From: Anthony Howe
Date: 2007-09-03 03:53:17 -0400
Subject: Re: Milter-Ahead Problem - Maybe
More information..: http://www.milter.info/#Support
Gary Faith wrote:
> Problem is that sendmail connections are getting stuck in the "cmd read"
"cmd read" state is sendmail waiting on the SMTP client connection for
the next command. It is not a communication problem with the milters as
far as I can tell. Sendmail default timeouts will wait upto 3 hours
before timing out.
> After a lot of testing yesterday, I found that when I use only
> milter-greylist or milter-ahead, the amount of sendmail processes in
This is probably completely unrelated, but please read the following:
to make sure that ALL the default macros are present as they are
required by milter-ahead.
> the "cmd read" state is significantly lower. It seems to be that
> when they are both running that the problem occurs. I have also
Have you changed any of the sendmail to milter timeouts in the
INPUT_MAIL_FILTER macro in your .mc file or any of the milter to
sendmail timeouts in milter-ahead.cf?
Sending your milter-ahead.cf, mailertable, sendmail.mc for review would
help maybe (off-list I would suggest).
> found that if I shutdown MailScanner that the "stuck" sendmail
> processes don't close. I have to use the kill command or the pkill
> command to get the processes to close (pkill sendmail). Interesting
> thing is what happens when I issue the pkill sendmail command:
MailScanner, because of SpamAssassin, can eat CPU cycles especially if
your front end mail queue feeding MailScanner is large. On average how
many messages due you have in the mail queue?
Also check if the servers that milter-ahead connects to are "blind" or
not. No point connecting to a backend mail store that always answers
"yes". If they are Exchange servers, see the SnertSoft FAQ about
fronting for Exchange.
I'd recommend turning on more milter-ahead logging. The log fragments
you gave only really show the sendmail side of the picture.
is typically sufficient. Then observe the progress and timestamps. Does
milter-ahead come before milter-greylist in the .mc file?
However, I suspect the issue is not with the milters. Sendmail being
stuck in cmd read until timeout would indicate to me that some SMTP
clients just don't bother to QUIT and close their sockets if they get a
temp. fail (grey-listing) or reject (unknown RCPT) response. I've seen
some spamware / bots do this on occasion. Whether it is intentional
(DoS) or just bad programming in the SMTP client is unknown.
You could try adjusting some of the sendmail server mode timeouts.
Also consider contacting FSL.com for a 30-day demo of BarricadeMX that
would help deal with this situation; it does both enhanced grey-listing
and call-ahead, plus lots more. Note that it is commercial, but there is
no obligation to buy after the demo expires.
Anthony C Howe Skype: SirWumpus SnertSoft
+33 6 11 89 73 78 ICQ: 7116561 Sendmail Milter Solutions
Copyright 2009, 2012 by SnertSoft. All rights reserved.