Milter-greylist

Hi,

I've got four MX servers and observed strange behavior of milter-greylist.
Please, see the fragments of databases (dumpfiles) below of each servers:

# server1
1.2.3.4 <sender@...> <recipient@...> 1527324170 # 2018-05-26 10:42:50

# server2
1.2.3.4 <sender@...> <recipient@...> 1528536443 AUTO # 2018-06-09 11:27:23

# server3
1.2.3.4 <sender@...> <recipient@...> 1527324170 # 2018-05-26 10:42:50

# server4
1.2.3.4 <sender@...> <recipient@...> 1527324170 # 2018-05-26 10:42:50

It shows, that serwer2 recived the email and milter-greylist added the flag AUTO. 

After the time of 8 hours (because of timeout=8h), this information contains server2 only:

# server2
1.2.3.4 <sender@...> <recipient@...> 1528536443 AUTO # 2018-06-09 11:27:23

So, at this situation, when the sender will start sending second email (the parameters: IP, sender, recipient are still the same) and connects to server3 or serwer1, or server4 it will be wait.

From my point of view, waiting in such situation is a nonsens. 

Why the information abut 'autowithe' isn't distributed over all MX servers?


P.S
All my config files are as follow:

stat "|logger -p mail.info"  "milter-greylist: MILTERSTAT: %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
geoipdb "/usr/share/GeoIP/GeoIP.dat"
verbose
peer 10.10.10.1
peer 10.10.20.2
peer 10.10.30.3
peer 10.10.40.4
syncaddr * port 5252
racl whitelist addr 127.0.0.0/8
racl whitelist addr 10.0.0.0/8
racl whitelist addr 172.16.0.0/12
racl whitelist addr 192.168.0.0/16
report all
delayedreject
dumpfreq 5m
timeout 8h
greylist 6m
autowhite 14d
subnetmatch /24
nodrac
quiet
pidfile "/var/run/milter-greylist.pid"
socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
user "postfix"
racl whitelist spf pass
racl greylist spf fail  msg "SPFINFO: SPF:f  Greylisting in action: host %d [%i]  domain '%sf'" delay 60m autowhite 14d
racl greylist spf error msg "SPFINFO: SPF:e  Greylisting in action: host %d [%i]  domain '%sf'" delay 60m autowhite 14d

Regards,
Gienek Nowacki

Hi Readres,
Could someone answer the question? 
Why the information about 'autowithe' isn't distributed over all MX servers?
Regards,Gienek
 

    21:03 sobota, 2018-5-26, "Gienek Nowacki gieneknowacki@... [milter-greylist]" <milter-greylist@yahoogroups.com> napisał(a):
 

     Hi,

I've got four MX servers and observed strange behavior of milter-greylist.
Please, see the fragments of databases (dumpfiles) below of each servers:

# server1
1.2.3.4 <sender@...> <recipient@...> 1527324170 # 2018-05-26 10:42:50

# server2
1.2.3.4 <sender@...> <recipient@recipient.com> 1528536443 AUTO # 2018-06-09 11:27:23

# server3
1.2.3.4 <sender@...> <recipient@...> 1527324170 # 2018-05-26 10:42:50

# server4
1.2.3.4 <sender@...> <recipient@...> 1527324170 # 2018-05-26 10:42:50

It shows, that serwer2 recived the email and milter-greylist added the flag AUTO. 

After the time of 8 hours (because of timeout=8h), this information contains server2 only:

# server2
1.2.3.4 <sender@sender.com> <recipient@...> 1528536443 AUTO # 2018-06-09 11:27:23

So, at this situation, when the sender will start sending second email (the parameters: IP, sender, recipient are still the same) and connects to server3 or serwer1, or server4 it will be wait.

From my point of view, waiting in such situation is a nonsens. 

Why the information abut 'autowithe' isn't distributed over all MX servers?


P.S
All my config files are as follow:

stat "|logger -p mail.info"  "milter-greylist: MILTERSTAT: %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
geoipdb "/usr/share/GeoIP/GeoIP.dat"
verbose
peer 10.10.10.1
peer 10.10.20.2
peer 10.10.30.3
peer 10.10.40.4
syncaddr * port 5252
racl whitelist addr 127.0.0.0/8
racl whitelist addr 10.0.0.0/8
racl whitelist addr 172.16.0.0/12
racl whitelist addr 192.168.0.0/16
report all
delayedreject
dumpfreq 5m
timeout 8h
greylist 6m
autowhite 14d
subnetmatch /24
nodrac
quiet
pidfile "/var/run/milter-greylist.pid"
socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
user "postfix"
racl whitelist spf pass
racl greylist spf fail  msg "SPFINFO: SPF:f  Greylisting in action: host %d [%i]  domain '%sf'" delay 60m autowhite 14d
racl greylist spf error msg "SPFINFO: SPF:e  Greylisting in action: host %d [%i]  domain '%sf'" delay 60m autowhite 14d

Regards,
Gienek Nowacki

Gienek Nowacki gieneknowacki@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> Could someone answer the question? 

Well, I am stil wondering why it may be missing. Is it possible the
connexion between the MX broke at some time?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Gienek Nowacki gieneknowacki@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> The connection between MX is working correctly.
> Maybe there is an error or mistake in my config file? 

I cannot think of a configuration problem that would let
greylisting entries sync but not autowite entries. Are you 
certain all gresylisting entries are actually sync?
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

I don't know whether this matters. But one thing that crosses my mind is 
that it seems like you have all peers defined on all hosts.

According to the man page you should leave out the local machine as it 
would otherwise talk to itself and make duplicate entries in the dump file.

