[milters] Archive

Lists Index Date Thread Search

Article: 1673
From: Anthony Howe
Date: 2007-09-03 03:53:17 -0400
Subject: Re: Milter-Ahead Problem - Maybe

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Gary Faith wrote:
> Problem is that sendmail connections are getting stuck in the "cmd read"
state.

"cmd read" state is sendmail waiting on the SMTP client connection for 
the next command. It is not a communication problem with the milters as 
far as I can tell. Sendmail default timeouts will wait upto 3 hours 
before timing out.

> After a lot of testing yesterday, I found that when I use only
> milter-greylist or milter-ahead, the amount of sendmail processes in

This is probably completely unrelated, but please read the following:

http://www.snert.com/Software/ecartis/index.php?go=/milters/2006-06/959

to make sure that ALL the default macros are present as they are 
required by milter-ahead.

> the "cmd read" state is significantly lower.  It seems to be that
> when they are both running that the problem occurs.  I have also

Have you changed any of the sendmail to milter timeouts in the 
INPUT_MAIL_FILTER macro in your .mc file or any of the milter to 
sendmail timeouts in milter-ahead.cf?

Sending your milter-ahead.cf, mailertable, sendmail.mc for review would 
help maybe (off-list I would suggest).

> found that if I shutdown MailScanner that the "stuck" sendmail
> processes don't close.  I have to use the kill command or the pkill
> command to get the processes to close (pkill sendmail).  Interesting
> thing is what happens when I issue the pkill sendmail command:

MailScanner, because of SpamAssassin, can eat CPU cycles especially if 
your front end mail queue feeding MailScanner is large.  On average how 
many messages due you have in the mail queue?

Also check if the servers that milter-ahead connects to are "blind" or 
not. No point connecting to a backend mail store that always answers 
"yes". If they are Exchange servers, see the SnertSoft FAQ about 
fronting for Exchange.

I'd recommend turning on more milter-ahead logging. The log fragments 
you gave only really show the sendmail side of the picture.

	verbose=info,trace,dialog

is typically sufficient. Then observe the progress and timestamps. Does 
milter-ahead come before milter-greylist in the .mc file?

However, I suspect the issue is not with the milters. Sendmail being 
stuck in cmd read until timeout would indicate to me that some SMTP 
clients just don't bother to QUIT and close their sockets if they get a 
temp. fail (grey-listing) or reject (unknown RCPT) response. I've seen 
some spamware / bots do this on occasion. Whether it is intentional 
(DoS) or just bad programming in the SMTP client is unknown.

You could try adjusting some of the sendmail server mode timeouts.

Also consider contacting FSL.com for a 30-day demo of BarricadeMX that 
would help deal with this situation; it does both enhanced grey-listing 
and call-ahead, plus lots more. Note that it is commercial, but there is 
no obligation to buy after the demo expires.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search