Hello,
I recently reveive (maybe targeted) spam from real MTAs which are not
DNSBL listed, and are no open relays as ordb.org says when I report the
clients.
So I am thinking hardly about a way to catch those as well, without
raising false positives. SPF is no option, address verification is no
On Sun, 2005-07-03 at 08:27 -0500, /dev/rob0 wrote:
> On Sunday 03 July 2005 03:50, Robert Felber wrote:
> > I recently reveive (maybe targeted) spam from real MTAs which are not
> > DNSBL listed, and are no open relays as ordb.org says when I report
> > the clients.
>
On Sun, Jul 03, 2005 at 04:33:20PM +0200, Robert Felber wrote:
> I don't use RHSBL as they can be faked. Those that grot through, could
> have written _anything_ in the RCPT FROM, tom and jerry situation.
s/grot/got/
s/RCPT FROM/MAIL FROM/
--
Robert F.
Version 0.1.9 devel-3 is out.
Changes:
Checks:
---
Reverse IP == dynhost check added.
Takes place if client is not in a DUL and client no MX for HELO/FROM.
Logging:
CL_IP_EQ_".$MATCH_TYPE."_IP
$MATCH_TYPE will tell us whether "HELO" or "FROM&q
On Sun, Jul 03, 2005 at 04:33:20PM +0200, Robert Felber wrote:
> > 3. Received: from MediaSoft.ro (media-gw.planet.ro [194.176.162.181])
> >X-Envelope-From: <[EMAIL PROTECTED]>
> >X-Envelope-To: <[EMAIL PROTECTED]>
> >
> > Also in http://dnsbl.ne
changes:
checks:
---
From has nobody/anonymous user
From domain multiparted check
both use and increase total_dnsbl_score.
--
Robert F.
On Mon, Jul 04, 2005 at 03:04:17PM +0200, Robert Felber wrote:
> From has nobody/anonymous user
> From domain multiparted check
>
> both use and increase total_dnsbl_score.
Err, From has nobody/anonymous user increases total_dnsbl_score (yes, that's
sort of an abuse
0.1.9 devel-4 is scheduled to become beta in 2 weeks, unless
it appears to cause false positives which could have been
avoided.
betas are scheduled to become stable 4 weeks after beta
release. If changes must be done to the beta release it
will be again 4 more weeks.
Or: if a versions appears to
changes:
checks:
--
rhsbl check added
rhsbl check uses $total_dnsbl_score and has an own score array @rhsbl_score.
It gets fired if the current rate is below REJECTLEVEL, to don't have
unnecessary DNS queries.
If one entry is found, it bails out with the appropriate score.
Thus the
ainly
RBLs and whether some other test may be usable. But after the initial Idea, SA
reported only RBLs which I didn't have, and RHSBLs.
And now, after some clarifying about RHSBL I'm trying to use those as well.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Drosselweg 21
changes:
false positive fix:
---
/var/log/maillog.0.bz2:Jul 5 16:15:02 fpsvr1z150
postfix/policyd-weight[90483]: weighted check: NOT_IN_DYN_NJABL=0
NOT_IN_BL_NJABL=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_SBL_XBL_SPAMHAUS=-1.5
NOT_IN_DSBL_ORG=0 NOT_IN_IX_MANITU=0 NOT_IN_ORDB_ORG=0 CL_
DNS are considered not trustworthy.
62.225.182.37 is no real host, just a DNS entry for proof of concept.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
PGP: 896CF30B
PGP-Fingerprint: A43A A57E ECF4 F80F FDFC 285A 0A7F B077 896C F30B
, 1.896.585 Mails/day
Can someone suggest something faster than Net::DNS? The author states also
that Net::DNS is slow.
With Net::hostent I cannot perform MX queries.
If there is not some faster approach, I would try out writing something
with Socket, or even worse, trying python.
--
Robert
On Thu, Jul 07, 2005 at 11:36:07AM +0200, Robert Felber wrote:
> While upgrading from Net::DNS 0.49 to 0.51 I have seen a light load increase.
>
> For 10 tests with Net::DNS 0.49 it took 0.54 seconds, with the same test but
> Net::DNS 0.51 it took 0.70 seconds (pure CPU time).
typo:
.)
it MUST NOT mean, that it gets blocked, see below.
Don't play too much with that, or else you may block out hotmail and
amazon (both often have unverified helos), hotmail is also an excessive
RFC violator (ie. rhsbl listed).
--
Robert Felber (EDV-Le
changes:
checks:
- HELO check now also checks the /16 net, but result is treated as
untrusted.
This leads to less false positves but probably to more false
negatives.
cosmetics/perfomance:
- some unnecessary loops removed.
subnet checking is now do
changes:
configuration:
- dnsbl_checks_only. 1 for ON, 0 for OFF (default)
Thats for those, that have to do with too many postmasters that don't
care about DNS entries.
It disables any further checks.
- MAXDNSBLSCORE added. 8 is default. Keep DUL DNSBLs in mind if you lower
changes:
checks:
string "pool" removed from dynamic client/helo detetection.
some, name their subdomains "mxpool" or "smtppool" or similiar.
this caused some ebay mails to get rejected.
--
rob
Has someone seen some Log entries like "action=DUNNO" and that occassionally?
Since 3 days I have those and it seems that the weighted_check handler
get's called, but returns zero, thus the $DEFAULT_RESPONSE gets used.
Well, it is not possible that the handler returns zero. At least not logically
On Fri, Jul 15, 2005 at 08:23:07AM +0200, Bob Tito wrote:
> Robert Felber wrote:
>
> >Has someone seen some Log entries like "action=DUNNO" and that
> >occassionally?
> >
> >Since 3 days I have those and it seems that the weighted_check handler
>
changes:
logging:
responses adjusted to see which DUNNO gets used
code semantics:
the HANDLERS loop has been removed
return-value verification of weighted_check() tried to make
safe of perl-mistery-errors.
bug:
policyd-weight retruns occasionally with
changes:
Bug found in line 444 which was "last;"
This was a leftover when I removed the former loop for
splitting.
Caused policyd-weight to bail out at this position which
got reached in some circumstances.
--
rob
changes:
AHBL.org added for the rhsbl lookups.
--
rob
Would someone appreciate a config file? :)
I can imagine that it would help those who really take
the advance of own adjusted scores, and don't want to adjust
them each time the version changes.
--
rob
changes:
core:
configuration-file added.
search path: /etc/policyd-weight.conf
/usr/local/etc/policyd-weight.conf
./policyd-weight.conf
an example can be found at
http://robtone.mine.nu/postfix/policyd-weight.conf
The config file syntax is
changes:
configuration:
$PUDP added WARNING: Net::DNS 0.51 is broken with this option,
use Net::DNS 0.53
$DNS_RETRIES added
$DNS_RETRY_IVAL added
$ADD_X_HEADER added
$PUDP:
persistent udp connections on or off, default off.
WARNING: this is broken in
th 17 of 44 answers (of the example host above)
and policyd-weight can work on.
igntc(1) is a workaround, and cannot be configured within
policyd-weight configuration.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenc
Hello Jim,
You see those timeouts with devel-17?
If so. Could you provide the client IP address and from part (you can get them
from postfix' NOQEUE 4xx messages).
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +
)
- HELO (smtpd should provide this)
- policyd-weight version
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
head.
To make it failsafe for other queries (DNSBL, etc) I need some time.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
ow added sorbs *cough*
privately.
With multihop I'm just afraid that it may give some extra scores to some
hotmail clients which are close to the edge already.
Even with "multihop.dsbl.org", 0, 0, they might get blocked
because the DNSBL hit increases the weight fo
script collects system information (swap usage, open file descriptors,
number of runnings processes) at the moment when the warning is written to
your maillog and stores it to /var/log/polw.debug), to make sure it is no
resource issue.
(I admit the script is quick'n'dirty)
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
On Mon, Aug 29, 2005 at 09:51:22AM +0200, Robert Felber wrote:
> save this code to a file (polw-debug.sh), chmod 700 polw-debug.sh, and
> run it as root with "./polw-debug.sh &".
You should run it either everyday by hand, after you made sure that there is
no bug report, or per
DNS(-cache) (not only for policyd-weight).
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
similiar (http://cr.yp.to/djbdns.html).
Also I don't know whether your ISP has some rate-limit stuff which accidentially
also affect DNS queries (I mean, hey they even use confixx ;), a cache can help
there.
It seems obvious because we never have unanswered DNS queries.
--
Robert Felbe
is right?
So far this should work, in /etc/resolv.conf write
nameserver 127.0.0.1 # this should come first
nameserver ip.of.isp.dns #fallback, if your local bind is down
make sure, that confixx doesn't mess up /etc/resolv.conf, otherwise, get in
touch with confixx or encounter when confixx changes /etc/resolv.conf and
"correct it" your way again (automatically of course).
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
1W ; expiry
1D ); minimum
1D IN NSlocalhost.