Another thing is that the AW functionality only works with version 2 
servers. Try to telnet to port 5252 on all four servers and type vers2 
and notice the response.

telnet server2 5252
help
203 Help? Sure, we have help here:
203
203 Available commands are:
203 help� -- displays this message
203 quit� -- terminate connection
203 vers2 -- speak version 2 protocol
203 vers3 -- speak version 3 protocol
203 add addr <ip> from <email> rcpt <email> date <time>� -- add en entry
203 del addr <ip> from <email> rcpt <email> date <time>� -- remove en entry
203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> -- 
remove en entry, adding it to autowhite with given delay (version 2 only)
203 flush addr <ip> -- remove anything about an ip� (version 3 only)

Cheers
John

Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki gieneknowacki@... 
[milter-greylist]:
> Hi,
>
> I've got four MX servers and observed strange behavior of milter-greylist.
> Please, see the fragments of databases (dumpfiles) below of each servers:
>
> # server1
> 1.2.3.4 <sender@... <mailto:sender@...>> 
> <recipient@... <mailto:recipient@...>> 1527324170 
> # 2018-05-26 10:42:50
>
> # server2
> 1.2.3.4 <sender@... <mailto:sender@...>> 
> <recipient@... <mailto:recipient@...>> 1528536443 
> AUTO # 2018-06-09 11:27:23
>
> # server3
> 1.2.3.4 <sender@... <mailto:sender@...>> 
> <recipient@... <mailto:recipient@...>> 1527324170 
> # 2018-05-26 10:42:50
>
> # server4
> 1.2.3.4 <sender@... <mailto:sender@...>> 
> <recipient@... <mailto:recipient@...>> 1527324170 
> # 2018-05-26 10:42:50
>
> It shows, that serwer2 recived the email and milter-greylist added the 
> flag AUTO.
>
> After the time of 8 hours (because of timeout=8h), this information 
> contains server2 only:
>
> # server2
> 1.2.3.4 <sender@... <mailto:sender@...>> 
> <recipient@... <mailto:recipient@...>> 1528536443 
> AUTO # 2018-06-09 11:27:23
>
> So, at this situation, when the sender will start sending second email 
> (the parameters: IP, sender, recipient are still the same) and 
> connects to server3 or serwer1, or server4 it will be wait.
>
> From my point of view, waiting in such situation is a nonsens.
>
> Why the information abut 'autowithe' isn't distributed over all MX 
> servers?
>
>
> P.S
> All my config files are as follow:
>
> stat "|logger -p mail.info"� "milter-greylist: MILTERSTAT: %T{%Y.%m.%d 
> %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
> geoipdb "/usr/share/GeoIP/GeoIP.dat"
> verbose
> peer 10.10.10.1
> peer 10.10.20.2
> peer 10.10.30.3
> peer 10.10.40.4
> syncaddr * port 5252
> racl whitelist addr 127.0.0.0/8
> racl whitelist addr 10.0.0.0/8
> racl whitelist addr 172.16.0.0/12
> racl whitelist addr 192.168.0.0/16
> report all
> delayedreject
> dumpfreq 5m
> timeout 8h
> greylist 6m
> autowhite 14d
> subnetmatch /24
> nodrac
> quiet
> pidfile "/var/run/milter-greylist.pid"
> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
> user "postfix"
> racl whitelist spf pass
> racl greylist spf fail� msg "SPFINFO: SPF:f� Greylisting in action: 
> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
> racl greylist spf error msg "SPFINFO: SPF:e� Greylisting in action: 
> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>
> Regards,
> Gienek Nowacki
>
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

Somewhat confusing the man page for the config file says that peer 
entries for the local host wil be ignored, which by the way also seems 
more reasonable.

 �� peer 192.0.2.18
 �������� peer 192.0.2.17
 �������� peer 192.0.2.22 timeout 7
 �������� peer 192.0.2.38 timeout 5m

 ������ You can list the local machine in the peer statements, it will 
be ignored.


Best

John


Den 06-06-2018 kl. 10:58 skrev John Damm S�rensen john@... 
[milter-greylist]:
>
> I don't know whether this matters. But one thing that crosses my mind 
> is that it seems like you have all peers defined on all hosts.
>
> According to the man page you should leave out the local machine as it 
> would otherwise talk to itself and make duplicate entries in the dump 
> file.
>
> Another thing is that the AW functionality only works with version 2 
> servers. Try to telnet to port 5252 on all four servers and type vers2 
> and notice the response.
>
> telnet server2 5252
> help
> 203 Help? Sure, we have help here:
> 203
> 203 Available commands are:
> 203 help� -- displays this message
> 203 quit� -- terminate connection
> 203 vers2 -- speak version 2 protocol
> 203 vers3 -- speak version 3 protocol
> 203 add addr <ip> from <email> rcpt <email> date <time>� -- add en entry
> 203 del addr <ip> from <email> rcpt <email> date <time>� -- remove en 
> entry
> 203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> -- 
> remove en entry, adding it to autowhite with given delay (version 2 only)
> 203 flush addr <ip> -- remove anything about an ip (version 3 only)
>
> Cheers
> John
>
> Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki gieneknowacki@... 
> [milter-greylist]:
>> Hi,
>>
>> I've got four MX servers and observed strange behavior of 
>> milter-greylist.
>> Please, see the fragments of databases (dumpfiles) below of each servers:
>>
>> # server1
>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>> <recipient@... <mailto:recipient@...>> 1527324170 
>> # 2018-05-26 10:42:50
>>
>> # server2
>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>> <recipient@... <mailto:recipient@...>> 1528536443 
>> AUTO # 2018-06-09 11:27:23
>>
>> # server3
>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>> <recipient@... <mailto:recipient@...>> 1527324170 
>> # 2018-05-26 10:42:50
>>
>> # server4
>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>> <recipient@... <mailto:recipient@...>> 1527324170 
>> # 2018-05-26 10:42:50
>>
>> It shows, that serwer2 recived the email and milter-greylist added 
>> the flag AUTO.
>>
>> After the time of 8 hours (because of timeout=8h), this information 
>> contains server2 only:
>>
>> # server2
>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>> <recipient@... <mailto:recipient@...>> 1528536443 
>> AUTO # 2018-06-09 11:27:23
>>
>> So, at this situation, when the sender will start sending second 
>> email (the parameters: IP, sender, recipient are still the same) and 
>> connects to server3 or serwer1, or server4 it will be wait.
>>
>> From my point of view, waiting in such situation is a nonsens.
>>
>> Why the information abut 'autowithe' isn't distributed over all MX 
>> servers?
>>
>>
>> P.S
>> All my config files are as follow:
>>
>> stat "|logger -p mail.info"� "milter-greylist: MILTERSTAT: 
>> %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
>> geoipdb "/usr/share/GeoIP/GeoIP.dat"
>> verbose
>> peer 10.10.10.1
>> peer 10.10.20.2
>> peer 10.10.30.3
>> peer 10.10.40.4
>> syncaddr * port 5252
>> racl whitelist addr 127.0.0.0/8
>> racl whitelist addr 10.0.0.0/8
>> racl whitelist addr 172.16.0.0/12
>> racl whitelist addr 192.168.0.0/16
>> report all
>> delayedreject
>> dumpfreq 5m
>> timeout 8h
>> greylist 6m
>> autowhite 14d
>> subnetmatch /24
>> nodrac
>> quiet
>> pidfile "/var/run/milter-greylist.pid"
>> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
>> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
>> user "postfix"
>> racl whitelist spf pass
>> racl greylist spf fail� msg "SPFINFO: SPF:f� Greylisting in action: 
>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>> racl greylist spf error msg "SPFINFO: SPF:e� Greylisting in action: 
>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>
>> Regards,
>> Gienek Nowacki
>>
>>
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
> 	Virusfri. www.avast.com 
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

Also check in sync.c:

#define SYNC_PROTO_CURRENT 3


On my system the sequence of commands sent to the peer are:

vers3

del2 addr <IP> from <mail address> rcpt <mail address> date <date in 
seconds> aw <same as date argument>

I also notice that the milter keeps the connection to the peers over 
time. Verified with netstat -an | grep 5252.

