On 11/13/2009 01:31 PM, Steve wrote: > > -------- Original-Nachricht -------- >> Datum: Fri, 13 Nov 2009 13:08:33 -0700 >> Von: "Nathanael D. Noblet"<[email protected]> >> An: [email protected] >> Betreff: [Dspam-user] Dspam delivery failures... > >> Hello, >> > Hallo Nathanael, > > >> So in the same vein as some of the postfix issues discussed on the >> list recently I've got a question. >> >> >> When dspam is configured to deliver via lmtp and a socket, >> periodically it has issues. When it does this I get a dspam permission >> denied error and the mail bounces with the following... >> >> with status 255: "/usr/bin/dspam". Command output: 3015: [11/11/2009 >> 18:05:53] Connection to socket /var/lib/imap/socket/lmtp failed: >> Permission denied. >> >> I want a way to configure dspam to *never* bounce mail regardless of >> what happens. So either tell postfix to try again somehow, or >> *something* so that it queue's it or something. >> > You lost me here. Who has issues? DSPAM? Postfix? From looking at message > above I would say that DSPAM has issues sending a mail back to Postfix. > Right? If that is the case then I can't tell Postfix to retry as Postfix has > already injected/delivered mail to DSPAM and the mail is no longer in the > Postfix queue.
Let me give you an example of how our system is setup to help clear it up... postfix:25 -> content_filter=scan:127.0.0.1:10025 (clamav) -> re-injected via postfix:10026 -> delivered to dspam for processing -> delivered to cyrus for delivery to user mailboxes. dspam is configured to deliver via LMTP DeliveryHost /var/lib/imap/socket/lmtp DeliveryIdent postman DeliveryProto LMTP What happens is that /var/lib/imap/socket/lmtp is accessible only via user cyrus or group mail. dspam runs as its own user 'dspam'. So gets denied access to the lmtp socket. To solve this before I just made the imap/socket directories permissions 777. Which works well till cyrus is updated, I don't catch it, and the permission of that directory return to 750 and dspam is denied access. Then what happens is that mail bounces back to postfix since dspam returned exit code 255 and postfix bounces it back to the sender. The solution for me was to change my dspam line to now run as user=dspam:mail so it has group access. However it still means that it could happen if dspam is misconfigured some way. I don't run a dspam server, it runs the process per delivery, defined in master.cf as follows (it used to be simply user=dspam) dspam unix - n n - 10 pipe flags=Ru user=dspam:mail argv=/usr/bin/dspam --deliver=innocent,spam --user $user -i f $sender -- $recipient So what I'm hoping for is an error code exit that postfix would interpret as, try again later. It seems that this should be possible cut from this link/question "Can I safely assume that if my the script that the pipe command for the mailbox_transport exits with EX_TEMPFAIL (75), Postfix will keep the the message in the queue and retry delivering it at some point? And if the script exits with EX_UNAVAILABLE (69), will Postfix bounce the message back to the sender (I bounce spam messages after saving it as I've read some reports stating that spammers sometimes remove email addresses from their lists when they get bounces)?" (http://readlist.com/lists/postfix.org/postfix-users/14/71606.html) Which makes me think that dspam could return different error codes like if it exited with code 75 instead of 255. Postfix would hold onto it, then try dspam again. How does this solve my problem? Well the only thing it solves is that the bounce doesn't go back to the user, and the mail isn't lost. dspam would probably have to get smarter too (syslog entry) or a way to inform an admin of a problem... But first things first. When this happened to use last wednesday ( I missed the cyrus update ). A user lost some important mail and it bounced to the sender. Had it stayed in the postfix queue, it would have sat there and waited for me to fix cyrus instead. I hope that makes more sense. > > >> Is that possible? so >> that an error like this which is my fault can make it so that users mail >> doesn't bounce back? If it doesn't have this ability, I'm more than >> willing to provide a patch if given a few hints as to where to look at >> implementing it. Its been awhile since I've done C programming, but not >> that long, and I'd love to get involved a bit more. >> > The problem is that DSPAM does not have a queue manager. Holding a mail back > and retrying later means that the mail is staying inside DSPAM's current > memory and the more mails stay there the more memory is used and soon or > later the maximum allowed connections to DSPAM will saturate and Postfix will > not be able to send new mail to DSPAM. > > Is the deamon behind the socket able to accept messages with other transport > options? Maybe by SMTP or other ways? > > Maybe we could implement some kind of retry count with a delay and then a > fallback to an alternative delivery method and if that fails then raising the > error we currently do. > > Or we rewrite DSPAM to have a queue manager and spool messages there? I think fallback delivery would be a good solution too. I don't think dspam needs a queue manager. That's not its job, and in the spirit of unix shouldn't do more than what it is supposed to. Classify mail and pass it along. Fallback to some file store would be good too, that way the mail could be delivered manually by injecting it. >> Also, is anyone planning on providing fedora packages of dspam? >> > I had done RPMs for 3.8.0 some while ago. I made them for Tony Earnshaw but > he did not liked the way things where made inside the RPM. Anyway... I still > have those SPEC files somewhere around and could port them to 3.9.0 without > big issues. If you have the spec file that'd be great, I'll submit it and go through the review process to get in ship shape. >> If not, >> I'd like to volunteer to submit them to the fedora community and become >> the packager for fedora. >> > GREAT! That would be super if you could do that. >> One more thing, I'm glad the project hasn't died and people have taken >> it up. Really excited about that. So although I know no one in the new >> project I'm excited to get involved again. >> > Should you ever make a trip to my country then you can have a coffee with me > at any time :) What country? ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
