Article: 1777
From: Rose, Bobby
Date: 2007-10-08 10:39:46 -0400
Subject: Re: Milters and access.db

Well after I watching more closely, I noticed that this the intermittent
issue is occurring after milter-sender has reopened the access.db file
after an access file rebuild. =20
For example, I found see "Oct  7 16:10:18 eeyore milter-sender[1635]:
reopening "/etc/mail/access.db"..." and "Oct  7 16:20:38 eeyore
milter-sender[1635]: reopening "/etc/mail/access.db"..."  But between
16:10 and 16:20, I had systems being greylisted and sender addresses
validated during that time.

After discovering this, I've configured milter-sender to use it's own
access database file which isn't getting rebuilt all the time in
comparison to the one sendmail is using.  This seems to have resolve the
intermitent issue which milter-sender not finding access entries after
an access.db makemap.  It'll probably also resolve the same issue I had
with milter-error doing the same thing.

I betting no one is seeing this since they may not be frequently
updating their access files as much.

From: milters-bounce@milter.info [mailto:milters-bounce@milter.info] On
Behalf Of Rose, Bobby
Sent: Saturday, October 06, 2007 4:54 PM
To: milters@milter.info
Subject: [milters] Re: Milters and access.db

Connect:x.x.x.x OK
Milter-Sender-Connect:x.x.x.x OK=3D20
 80-90% of the time is seems ok but's it's the intermittent ones that
concern me especially in the case of milter-error and a reject action.
At first I thought it was just milter-error but seeing it with
milter-sender and greylisting makes me rethink that.  I'd surmise that
it's probably happening with milter-sender callbacks but I've never

From: milters-bounce@milter.info [mailto:milters-bounce@milter.info] On
Behalf Of Anthony Howe
Sent: Saturday, October 06, 2007 2:06 PM
To: milters@milter.info
Subject: [milters] Re: Milters and access.db


Rose, Bobby wrote:
> Is there a scenario whereby the access file isn't reopened even =
> it's changed and the snert milters don't use the access file at =

> for 10 minutes?  Back in July I attempted to use milter-error but=20
> had=3D20 to stop because sometimes it wouldn't find my tags for=20
> excluding=3D20 systems.  A couple weeks ago, I enabled the greylisting =

> of=3D20 milter-sender but I then began to see that it too will on=20
> occassion=3D20 not read tags either until I makemap my access file =

> or wait for=3D20 a 10 minute chime. I've tried a couple scenarios to =

> to duplicate
the issue but haven't been able to.

What format do your access entries have? Maybe there is an
incorrect/unsupported syntax being applied.

> I probably see it more than most because I have a script that parse my

> maillogs for SpamAssassin markers for stats and if it sees too =

> from the same IP in a threshold time, I temp block them by modifying a

> text file that is cat'd with my main access file to a temp file=20
> which=3D20 is makemapped into the access.db.  But I only recently=20
> starting using=3D20 a separate autoblock file since before I was=20
> appending the main access

> file and makemapping it.  At most, the access.db is rebuilt every=3D20 =

> 10minutes.  Now I thought it was my process that makemapped the access

> file causing milter-sender to reopen the access.db but it would do=20
> it=3D20 even if there hadn't been any changes since the last makemap.  =

> Almost=3D20 as if it finally saw the access.db had changed on the
10minute mark.

When you rebuild access.db do you "build & replace" or "overwrite in
place", see the following:


All the milters use common code found in libsnert that relies on fstat()
and so "overwrite in place" idiom in order to detect access.db changes.