So please check that the connections are not dropped.

Best

John


Den 06-06-2018 kl. 11:07 skrev John Damm S�rensen john@... 
[milter-greylist]:
>
> Somewhat confusing the man page for the config file says that peer 
> entries for the local host wil be ignored, which by the way also seems 
> more reasonable.
>
> �� peer 192.0.2.18
> �������� peer 192.0.2.17
> �������� peer 192.0.2.22 timeout 7
> �������� peer 192.0.2.38 timeout 5m
>
> ������ You can list the local machine in the peer statements, it will 
> be ignored.
>
>
> Best
>
> John
>
>
> Den 06-06-2018 kl. 10:58 skrev John Damm S�rensen john@... 
> [milter-greylist]:
>>
>> I don't know whether this matters. But one thing that crosses my mind 
>> is that it seems like you have all peers defined on all hosts.
>>
>> According to the man page you should leave out the local machine as 
>> it would otherwise talk to itself and make duplicate entries in the 
>> dump file.
>>
>> Another thing is that the AW functionality only works with version 2 
>> servers. Try to telnet to port 5252 on all four servers and type 
>> vers2 and notice the response.
>>
>> telnet server2 5252
>> help
>> 203 Help? Sure, we have help here:
>> 203
>> 203 Available commands are:
>> 203 help� -- displays this message
>> 203 quit� -- terminate connection
>> 203 vers2 -- speak version 2 protocol
>> 203 vers3 -- speak version 3 protocol
>> 203 add addr <ip> from <email> rcpt <email> date <time>� -- add en entry
>> 203 del addr <ip> from <email> rcpt <email> date <time>� -- remove en 
>> entry
>> 203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> -- 
>> remove en entry, adding it to autowhite with given delay (version 2 only)
>> 203 flush addr <ip> -- remove anything about an ip� (version 3 only)
>>
>> Cheers
>> John
>>
>> Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki gieneknowacki@... 
>> [milter-greylist]:
>>> Hi,
>>>
>>> I've got four MX servers and observed strange behavior of 
>>> milter-greylist.
>>> Please, see the fragments of databases (dumpfiles) below of each 
>>> servers:
>>>
>>> # server1
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1527324170 # 2018-05-26 10:42:50
>>>
>>> # server2
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>
>>> # server3
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1527324170 # 2018-05-26 10:42:50
>>>
>>> # server4
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1527324170 # 2018-05-26 10:42:50
>>>
>>> It shows, that serwer2 recived the email and milter-greylist added 
>>> the flag AUTO.
>>>
>>> After the time of 8 hours (because of timeout=8h), this information 
>>> contains server2 only:
>>>
>>> # server2
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>
>>> So, at this situation, when the sender will start sending second 
>>> email (the parameters: IP, sender, recipient are still the same) and 
>>> connects to server3 or serwer1, or server4 it will be wait.
>>>
>>> From my point of view, waiting in such situation is a nonsens.
>>>
>>> Why the information abut 'autowithe' isn't distributed over all MX 
>>> servers?
>>>
>>>
>>> P.S
>>> All my config files are as follow:
>>>
>>> stat "|logger -p mail.info"� "milter-greylist: MILTERSTAT: 
>>> %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
>>> geoipdb "/usr/share/GeoIP/GeoIP.dat"
>>> verbose
>>> peer 10.10.10.1
>>> peer 10.10.20.2
>>> peer 10.10.30.3
>>> peer 10.10.40.4
>>> syncaddr * port 5252
>>> racl whitelist addr 127.0.0.0/8
>>> racl whitelist addr 10.0.0.0/8
>>> racl whitelist addr 172.16.0.0/12
>>> racl whitelist addr 192.168.0.0/16
>>> report all
>>> delayedreject
>>> dumpfreq 5m
>>> timeout 8h
>>> greylist 6m
>>> autowhite 14d
>>> subnetmatch /24
>>> nodrac
>>> quiet
>>> pidfile "/var/run/milter-greylist.pid"
>>> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
>>> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
>>> user "postfix"
>>> racl whitelist spf pass
>>> racl greylist spf fail� msg "SPFINFO: SPF:f Greylisting in action: 
>>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>> racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action: 
>>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>>
>>> Regards,
>>> Gienek Nowacki
>>>
>>>
>>
>>
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>> 	Virusfri. www.avast.com 
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>
>>
>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

Well I did some testing on my systems and indeed it seems like the 
autowhite information is not recorded by the peer.

Instead when the del2 command is issued the entry is removed.

So there must be a problem in the way the pending list is updated 
failing to change from pending type to autowhitelist. As can been seen 
from the snippet that controls what to write to the db file.

if (conf.c_dump_no_time_translation) {
 ����������������������� if (pending->p_type == T_AUTOWHITE) {
 ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld AUTO\n",
 ����������������������������������� pending->p_addr, pending->p_from,
 ����������������������������������� pending->p_rcpt,
(long)pending->p_tv.tv_sec);
 ����������������������� } else if (pending->p_type == T_PENDING) {
 ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld \n",
 ����������������������������������� pending->p_addr, pending->p_from,
 ����������������������������������� pending->p_rcpt,
(long)pending->p_tv.tv_sec);

