[Gross] gross 1.0.1 milter and Postfix

Steve steeeeeveee at gmx.net
Sat Aug 2 20:32:42 EEST 2008


-------- Original-Nachricht --------
> Datum: Sat, 02 Aug 2008 19:59:06 +0300
> Von: Eino Tuominen <eino at utu.fi>
> An: Steve <steeeeeveee at gmx.net>
> CC: gross at lists.utu.fi
> Betreff: Re: [Gross] gross 1.0.1 milter and Postfix

> Steve wrote:
> > Hello list
> > 
> > I am using gross 1.0.1 as an Milter in Postfix 2.5.3. It looks that
> > all is working as expected (okay... I once and just once had an
> > segfault with it, but that's all so far).
> 
> Well, even the one segfault is too much.. ;-)
>
Well... that's life. What should I say? Here the output while running:
mail ~ # /usr/sbin/grossd -d
Sat Aug  2 14:43:13 2008 #b7dea6c0: grossd version 1.0.1 starting...
Sat Aug  2 14:43:13 2008 #b7dea6c0: creating pidfile /var/run/gross/grossd.pid
Sat Aug  2 14:43:13 2008 #b75ddb90: bloommgr starting...
Sat Aug  2 14:43:13 2008 #b7dea6c0: Filters in sync. Starting...
Sat Aug  2 14:43:13 2008 #b7dea6c0: starting postfix policy server
Sat Aug  2 14:43:13 2008 #b5bdbb90: initializing postfix thread pool
Sat Aug  2 14:43:13 2008 #b7dea6c0: starting milter policy server
Sat Aug  2 14:44:14 2008 #b2bd5b90: a=match d=0 w=0 c=213.165.64.20 s=<XXXXXXXXXXXXXX at gmx.net> r=<xxxxx1 at yyyyy1.zz> h=mail.gmx.net
Sat Aug  2 14:48:14 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217680993, 1217681294, 0, 1, 0, 0
Sat Aug  2 14:48:14 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217680993, 1217681294, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 14:48:14 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217680993, 1217681294, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 14:53:15 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217681294, 1217681595, 0, 0, 0, 0
Sat Aug  2 14:53:15 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217681294, 1217681595, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 14:53:15 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217681294, 1217681595, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 14:58:16 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217681595, 1217681896, 0, 0, 0, 0
Sat Aug  2 14:58:16 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217681595, 1217681896, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 14:58:16 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217681595, 1217681896, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:03:17 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217681896, 1217682197, 0, 0, 0, 0
Sat Aug  2 15:03:17 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217681896, 1217682197, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:03:17 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217681896, 1217682197, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:08:18 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217682197, 1217682498, 0, 0, 0, 0
Sat Aug  2 15:08:18 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217682197, 1217682498, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:08:18 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217682197, 1217682498, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:13:19 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217682498, 1217682799, 0, 0, 0, 0
Sat Aug  2 15:13:19 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217682498, 1217682799, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:13:19 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217682498, 1217682799, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:18:20 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217682799, 1217683100, 0, 0, 0, 0
Sat Aug  2 15:18:20 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217682799, 1217683100, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:18:20 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217682799, 1217683100, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:23:21 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217683100, 1217683401, 0, 0, 0, 0
Sat Aug  2 15:23:21 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217683100, 1217683401, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:23:21 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217683100, 1217683401, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:23:51 2008 #b13d2b90: a=greylist d=17 w=0 c=66.150.96.100 s=<XXXXXXXXXXXXXX at emailenfuego.net> r=<xxxxx2 at yyyyy2.zz> h=smtp.emailenfuego.net
Sat Aug  2 15:23:51 2008 #b23d4b90: a=greylist d=15 w=0 c=69.63.184.109 s=<XXXXXXXXXXXXXX at facebookmail.com> r=<xxxxx3 at yyyyy3.zz> h=mx-out.facebook.com
Sat Aug  2 15:24:18 2008 #b23d4b90: a=greylist d=0 w=0 c=83.9.74.216 s=<XXXXXXXXXXXXXX at connected.bc.ca> r=<xxxxx4 at yyyyy4.zz> h=acac216.neoplus.adsl.tpnet.pl
Sat Aug  2 15:28:07 2008 #b75ddb90: received rotate command
Sat Aug  2 15:28:07 2008 #b23d4b90: rotate thread starting
Sat Aug  2 15:28:23 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217683401, 1217683703, 0, 0, 3, 0
Sat Aug  2 15:28:23 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217683401, 1217683703, 0.000, 0.000, 10.667, 0.000
Sat Aug  2 15:28:23 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217683401, 1217683703, 0.000, 0.000, 17.000, 0.000
Sat Aug  2 15:29:16 2008 #b23d4b90: a=greylist d=0 w=0 c=192.168.0.135 s=<XXXXXXXXXXXXXX at loftladderman.co.uk> r=<xxxxx4 at yyyyy4.zz> h=pool-96-237-176-33.bstnma.fios.verizon.net [96.237.176.33]
Sat Aug  2 15:30:36 2008 #b23d4b90: a=greylist d=0 w=0 c=69.63.184.102 s=<XXXXXXXXXXXXXX at facebookmail.com> r=<xxxxx5 at yyyyy5.zz> h=mx-out.facebook.com
Sat Aug  2 15:33:24 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217683703, 1217684004, 0, 0, 2, 0
Sat Aug  2 15:33:24 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217683703, 1217684004, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:33:24 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217683703, 1217684004, 0.000, 0.000, 17.000, 0.000
Sat Aug  2 15:35:26 2008 #b23d4b90: a=greylist d=0 w=0 c=208.124.238.82 s=<XXXXXXXXXXXXXX at mbtimber.com> r=<xxxxx6 at yyyyy6.zzz> h=[208.124.238.82]
Sat Aug  2 15:37:46 2008 #b23d4b90: a=greylist d=0 w=0 c=192.168.0.135 s=<XXXXXXXXXXXXXX at hotmail.com> r=<xxxxx4 at yyyyy4.zz> h=[89.129.37.195] [89.129.37.195]
Sat Aug  2 15:38:25 2008 grossd status summary (begin, end, trust, match, greylist, block): 1217684004, 1217684305, 0, 0, 2, 0
Sat Aug  2 15:38:25 2008 grossd processing average delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217684004, 1217684305, 0.000, 0.000, 0.000, 0.000
Sat Aug  2 15:38:25 2008 grossd processing max delay (begin, end, trust[ms], match[ms], greylist[ms], block[ms]): 1217684004, 1217684305, 0.000, 0.000, 17.000, 0.000
Segmentation fault
mail ~ #



> On what platform do you 
> run your email stack?
> 
mail ~ # cat /etc/gentoo-release
Gentoo Base System release 1.12.11.1
mail ~ # gcc -v
Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/specs
Configured with: /var/tmp/portage/sys-devel/gcc-3.4.6-r2/work/gcc-3.4.6/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.4.6 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include/g++-v3 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --enable-secureplt --disable-libunwind-exceptions --disable-multilib --disable-libgcj --with-arch=i686 --enable-languages=c,c++,treelang --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
Thread model: posix
gcc version 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.5, ssp-3.4.6-1.0, pie-8.7.10)
mail ~ # /lib/libc.so.6
GNU C Library stable release version 2.6.1, by Roland McGrath et al.
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.5, ssp-3.4.6-1.0, pie-8.7.10).
Compiled on a Linux >>2.6.23.8<< system on 2008-06-23.
Available extensions:
        C stubs add-on version 2.1.2
        crypt add-on version 2.1 by Michael Glad and others
        Gentoo patchset 1.2
        GNU Libidn by Simon Josefsson
        Native POSIX Threads Library by Ulrich Drepper et al
        Support for some architectures added on, not maintained in glibc core.
        BIND-8.2.3-T5B
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.
mail ~ # uname -a
Linux mail 2.6.24.3 #1 Thu May 1 08:05:57 CEST 2008 i686 AMD Athlon (TM) AuthenticAMD GNU/Linux
mail ~ #


Soon I will try to run it here:
nemesis ~ # cat /etc/gentoo-release
Gentoo Base System release 2.0.0
nemesis ~ # gcc -v
Using built-in specs.
Target: i686-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/4.3.1 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/4.3.1/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/4.3.1 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/4.3.1/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/4.3.1/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/4.3.1/include/g++-v4 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --enable-secureplt --disable-multilib --enable-libmudflap --disable-libssp --enable-cld --disable-libgcj --with-arch=i686 --enable-languages=c,c++,treelang --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo 4.3.1-r1 p1.1'
Thread model: posix
gcc version 4.3.1 (Gentoo 4.3.1-r1 p1.1)
nemesis ~ # /lib/libc.so.6
GNU C Library stable release version 2.7, by Roland McGrath et al.
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.3.1.
Compiled on a Linux >>2.6.25.9<< system on 2008-07-06.
Available extensions:
        C stubs add-on version 2.1.2
        crypt add-on version 2.1 by Michael Glad and others
        Gentoo patchset 1.7
        GNU Libidn by Simon Josefsson
        Native POSIX Threads Library by Ulrich Drepper et al
        Support for some architectures added on, not maintained in glibc core.
        BIND-8.2.3-T5B
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.
nemesis ~ #


> > Now I have a question: How does gross 1.0.1 Milter knows that a mail
> > is locally originating? I don't see any option in gross to disable it
> > on mails originating from local addresses and/or I don't see any
> > option in gross to disable it for authenticated users. With
> > authenticated I mean users that succeeded SMTP AUTH ({auth_authen}
> > Milter macro) and/or users that use STARTTLS with a verified client
> > certificate ({verify} and {cert_subject} macro). Is there a way to
> > bypass gross for those conditions? Does any one know that?
> 
> I'm afraid that funcionality is not (yet) implemented in grossd. It 
> should be pretty straight forward to iplement those things in 
> worker_milter.c.
> 
Okay. How do you handle that on your setup? You greylist everyone? Even your own users?


> > What about white listing certain client IP's and/or recipient and/or
> > senders? Is there a possibility to do that in gross (beside adding
> > them in a local dnswl)?
> 
> A local dnswl is the only option, currently. Senders could be 
> whitelisted with a local rhsbl with a negative weight. Now, I'm 
> uncertain if I have ever tested negative weights thorougly, but 
> It-Should-Work(TM).
> 
Negative weights? Did not know that this works. Should be in the manual :)
What about floats? Do they work as well? I mean 1.5 as weight. Would that work? What is the upper/lower bound of the weights?


> > btw: I know, I know. I should/could use the Postfix policy with
> > gross. But I just wanted to see if the Milter would work with
> > Postfix. And it does :) But probably I will switch gross to use
> > Postfix policy possibility.
> 
> I'm going to investigate milter possibilities more after I've got our 
> JES to speak milter with gross. One interesting possibility would be to 
> extract URLs from message bodies and test them against Spamhaus SBL.
> 
Uhh... If you talk about possibilities, then I can flood you with ideas:
- Check SPF and allow me to act on the response. For example:
  - FAIL -> BLOCK/GREYLIST
  - PASS -> GREYLIST
  - SOFT FAIL -> GREYLIST
  - etc... the possibilities are endless :)

- Check DKIM/SenderID

- Check HELO/EHLO
  - the one claiming to be me (any of my domain) -> BLOCK/GREYLIST
  - the one having a non resolvable name -> BLOCK/GREYLIST
  - the one having an illegal HELO/EHLO -> GREYLIST
  - etc...

- Check client name/ip
  - Greylist all matching certain REGEXP. For example:
    - /^(dhcp|dialup|cable|isdn|ppp|adsl|dsl|dial|dynamic|host|pool|port|ippool|static|user|pc|pop|client)[^\.]*[0-9]|^[^0-9]+[0-9]+\.[^\.]+\.adsl|^unknown$/i -> GREYLIST
    - /^[^\.]*[0-9][^0-9\.]+[0-9]|^[^\.]*[0-9]{5}|^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]|^[^\.]*[0-9]\.[^\.]*[0-9]-[0
-9]|^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./i -> GREYLIST
    - etc...


And, and, and, and... I think there are endless possibilities which could be added into gross. You even mentioned something about URLs in the body. Adding that kind of stuff would be very deluxe :) I don't know any greylisting solution out there doing body inspection in the greylisting phase. Gross would be the first one.

> -- 
>    Eino Tuominen
>
Steve
-- 
GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx



More information about the Gross mailing list