Milter-greylist

Hello.



I noticed some similar software (portgrey) are also capable to adjust 
the minimal count of mails before a client is whitelisted, 
milter-greylist accepts clients after one try, true or false?

And about memory and database, I compile milter-greylist with db4 
support, I understand, that all information are keeped memory and dumped 
for backup into db? But the db file is plain text based, so is it the 
database file at all? And does the dump file rotate ever? And how to 
check the actual memory use?


-- 
Sysadmin

Sysadmin <sysadmin@...> wrote:

> I noticed some similar software (portgrey) are also capable to adjust
> the minimal count of mails before a client is whitelisted, 
> milter-greylist accepts clients after one try, true or false?

There is a minimum time before the retry will be accepted. It is
configurable, see the man page.
 
> And about memory and database, I compile milter-greylist with db4 
> support, I understand, that all information are keeped memory and dumped
> for backup into db? But the db file is plain text based, so is it the
> database file at all? And does the dump file rotate ever? And how to 
> check the actual memory use?

DB is not used for the greylisting database. It is stored in memory and
regularly dumped to disk in a flat file.

ps will give you the memory use.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Sysadmin wrote:
 > I noticed some similar software (portgrey) are also capable to adjust 
 > the minimal count of mails before a client is whitelisted, 
 > milter-greylist accepts clients after one try, true or false?

True, and I think that's perfectly sufficient.

 > And about memory and database, I compile milter-greylist with db4 
 > support, I understand, that all information are keeped memory and dumped 
 > for backup into db? But the db file is plain text based, so is it the 
 > database file at all?

I'm not aware that milter-greylist can be compiled with
db4 support.  :-)

I'm using milter-greylist 2.1.1, it stores the greylist
in a plain text file.

 > And does the dump file rotate ever?

No, it doesn't.  Why should it?  It is just replaced at
regular intervals (I set that to 10 minutes on my servers)
and when the process receives a SIGTERM.

 > And how to check the actual memory use?

Use ps(1) or top(1).

There are quite a lot of greylist implementations.  Let
me explain why I chose milter-greylist from all of them.

My primary MX is a Dual-Celeron-450 with 160 Mbyte RAM,
my secondary MX is a 486-DX2-66 with 32 Mbyte RAM.  So
the hardware resources are quite limited.

Most of the greylist implementatios are written in Perl
and use an SQL backend (mostly MySQL).  That's horribly
inefficient and completely out of the question.

I found two implementations written in C and without the
SQL DB requirement:  The one from ACME:
   http://www.acme.com/mail_filtering/
and the one from Emmanuel Dreyfus:
   http://hcpnet.free.fr/milter-greylist/

The ACME implementation has only very few features and
doesn't even write anything to disk.  So when you kill
the process, the greylist is lost.  That's why I decided
to give Emmanuel's milter-greylist a try.

So far I'm quite satisfied, except for the the problem
I explained in a nother mail ("unknown users" being
greylisted), but that cannot easily be solved, so it's
not really the fault of milter-greylist.

Also, there seems to be a memory leak.  Especially on
my 32Mbyte machine I see the milter process growing
quite fast, even though only a small portion of it
stays resident in memory.  When I kill and restart it,
the process is smaller, even though it contains the
same greylist.  My current work-around is to kill and
restart milter-greylist regularly via cron.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

We're sysadmins.  To us, data is a protocol-overhead.

Hello.
>
>  > I noticed some similar software (portgrey) are also capable to adjust
>  > the minimal count of mails before a client is whitelisted,
>  > milter-greylist accepts clients after one try, true or false?man page.
>   

Yes, the minimum time is adjustable, but the minimum count isn't.

> DB is not used for the greylisting database. It is stored in memory and
> regularly dumped to disk in a flat file.
>   
Hmm, but why the then are usable the options in configure file:


 --with-db=DIR   Find Berkeley DB in DIR
--with-drac-db=PATH   Where is the DRAC database

> ps will give you the memory use.
>   

But I can't adjust max memory usage?