Best

John


Den 06-06-2018 kl. 11:07 skrev John Damm S�rensen john@... 
[milter-greylist]:
>
> Somewhat confusing the man page for the config file says that peer 
> entries for the local host wil be ignored, which by the way also seems 
> more reasonable.
>
> �� peer 192.0.2.18
> �������� peer 192.0.2.17
> �������� peer 192.0.2.22 timeout 7
> �������� peer 192.0.2.38 timeout 5m
>
> ������ You can list the local machine in the peer statements, it will 
> be ignored.
>
>
> Best
>
> John
>
>
> Den 06-06-2018 kl. 10:58 skrev John Damm S�rensen john@... 
> [milter-greylist]:
>>
>> I don't know whether this matters. But one thing that crosses my mind 
>> is that it seems like you have all peers defined on all hosts.
>>
>> According to the man page you should leave out the local machine as 
>> it would otherwise talk to itself and make duplicate entries in the 
>> dump file.
>>
>> Another thing is that the AW functionality only works with version 2 
>> servers. Try to telnet to port 5252 on all four servers and type 
>> vers2 and notice the response.
>>
>> telnet server2 5252
>> help
>> 203 Help? Sure, we have help here:
>> 203
>> 203 Available commands are:
>> 203 help� -- displays this message
>> 203 quit� -- terminate connection
>> 203 vers2 -- speak version 2 protocol
>> 203 vers3 -- speak version 3 protocol
>> 203 add addr <ip> from <email> rcpt <email> date <time>� -- add en entry
>> 203 del addr <ip> from <email> rcpt <email> date <time>� -- remove en 
>> entry
>> 203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> -- 
>> remove en entry, adding it to autowhite with given delay (version 2 only)
>> 203 flush addr <ip> -- remove anything about an ip� (version 3 only)
>>
>> Cheers
>> John
>>
>> Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki gieneknowacki@... 
>> [milter-greylist]:
>>> Hi,
>>>
>>> I've got four MX servers and observed strange behavior of 
>>> milter-greylist.
>>> Please, see the fragments of databases (dumpfiles) below of each 
>>> servers:
>>>
>>> # server1
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1527324170 # 2018-05-26 10:42:50
>>>
>>> # server2
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>
>>> # server3
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1527324170 # 2018-05-26 10:42:50
>>>
>>> # server4
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1527324170 # 2018-05-26 10:42:50
>>>
>>> It shows, that serwer2 recived the email and milter-greylist added 
>>> the flag AUTO.
>>>
>>> After the time of 8 hours (because of timeout=8h), this information 
>>> contains server2 only:
>>>
>>> # server2
>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>> <recipient@... <mailto:recipient@...>> 
>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>
>>> So, at this situation, when the sender will start sending second 
>>> email (the parameters: IP, sender, recipient are still the same) and 
>>> connects to server3 or serwer1, or server4 it will be wait.
>>>
>>> From my point of view, waiting in such situation is a nonsens.
>>>
>>> Why the information abut 'autowithe' isn't distributed over all MX 
>>> servers?
>>>
>>>
>>> P.S
>>> All my config files are as follow:
>>>
>>> stat "|logger -p mail.info"� "milter-greylist: MILTERSTAT: 
>>> %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
>>> geoipdb "/usr/share/GeoIP/GeoIP.dat"
>>> verbose
>>> peer 10.10.10.1
>>> peer 10.10.20.2
>>> peer 10.10.30.3
>>> peer 10.10.40.4
>>> syncaddr * port 5252
>>> racl whitelist addr 127.0.0.0/8
>>> racl whitelist addr 10.0.0.0/8
>>> racl whitelist addr 172.16.0.0/12
>>> racl whitelist addr 192.168.0.0/16
>>> report all
>>> delayedreject
>>> dumpfreq 5m
>>> timeout 8h
>>> greylist 6m
>>> autowhite 14d
>>> subnetmatch /24
>>> nodrac
>>> quiet
>>> pidfile "/var/run/milter-greylist.pid"
>>> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
>>> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
>>> user "postfix"
>>> racl whitelist spf pass
>>> racl greylist spf fail� msg "SPFINFO: SPF:f Greylisting in action: 
>>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>> racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action: 
>>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>>
>>> Regards,
>>> Gienek Nowacki
>>>
>>>
>>
>>
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>> 	Virusfri. www.avast.com 
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>
>>
>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

Further testing seems to be realted to the fact that the date aw times 
sent to the peers are equal. This apparently tricks the peer to delete 
the entry.

I tried to del2 an existing entry in teh db but with different data and 
aw times, and this time the AUTO whitelist was added to the db.

Would somebody please investigate why the time for date and aw is used?

