[milters] Archive

Lists Index Date Thread Search

Article: 566
From: Taylor, Grant
Date: 2005-05-20 11:11:48 -0400
Subject: Re: Problem (mis-configuration?) with Milter-Sender

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

> The error should NOT appear if GreyListRejectCount=0. You did remember 
> to restart the milter? The code in two places looks like this. I don't 
> cache the error message text.

Yes.  I am not running milter-sender through standard init.d scripts but rather having
INIT take care of it for me.  So I go in to inittab and remark it and then "telinit
q" which will shut down things that should not be running (ps ax confirms this). 
Then I go back in to inittab and unremark it and then "telinit q" and
milter-sender starts back up just like it should.  The only thing I did different this
time (in addition to the changes you suggested below) was to restart sendmail as well.

> BUT if a previously "rejected, too many recent retries" was downgraded 
> in the cache to a rejection, then you might continue to see rejects with 
> another message until it expired from the cache. However, you've set 
> CacheRejectTTL=0, which should purge those entries on the next 
> CacheGcFrequency interval.

*nod*  I thought of this as well and per your message the other day I did remove my cache
file with milter-sender shut down.

>>CacheGcFrequency=3600 #   cache garbage collection frequency
> 
> Lower this to like 10 or 20 for half a day or simply throw out the cache 
> and start with a fresh one (stop, remove cache, start). This is most 
> likely the problem. The cache is not GC'd on a restart (hmmm, something 
> to consider).

I would be willing to do this if you think it has merit, though I have removed the cache
file with milter-sender stopped.  (I know that I've lost all my cached good info too, but
I'm trying to solve a problem here.

> I don't know what your server load is on this machine, but 3600 might be 
> a little high for a small to moderate load. For an ISP this might be 
> suitable.  Remember, garbage collections happens after N client 
> connections. On my server I doubt I would see 3600 connections in 36 
> hours, while an ISP or a large business might see this in 30 minutes.

I have about 200 users on this server so the email load is not much at all, but more than
a SOHO.

>>CacheGreyListTTL=0 #   cache time-to-live in seconds for grey-list
>>temporary entries, 0 = disable
> 
> Setting this to zero disables grey-listing entirely.

CacheGreyListTTL=120

>>GreyListBlockTime=0 #   grey list block time in seconds, must be less
>>than CacheGreyListTTL
> 
> I'd recommend this be set to something none zero. At least 60s. I would 
> not put it past a spammer to connect once, get tempfailed, and try again 
> immediately in attempt to foil grey-listing.

GreyListBlockTime=60

>>GreyListRejectCount=0 #   reject too many attempts during the grey
>>list block time, 0 = disable
> 
> Setting this to zero is all you need to disable the reject counter and
> its error message.

*nod* This is what I thought, hens my email asking for help.  :)  I'm starting to wonder
if I might need to recompile my milter-sender with a more recent version.

>>SkipAuthenticatedSender=0 #   skip the milter if the sender
>>successfully authenticated themselves
> 
> Huh? Not related to grey-listing but odd to see it disabled.

I don't have any SMTP-Auth users on this box, even if I did I would want to force them to
have valid information in their outbound emails in case they have a spam bot on their
system.



Grant. . . .

Lists Index Date Thread Search