On Tue, Jul 08, 2008 at 06:42:30PM +0200, Zbigniew Szalbot wrote: >>>> traffic with tcpdump including the full packet content, and if you >>>> can capture a session where dkim-milter crashes, then I can tell >>>> you what the packets meant. >>> Capturing a session might be quite a challenge as it crashes randomly >>> at any time, usually once every 3-4 days... >> It shouldn't be too hard. Just tell tcpdump to capture all packets on >> that specific port on localhost dumping to a local file. The last few >> packets will occur right before it dies. Start it in a screen session >> if you are afraid your ssh connection to the server will die. > So should it start it like so? > tcpdump -i 4445 -F /tmp/dkim.log > Or do I need more switches. I am actually determined to help the > maintainers spot the problem so all advice greatly appreciated!
tcpdump -i lo -n -p -w /tmp/dkim.dump port 4445
Start this and then when the daemon dies, kill the tcpdump with Ctrl-c.
The dkim.dump file will have what Wietse is looking for. Pay attention
to disk space. If this is a busy server, that dump file can get large
pretty fast. Here's what those options mean:
-i lo means listen on loopback, I'm assuming that is how postfix
connects to your dkim-milter
-n means don't do reverse dns lookups
-p means don't put the interface in promiscuous mode, doesn't
really do anything here, the dmesg logs just annoy me
-w file write raw packets to this file
Then to see what's in the file, you do this:
tcpdump -r /tmp/dkim.dump
To get a bytecode dump of the traffic (which is probably what Weitse
will want, though maybe he'll want the raw packet file) you can do:
tcpdump -s 1500 -X -r /tmp/dkim.dump | tail -n 100
-X Do a raw hex dump of the packet with the ascii codes on
the right hand side
-s 1500 Print out only the first 1500 bytes of the packet
I added the tail -n 100 because I figure you'll want to ignore pretty
much all of the multiple days' worth of captured packets except for what
happened right at the end. Increase the 100 or get rid of the tail
command altogether to see more (or everything...warning, it could be a
lot :-) ).
--
Regards... Todd
A friend of mine was at the military and had to check new recruits for
color-blindness. Only after the 20th color-blind man in a row he realized
for the first time in hist life that it was _him_, being the color-blind.
--Johannes Schindelin
Linux kernel 2.6.24-18-generic 12 users, load average: 0.08, 0.05, 0.07
signature.asc
Description: Digital signature
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