Best

John


Den 06-06-2018 kl. 20:17 skrev John Damm S�rensen john@... 
[milter-greylist]:
>
> Well I did some testing on my systems and indeed it seems like the 
> autowhite information is not recorded by the peer.
>
> Instead when the del2 command is issued the entry is removed.
>
> So there must be a problem in the way the pending list is updated 
> failing to change from pending type to autowhitelist. As can been seen 
> from the snippet that controls what to write to the db file.
>
> if (conf.c_dump_no_time_translation) {
> ����������������������� if (pending->p_type == T_AUTOWHITE) {
> ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld AUTO\n",
> ����������������������������������� pending->p_addr, pending->p_from,
> ����������������������������������� pending->p_rcpt,
> (long)pending->p_tv.tv_sec);
> ����������������������� } else if (pending->p_type == T_PENDING) {
> ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld \n",
> ����������������������������������� pending->p_addr, pending->p_from,
> ����������������������������������� pending->p_rcpt,
> (long)pending->p_tv.tv_sec);
>
> Best
>
> John
>
>
> Den 06-06-2018 kl. 11:07 skrev John Damm S�rensen john@... 
> [milter-greylist]:
>>
>> Somewhat confusing the man page for the config file says that peer 
>> entries for the local host wil be ignored, which by the way also 
>> seems more reasonable.
>>
>> �� peer 192.0.2.18
>> �������� peer 192.0.2.17
>> �������� peer 192.0.2.22 timeout 7
>> �������� peer 192.0.2.38 timeout 5m
>>
>> ������ You can list the local machine in the peer statements, it will 
>> be ignored.
>>
>>
>> Best
>>
>> John
>>
>>
>> Den 06-06-2018 kl. 10:58 skrev John Damm S�rensen john@... 
>> [milter-greylist]:
>>>
>>> I don't know whether this matters. But one thing that crosses my 
>>> mind is that it seems like you have all peers defined on all hosts.
>>>
>>> According to the man page you should leave out the local machine as 
>>> it would otherwise talk to itself and make duplicate entries in the 
>>> dump file.
>>>
>>> Another thing is that the AW functionality only works with version 2 
>>> servers. Try to telnet to port 5252 on all four servers and type 
>>> vers2 and notice the response.
>>>
>>> telnet server2 5252
>>> help
>>> 203 Help? Sure, we have help here:
>>> 203
>>> 203 Available commands are:
>>> 203 help� -- displays this message
>>> 203 quit� -- terminate connection
>>> 203 vers2 -- speak version 2 protocol
>>> 203 vers3 -- speak version 3 protocol
>>> 203 add addr <ip> from <email> rcpt <email> date <time>� -- add en entry
>>> 203 del addr <ip> from <email> rcpt <email> date <time>� -- remove 
>>> en entry
>>> 203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> 
>>> -- remove en entry, adding it to autowhite with given delay (version 
>>> 2 only)
>>> 203 flush addr <ip> -- remove anything about an ip� (version 3 only)
>>>
>>> Cheers
>>> John
>>>
>>> Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki gieneknowacki@... 
>>> [milter-greylist]:
>>>> Hi,
>>>>
>>>> I've got four MX servers and observed strange behavior of 
>>>> milter-greylist.
>>>> Please, see the fragments of databases (dumpfiles) below of each 
>>>> servers:
>>>>
>>>> # server1
>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>> <recipient@... <mailto:recipient@...>> 
>>>> 1527324170 # 2018-05-26 10:42:50
>>>>
>>>> # server2
>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>> <recipient@... <mailto:recipient@...>> 
>>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>>
>>>> # server3
>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>> <recipient@... <mailto:recipient@...>> 
>>>> 1527324170 # 2018-05-26 10:42:50
>>>>
>>>> # server4
>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>> <recipient@... <mailto:recipient@...>> 
>>>> 1527324170 # 2018-05-26 10:42:50
>>>>
>>>> It shows, that serwer2 recived the email and milter-greylist added 
>>>> the flag AUTO.
>>>>
>>>> After the time of 8 hours (because of timeout=8h), this information 
>>>> contains server2 only:
>>>>
>>>> # server2
>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>> <recipient@... <mailto:recipient@...>> 
>>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>>
>>>> So, at this situation, when the sender will start sending second 
>>>> email (the parameters: IP, sender, recipient are still the same) 
>>>> and connects to server3 or serwer1, or server4 it will be wait.
>>>>
>>>> From my point of view, waiting in such situation is a nonsens.
>>>>
>>>> Why the information abut 'autowithe' isn't distributed over all MX 
>>>> servers?
>>>>
>>>>
>>>> P.S
>>>> All my config files are as follow:
>>>>
>>>> stat "|logger -p mail.info"� "milter-greylist: MILTERSTAT: 
>>>> %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
>>>> geoipdb "/usr/share/GeoIP/GeoIP.dat"
>>>> verbose
>>>> peer 10.10.10.1
>>>> peer 10.10.20.2
>>>> peer 10.10.30.3
>>>> peer 10.10.40.4
>>>> syncaddr * port 5252
>>>> racl whitelist addr 127.0.0.0/8
>>>> racl whitelist addr 10.0.0.0/8
>>>> racl whitelist addr 172.16.0.0/12
>>>> racl whitelist addr 192.168.0.0/16
>>>> report all
>>>> delayedreject
>>>> dumpfreq 5m
>>>> timeout 8h
>>>> greylist 6m
>>>> autowhite 14d
>>>> subnetmatch /24
>>>> nodrac
>>>> quiet
>>>> pidfile "/var/run/milter-greylist.pid"
>>>> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
>>>> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
>>>> user "postfix"
>>>> racl whitelist spf pass
>>>> racl greylist spf fail� msg "SPFINFO: SPF:f Greylisting in action: 
>>>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>>> racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action: 
>>>> host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>>>
>>>> Regards,
>>>> Gienek Nowacki
>>>>
>>>>
>>>
>>>
>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>> 	Virusfri. www.avast.com 
>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>
>>>
>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

I have now collected tcpdump trace illustrating the problem.

When the peer is informed by an autowhitelist instance both times for 
the data and aw argument are the assigned the time that should be the aw 
time.

Since the date has wrong value the peer is unable to locate the tuple 
and update it accordingly.

It is possible to update the autowhitelist manually by telnetting to 
port 5252 on the peer and issue the del2 commands using the date time 
recorded in the db file.

Please fix this problem.

Best

John


Den 07-06-2018 kl. 11:16 skrev John Damm S�rensen john@... 
[milter-greylist]:
>
> Further testing seems to be realted to the fact that the date aw times 
> sent to the peers are equal. This apparently tricks the peer to delete 
> the entry.
>
> I tried to del2 an existing entry in teh db but with different data 
> and aw times, and this time the AUTO whitelist was added to the db.
>
> Would somebody please investigate why the time for date and aw is used?
>
> Best
>
> John
>
>
> Den 06-06-2018 kl. 20:17 skrev John Damm S�rensen john@... 
> [milter-greylist]:
>>
>> Well I did some testing on my systems and indeed it seems like the 
>> autowhite information is not recorded by the peer.
>>
>> Instead when the del2 command is issued the entry is removed.
>>
>> So there must be a problem in the way the pending list is updated 
>> failing to change from pending type to autowhitelist. As can been 
>> seen from the snippet that controls what to write to the db file.
>>
>> if (conf.c_dump_no_time_translation) {
>> ����������������������� if (pending->p_type == T_AUTOWHITE) {
>> ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld AUTO\n",
>> pending->p_addr, pending->p_from,
>> pending->p_rcpt,
>> (long)pending->p_tv.tv_sec);
>> ����������������������� } else if (pending->p_type == T_PENDING) {
>> ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld \n",
>> pending->p_addr, pending->p_from,
>> pending->p_rcpt,
>> (long)pending->p_tv.tv_sec);
>>
>> Best
>>
>> John
>>
>>
>> Den 06-06-2018 kl. 11:07 skrev John Damm S�rensen john@... 
>> [milter-greylist]:
>>>
>>> Somewhat confusing the man page for the config file says that peer 
>>> entries for the local host wil be ignored, which by the way also 
>>> seems more reasonable.
>>>
>>> �� peer 192.0.2.18
>>> �������� peer 192.0.2.17
>>> �������� peer 192.0.2.22 timeout 7
>>> �������� peer 192.0.2.38 timeout 5m
>>>
>>> ������ You can list the local machine in the peer statements, it 
>>> will be ignored.
>>>
>>>
>>> Best
>>>
>>> John
>>>
>>>
>>> Den 06-06-2018 kl. 10:58 skrev John Damm S�rensen john@... 
>>> [milter-greylist]:
>>>>
>>>> I don't know whether this matters. But one thing that crosses my 
>>>> mind is that it seems like you have all peers defined on all hosts.
>>>>
>>>> According to the man page you should leave out the local machine as 
>>>> it would otherwise talk to itself and make duplicate entries in the 
>>>> dump file.
>>>>
>>>> Another thing is that the AW functionality only works with version 
>>>> 2 servers. Try to telnet to port 5252 on all four servers and type 
>>>> vers2 and notice the response.
>>>>
>>>> telnet server2 5252
>>>> help
>>>> 203 Help? Sure, we have help here:
>>>> 203
>>>> 203 Available commands are:
>>>> 203 help� -- displays this message
>>>> 203 quit� -- terminate connection
>>>> 203 vers2 -- speak version 2 protocol
>>>> 203 vers3 -- speak version 3 protocol
>>>> 203 add addr <ip> from <email> rcpt <email> date <time>� -- add en 
>>>> entry
>>>> 203 del addr <ip> from <email> rcpt <email> date <time>� -- remove 
>>>> en entry
>>>> 203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> 
>>>> -- remove en entry, adding it to autowhite with given delay 
>>>> (version 2 only)
>>>> 203 flush addr <ip> -- remove anything about an ip� (version 3 only)
>>>>
>>>> Cheers
>>>> John
>>>>
>>>> Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki 
>>>> gieneknowacki@... [milter-greylist]:
>>>>> Hi,
>>>>>
>>>>> I've got four MX servers and observed strange behavior of 
>>>>> milter-greylist.
>>>>> Please, see the fragments of databases (dumpfiles) below of each 
>>>>> servers:
>>>>>
>>>>> # server1
>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>> <recipient@... <mailto:recipient@...>> 
>>>>> 1527324170 # 2018-05-26 10:42:50
>>>>>
>>>>> # server2
>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>> <recipient@... <mailto:recipient@...>> 
>>>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>>>
>>>>> # server3
>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>> <recipient@... <mailto:recipient@...>> 
>>>>> 1527324170 # 2018-05-26 10:42:50
>>>>>
>>>>> # server4
>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>> <recipient@... <mailto:recipient@...>> 
>>>>> 1527324170 # 2018-05-26 10:42:50
>>>>>
>>>>> It shows, that serwer2 recived the email and milter-greylist added 
>>>>> the flag AUTO.
>>>>>
>>>>> After the time of 8 hours (because of timeout=8h), this 
>>>>> information contains server2 only:
>>>>>
>>>>> # server2
>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>> <recipient@... <mailto:recipient@...>> 
>>>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>>>
>>>>> So, at this situation, when the sender will start sending second 
>>>>> email (the parameters: IP, sender, recipient are still the same) 
>>>>> and connects to server3 or serwer1, or server4 it will be wait.
>>>>>
>>>>> From my point of view, waiting in such situation is a nonsens.
>>>>>
>>>>> Why the information abut 'autowithe' isn't distributed over all MX 
>>>>> servers?
>>>>>
>>>>>
>>>>> P.S
>>>>> All my config files are as follow:
>>>>>
>>>>> stat "|logger -p mail.info" "milter-greylist: MILTERSTAT: 
>>>>> %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
>>>>> geoipdb "/usr/share/GeoIP/GeoIP.dat"
>>>>> verbose
>>>>> peer 10.10.10.1
>>>>> peer 10.10.20.2
>>>>> peer 10.10.30.3
>>>>> peer 10.10.40.4
>>>>> syncaddr * port 5252
>>>>> racl whitelist addr 127.0.0.0/8
>>>>> racl whitelist addr 10.0.0.0/8
>>>>> racl whitelist addr 172.16.0.0/12
>>>>> racl whitelist addr 192.168.0.0/16
>>>>> report all
>>>>> delayedreject
>>>>> dumpfreq 5m
>>>>> timeout 8h
>>>>> greylist 6m
>>>>> autowhite 14d
>>>>> subnetmatch /24
>>>>> nodrac
>>>>> quiet
>>>>> pidfile "/var/run/milter-greylist.pid"
>>>>> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
>>>>> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
>>>>> user "postfix"
>>>>> racl whitelist spf pass
>>>>> racl greylist spf fail� msg "SPFINFO: SPF:f Greylisting in action: 
>>>>> host %d [%i] domain '%sf'" delay 60m autowhite 14d
>>>>> racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action: 
>>>>> host %d [%i] domain '%sf'" delay 60m autowhite 14d
>>>>>
>>>>> Regards,
>>>>> Gienek Nowacki
>>>>>
>>>>>
>>>>
>>>>
>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>> 	Virusfri. www.avast.com 
>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>>
>>>>
>>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>
>>
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

I guess that the sync_send() function is called after the pending 
structure has been updated with the autowhitelist time.

According to pending.h the structure element� struct timeval p_tv is 
used to both hold pending time and autowhilist time

struct pending {
 ������� char *p_addr;
 ������� struct sockaddr *p_sa;
 ������� socklen_t p_salen;
 ������� char *p_from;
 ������� char *p_rcpt;
 ������� struct timeval p_tv;��� /* activation time for pending or 
tarpitting,
 ���������������������������������� expiration time for autowhite */
 ������� struct timeval p_tarpit;/* unsuccessful longest duration for 
tarpit */
 ������� int p_refcnt;���������� /* mutex; pending entry is
 ���������������������������������� shared with sync queue */
 ������� tuple_t p_type;�������� /* pending or autowhite entry? */
 ������� TAILQ_ENTRY(pending) p_list;
 ������� TAILQ_ENTRY(pending) pb_list;
};

This is very wrong!

Is it possible to get a response from whoever is responsible for the coding?

Best

John


Den 07-06-2018 kl. 20:05 skrev John Damm S�rensen john@... 
[milter-greylist]:
>
> I have now collected tcpdump trace illustrating the problem.
>
> When the peer is informed by an autowhitelist instance both times for 
> the data and aw argument are the assigned the time that should be the 
> aw time.
>
> Since the date has wrong value the peer is unable to locate the tuple 
> and update it accordingly.
>
> It is possible to update the autowhitelist manually by telnetting to 
> port 5252 on the peer and issue the del2 commands using the date time 
> recorded in the db file.
>
> Please fix this problem.
>
> Best
>
> John
>
>
> Den 07-06-2018 kl. 11:16 skrev John Damm S�rensen john@... 
> [milter-greylist]:
>>
>> Further testing seems to be realted to the fact that the date aw 
>> times sent to the peers are equal. This apparently tricks the peer to 
>> delete the entry.
>>
>> I tried to del2 an existing entry in teh db but with different data 
>> and aw times, and this time the AUTO whitelist was added to the db.
>>
>> Would somebody please investigate why the time for date and aw is used?
>>
>> Best
>>
>> John
>>
>>
>> Den 06-06-2018 kl. 20:17 skrev John Damm S�rensen john@... 
>> [milter-greylist]:
>>>
>>> Well I did some testing on my systems and indeed it seems like the 
>>> autowhite information is not recorded by the peer.
>>>
>>> Instead when the del2 command is issued the entry is removed.
>>>
>>> So there must be a problem in the way the pending list is updated 
>>> failing to change from pending type to autowhitelist. As can been 
>>> seen from the snippet that controls what to write to the db file.
>>>
>>> if (conf.c_dump_no_time_translation) {
>>> ����������������������� if (pending->p_type == T_AUTOWHITE) {
>>> ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld 
>>> AUTO\n",
>>> pending->p_addr, pending->p_from,
>>> pending->p_rcpt,
>>> (long)pending->p_tv.tv_sec);
>>> ����������������������� } else if (pending->p_type == T_PENDING) {
>>> ������������������������������� fprintf(stream, "%s\t%s\t%s\t%ld \n",
>>> pending->p_addr, pending->p_from,
>>> pending->p_rcpt,
>>> (long)pending->p_tv.tv_sec);
>>>
>>> Best
>>>
>>> John
>>>
>>>
>>> Den 06-06-2018 kl. 11:07 skrev John Damm S�rensen john@... 
>>> [milter-greylist]:
>>>>
>>>> Somewhat confusing the man page for the config file says that peer 
>>>> entries for the local host wil be ignored, which by the way also 
>>>> seems more reasonable.
>>>>
>>>> �� peer 192.0.2.18
>>>> �������� peer 192.0.2.17
>>>> �������� peer 192.0.2.22 timeout 7
>>>> �������� peer 192.0.2.38 timeout 5m
>>>>
>>>> ������ You can list the local machine in the peer statements, it 
>>>> will be ignored.
>>>>
>>>>
>>>> Best
>>>>
>>>> John
>>>>
>>>>
>>>> Den 06-06-2018 kl. 10:58 skrev John Damm S�rensen 
>>>> john@... [milter-greylist]:
>>>>>
>>>>> I don't know whether this matters. But one thing that crosses my 
>>>>> mind is that it seems like you have all peers defined on all hosts.
>>>>>
>>>>> According to the man page you should leave out the local machine 
>>>>> as it would otherwise talk to itself and make duplicate entries in 
>>>>> the dump file.
>>>>>
>>>>> Another thing is that the AW functionality only works with version 
>>>>> 2 servers. Try to telnet to port 5252 on all four servers and type 
>>>>> vers2 and notice the response.
>>>>>
>>>>> telnet server2 5252
>>>>> help
>>>>> 203 Help? Sure, we have help here:
>>>>> 203
>>>>> 203 Available commands are:
>>>>> 203 help� -- displays this message
>>>>> 203 quit� -- terminate connection
>>>>> 203 vers2 -- speak version 2 protocol
>>>>> 203 vers3 -- speak version 3 protocol
>>>>> 203 add addr <ip> from <email> rcpt <email> date <time>� -- add en 
>>>>> entry
>>>>> 203 del addr <ip> from <email> rcpt <email> date <time>� -- remove 
>>>>> en entry
>>>>> 203 del2 addr <ip> from <email> rcpt <email> date <time> aw <time> 
>>>>> -- remove en entry, adding it to autowhite with given delay 
>>>>> (version 2 only)
>>>>> 203 flush addr <ip> -- remove anything about an ip� (version 3 only)
>>>>>
>>>>> Cheers
>>>>> John
>>>>>
>>>>> Den 26-05-2018 kl. 20:53 skrev Gienek Nowacki 
>>>>> gieneknowacki@... [milter-greylist]:
>>>>>> Hi,
>>>>>>
>>>>>> I've got four MX servers and observed strange behavior of 
>>>>>> milter-greylist.
>>>>>> Please, see the fragments of databases (dumpfiles) below of each 
>>>>>> servers:
>>>>>>
>>>>>> # server1
>>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>>> <recipient@... <mailto:recipient@...>> 
>>>>>> 1527324170 # 2018-05-26 10:42:50
>>>>>>
>>>>>> # server2
>>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>>> <recipient@... <mailto:recipient@...>> 
>>>>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>>>>
>>>>>> # server3
>>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>>> <recipient@... <mailto:recipient@...>> 
>>>>>> 1527324170 # 2018-05-26 10:42:50
>>>>>>
>>>>>> # server4
>>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>>> <recipient@... <mailto:recipient@...>> 
>>>>>> 1527324170 # 2018-05-26 10:42:50
>>>>>>
>>>>>> It shows, that serwer2 recived the email and milter-greylist 
>>>>>> added the flag AUTO.
>>>>>>
>>>>>> After the time of 8 hours (because of timeout=8h), this 
>>>>>> information contains server2 only:
>>>>>>
>>>>>> # server2
>>>>>> 1.2.3.4 <sender@... <mailto:sender@...>> 
>>>>>> <recipient@... <mailto:recipient@...>> 
>>>>>> 1528536443 AUTO # 2018-06-09 11:27:23
>>>>>>
>>>>>> So, at this situation, when the sender will start sending second 
>>>>>> email (the parameters: IP, sender, recipient are still the same) 
>>>>>> and connects to server3 or serwer1, or server4 it will be wait.
>>>>>>
>>>>>> From my point of view, waiting in such situation is a nonsens.
>>>>>>
>>>>>> Why the information abut 'autowithe' isn't distributed over all 
>>>>>> MX servers?
>>>>>>
>>>>>>
>>>>>> P.S
>>>>>> All my config files are as follow:
>>>>>>
>>>>>> stat "|logger -p mail.info" "milter-greylist: MILTERSTAT: 
>>>>>> %T{%Y.%m.%d %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
>>>>>> geoipdb "/usr/share/GeoIP/GeoIP.dat"
>>>>>> verbose
>>>>>> peer 10.10.10.1
>>>>>> peer 10.10.20.2
>>>>>> peer 10.10.30.3
>>>>>> peer 10.10.40.4
>>>>>> syncaddr * port 5252
>>>>>> racl whitelist addr 127.0.0.0/8
>>>>>> racl whitelist addr 10.0.0.0/8
>>>>>> racl whitelist addr 172.16.0.0/12
>>>>>> racl whitelist addr 192.168.0.0/16
>>>>>> report all
>>>>>> delayedreject
>>>>>> dumpfreq 5m
>>>>>> timeout 8h
>>>>>> greylist 6m
>>>>>> autowhite 14d
>>>>>> subnetmatch /24
>>>>>> nodrac
>>>>>> quiet
>>>>>> pidfile "/var/run/milter-greylist.pid"
>>>>>> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
>>>>>> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
>>>>>> user "postfix"
>>>>>> racl whitelist spf pass
>>>>>> racl greylist spf fail� msg "SPFINFO: SPF:f� Greylisting in 
>>>>>> action: host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>>>>> racl greylist spf error msg "SPFINFO: SPF:e� Greylisting in 
>>>>>> action: host %d [%i]� domain '%sf'" delay 60m autowhite 14d
>>>>>>
>>>>>> Regards,
>>>>>> Gienek Nowacki
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>>> 	Virusfri. www.avast.com 
>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>>>
>>>>>
>>>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>
>>>
>>
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

> When the peer is informed by an autowhitelist instance
> both times for the data and aw argument are
> the assigned the time that should be the aw time.

