[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtp-policy.src syntax caveat



El 22 Aug 2003 a las 23:42, Matti Aarnio escribió:

> Fixed code does complain about it, but don't _silently_ crash..
> Further text and comments after this small diff:
> 
>  ---------------------------------
> Index: utils/policy-builder.sh.in
> ===================================================================
> RCS file: /home/mea/src/CVSROOT/zmailer/utils/policy-builder.sh.in,v
> retrieving revision 1.24
> retrieving revision 1.25
> diff -u -r1.24 -r1.25
> --- utils/policy-builder.sh.in  5 May 2003 12:30:10 -0000       1.24
> +++ utils/policy-builder.sh.in  22 Aug 2003 20:14:46 -0000      1.25
> @@ -183,7 +183,14 @@
>  # has same key repeating, append latter data instances to the first
>  # one (-A):
>  
> -$MAILBIN/makedb -A -p $DBTYPE smtp-policy-new smtp-policy.dat || exit $?
> +if $MAILBIN/makedb -A -p $DBTYPE smtp-policy-new smtp-policy.dat
> +then
> +  :
> +else
> +  rc=$?
> +  echo "smtp-policy control database makedb failure rc= $rc"
> +  exit $rc
> +fi
>  
>  case $DBTYPE in
>  dbm)
>  ---------------------------------
Thanx for the patch... I'll apply it.

> 
> > That is, if, for instance, "_rbl0" is used in the right hand side of a policy 
> > definition somewhere, then, the definition for "_rbl0" MUST NOT be blank, 
> > that is, a line like this:
> > _rbl0
> > is invalid and will bring you headaches (see below).
> > 
> > If you don't want any rbl to be checked (and don't want to edit every rule 
> > that includes the _rbl0 tag on the right hand side, edit the _rbl0 tag 
> > definition like this:
> > _rbl0  #
> > or, better yet:
> > _rbl0  # if you erase this comment, you'll regret it :-)
> > 
> > For the (not so) funny details: this morning I noticed that external 
> > connections to our server were established, but the 220 banner wasn't being 
> > issued (at least not in a reasonable time). Connections from our private 
> > network were working just fine.
> > 
> > Checking the logs I saw a lot of protocol timeouts (20 minutes), and saw the 
> > rbl checks. As I know that many RBL's (especially osirusoft) are suffering 
> > DoS attacks, I (correctly) supposed the delays had to do with that, so I 
> > decided that I'd eliminate RBL checking altogether.
> > 
> > I edited smtp-policy.src and modified the line that read
> > _rbl0  rcpt-dns-rbl    relays.osirusoft.com
> > with plain
> > _rbl0
> > 
> > (now I gues I should have put "_rbl0  rcpt-dns-rbl").
> > 
> > I run policy-builder.sh, but the DNS checks kept appearing in the logs... I 
> > restarted smtpserver to no avail.
> 
> Yes, because crashing  makedb  prevented new policy database from
> being taken into use.
Right, but what would be the "right" way to say "I don't want to check RBL's" 
without erasing every reference to _rbl0?

is it:
_rbl0  rcpt-dns-rbl
or:
_rbl0  rcpt-dns-rbl -

or something else?


> 
> > Later I noticed that smtp-policy.db was older than smtp-policy.dat and that I 
> > had a newer smtp-policy-new.db...
> 
> The temp file, which was probably incomplete.
It surely was...

> 
> > I stupidly copied smtp-policy-new.db over smtp-policy.db and the RBL checks 
> > (and the timeouts) disappeared altogether...
> 
> I have to agree with you at that..
I guess most people would :-D

> > Post analysis showed that the server was not abused (not even teased) during 
> > that time.
> 
> Sometimes you get away with it, sometimes you don't..
Right... I wasn't counting on it, and I'm still not doing so... I just was 
lucky once.

Thanx for your help, Matti.

--
Mariano Absatz
El Baby
----------------------------------------------------------
Oops. My brain just hit a bad sector.


-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi