Policyd-weight questions
Hi Since a couple of days we are using policyd-weight and are really happy. It saves us from buying more powerfull hardware as the load on the server dropped from 90% to 10% (spamassassin has nothing todo anymore). So far i have two questions: 1. how can we support the policyd-weight project, as we saved money for new hardware we would like to contribute something to the project. 2. in the log i have quite often the following entry Oct 16 08:30:53 schilt postfix/policyd[20148]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:30:55 schilt postfix/policyd[20148]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:30:59 schilt postfix/policyd[29859]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:00 schilt postfix/policyd[18480]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:01 schilt postfix/policyd[17144]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:02 schilt postfix/policyd[17144]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:02 schilt postfix/policyd[32604]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:04 schilt postfix/policyd[18480]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:04 schilt postfix/policyd[13837]: decided action=DUNNO NULL () Sender; delay: 0s Oct 16 08:31:05 schilt postfix/policyd[20148]: decided action=DUNNO NULL () Sender; delay: 0s I don't know exactly how to debug them, the process number is repeating quite often, any ideas? thanks Andreas -- ** http://www.dunes.ch/ *Andreas Fuchs* Consultant/System Engineer Allmend 31 3504 Niederhünigen office: +41 31 508 18 16 mobile: +41 78 740 93 80 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.aironaut.ch http://www.aironaut.ch/ Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: Policyd-weight questions
On 16/10/2007, Robert Felber [EMAIL PROTECTED] wrote: On Tue, Oct 16, 2007 at 08:36:11AM +0200, Andreas Fuchs wrote: 2. in the log i have quite often the following entry Oct 16 08:30:53 schilt postfix/policyd[20148]: decided action=DUNNO NULL () Sender; delay: 0s I don't know exactly how to debug them, the process number is repeating quite often, any ideas? That are NULL-sender (mainly generated by DSN). You MUST let pass them. If the NULL Sender try to deliver to non-existing users then reject all mail for non-existent users. Why MUST they pass? From what I understand of our favourite RFCs, DSNs should not be treated any differently from other normal traffic. Section 4.5.5 of RFC2821 states only these: If the delivery of such a notification message fails, that usually indicates a problem with the mail system of the host to which the notification message is addressed. Which would be the same for any other type of message.. and: systems SHOULD NOT reply to messages with null reverse-path Which is no surprise either. Maybe I'm missing some other detail.. But, I do know that one spammer technique is to populate both the From (Return-path) as well as the To with their intended spammee database and almost rely equally as much on DSNs to deliver payload. (which is why DSNs these days should not contain message bodies). So, why allow DSN's to violate all kinds of policy, even their client IPs appearing on SBL+XBL, etc.? I don't think that's right. regards, Riaan Policyd-weight Mailinglist - http://www.policyd-weight.org/
Re: Policyd-weight questions
On Tue, Oct 16, 2007 at 06:33:28PM +0300, Henrik Krohns wrote: On Tue, Oct 16, 2007 at 05:17:38PM +0200, Robert Felber wrote: On Tue, Oct 16, 2007 at 11:47:53AM +0100, Riaan Kok wrote: On 16/10/2007, Robert Felber [EMAIL PROTECTED] wrote: On Tue, Oct 16, 2007 at 08:36:11AM +0200, Andreas Fuchs wrote: 2. in the log i have quite often the following entry Oct 16 08:30:53 schilt postfix/policyd[20148]: decided action=DUNNO NULL () Sender; delay: 0s I don't know exactly how to debug them, the process number is repeating quite often, any ideas? That are NULL-sender (mainly generated by DSN). You MUST let pass them. If the NULL Sender try to deliver to non-existing users then reject all mail for non-existent users. Why MUST they pass? How to ensure that DSN arrive from hosts to which you have sent mail but which are listed or otherwise penalized by policyd-weight? If the host happens to be penalized and is legimate, don't you have more to worry about than losing some DSN? :) Ok, a (ham) scoring for NULL sender will be done. The default will be to let pass NULL sender unscored, though. I am currently trying to make polw run on a mail system with 17 mil mails (loadbalanced) per day (196 mails per sec). With polw the smtpd porcesses grow gen sky (1000) Without polw postfix has around 200 processes open (per box). So, NULL sender scoring would certainly add a neat side-effect while being 'extremely' effective ;-) -- Robert Felber (PGP: 896CF30B) Munich, Germany Policyd-weight Mailinglist - http://www.policyd-weight.org/