Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

Re: [milter-greylist] new release: 1.5.9 (and statistics)

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Klas Heggemann

>    From: manu@...
> Subject: new release: 1.5.9
>
> Hi all
>
> Following the "release early, release often", I released 1.5.9, we'll
> quickly do an 1.5.10 with the other pending patches.
>
> Pending patches:
> - libspf2 support (the proposed patch break on recent versions of
> libspf2, awaiting new patch from Alexandre Cherif)
> - Properly formatted man pages on Solaris
> - Allow local address to be specified by peer statement (patch not
> tested, awaiting feedback from Klas Heggemann)
>
>


I downloaded the 1.5.10, applied the patch which now runs on our main
mx host .The patch did not seem to work though I still get duplicates 
in the database when local host
is among the stated peers:

66.169.35.187             <wcbjeohuhd@...>                      
<user@...>        1097833003 # 2004-10-15 11:36:43
66.169.35.187             <wcbjeohuhd@...>                      
<user@...>        1097833003 # 2004-10-15 11:36:43

I'll keep an eye on the number of fildescriptor, but so fare it sems ok.

About the discussion of statistcts and volume:


We have 312000 greylisted entries end 92000 autowhitlisted.

Process uses approx 50M memory.

 From the conf:

autowhite 7d
#timeout 5d

On the 14 of October we had
	approx 82000 incoming connections
	accepted approx 15000 letters  (before greylisting this was 47000...)


Klas Heggemann

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Hajimu UMEMOTO

Hi,

>>>>> On Fri, 15 Oct 2004 12:43:48 +0200
>>>>> Klas Heggemann <klas@...> said:

klas> I downloaded the 1.5.10, applied the patch which now runs on our main
klas> mx host .The patch did not seem to work though I still get duplicates 
klas> in the database when local host
klas> is among the stated peers:

klas> 66.169.35.187             <wcbjeohuhd@...>                      
klas> <user@...>        1097833003 # 2004-10-15 11:36:43
klas> 66.169.35.187             <wcbjeohuhd@...>                      
klas> <user@...>        1097833003 # 2004-10-15 11:36:43

That patch didn't check a candidate of a remote address but a local
address, wrongly.  I also made some cosmetic changes.  Please try
attached patch.  The patch is against plain 1.5.10.
I cannot test it for now.  So, I'll test it later.

Index: sync.c
diff -u -p sync.c.orig sync.c
--- sync.c.orig	Tue Aug 10 05:26:52 2004
+++ sync.c	Fri Oct 15 22:09:18 2004
@@ -72,6 +72,7 @@ pthread_rwlock_t sync_lock; /* For all p
 pthread_cond_t sync_sleepflag;
 
 static void sync_listen(char *, char *, struct sync_master_sock *);
+static int local_addr(const struct sockaddr *sa, const socklen_t salen);
 
 void
 peer_init(void) {
@@ -144,6 +145,7 @@ peer_add(peername)
 
 	peer->p_qlen = 0;
 	peer->p_stream = NULL;
+	peer->p_flags = 0;
 	TAILQ_INIT(&peer->p_deferred);
 
 	PEER_WRLOCK;
@@ -313,6 +315,21 @@ peer_connect(peer)	/* peer list is read-
 		    peer->p_name, gai_strerror(err), peer->p_qlen);
 		return -1;
 	}
+
+	for (res = res0; res; res = res->ai_next) {
+		/*We only test an address family which kernel supports. */
+		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+		if (s == -1)
+			continue;
+		close(s);
+
+		if (local_addr(res->ai_addr, res->ai_addrlen)) {
+			peer->p_flags |= P_LOCAL;
+			freeaddrinfo(res0);
+			return -1;
+		}
+	}
+
 	for (res = res0; res; res = res->ai_next) {
 		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
 		if (s == -1)
@@ -358,6 +375,12 @@ peer_connect(peer)	/* peer list is read-
 		syslog(LOG_ERR, "cannot sync, invalid address");
 		return -1;
 	}
+
+	if (local_addr(SA(&raddr), raddrlen)) {
+		peer->flags |= P_LOCAL;
+		return -1;
+	}
+
 	switch (SA(&raddr)->sa_family) {
 	case AF_INET:
 		SA4(&raddr)->sin_port = service;
@@ -1085,6 +1108,10 @@ sync_sender(dontcare)
 			goto out;
 			
