[milters] Archive

Lists Index Date Thread Search

Article: 1679
From: Anthony Howe
Date: 2007-09-09 03:22:00 -0400
Subject: Re: Milter-error Issue

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Rose, Bobby wrote:
> I'm still seeing problems with milter-error.  Sometimes it just doesn't
> find the tags in the access.db for an excluded host. If I restart, it

Have you enabled

	verbose=info,trace,db

to observe the lookup sequence and see if it finds the entry in question?

> behaves properly again but the failure rate is just too high as it's

This sounds like a problem with updates made to the access.db file 
changing file ownership and/or permissions such that milter-error can no 
longer read the file. This would affect milter-sender and all the other 
Snert milters equally.

Quick test, touch the access file and rebuild access.db while the 
milters are running. If the milter sudden fails to find entries it 
previous would find then your access.db rebuild process has a problem. 
See these articles which cover access.db issues:

http://www.snert.com/Software/ecartis/index.php?go=/milters/2006-09/1128

http://www.snert.com/Software/ecartis/index.php?go=/milters/2006-09/1160


> rejecting hosts that I want to exclude.  Is anyone else using
> milter-error and seeing this kind of problem?  I don't see this problem
> with milter-sender.
> 
> -----Original Message-----
> In July, I started using milter-error in the hope of dealing with repeat
> offenders but sometimes I see that even if I have a
> milter-error-connect: x.x.x  OK for exclusions, I sometimes see
-----------------------^
I trust you are not inserting a space between the tag and IP in your 
access.db entry for the left-hand-side key. That would not have the 
desired result.

> milter-error not excluding hosts with an IP in that subnet range.  Most
> of the time it does exclude but occassionally it doesn't.  It can go for
> hours behaving appropriately but then occassionally start applying the
> general milter-error offender policy for a short period of time, then
> it'll start working fine again (well short of the cache-ttl).  When I've
> increased logging, it looks like milter-error is doing the access.db
> lookup but doesn't seem to be matching on those occassions that it's
> misbehaving, even if I'm whitelisting the IP itself.  Is milter-error
> sensitive to the access.db being rebuilt?  I do have a process that

Yes. All my milters that use access.db are, including milter-sender.

> looks at the mail logs and dynamically block IP's and remakemap the
> access file after being updated.  Milter-sender has never seem to have a
> problem with it, but then it's developmentally more mature.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search