Re: rblsmtpd lookup timeouts for slow/broken networks
On Tue, Sep 12, 2000 at 07:06:47PM -0500, Chris Hardie wrote: > -If rblsmtpd can't talk to the RBL server, what sort of error does it > issue to the connecting server? Temporary or permanent? Is it just the > default 60 second timeout? >From http://cr.yp.to/ucspi-tcp/rblsmtpd.html: There are several error-handling options for RBL lookups: -B: (Default.) Use a 451 error code for IP addresses listed in the RBL. -b: Use a 553 error code for IP addresses listed in the RBL. -C: (Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked. -c: Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate mail. The default -C seems to cover you in this case. Chris
rblsmtpd lookup timeouts for slow/broken networks
Hi folks. I've got ucspi-tcp-0.88 with rblsmtpd and qmail-1.03 on FreeBSD 4.0. We recently had some problems where a large part of our area network was working fine, but our link to the outside world was having problems and periodically went down. This meant that when an smtp connection was made to our server, the conversation couldn't happen because rblsmtpd couldn't connect to the RBL server to do the lookup. Despite not having an internet connection, there were still lots of messages that could be delivered locally, and it would have been nice if they'd gone through. I looked through the rblsmptd documentation and related sites and couldn't find anything that mentions this sort of behavior. A few questions, then: -If rblsmtpd can't talk to the RBL server, what sort of error does it issue to the connecting server? Temporary or permanent? Is it just the default 60 second timeout? -Is there a way to tell rblsmtpd to "carry on like normal" if the lookup doesn't happen in the first X seconds? The "-t" option appears to be a timeout related option, but doesn't seem to do this particular thing. -Any other bits of advice/strategy for rblsmtpd being used in that sort of situation? Thanks, Chris -- Chris Hardie - - mailto:[EMAIL PROTECTED] -- http://www.summersault.com/chris/ --