 		LIST_FOREACH(peer, &peer_head, p_list) {
+			/* Don't try to sync with ourselves */
+			if (peer->p_flags & P_LOCAL)
+				continue;
+
 			/* XXX take a read lock and then upgrade it */
 			while (TAILQ_EMPTY(&peer->p_deferred) == 0) {
 				SYNC_WRLOCK;
@@ -1125,4 +1152,55 @@ out:
 			    tv3.tv_sec, tv3.tv_usec);
 		}
 	}
+}
+
+
+static int
+local_addr(sa, salen)
+	const struct sockaddr *sa;
+	const socklen_t salen;
+{
+	sockaddr_t addr;
+	int	sfd, islocal;
+
+	memcpy(&addr, sa, salen);
+	switch(sa->sa_family) {
+	case AF_INET:
+		SA4(&addr)->sin_port = 0;
+		break;
+
+#ifdef AF_INET6
+	case AF_INET6:
+		SA6(&addr)->sin6_port = 0;
+		break;
+#endif
+
+	default:
+		syslog(LOG_ERR, "local_addr: unsupported AF %d\n",
+		    sa->sa_family);
+		return -1;
+		break;
+	}
+
+	if ((sfd = socket(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+		syslog(LOG_ERR, "local_addr: socket failed: %s\n",
+		    strerror(errno));
+		return -1;
+	}
+
+	if (bind(sfd, sa, salen) == -1) {
+		if (errno != EADDRNOTAVAIL) {
+			syslog(LOG_ERR, "local_addr: bind failed: %s\n",
+			    strerror(errno));
+			islocal = -1;
+		} else {
+			islocal = 1;
+		}
+	} else {
+		islocal = 0;
+	}
+
+	close(sfd);
+
+	return islocal;
 }
Index: sync.h
diff -u sync.h.orig sync.h
--- sync.h.orig	Mon Aug  9 06:24:20 2004
+++ sync.h	Fri Oct 15 20:07:36 2004
@@ -67,7 +67,10 @@
 	struct synclist p_deferred;
 	LIST_ENTRY(peer) p_list;
 	size_t p_qlen;
+	int p_flags;
 };
+
+#define P_LOCAL	1
 
 typedef enum { PS_CREATE, PS_DELETE } peer_sync_t;
 

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Emmanuel Dreyfus

On Fri, Oct 15, 2004 at 10:20:58PM +0900, Hajimu UMEMOTO wrote:
> That patch didn't check a candidate of a remote address but a local
> address, wrongly

Oops,  sorry. I should have spent more time on this one.

-- 
Emmanuel Dreyfus
manu@...

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Sutherland, James

May I ask how big your greylist.db is and what OS your running that MX on?
Show quoted textHide quoted text
-----Original Message-----
From: Klas Heggemann <klas@...>
To: milter-greylist@yahoogroups.com <milter-greylist@yahoogroups.com>
Sent: Fri Oct 15 03:43:48 2004
Subject: Re: [milter-greylist] new release: 1.5.9 (and statistics)




>    From: manu@...
> Subject: new release: 1.5.9
>
> Hi all
>
> Following the "release early, release often", I released 1.5.9, we'll
> quickly do an 1.5.10 with the other pending patches.
>
> Pending patches:
> - libspf2 support (the proposed patch break on recent versions of
> libspf2, awaiting new patch from Alexandre Cherif)
> - Properly formatted man pages on Solaris
> - Allow local address to be specified by peer statement (patch not
> tested, awaiting feedback from Klas Heggemann)
>
>


I downloaded the 1.5.10, applied the patch which now runs on our main
mx host .The patch did not seem to work though I still get duplicates 
in the database when local host
is among the stated peers:

66.169.35.187             <wcbjeohuhd@...>                      
<user@...>        1097833003 # 2004-10-15 11:36:43
66.169.35.187             <wcbjeohuhd@ugeek.com>                      
<user@...>        1097833003 # 2004-10-15 11:36:43

I'll keep an eye on the number of fildescriptor, but so fare it sems ok.

About the discussion of statistcts and volume:


We have 312000 greylisted entries end 92000 autowhitlisted.

Process uses approx 50M memory.

From the conf:

autowhite 7d
#timeout 5d

On the 14 of October we had
      approx 82000 incoming connections
      accepted approx 15000 letters  (before greylisting this was 47000...)


Klas Heggemann






Yahoo! Groups Sponsor	 

ADVERTISEMENT
 <http://us.ard.yahoo.com/SIG=129u9daoe/M=298184.5285298.6392945.3001176/D=groups/S=1707281942:HM/EXP=1097923438/A=2319498/R=0/SIG=11thfntfp/*http://www.netflix.com/Default?mqso=60185352&partid=5285298> click here	
  <http://us.adserver.yahoo.com/l?M=298184.5285298.6392945.3001176/D=groups/S=:HM/A=2319498/rand=689714987> 	

  _____  

Yahoo! Groups Links


*	To visit your group on the web, go to:
http://groups.yahoo.com/group/milter-greylist/
  

*	To unsubscribe from this group, send an email to:
milter-greylist-unsubscribe@yahoogroups.com <mailto:milter-greylist-unsubscribe@yahoogroups.com?subject=Unsubscribe> 
  

*	Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service <http://docs.yahoo.com/info/terms/> .

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Emmanuel Dreyfus

On Fri, Oct 15, 2004 at 06:54:33AM -0700, Sutherland, James wrote:
> May I ask how big your greylist.db is and what OS your running that MX on?

12352 entries (1.4 MB), running on NetBSD/macppc

-- 
Emmanuel Dreyfus
manu@...

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Hajimu UMEMOTO

Hi,

>>> Fri, 15 Oct 2004 22:20:58 +0900,
>>> Hajimu UMEMOTO <ume@...> said:

ume> I cannot test it for now.  So, I'll test it later.

