Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

subnetmatch /24

2008-04-22 by Chris Hoogendyk

We're running milter-greylist 4.0 out of Sendmail 8.14.2 (we also have a 
number of other tools in the mix) on Solaris 9, SPARC.

Last Friday, I uncommented the line in greylist.conf for the 
"subnetmatch /24". We didn't think we needed to do a restart. Then over 
the weekend, we got lots of complaints about people not getting mail 
from off campus.

On one department's server, milter-greylist crashed early Sunday 
(haven't seen this since we upgraded from a very old version some months 
back). This is the department that has the heaviest load by a good 
factor. It also happens to be the department that is my own primary mail 
server. I got an alert that it wasn't running, and the alert system 
couldn't restart it. So, I restarted it manually. It was later Sunday 
that complaints started accumulating from the other department that they 
hadn't seen any outside mail over Saturday or Sunday. I didn't really 
put it together -- I was getting outside mail and the same changes are 
almost always tracked together on these two systems.

Finally, Monday, my boss restarted sendmail on the other system (in 
Massachusetts it was a 3 day weekend for Patriot's Day :-) ). Anyway, 
then people in that department started saying things were working and 
they were getting pent up mail from the last couple of days. Then I put 
2 and 2 together and guessed that maybe we caused some problems by 
uncommenting the "subnetmatch /24" and not restarting milter-greylist.

I should also note that this 3 day weekend for us showed the highest 
volume of spam traffic attempts of any we have seen. Lots of entries in 
the sendmail logs for various kinds of rejects including connection rate 
limits.

So, from this I have a couple of questions for the list.

1) Am I right in guessing that I needed to restart milter-greylist? Is 
this just proper SOP? Or might there be a bug where it isn't 
straightening out what it has in memory when it gets a change like this 
in the greylist.conf on the fly?

2) Should I continue looking for other causes of our problems? (i.e. is 
the change in subnetmatch just a red herring?) Or is it probable that 
this really was the cause of our problems?

3) My boss is talking like milter-greylist may have outlived its 
usefulness. It does cause headaches for lots of users who don't want 
mail delayed even if it is attributable to the other side being 
misconfigured. And, over the past year or so, it seems like more and 
more spammers have implemented resending (anyone tracking this have 
statistics?). Meanwhile, we have adopted a number of other mechanisms, 
including settings in sendmail.cf (by way of config.mc), that seem to be 
more effective, blocking things before they even get to milter-greylist. 
I know I'm asking the choir to commit blasphemy ;-) , but I thought 
perhaps others on this list might have comments on this.


TIA


---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk@...>

--------------- 

Erd\ufffds 4

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.