and up to a day's delay. My server's sendmail load varies throughout the day, but averages 20-40. Sendmail's confQUEUE_LA is 48, confREFUSE_LA is 60. Sar shows the machine is typically busy throughout the day (averaging 5-20% CPU idle. Disk activity is usually around 8-18% (I use a RAM disk for /var/spool/MIMEDefang), and disk freespace is never a problem. The log entries show that the milter is tempfailing the message, but I cant find a cause. Sendmail's confLOG_LEVEL is 14, and confMILTER_LOG_LEVEL is 9. Anyone have any suggestions? Ken Jan 12 10:23:16 mail01 mimedefang.pl[17463]: l0CFNEno020499: Received-SPF: none (mail01.mydomain.com: domain of [EMAIL PROTECTED] does not designate permitted sender hosts) , Helo=dc-ex002.wki.somedomain.com Jan 12 10:23:21 mail01 sendmail[20499]: l0CFNEno020499: from=[EMAIL PROTECTED], size=10642, class=0, nrcpts=1, msgid=[EMAIL PROTECTED] , proto=SMTP, daemon=MTA, relay=host2.somedomain.com [xxx.xxx.xxx.xxx] Jan 12 10:23:32 mail01 sendmail[20499]: l0CFNEno020499: Milter: data, reject=451 4.3.2 Please try again later Jan 12 10:23:32 mail01 sendmail[20499]: l0CFNEno020499: to=[EMAIL PROTECTED], delay=00:00:13, pri=40642, stat=Please try again later ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Problem on attachment name
Any hint ? Is it a mimedefang/MIME handling bug ? Or is it Apple Mail break some specification ? Please help! Thank you. Il giorno 10/gen/07, alle ore 13:25, Ing. Andrea Vettori ha scritto: Hi, I've a problem with mimedefang (version 2.58) with SpamAssassin 3 and f-secure antivirus on Linux. The problem occours only when the email comes from an Apple Mail client. [snip] The message sent from Apple Mail does trigger a tmpfail error on the antivirus because the antivirus find different names between the name on content-type and the name on content-disposition. I feel this problem can be caused by the absence of the quotes on the Apple Mail message. On the temporary file on which the antivirus is run, the name is trucated. -- Ing. Andrea Vettori Consulente per l'Information Technology ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: OT: New Attack/Poor SPAMming programming?
HI. Here is a great article about sendmail time-outs (and other antispam tricks such as greet pause): http://www.acme.com/mail_filtering/sendmail_config_frameset.html Highly recommended for any sendmail admin. Yizhar Hurwitz http://yizhar.mvps.org ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: OT: New Attack/Poor SPAMming programming?
Yizhar Hurwitz wrote: Here is a great article about sendmail time-outs (and other antispam tricks such as greet pause): http://www.acme.com/mail_filtering/sendmail_config_frameset.html Thanks for the link, My original email asked if anyone else was seeing this... not so much as what can I do about it. I've been using sendmail for about 11yrs now. However, I do like the fact that the link you provided shows a practical example (I'm sure there's many).. which is always fun to read. Anyway - thanks, -Ben -- Ben Kamen = Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net I'd love to go out with you, but I'm converting my calendar watch from Julian to Gregorian. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] accept() returned invalid socket (Numerical result out of range), try again
I am running Mimedefang 2.58 with sendmail-8.12.1-2. I constatly have 500+ connections, but most of them are dropped by relaying denied and real time black lists. Out of these 500 connections, only about 10 of them actually make it through and continue on to Mimedefang. What does this error mean? Thanks -Rob ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] accept() returned invalid socket (Numerical result out of range), try again
Robert Jackson wrote: What does this error mean? It means that the accept() system call in libmilter is returning a file descriptor greater than or equal to FD_SETSIZE. There! :-) What it actually means is that there are too many milter threads running for libmilter to work. You might be able to recompile libmilter to use poll() instead of select(). Another solution is to add machines so you have fewer than 500 concurrent milters, or to figure out if you can shorten your SMTP sessions so you have fewer concurrent milters. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Strange tempfails
I have cranked up the confMILTER_LOG_LEVEL to 17, hoping MIMEDefang would give me a little more data regarding the tempfails it is generating, but doing so doesn't yield anything especially useful (see additional log entries below). Since MIMEDefang's increased loglevel isnt very telling, I'll try cranking sendmail's loglevel. If that doesn't do it, I'll md_syslog and md_graphdefang_log my filter like crazy, to at least see what function is bailing. :/ Does anyone else have any ideas? Ken Jan 12 16:00:28 mail02 sendmail[1698]: l0CL0SG4001698: Milter (mimedefang): init success to negotiate Jan 12 16:00:28 mail02 sendmail[1698]: l0CL0SG4001698: Milter: connect to filters Jan 12 16:00:28 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=connect, continue Jan 12 16:00:28 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=helo, continue Jan 12 16:00:29 mail02 sendmail[1698]: l0CL0SG4001698: Milter: senders: [EMAIL PROTECTED] Jan 12 16:00:29 mail02 mimedefang.pl[517]: l0CL0SG4001698: Received-SPF: none (mail02.mydomain.com: domain of [EMAIL PROTECTED] does not designate permitted sender hosts) , Helo=DC-EX001.wki.somedomain.com Jan 12 16:00:29 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=mail, continue Jan 12 16:00:29 mail02 sendmail[1698]: l0CL0SG4001698: Milter: rcpts: [EMAIL PROTECTED] Jan 12 16:00:29 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=rcpt, continue Jan 12 16:00:31 mail02 sendmail[1698]: l0CL0SG4001698: from=[EMAIL PROTECTED], size=9942, class=0, nrcpts=1, msgid=[EMAIL PROTECTED] , proto=SMTP, daemon=MTA, relay=host2.somedomain.com [xxx.xxx.xxx.xxx] Jan 12 16:00:31 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=header, continue Jan 12 16:00:31 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=eoh, continue Jan 12 16:00:31 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, action=body, continue Jan 12 16:00:37 mail02 sendmail[1698]: l0CL0SG4001698: milter=mimedefang, tempfail Jan 12 16:00:37 mail02 sendmail[1698]: l0CL0SG4001698: Milter: data, reject=451 4.3.2 Please try again later Jan 12 16:00:37 mail02 sendmail[1698]: l0CL0SG4001698: to=[EMAIL PROTECTED], delay=00:00:08, pri=39942, stat=Please try again later ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Strange tempfails
Since MIMEDefang's increased loglevel isnt very telling, I'll try cranking sendmail's loglevel. If that doesn't do it, I'll md_syslog and md_graphdefang_log my filter like crazy, to at least see what function is bailing. :/ Using md_graphdefang_log sounds good. What's the timeout in the INPUT_MAIL_FILTER line in sendmail.mc? Your log suggests it's less than 10s. Maybe you just need more time. It's the T= values. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] accept() returned invalid socket (Numerical resultout of range), try again
I am not sure I understand how the milter is called. Most of these 500 connections don't get passed the blacklist checks I have included in the sendmail config. Only maybe 10 or so do. How can 10 milter connections cause this, or are the connections still made even though they are denied. -Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Friday, January 12, 2007 1:28 PM To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] accept() returned invalid socket (Numerical resultout of range), try again Robert Jackson wrote: What does this error mean? It means that the accept() system call in libmilter is returning a file descriptor greater than or equal to FD_SETSIZE. There! :-) What it actually means is that there are too many milter threads running for libmilter to work. You might be able to recompile libmilter to use poll() instead of select(). Another solution is to add machines so you have fewer than 500 concurrent milters, or to figure out if you can shorten your SMTP sessions so you have fewer concurrent milters. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] accept() returned invalid socket (Numerical resultoutof range), try again
Not sure where I would make the changes from call() to select(), but I did recompile sendmail with in increased number of FD_SETSIZE. Chanaged from 256 to 512. Didn't really help. Right now there 3 servers in the pool, and I have to keep the connection limit to 325 or less. Even if each is up to 500, they get maxed out. The systems keep a load of less than 1, and can really handle quite a bit more traffic. -Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Friday, January 12, 2007 6:57 PM To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] accept() returned invalid socket (Numerical resultoutof range), try again Robert Jackson wrote: I am not sure I understand how the milter is called. Most of these 500 connections don't get passed the blacklist checks I have included in the sendmail config. Only maybe 10 or so do. How can 10 milter connections cause this, or are the connections still made even though they are denied. The connections to the milter are made anyway. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang