Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)
Mon Mar 1 01:23:08 PST 2004
* Jeff Waugh <email@example.com> [2004-02-11 16:00+1100]
> <quote who="Jim Richardson">
> > How do you differentiate between say, Spamassassin, and the various qmail-
> > bits? are they not also "external processes" to the smtp conversation?
> Because the *smtpd process (in qmail and postfix speak) pulls in the mail
> and puts it in the queue for processing. ie, it puts it *on the disk*. If
> you're analysing mail during the SMTP transaction, you can't. Well, you
> could, but no one does. If something goes wrong, the MTA has to figure it
> out and send a failure message or do something sane. That can be incredibly
> hard to do right.
The other night perl was autoupgraded on my debian sarge boxes,
and for some reason spamd stopped working until I did an
/etc/init.d/spamassassin restart manually.
I was just playing around with my exim config and happened to
notice a few thousand entries in /var/log/exim4/paniclog like:
2004-03-01 03:33:23 1AxirO-0007Eg-Tp spam acl condition:
cannot parse spamd output
and checking the queue on my backup MX, it had a few hundred of these:
(host mr-burns.impressive.net[220.127.116.11] said: 451 Temporary
local problem - please try later)
So, even though spamassassin was completely hosed, exim did the
right thing and tempfailed my mail, and the world didn't end.
I would probably rather it just accepted the mail instead of
tempfailing it, though that would increase my spam intake.
(I'm sure I could configure exim to do that.)
I don't know when I would have noticed something was wrong if I
hadn't been playing with Exim; maybe I should set something up to
watch for entries in its paniclog. (not all mail was tempfailing,
some was still getting through; not sure why.)
I'm not really trying to revive this thread; just thought I'd
mention what happened when something broke.
Gerald Oskoboiny <firstname.lastname@example.org>
More information about the linux-elitists