Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Gerald Oskoboiny gerald@impressive.net
Mon Mar 1 01:23:08 PST 2004


* Jeff Waugh <jdub@perkypants.org> [2004-02-11 16:00+1100]
> <quote who="Jim Richardson">
> 
> > How do you differentiate between say, Spamassassin, and the various qmail-
> > bits? are they not also "external processes" to the smtp conversation? 
> 
> Because the *smtpd process (in qmail and postfix speak) pulls in the mail
> and puts it in the queue for processing. ie, it puts it *on the disk*. If
> you're analysing mail during the SMTP transaction, you can't. Well, you
> could, but no one does. If something goes wrong, the MTA has to figure it
> out and send a failure message or do something sane. That can be incredibly
> hard to do right.

The other night perl was autoupgraded on my debian sarge boxes,
and for some reason spamd stopped working until I did an
/etc/init.d/spamassassin restart manually.

I was just playing around with my exim config and happened to
notice a few thousand entries in /var/log/exim4/paniclog like:

    2004-03-01 03:33:23 1AxirO-0007Eg-Tp spam acl condition:
    cannot parse spamd output

and checking the queue on my backup MX, it had a few hundred of these:

    (host mr-burns.impressive.net[64.26.156.13] said: 451 Temporary
    local problem - please try later)

So, even though spamassassin was completely hosed, exim did the
right thing and tempfailed my mail, and the world didn't end.

I would probably rather it just accepted the mail instead of
tempfailing it, though that would increase my spam intake.
(I'm sure I could configure exim to do that.)

I don't know when I would have noticed something was wrong if I
hadn't been playing with Exim; maybe I should set something up to
watch for entries in its paniclog. (not all mail was tempfailing,
some was still getting through; not sure why.)

I'm not really trying to revive this thread; just thought I'd
mention what happened when something broke.

-- 
Gerald Oskoboiny <gerald@impressive.net>
http://impressive.net/people/gerald/



More information about the linux-elitists mailing list