[milters] Archive

Lists Index Date Thread Search

Article: 564
From: Taylor, Grant
Date: 2005-05-20 10:22:17 -0400
Subject: Re: Problem (mis-configuration?) with Milter-Sender

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

> Disable GreyListRejectCount. I found while using it at work that there
> are too many brain dead mail servers that use queue retry times on the
> order seconds. As I recall they were the pointy-clicky variety operated
> by people who haven't a clue how to run a mail server and think "hey!
> wow! I have this ultra whizz bang super machine with all these free
> cycles to burn. I'll set the queue retry time to 10 seconds".
<snip>

> If you want to play with GreyListRejectCount, you have to adjust your
> GreyListBlockTime too, but given the above situation I noted from badly
> configured yet legitimate mail servers, its almost impossible to get it
> right. Set GreyListRejectCount=0.

I have attempted to disable GreyListRejectCount and all of its associated counterparts
with out disabling the grey list period.  However it looks like the number of
"rejected, too many recent retries" has dropped significantly but is still
happening.  I have attached my milter-sender.cf in hopes that you will see something that
I have missed.  If you can offer any more help I would greatly appreciate it.

If there is any thing else that you need from me please let me know and I'll be more than
happy to get it to you.



Grant. . . .


-- Attached file included as plaintext by Ecartis --
-- File: milter-sender.cf.txt

#
# milter-sender/0.62.837
#
# Copyright 2002, 2004 by Anthony Howe. All rights reserved.
#
#
# Usage:
# ------
#
#    milter-sender [option=value] ... MilterSocket=socket
#
#
# Option names are case-insensitive. No spaces around equals-sign.
# Options can be specified on the command line or in a file. Options
# in a file are one option per line (as shown here). See MilterCf.
#

AlwaysAcceptPostmaster=0
#   always accept RCPT TO:<postmaster> irregardless of B/W listings

#CacheAcceptTTL=604800
CacheAcceptTTL=2592000
#   cache time-to-live in seconds for accepted senders, 0 = disable

CacheGcFrequency=3600
#   cache garbage collection frequency

CacheGreyListTTL=0
#   cache time-to-live in seconds for grey-list temporary entries, 0 = disable

CacheHashBucketDensity=75
#   Berkeley DB hash bucket density value (delete cache if changed)

CacheRejectTTL=0
#   cache time-to-live in seconds for rejected senders, 0 = disable

ClientIsForged=0
#   reject connection when PTR and A records do not match

ClientNeedsPTR=0
#   reject connection when no PTR record is found

ClientRejectBenchmark=1
#   reject connection from RFC 3330 benchmark network 198.18.0.0/15

ClientRejectLinkLocal=1
#   reject connection from RFC 3330 link local addresses 169.254.0.0/16

ClientRejectLoopback=1
#   reject connection from RFC 3330 loopback 127.0.0.0/8 except 127.0.0.1

ClientRejectMulticast=1
#   reject connection from RFC 3330 multicast addresses 224.0.0.0/4

ClientRejectPrivateA=1
#   reject connection from RFC 3330 private class A network 10.0.0.0/8

ClientRejectPrivateB=1
#   reject connection from RFC 3330 private class B network 172.16.0.0/12

ClientRejectPrivateC=1
#   reject connection from RFC 3330 private class C network 192.168.0.0/16

ClientRejectTestNet=1
#   reject connection from RFC 3330 test network 192.0.2.0/24

ClientRejectThisNet=1
#   reject connection from RFC 3330 "this" network 0.0.0.0/8

DebugLogOnly=0
#   debug mode logs messages, never rejects

DeferHeloReject=1
#   if connection/HELO fails, reject unless sender white listed

DeferMailReject=1
#   if sender fails callback, reject unless recipients white listed

FailWelcome554=1
#   reject MX servers that return a "554 No SMTP service here" greeting

GreyListBlockTime=0
#   grey list block time in seconds, must be less than CacheGreyListTTL

GreyListRejectCount=0
#   reject too many attempts during the grey list block time, 0 = disable

HeloClaimsUs=1
#   enable/disable HELO "claims to be us" test

HeloLookupHostIp=1
#   lookup the IP address of the HELO argument

HeloRejectBenchmark=1
#   reject HELO from RFC 3330 benchmark network 198.18.0.0/15

HeloRejectLinkLocal=1
#   reject HELO from RFC 3330 link local addresses 169.254.0.0/16

HeloRejectLoopback=1
#   reject HELO from RFC 3330 loopback 127.0.0.0/8 except 127.0.0.1

HeloRejectMulticast=1
#   reject HELO from RFC 3330 multicast addresses 224.0.0.0/4

HeloRejectPrivateA=0
#   reject HELO from RFC 3330 private class A network 10.0.0.0/8

HeloRejectPrivateB=0
#   reject HELO from RFC 3330 private class B network 172.16.0.0/12

HeloRejectPrivateC=0
#   reject HELO from RFC 3330 private class C network 192.168.0.0/16

HeloRejectTestNet=1
#   reject HELO from RFC 3330 test network 192.0.2.0/24

HeloRejectThisNet=1
#   reject HELO from RFC 3330 "this" network 0.0.0.0/8

Help=0
#   used on the command-line only to display help summary and exit
#    1 = defaults
#    2 = current settings

IsBackupMx=0
#   this is a backup-MX, accept mail when primary does not answer call-ahead

MilterSocketTimeout=1800
#   sendmail/milter I/O timeout in seconds, 0 = indefinite

MxAcceptsAllAction=6
#   action when MX accepts any email address before DATA command:
#   0 = reject
#   1 = ignore
#   2 = accept
#   3 = grey-list client IP, MAIL pair
#   4 = grey-list client IP, RCPT pair
#   5 = grey-list MAIL, RCPT pair
#   6 = grey-list client IP, MAIL, RCPT tuple
#   7 = send probe

MxCallAhead=0
#   an MX gateway can call the next hop to verify the recipient

MxCallBackConnect=1
#   enable the callback SMTP connection

MxCallBackIpBlocked=0
#   if our IP appears in an callback error response, assume accepts any email

MxCallBackMaxAttempts=3
#   maximum number of MX hosts to attempt callback with, 0 = disable callback

MxRejectBenchmark=1
#   reject MX with RFC 3330 benchmark network 198.18.0.0/15

MxRejectLinkLocal=1
#   reject MX with RFC 3330 link local addresses 169.254.0.0/16

MxRejectLoopback=1
#   reject MX with RFC 3330 loopback 127.0.0.0/8

MxRejectMulticast=1
#   reject MX with RFC 3330 multicast addresses 224.0.0.0/4

MxRejectPrivateA=1
#   reject MX with RFC 3330 private class A network 10.0.0.0/8

MxRejectPrivateB=1
#   reject MX with RFC 3330 private class B network 172.16.0.0/12

MxRejectPrivateC=1
#   reject MX with RFC 3330 private class C network 192.168.0.0/16

MxRejectTestNet=1
#   reject MX with RFC 3330 test network 192.0.2.0/24

MxRejectThisNet=1
#   reject MX with RFC 3330 "this" network 0.0.0.0/8

OneRcptPerBounce=0
#   accept only one RCPT when MAIL FROM:<> is given

SkipAuthenticatedSender=0
#   skip the milter if the sender successfully authenticated themselves

SkipLoopbackInterface=1
#   skip the callback if the connection is from the loopback interface

SocketTimeout=120
#   SMTP response timeout in seconds, 0 = indefinite

TlsRejectIfMissing=0
#   reject connection if no encryption or certificate presented

TlsRejectInvalid=0
#   reject connection if certificate is invalid

TlsRejectTemporary=1
#   reject connection on temporary encryption error

TlsRejectProtocol=1
#   reject connection on an encryption protocol error

WhiteListFutureSender=1
#   white list recipients of a local sender for future replies

XAuthenticatedSender=0
#   add X-Authenticated-Sender header with authentication details

XScannedBy=1
#   add X-Scanned-By trace header

CacheType=
#   the cache type: bdb, flatfile, hash

CacheFile=/var/lib/milter-sender/cache.db
#   the cache file path for bdb or flatfile types

ForceCallAheadHost=
#   force call-ahead to this host, overriding mailertable

MailLogDetail=info
#   a bit mask or comma separated list of what to write to the mail log:
#        all    -1 = all messages
#                0 = log nothing
#       info     1 = general info messages (default)
#      trace     2 = trace progress through the milter
#      parse     4 = details from parsing addresses or special strings
#      debug     8 = lots of debug messages
#     dialog    16 = I/O from smtp dialog
#      state    32 = state transitions
#        dns    64 = trace & debug of DNS operations
#      cache   128 = cache get/put/gc operations
#   database   256 = sendmail database lookups
#  socket-fd   512 = socket open & close calls 
# socket-all  1024 = all socket operations & I/O
#  libmilter  2048 = libmilter engine diagnostics

#MilterCf=/etc/mail/milter-sender.cf
#   read a milter configuration file of command line options

MilterSocket=
#   (REQUIRED) the sendmail/milter socket type & name; see INPUT_MAIL_FILTER

PublicIp=
#   the public IP address of this machine, when behind a NAT/firewall

PublicName=
#   the public name of this machine, when behind a NAT/firewall

SendmailCf=/etc/mail/sendmail.cf
#   pathname of the sendmail.cf file; set empty to disable use of databases




Lists Index Date Thread Search