I've just tested it, and found a problem.  The retern code of
local_addr() was opposite.
Here is a patch against plain 1.5.10.  It seems working here.
Please throw my previous patch away, and try this one instead.

Index: sync.c
diff -u -p sync.c.orig sync.c
--- sync.c.orig	Tue Aug 10 05:26:52 2004
+++ sync.c	Fri Oct 15 22:09:18 2004
@@ -72,6 +72,7 @@ pthread_rwlock_t sync_lock; /* For all p
 pthread_cond_t sync_sleepflag;
 
 static void sync_listen(char *, char *, struct sync_master_sock *);
+static int local_addr(const struct sockaddr *sa, const socklen_t salen);
 
 void
 peer_init(void) {
@@ -144,6 +145,7 @@ peer_add(peername)
 
 	peer->p_qlen = 0;
 	peer->p_stream = NULL;
+	peer->p_flags = 0;
 	TAILQ_INIT(&peer->p_deferred);
 
 	PEER_WRLOCK;
@@ -313,6 +315,21 @@ peer_connect(peer)	/* peer list is read-
 		    peer->p_name, gai_strerror(err), peer->p_qlen);
 		return -1;
 	}
+
+	for (res = res0; res; res = res->ai_next) {
+		/*We only test an address family which kernel supports. */
+		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+		if (s == -1)
+			continue;
+		close(s);
+
+		if (local_addr(res->ai_addr, res->ai_addrlen)) {
+			peer->p_flags |= P_LOCAL;
+			freeaddrinfo(res0);
+			return -1;
+		}
+	}
+
 	for (res = res0; res; res = res->ai_next) {
 		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
 		if (s == -1)
@@ -358,6 +375,12 @@ peer_connect(peer)	/* peer list is read-
 		syslog(LOG_ERR, "cannot sync, invalid address");
 		return -1;
 	}
+
+	if (local_addr(SA(&raddr), raddrlen)) {
+		peer->flags |= P_LOCAL;
+		return -1;
+	}
+
 	switch (SA(&raddr)->sa_family) {
 	case AF_INET:
 		SA4(&raddr)->sin_port = service;
@@ -1085,6 +1108,10 @@ sync_sender(dontcare)
 			goto out;
 			
 		LIST_FOREACH(peer, &peer_head, p_list) {
+			/* Don't try to sync with ourselves */
+			if (peer->p_flags & P_LOCAL)
+				continue;
+
 			/* XXX take a read lock and then upgrade it */
 			while (TAILQ_EMPTY(&peer->p_deferred) == 0) {
 				SYNC_WRLOCK;
@@ -1125,4 +1152,55 @@ out:
 			    tv3.tv_sec, tv3.tv_usec);
 		}
 	}
+}
+
+
+static int
+local_addr(sa, salen)
+	const struct sockaddr *sa;
+	const socklen_t salen;
+{
+	sockaddr_t addr;
+	int	sfd, islocal;
+
+	memcpy(&addr, sa, salen);
+	switch(sa->sa_family) {
+	case AF_INET:
+		SA4(&addr)->sin_port = 0;
+		break;
+
+#ifdef AF_INET6
+	case AF_INET6:
+		SA6(&addr)->sin6_port = 0;
+		break;
+#endif
+
+	default:
+		syslog(LOG_ERR, "local_addr: unsupported AF %d\n",
+		    sa->sa_family);
+		return -1;
+		break;
+	}
+
+	if ((sfd = socket(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+		syslog(LOG_ERR, "local_addr: socket failed: %s\n",
+		    strerror(errno));
+		return -1;
+	}
+
+	if (bind(sfd, sa, salen) == -1) {
+		if (errno != EADDRNOTAVAIL) {
+			syslog(LOG_ERR, "local_addr: bind failed: %s\n",
+			    strerror(errno));
+			islocal = -1;
+		} else {
+			islocal = 0;
+		}
+	} else {
+		islocal = 1;
+	}
+
+	close(sfd);
+
+	return islocal;
 }
Index: sync.h
diff -u sync.h.orig sync.h
--- sync.h.orig	Mon Aug  9 06:24:20 2004
+++ sync.h	Fri Oct 15 20:07:36 2004
@@ -67,7 +67,10 @@
 	struct synclist p_deferred;
 	LIST_ENTRY(peer) p_list;
 	size_t p_qlen;
+	int p_flags;
 };
+
+#define P_LOCAL	1
 
 typedef enum { PS_CREATE, PS_DELETE } peer_sync_t;
 

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by manu@netbsd.org

Hajimu UMEMOTO <ume@...> wrote:

> Here is a patch against plain 1.5.10.  It seems working here.
> Please throw my previous patch away, and try this one instead.

Should I commit it? (Did you test it, or is it a patch to be tested)

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...

Re: [milter-greylist] new release: 1.5.9 (and statistics)

2004-10-15 by Hajimu UMEMOTO

Hi,

>>>>> On Fri, 15 Oct 2004 20:31:09 +0200
>>>>> manu@... said:

manu> Should I commit it? (Did you test it, or is it a patch to be tested)

Yup, I have no more patch.  It seems okay to me.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.