Milter-greylist

I´m using milter with spamd, and i have this:

spamdsock unix "/var/run/spamd.sock"
dacl blacklist spamd > 15 msg "Message blocked for spam content"
dacl greylist spamd > 10 delay 4h msg "Message greylist for spam content"
dacl greylist spamd > 6 delay 2h msg "Message greylist for spam content"

If i have a problem with spamd or i stop it the milter brokes there, here an example:

LOG
milter-greylist: spamd connect failed: No such file or directory
milter-greylist: ACL evaluation failure

And Postfix returns this:
...4.7.1 Service unavailable - try again later..

i´m doing something bad here? or is this the way is suppose to work.

best regards

vanaxel79 wrote:
 > dacl blacklist spamd > 15 msg "Message blocked for spam content"
 > dacl greylist spamd > 10 delay 4h msg "Message greylist for spam content"
 > dacl greylist spamd > 6 delay 2h msg "Message greylist for spam content"

I don't have an answer for your problem, but I have a question
about your configuration.  Why are you using the spam score to
select the greylist delay?  I mean, an MTA that resends after
two hours will most probably also resend after four hours, so
it doesn't really make sense to differentiate between them.

If there's a point, I'm obviously missing it.  :-)

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Gesch\ufffdftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M\ufffdn-
chen, HRB 125758,  Gesch\ufffdftsf\ufffdhrer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"A misleading benchmark test can accomplish in minutes
what years of good engineering can never do." -- Dilbert (2009-03-02)

I´m going to try to use inet socket.

thanks
--- In milter-greylist@yahoogroups.com, Oliver Fromme <olli@...> wrote:

>
> 
> vanaxel79 wrote:
>  > dacl blacklist spamd > 15 msg "Message blocked for spam content"
>  > dacl greylist spamd > 10 delay 4h msg "Message greylist for spam content"
>  > dacl greylist spamd > 6 delay 2h msg "Message greylist for spam content"
> 
> I don't have an answer for your problem, but I have a question
> about your configuration.  Why are you using the spam score to
> select the greylist delay?  I mean, an MTA that resends after
> two hours will most probably also resend after four hours, so
> it doesn't really make sense to differentiate between them.
> 
> If there's a point, I'm obviously missing it.  :-)
> 
> Best regards
>    Oliver
> 
> -- 
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
> Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
> secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
> chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
> 
> FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd
> 
> "A misleading benchmark test can accomplish in minutes
> what years of good engineering can never do." -- Dilbert (2009-03-02)
>

With inet that doesn't happened, milter just bypass spamd.

--- In milter-greylist@yahoogroups.com, "vanaxel79" <vanaxel79@...> wrote:

>
> I´m going to try to use inet socket.
> 
> thanks
> --- In milter-greylist@yahoogroups.com, Oliver Fromme <olli@> wrote:
> >
> > 
> > vanaxel79 wrote:
> >  > dacl blacklist spamd > 15 msg "Message blocked for spam content"
> >  > dacl greylist spamd > 10 delay 4h msg "Message greylist for spam content"
> >  > dacl greylist spamd > 6 delay 2h msg "Message greylist for spam content"
> > 
> > I don't have an answer for your problem, but I have a question
> > about your configuration.  Why are you using the spam score to
> > select the greylist delay?  I mean, an MTA that resends after
> > two hours will most probably also resend after four hours, so
> > it doesn't really make sense to differentiate between them.
> > 
> > If there's a point, I'm obviously missing it.  :-)
> > 
> > Best regards
> >    Oliver
> > 
> > -- 
> > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
> > Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
> > secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
> > chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
> > 
> > FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd
> > 
> > "A misleading benchmark test can accomplish in minutes
> > what years of good engineering can never do." -- Dilbert (2009-03-02)
> >
>

On Wed, Jul 14, 2010 at 10:01:22AM -0000, vanaxel79 wrote:
> 
> spamdsock unix "/var/run/spamd.sock"
> (...)
> milter-greylist: spamd connect failed: No such file or directory

Did you make sure that the file /var/run/spamd.sock exists?  Are you
running milter-greylist in a chrooted environment?

		Petar Bogdanovic

On Wed, Jul 14, 2010 at 12:56:05PM +0200, Oliver Fromme wrote:
> 
> vanaxel79 wrote:
>  > dacl blacklist spamd > 15 msg "Message blocked for spam content"
>  > dacl greylist spamd > 10 delay 4h msg "Message greylist for spam content"
>  > dacl greylist spamd > 6 delay 2h msg "Message greylist for spam content"
> 
> I don't have an answer for your problem, but I have a question
> about your configuration.  Why are you using the spam score to
> select the greylist delay?  I mean, an MTA that resends after
> two hours will most probably also resend after four hours, so
> it doesn't really make sense to differentiate between them.

We're doing something similar.  But you're right.. it probably does not
make much sense and the best reason that I can come up with for such a
config is `because we can'.

In the future, though, things might look differently..

		Petar Bogdanovic

The problem is if spamd stops it delete the socket. The inet that dons´t happened "if is there, use the spamd" if not bypass.

thanks

--- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@...> wrote:

>
> On Wed, Jul 14, 2010 at 10:01:22AM -0000, vanaxel79 wrote:
> > 
> > spamdsock unix "/var/run/spamd.sock"
> > (...)
> > milter-greylist: spamd connect failed: No such file or directory
> 
> Did you make sure that the file /var/run/spamd.sock exists?  Are you
> running milter-greylist in a chrooted environment?
> 
> 		Petar Bogdanovic
>

:) that is right, by the way what values do you use in spamd filter?

best regards.

--- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@...> wrote:

>
> On Wed, Jul 14, 2010 at 12:56:05PM +0200, Oliver Fromme wrote:
> > 
> > vanaxel79 wrote:
> >  > dacl blacklist spamd > 15 msg "Message blocked for spam content"
> >  > dacl greylist spamd > 10 delay 4h msg "Message greylist for spam content"
> >  > dacl greylist spamd > 6 delay 2h msg "Message greylist for spam content"
> > 
> > I don't have an answer for your problem, but I have a question
> > about your configuration.  Why are you using the spam score to
> > select the greylist delay?  I mean, an MTA that resends after
> > two hours will most probably also resend after four hours, so
> > it doesn't really make sense to differentiate between them.
> 
> We're doing something similar.  But you're right.. it probably does not
> make much sense and the best reason that I can come up with for such a
> config is `because we can'.
> 
> In the future, though, things might look differently..
> 
> 		Petar Bogdanovic
>

On Wed, Jul 14, 2010 at 11:27:03AM -0400, Greg Troxel wrote:
> 
> The overall challenge is to not delay legit mail (...)
>   dacl greylist spamd > 1 delay 2h msg "Message greylist for spam content"

If you're using a more or less default SA configuration, this dacl will
delay lots of messages.  Example: SUBJ_ALL_CAPS and you're above one.

When using the default configuration, everything below 3-4 will get you
too many false positives.


> to cause mail to be blocked long enough so that when it comes again it
> will be more likely that addresses/etc. have made their way into RBLs.

I remember that being one of my main motivations for multiple spamd
dacls.  In reality, though, I've never seen such a case.  At least not
in conjunction with systems that need manual user input in order to
update a certain database (RBLs, Razor).  Systems where the database
gets updated automatically (DCC) sometimes managed to add weight after
an initial delay of 4-8 hours.

		Petar Bogdanovic