* 1D IN PTR localhost.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenche
changes:
core:
resolver object is now created in main, instead of each new mail.
bugfix:
DNSMAXERR counter was not resetted at each new mail.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax
can use this also for updating /etc/bind/db.root (see
http://www.brandonhutchinson.com/updating_hints_file.html)
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
past. This
looks like something was babbling on either STDOUT or STDERR (Net::DNS loves
that). With devel-3 this issue should be fixed. This oftens seems to occour
if the DNS asked is not responding for unknown reason.
Also I have in main.cf:
max_idle = 300s
mtpd_policy_service_max_idle = 360
On Thu, Sep 01, 2005 at 08:03:57PM +0200, Robert Felber wrote:
> policydweight_time_limit = 300
make this policy_time_limit. my typo.
postconf -n would help too
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0)
to try it there.
> My guess out of the blue is the sending SMTP server simply disconnects
> without bothering about RFCs.
It's a little to late when it comes to smtpd_data_restrictions.
>From my understanding it makes sense in smtpd_recipient_restrictions plus
smtpd_delay_reject =
erminated.
Where "transport" replace it with the master.conf entry, in your case "policy"
It should be at least the same value as $max_idle
Those policy service timeouts and ttls are a bit very confusing I admit.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreie
changes:
bugfix:
all ``return("$RETANSW; $MAXDNSERRMSG");'' changed to
return("$RETANSW $MAXDNSERRMSG");
thanks to J. Knuth
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenche
(or at least) the exit status changes. Sigh.
Have to ask myself on postfix-users what 107 indicates. Google ain't my friend
on this.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
CHESIZE=20;
$CACHEREJECTMSG="550 temporarily blocked because of previous errors";
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
note:
I *need* a weekend.
bugfix:
I didn't remove some 'print's which I used for testing devel-5 which
will confuse postfix.
note2:
did I mention that I *need* a weekend?
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Hauptha
tio 27605747k*sec
policyd 250 1.54cpu 170tio 795038k*sec
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
changes:
bugfix:
now the positive cache check lets only pass the mail if no dnsbl hits
appear.
note:
I don't plan any new features on 0.1.10, i.e.: feature freeze.
If nothing unexpected occurs, devel-8 may become beta. It's about time.
--
Robert Felber (EDV-Leitung)
e
I'm still without a glue who exited with 107. I don't know whether it was perl
itself, or one of the modules. The OS seems not involved as execve, fork and
the like exit with -1 on error (but set the errno variable).
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford
(255) and set errno instead.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
changes:
policyd-weight 0.1.10 devel-9 became beta status due to bugfixes/improved
error-handling of the DNS resolution routines.
It has been committed to the FreeBSD portstree already, too.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
t think they read an
advertising but rather a logical big picture I'd be glad.
Of course the author will be mentioned in the copyright and thanks.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
IPv6 devices.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
om domains.
At least show me how and where to setup an "[EMAIL PROTECTED]" account.
I expect that msn.com via 65.54.173.3 is some sort of unchecked relaying by
hotmail.
If you can setup an msn.com account, let me know ;)
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford
On Wed, Sep 28, 2005 at 06:44:34PM +0200, Robert Felber wrote:
> On Wed, Sep 28, 2005 at 08:48:17AM -0700, chris wrote:
> > Could I get you to show me a way to allow msn users to not get bounced just
> > because the helo says hotmail? I've tried to adjust the numbers lower to
is some sort of
critical or otherwise important.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
On Thu, Sep 29, 2005 at 08:28:28PM +0200, Jan Wagner wrote:
> On Thursday 29 September 2005 08:30, Robert Felber wrote:
> > changes from 0.1.10 beta to 0.1.11 devel-4:
> >
> > core:
> >
> > igntc replaced by force_v4 (devel-1 to devel-2)
>
> Hi!
>
&g
t-DNS, I doubt that those will it make quickly
into "stable" distributions like debian, though.
Btw, all modules/programs that use Net-DNS should have this issue.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +
On Thu, Sep 29, 2005 at 09:03:50PM +0200, Jan Wagner wrote:
> so maybe you can make a config option to use "force_v4" or "igntc"?
I'm working on a self-check. Meanwhile you may replace force_v4 with
igntc.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
changes:
core:
Net-DNS Version is checked and uses appropriate methods to avoid
failures on DNS TCP queries.
>= 0.50 use force_v4(1)
< 0.50 use igntc(1)
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenche
ie::Syslog is as usefull as it sounds.
Exceptions such as die() are syslogged anyway.
