> > The attached patch adds a timeout on STARTTLS, if idle-timeout-secs is set.
>
>Does this patch activate a timeout effects all (subsequent) read
>commands? If not, it won't solve the problem. spamdyke usually hangs
>long after the STARTTLS when it does, and the STARTTLS is successful.
>
>So even with this patch, using TLS with no idle-timeout-secs setting
>leaves a server vulnerable. Is there some way of requiring an
>idle-timeout-secs value when TLS is used? Perhaps giving it a relatively
>high (300) default? If nothing else, --config-test should at least give
>a warning when TLS is in use and there's no idle-timeout-secs setting.
>Personally, I'd like to see the idle-timeout-secs setting activated by
>default.
I'm afraid this patch haven't cured the problem:
Cron <r...@server> /usr/bin/spamdyke.defunct
Killing process 8930 (Elapsed time: 01:38:13)
I still have spamdyke processes floating around more than idle-timeout-secs
which is:
idle-timeout-secs=60
tls-level=smtps
tls-certificate-file=/var/qmail/control/servercert.pem
The cron script I've done will reap spamdyke processes active for more than
1 hour.
>Thanks for your work on this trog. It took me a while as well to realize
>this is a bug.
>
>Patch applied ok, but compile gave:
>tls.c: In function 'tls_start':
>tls.c:325: warning: suggest explicit braces to avoid ambiguous 'else'
>I added braces in accordance with indentation.
>
>After running the patched version a while, still getting defunct
>processes. :( I double checked that it's running the patched version (I
>made it 4.0.10a in the config).
>
>I should mention that this host is running CentOS 4.6, with
>openssl-0.9.7a-43.17.el4_7.2. I did see the problem with CentOS5 though,
>on a server with much less activity. Several QMT users are reporting
>that they're seeing this problem as well.
Here is a CentOS 5.3 with QMT installed. Traffic is around 100k mails per day.
Mirko
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
