[milters] Archive

Lists Index Date Thread Search

Article: 622
From: Andrew Lyon
Date: 2010-06-05 08:23:50 -0400
Subject: Re: Comments on this backscatterer.org?

On Thu, Jun 3, 2010 at 2:33 AM, Michael Mansour <mic@npgx.com.au> wrote:
> Hi Chris,
>
>> On Dec 10, 2008 Anthony Howe wrote:
>> >
>> > > Ultimately we ended up dropping milter-sender because it didn't have
>> > > a shared data pool for our multiple servers, so an email could end
>> > > was just the nail in the coffin for us.
>> >
>> > Something I've mentioned many times last year, which is implemented in
>> > BarricadeMX, is the multicast/unicast cache API has _still_ to be back
>> > ported to those milters using a cache (-ahead, -gris, -error, -sender,
>> > ...) which solves the cluster issue very nicely. Steve Freegard of FSL
>> > can attest to the effectiveness MCC API.
>>
>> Hi Anthony,
>>
>> I was attempting to use milter-gris against certain problematic IP ranges
>> to block spam, but once again ran into the issue where our multiple relay
>> hosts were holding mail up too long since they didn't share greylist
>> information.
>
> What greylist milter do you use?
>
> I seem to run a setup similar to yours and haven't had the issues you've
> experienced.
>
> Regards,
>
> Michael.
>
>> Has there been any progress one way or another?
>>
>> Thanks!
>>
>> Chris
>>
>> ----------------------------------------------------------------------
>> National Center for Supercomputing Applications (NCSA)
> ------- End of Original Message -------
>
>

I can understand that some people do not like to receive sender
callout tests, but with proper caching I find it hard to believe the
comments about hundreds of thousands of callouts per second mentioned
on backscatterer.org , I certainly hope it doesn't become a popular
rbl as callout verification is one of the most effective and least
disruptive spam filtering methods I've found yet.

Regarding your problem, I think it may be possible to run a single
milter-sender host with multiple sendmail servers connecting to it,
rather than running milter-sender locally on each one.

Of course that does introduce a single point of failure but the
snertsoft milters are generally extremely stable and you could set
sendmail to skip the milter if the connection fails.

http://www.snertsoft.com/sendmail/milter-sender/

milter-socket=unix:/var/run/milter/milter-sender.socket
A socket specifier used to communicate between Sendmail and
milter-sender. Typically a unix named socket or a host:port. This
value must match the value specified for the INPUT_MAIL_FILTER() macro
in the sendmail.mc file. The accepted syntax is:
{unix|local}:/path/to/file
A named pipe. (default)
inet:port@{hostname|ip-address}
An IPV4 socket.
inet6:port@{hostname|ip-address}
An IPV6 socket.

Use a ipvX socket instead of named pipe, and amend your sendmail config to suit.

Perhaps a single milter-host at each physical location would be a good
compromise.

Andy


Lists Index Date Thread Search