--
Robert Felber (EDV-Leitung)
Autohaus Erich Kuttendreier
Ford Haupthaendler Muenchen
Drosselweg 21
81827 Muenchen
Tel: +49 (0) 89 / 453 12-86
Fax: +49 (0) 89 / 453 12-80
queue_id, if queue_id is not empty then the
mail already was checked AND accepted with DUNNO and we let pass
further queries with DUNNO instead of PREPEND X-policyd-weight: foo bar.
Neat side-effect: it saves once again CPU and Bandwidth.
--
Robert Felber (EDV-Leitung)
Autohaus Erich
ROTECTED]>
250 Ok
rcpt to:<[EMAIL PROTECTED]>
250 Ok
rcpt to:
250 Ok
rcpt to:<[EMAIL PROTECTED]>
554 <[EMAIL PROTECTED]>: Relay access denied
rcpt to:<[EMAIL PROTECTED]>
250 Ok
quit
221 Bye
Connection closed by foreign host.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
changes:
core:
mail for /^(postmaster|abuse)\@/ is now returned with DUNNO instant.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
e added
in devel-9 the recipient check for postmaster and abuse, as you suggested.
If those are recipient, then the mail for this recipient will pass
policyd-weight with DUNNO while doing no further checks on this recipient.
postfix' reject_unauth_destination takes care of not relaying mail for
[EMAIL PROTECTED]
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
changes:
core:
starting at line 656:
fetching of reverse records fixed/corrected
required by those checks:
Reverse IP == dynhost check
Reverse IP == HELO check
The array @reverse_ips was not build correctly, leading to an empty array.
--
Robert Felber (PGP
vis marks such things as BANNED. Mails with virus are marked
INFECTED, and for spam we can use the X-spam-score.
Allthough, before I start such a thing I rather want to know some opinions and
whether I forgot some scenarios where a client may be blocked falsely.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
LOG_ALL_RBLS=yes/no
That's possible, yep. Will do that sort in 0.1.11 devel. Thanks.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
the Postfix take care of itself. I do hope eventually to do
> your documentation for you, as you had asked here some time ago.
This are good news, if I ever happen to be in .uk you'll get an ale ;)
Or vice versa. Maybe I should put policyd-weight under the BEER-WARE licence :)
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
_RBL=0# not logged
IN_BAZ_RBL= # logged, regardless of score.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
changes:
core:
bugfix: The NULL (<>) sender check introduced in 0.1.11 devel-11
was bogus. $foo == "" on strings returns always true.
Have to use $foo eq "" instead.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
y and the cache keeps itself clean.
One could try to use polspawn.pl within amavis to inject bad "$ip-$sender"
tuples. I myself will do that, if the new cache is "ready".
Enjoy.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
On Mon, Oct 17, 2005 at 05:13:29PM +0200, Robert Felber wrote:
> I've attached a control script to see the stats and kill policyd-weight cache
> cleanly.
Err, will do that now.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
--
polspawn.pl
Description: Perl program
On Mon, Oct 17, 2005 at 05:13:29PM +0200, Robert Felber wrote:
> Hello,
>
> I've made a UNIX-socket baked cache and an experimental version at
> http://robtone.mine.nu/postfix/policyd-weight-experimental
It's really that URL, I've linked the policyd-weight-devel link
On Mon, Oct 17, 2005 at 05:13:29PM +0200, Robert Felber wrote:
> BUGS:
> - It's not cleanly "turn-off" able.
> - Configuration changes are not detected (i.e. must be killed manually).
It's now turn-off-able via CACHESIZE and POSCACHESIZE settings.
Also some
On Mon, Oct 17, 2005 at 05:13:29PM +0200, Robert Felber wrote:
> BUGS:
> - It's not cleanly "turn-off" able.
> - Configuration changes are not detected (i.e. must be killed manually).
Configuration changes are now detected, allthough it is not detected when
a
equal zero, it is logged though.
Default is 1 (ON).
NOTE:
for those that used the latest (0.1.11 devel-12) version there is
no need to update. There are no changes.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
P
is number of entries cleanup takes place
$PTTL = 20; # after PTTL request the HAM entry is deleted
# from cache must be reverified
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
___
of this writing, but in some minutes.
I will announce that again (have to update the port for freebsd and sf.net
first).