The bug was introduced around the beginning of 2010:

1c1
< /* $Id: milter-greylist.c,v 1.222 2009/09/09 12:19:17 manu Exp $ */
---
> /* $Id: milter-greylist.c,v 1.227 2010/02/15 16:38:03 manu Exp $ */
37c37
< __RCSID("$Id: milter-greylist.c,v 1.222 2009/09/09 12:19:17 manu Exp $");
---
> __RCSID("$Id: milter-greylist.c,v 1.227 2010/02/15 16:38:03 manu Exp $");
319a320,321
> 	struct tuple_fields tuple;
> 
326d327
< 		struct rcpt *rcpt;
328,331c329,337
< 		rcpt = priv->priv_rcpt.lh_first;
< 		pending_update(SA(&priv->priv_addr), priv->priv_addrlen,
< 			       priv->priv_from, rcpt->r_addr,
< 			       priv->priv_sr.sr_autowhite, TU_AUTOWHITE);
---
> 		tuple.sa = SA(&priv->priv_addr);
> 		tuple.salen = priv->priv_addrlen;
> 		tuple.from = priv->priv_from;
> 		tuple.rcpt = priv->priv_rcpt.lh_first->r_addr;
> 		tuple.autowhite = 0;
> 		tuple.updatetype = TU_AUTOWHITE;
> 
> 		mg_tuple_update(&tuple);
>

I am attaching a patch which fixes that problem.
In addition, it contains a cosmetic patch to log  the queue ID
for certain debug level log message. 

Best,
Attila

Hi,

The attachment does not exist on the server.

Best

John


Den 10-06-2018 kl. 15:10 skrev 'Bruncsak, Attila' 
attila.bruncsak@... [milter-greylist]:
> [Attachment(s) <#TopText> from Bruncsak, Attila included below]
>
> > When the peer is informed by an autowhitelist instance
> > both times for the data and aw argument are
> > the assigned the time that should be the aw time.
>
> The bug was introduced around the beginning of 2010:
>
> 1c1
> < /* $Id: milter-greylist.c,v 1.222 2009/09/09 12:19:17 manu Exp $ */
> ---
> > /* $Id: milter-greylist.c,v 1.227 2010/02/15 16:38:03 manu Exp $ */
> 37c37
> < __RCSID("$Id: milter-greylist.c,v 1.222 2009/09/09 12:19:17 manu Exp 
> $");
> ---
> > __RCSID("$Id: milter-greylist.c,v 1.227 2010/02/15 16:38:03 manu Exp 
> $");
> 319a320,321
> > struct tuple_fields tuple;
> >
> 326d327
> < struct rcpt *rcpt;
> 328,331c329,337
> < rcpt = priv->priv_rcpt.lh_first;
> < pending_update(SA(&priv->priv_addr), priv->priv_addrlen,
> < priv->priv_from, rcpt->r_addr,
> < priv->priv_sr.sr_autowhite, TU_AUTOWHITE);
> ---
> > tuple.sa = SA(&priv->priv_addr);
> > tuple.salen = priv->priv_addrlen;
> > tuple.from = priv->priv_from;
> > tuple.rcpt = priv->priv_rcpt.lh_first->r_addr;
> > tuple.autowhite = 0;
> > tuple.updatetype = TU_AUTOWHITE;
> >
> > mg_tuple_update(&tuple);
> >
>
> I am attaching a patch which fixes that problem.
> In addition, it contains a cosmetic patch to log the queue ID
> for certain debug level log message.
>
> Best,
> Attila
>
> 



---
Denne e-mail blev kontrolleret for virusser af Avast antivirussoftware.
https://www.avast.com/antivirus

> The attachment does not exist on the server.
It is normally a problem with the yahoo server.
That may become visible after a while.

By the way this patch is not really solves the problem,
only partially. The second problem is that the "pending"
list is referenced only in the sync queue, not copied.
After calling peer_delete() the pending_put()
immediately updates the  values of the same
structure. The data is read later in another thread
to send to the peers.

'Bruncsak, Attila' attila.bruncsak@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> By the way this patch is not really solves the problem,
> only partially. The second problem is that the "pending"
> list is referenced only in the sync queue, not copied.
> After calling peer_delete() the pending_put()
> immediately updates the  values of the same
> structure. The data is read later in another thread
> to send to the peers.

Hi

Are you still working on it?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

> > By the way this patch is not really solves the problem,
> > only partially. The second problem is that the "pending"
> > list is referenced only in the sync queue, not copied.
> > After calling peer_delete() the pending_put()
> > immediately updates the  values of the same
> > structure. The data is read later in another thread
> > to send to the peers.
> 
> Hi
> 
> Are you still working on it?
> 

I sent the patch in the attachment, 
yahoogroups show that in fact there
is an attachment as web link,
but it is inaccessible.
May be yahoogroups is broken?
I advise to apply the patch but it does
not solve the original problem.
Please advise how can I provide
the patch, If you want it.

I see two options to go.
1. to change the access policy for the in memory structure
to become append only, no update in place allowed.
So a greylist entry cannot be promoted to a whitelist entry.
Instead, an insertion of a new whitelist entry is needed,
and the old greylist entry will expire at the appropriate time
and subject of garbage collection.
2. Keep track the time values of the greylist entry outside of the
memory structure and use them at the synchronization time.

Independently all of that,
if I may suggest a newer version of sync protocol
which I believe conceptually is better.
The only command to be used is the  "encounter".
It contains only the timestamp, sender, recipient, IP address  quadruplet 
as seen by the milter-greylist instant on its own input.
Than the sender milter-greylist replays this to all of his peers.
The peers independently applies the quadruplet  onto the in-memory
structure based on the actual policy in force, similarly as the SMTP connection
would  have been made to the receiver peer with the same parameters.
By the way that would be very hard to implement on a backward compatible
way, so practically isn't a good choice.

'Bruncsak, Attila' attila.bruncsak@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> I advise to apply the patch but it does
> not solve the original problem.

I refered to the original problem, indeed.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...