-- 
Sysadmin

Hello.
> I'm not aware that milter-greylist can be compiled with
> db4 support.  :-)
>   
It is, check the configure options.
> No, it doesn't.  Why should it?  It is just replaced at
> regular intervals (I set that to 10 minutes on my servers)
> and when the process receives a SIGTERM.
>   
Mine is aslo set to 10 minutes, so let it be so, I also enabled the 
lazyaw option and hoped that the memoryusage will dropp, but didn't see 
any changes atleast in dump file same all (Sender IP Sender e-mail 
Recipient e-mail Time accepted) there, for me the sender ip/mail is good 
enaugh.
> There are quite a lot of greylist implementations.  Let
> me explain why I chose milter-greylist from all of them.
>
> My primary MX is a Dual-Celeron-450 with 160 Mbyte RAM,
> my secondary MX is a 486-DX2-66 with 32 Mbyte RAM.  So
> the hardware resources are quite limited.
>   
Is so, then ok.
> Most of the greylist implementatios are written in Perl
> and use an SQL backend (mostly MySQL).  That's horribly
> inefficient and completely out of the question.
>
> I found two implementations written in C and without the
> SQL DB requirement:  The one from ACME:
>    http://www.acme.com/mail_filtering/
> and the one from Emmanuel Dreyfus:
>    http://hcpnet.free.fr/milter-greylist/
>
> The ACME implementation has only very few features and
> doesn't even write anything to disk.  So when you kill
> the process, the greylist is lost.  That's why I decided
> to give Emmanuel's milter-greylist a try.
>   
I'v have been using graymilter in some computers, with domain patch, as 
the original code accepts in initialwhitelist ip -s only, but since I 
need to whitelist whole country domain prefix, I can't use the original 
code.
> So far I'm quite satisfied, except for the the problem
> I explained in a nother mail ("unknown users" being
> greylisted), but that cannot easily be solved, so it's
> not really the fault of milter-greylist.
>
> Also, there seems to be a memory leak.  Especially on
> my 32Mbyte machine I see the milter process growing
> quite fast, even though only a small portion of it
> stays resident in memory.  When I kill and restart it,
> the process is smaller, even though it contains the
> same greylist.  My current work-around is to kill and
> restart milter-greylist regularly via cron.
>
>   
Havent notice leak yet on 2.0.2 and asap if someone shows me the way how 
to compile the latest version, I'll give try.

-- 
Sysadmin

Sysadmin wrote:
 > Hello.
 > > I'm not aware that milter-greylist can be compiled with
 > > db4 support.  :-)
 > 
 > It is, check the configure options.

$ cd milter-greylist-2.1.2
$ grep -i db4 *
$

Nothing.

 > > Also, there seems to be a memory leak.  Especially on
 > > my 32Mbyte machine I see the milter process growing
 > > quite fast, even though only a small portion of it
 > > stays resident in memory.  When I kill and restart it,
 > > the process is smaller, even though it contains the
 > > same greylist.  My current work-around is to kill and
 > > restart milter-greylist regularly via cron.
 > 
 > Havent notice leak yet on 2.0.2 and asap if someone shows me the way how 
 > to compile the latest version, I'll give try.

I compiled 2.1.2 on FreeBSD 4 and 6 without any problems,
just like described in the README (configure, make install).
I only had to make sure that GNU bison is installed, because
milter-greylist doesn't seem to be compatible with the
standard yacc.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"FreeBSD is Yoda, Linux is Luke Skywalker"
        -- Daniel C. Sobral

Hello.
> $ cd milter-greylist-2.1.2
> $ grep -i db4 *
> $
>   
> Nothing.
>   

Copy/paste from configure:

  --with-db=DIR   Find Berkeley DB in DIR
> I compiled 2.1.2 on FreeBSD 4 and 6 without any problems,
> just like described in the README (configure, make install).
> I only had to make sure that GNU bison is installed, because
> milter-greylist doesn't seem to be compatible with the
> standard yacc.
>   
I have old redhat linux running 2.4 kernel but some old 2.2 kernel 
headers don't aacept the new ipv6 stuff, but just checked, the Ranko -s 
suggestion -

#undef AF_INET6 into milter-greylist.h just after the #includes
instead of having it in pending.c.

worked great.



-- 
Sysadmin

Sysadmin <sysadmin@...> wrote:

> > DB is not used for the greylisting database. It is stored in memory and
> > regularly dumped to disk in a flat file.  
> Hmm, but why the then are usable the options in configure file: 
>  --with-db=DIR   Find Berkeley DB in DIR
> --with-drac-db=PATH   Where is the DRAC database

It's for DRAC: the DB file is used as a whitelist source.
milter-greylist only read from it.
 
> > ps will give you the memory use.    
> But I can't adjust max memory usage?

system limits are here for that purpose, but if milter-greylist hits the
limit, it crashes.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...