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://robtone.mine.nu/postfix/
changes:
Same changes as in 0.1.11 beta-2
NOTE: freebsd ports and sf.net are not updated yet, as I first need to
verify the fix and the update procedure for both are more than time
consuming.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
you please give following output:
uname -a
perl -e 'use Net::DNS; print Net::DNS->version();print "\n$^O\n$]\n"'
Also the from sender is required for debugging. Thanks.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://robtone.mine.nu/postfix/
On Tue, Nov 01, 2005 at 08:24:28AM -0600, Craig Deal wrote:
> > perl -e 'use Net::DNS; print Net::DNS->version();print "\n$^O\n$]\n"'
> >
> > Also the from sender is required for debugging. Thanks.
> >
> >
> > --
> > Ro
dard debug mechanisms for
such cases.
Unfortunately I'm a bit busy with real life and can dive in again tomorrow.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://robtone.mine.nu/postfix/
ether you may rather
want to send it privately, as it may expose internal DNS servers).
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://robtone.mine.nu/postfix/
cache couldn't be spawned or
caused some sort of trouble.
It works pretty O.K. here and I'm curious whether it is acceptable for beta
releases.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight M
g.log 2>&1
> >
> > And send the debug.log (please review the log and decide
> > whether you may rather want to send it privately, as it may
> > expose internal DNS servers).
> >
> >
> > --
> > Robert Felber (PGP: 896CF30B)
> >
On Fri, Nov 04, 2005 at 07:32:56AM +0100, Robert Felber wrote:
> > mx1# Nov 3 17:25:26 mx1 policyd-weight[11689]: err: Can't coerce array into
> > hash at /usr/local/lib/perl5/site_perl/5.8.7/mach/Net/DNS/Resolver/Base.pm
> > line 626, line 65.
> > Unmatched '
On Fri, Nov 04, 2005 at 10:01:46AM +0100, Robert Felber wrote:
> You can debug that yourself by issuing from the commandline:
>
> perl -e 'use Net::DNS; $res = Net::DNS::Resolver->new(); $res->debug(1);
> print $res->send("66.151.8.13")'
Make th
one an error. Sigh.
Please turn off PUDP (persistent udp connections) until there is a fix.
I.e.: $PUDP = 0; in the config file
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://robtone.mine.nu/postfix/
st and the second a TCP then Net::DNS dies. This leads to
deferals and probably mail-loss. Please turn off PUDP ($PUDP = 0;) until
there is a fix.
This bug has not yet been reported to the Net::DNS author.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
_
On Fri, Nov 04, 2005 at 02:47:19PM +0100, Robert Felber wrote:
> Hello,
>
> Net::DNS has another bug:
>
> perl -e 'use Net::DNS; $r = Net::DNS::Resolver->new(); $r->persistent_udp(1);
> $r->send("62.225.182.35"); $r->send("216.47.210.18")
Hello Folks,
I've setup a channel #policyd-weight on IrcNET(1). Intention is mainly for
developing or for trying out stuff (and sometimes quick support ;)
Everyone is welcome.
--
Robert Felber (PGP: 896CF30B)
Munich, Ge
On Sat, Nov 19, 2005 at 01:51:42PM +0100, Robert Felber wrote:
> Hello Folks,
>
> I've setup a channel #policyd-weight on IrcNET(1). Intention is mainly for
Err, missed the serverlist: http://www.ircnet.com/index.php?&p=5
--
Robert Felber (PGP: 896CF30B)
Hello,
policyd-weight has now its own domain called policyd-weight.org :)
Many thanks to Winfried Neessen who was so kind to register it for me.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist
tunately I'll have less time in the next few weeks/months, our family
is growing *knock knock* and at work we rebuild and reorganize our whole
IT-structure.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://www.policyd-weight.org/
ent|rev.*?(ip|home)*).*?\..*?\./i) ||
($helo =~ /[a-z\.\-\_]+\d{1,3}[-._]\d{1,3}[-._]\d{1,3}[-._]\d{1,3}/i))
Is it possible, that the reverse record was another one at this time?
Please show the according postfix/smtpd[]: connect from
ks1.wolff-dv.de[213.2
changes:
security:
Configuration file is being tested whether it is world-writeable.
If so -> syslog warning and don't use it.
The cache tries on its maintenace-checks to reload the config only if not
world-writeable.
Cache:
defaults for cache sizes changed.
Core:
-
action=DUNNO using cached result;
> rate: -7.5
Yes, that's ok and its intention. The cache stores its results on a
"ip-sender" basis - i.e. "[EMAIL PROTECTED]". This avoids drastically
DNS lookups and thus decreases network delays and cpu-cycles.
I had several th
rate config file, they are "hardcoded"
into policyd-weight.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
Policyd-weight Mailinglist - http://www.policyd-weight.org/
1 - 100 of 407 matches
Mail list logo