[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: smtp-policy.src syntax caveat
El 22 Aug 2003 a las 23:42, Matti Aarnio escribió:
> Fixed code does complain about it, but don't _silently_ crash..
> Further text and comments after this small diff:
>
> ---------------------------------
> Index: utils/policy-builder.sh.in
> ===================================================================
> RCS file: /home/mea/src/CVSROOT/zmailer/utils/policy-builder.sh.in,v
> retrieving revision 1.24
> retrieving revision 1.25
> diff -u -r1.24 -r1.25
> --- utils/policy-builder.sh.in 5 May 2003 12:30:10 -0000 1.24
> +++ utils/policy-builder.sh.in 22 Aug 2003 20:14:46 -0000 1.25
> @@ -183,7 +183,14 @@
> # has same key repeating, append latter data instances to the first
> # one (-A):
>
> -$MAILBIN/makedb -A -p $DBTYPE smtp-policy-new smtp-policy.dat || exit $?
> +if $MAILBIN/makedb -A -p $DBTYPE smtp-policy-new smtp-policy.dat
> +then
> + :
> +else
> + rc=$?
> + echo "smtp-policy control database makedb failure rc= $rc"
> + exit $rc
> +fi
>
> case $DBTYPE in
> dbm)
> ---------------------------------
Thanx for the patch... I'll apply it.
>
> > That is, if, for instance, "_rbl0" is used in the right hand side of a policy
> > definition somewhere, then, the definition for "_rbl0" MUST NOT be blank,
> > that is, a line like this:
> > _rbl0
> > is invalid and will bring you headaches (see below).
> >
> > If you don't want any rbl to be checked (and don't want to edit every rule
> > that includes the _rbl0 tag on the right hand side, edit the _rbl0 tag
> > definition like this:
> > _rbl0 #
> > or, better yet:
> > _rbl0 # if you erase this comment, you'll regret it :-)
> >
> > For the (not so) funny details: this morning I noticed that external
> > connections to our server were established, but the 220 banner wasn't being
> > issued (at least not in a reasonable time). Connections from our private
> > network were working just fine.
> >
> > Checking the logs I saw a lot of protocol timeouts (20 minutes), and saw the
> > rbl checks. As I know that many RBL's (especially osirusoft) are suffering
> > DoS attacks, I (correctly) supposed the delays had to do with that, so I
> > decided that I'd eliminate RBL checking altogether.
> >
> > I edited smtp-policy.src and modified the line that read
> > _rbl0 rcpt-dns-rbl relays.osirusoft.com
> > with plain
> > _rbl0
> >
> > (now I gues I should have put "_rbl0 rcpt-dns-rbl").
> >
> > I run policy-builder.sh, but the DNS checks kept appearing in the logs... I
> > restarted smtpserver to no avail.
>
> Yes, because crashing makedb prevented new policy database from
> being taken into use.
Right, but what would be the "right" way to say "I don't want to check RBL's"
without erasing every reference to _rbl0?
is it:
_rbl0 rcpt-dns-rbl
or:
_rbl0 rcpt-dns-rbl -
or something else?
>
> > Later I noticed that smtp-policy.db was older than smtp-policy.dat and that I
> > had a newer smtp-policy-new.db...
>
> The temp file, which was probably incomplete.
It surely was...
>
> > I stupidly copied smtp-policy-new.db over smtp-policy.db and the RBL checks
> > (and the timeouts) disappeared altogether...
>
> I have to agree with you at that..
I guess most people would :-D
> > Post analysis showed that the server was not abused (not even teased) during
> > that time.
>
> Sometimes you get away with it, sometimes you don't..
Right... I wasn't counting on it, and I'm still not doing so... I just was
lucky once.
Thanx for your help, Matti.
--
Mariano Absatz
El Baby
----------------------------------------------------------
Oops. My brain just hit a bad sector.
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi