several minor/medium issues
31 views
Skip to first unread message
Petar Bogdanovic
May 2, 2012, 12:48:19 PM5/2/12
to mop...@googlegroups.com
Hi,
while configuring/testing/running mopher on NetBSD 6.0_BETA, I noticed a
couple of issues:
* mopherd drops privileges before opening pidfile:
http://smokva.net/src/mopher/patches/patch-src_mopherd.c
http://smokva.net/src/mopher/patches/patch-src_util.c
* mopherd logs bogus error messages:
(...)
new working directory: /var/mopher: No such file or directory
server_init: server_socket is empty: exit: No such file or directory
vtable_getva: no data for "server": No such file or directory
client_init: no servers to sync with: No such file or directory
acl_constant_register: "LOG_EMERG" registered: No such file or directory
acl_constant_register: "LOG_ALERT" registered: No such file or directory
(...)
acl_symbol_register: "greylist_delay" registered: No such file or directory
acl_symbol_register: "greylist_attempts" registered: No such file or directory
acl_symbol_register: "greylist_visa" registered: No such file or directory
acl_symbol_register: "greylist_passed" registered: No such file or directory
acl_symbol_register: "greylist_listed" registered: No such file or directory
acl_symbol_register: "greylist_delayed" registered: No such file or directory
acl_symbol_register: "tarpit_delayed" registered: No such file or directory
(...)
* manually setting path_acl doesn't work:
parser: stat '': No such file or directory
* remaining attempts values are often garbled:
(...)
envrcpt: greylist: status=defer, delay=900, remaining=665, attempts=4, remaining=140183437574146
(...)
* `rbl_foo == 127.0.0.5' does not work, `rbl_foo == "127.0.0.5"' does
* when greylisting a (rbl-)host for the first time, the reason is
not logged:
2: connect: host=some.host.com addr=12.12.12.12
2: helo: name=some.host.com
2: envfrom: envfrom=<us...@host.com>
2: envrcpt: envrcpt=<us...@host.com>
2: envrcpt: greylist: status=defer, delay=900, attempts=4
2: close
3: connect: host=some.host.com addr=12.12.12.12
3: helo: name=some.host.com
3: envfrom: envfrom=<us...@host.com>
3: envrcpt: envrcpt=<us...@host.com>
3: envrcpt: rbl_query: addr=12.12.12.12, rbl=zen.spamhaus.org, result=127.0.0.11
3: envrcpt: greylist: status=defer, delay=900, remaining=795, attempts=4, remaining=140183437574147
3: close: No buffer space available
* counters are not saved after the first hit, when restarting
mopherd, counters will start from zero
* `define foo rbl_def_a || rbl_def_b' -> false (always)
`define foo tarpit_delayed || greylist_delayed' -> false (always)
`define foo rbl_def_a ||<\n><\t>rbl_def_b' -> true (always)
* defines seem to work with expressions but not actions
* on NetBSD, the bdb option pulls a ~30 MB db4 package, maybe SQLite
Amalgamation would make an interesting (embedded) alternative:
http://www.sqlite.org/amalgamation.html
Otherwise, mopherd runs very well---a pkgsrc-pkg can be found here:
http://smokva.net/src/mopher/
http://smokva.net/src/mopher.tar
Petar Bogdanovic
P.S.
mopherd.conf and mail.acl are attached.
while configuring/testing/running mopher on NetBSD 6.0_BETA, I noticed a
couple of issues:
* mopherd drops privileges before opening pidfile:
http://smokva.net/src/mopher/patches/patch-src_mopherd.c
http://smokva.net/src/mopher/patches/patch-src_util.c
* mopherd logs bogus error messages:
(...)
new working directory: /var/mopher: No such file or directory
server_init: server_socket is empty: exit: No such file or directory
vtable_getva: no data for "server": No such file or directory
client_init: no servers to sync with: No such file or directory
acl_constant_register: "LOG_EMERG" registered: No such file or directory
acl_constant_register: "LOG_ALERT" registered: No such file or directory
(...)
acl_symbol_register: "greylist_delay" registered: No such file or directory
acl_symbol_register: "greylist_attempts" registered: No such file or directory
acl_symbol_register: "greylist_visa" registered: No such file or directory
acl_symbol_register: "greylist_passed" registered: No such file or directory
acl_symbol_register: "greylist_listed" registered: No such file or directory
acl_symbol_register: "greylist_delayed" registered: No such file or directory
acl_symbol_register: "tarpit_delayed" registered: No such file or directory
(...)
* manually setting path_acl doesn't work:
parser: stat '': No such file or directory
* remaining attempts values are often garbled:
(...)
envrcpt: greylist: status=defer, delay=900, remaining=665, attempts=4, remaining=140183437574146
(...)
* `rbl_foo == 127.0.0.5' does not work, `rbl_foo == "127.0.0.5"' does
* when greylisting a (rbl-)host for the first time, the reason is
not logged:
2: connect: host=some.host.com addr=12.12.12.12
2: helo: name=some.host.com
2: envfrom: envfrom=<us...@host.com>
2: envrcpt: envrcpt=<us...@host.com>
2: envrcpt: greylist: status=defer, delay=900, attempts=4
2: close
3: connect: host=some.host.com addr=12.12.12.12
3: helo: name=some.host.com
3: envfrom: envfrom=<us...@host.com>
3: envrcpt: envrcpt=<us...@host.com>
3: envrcpt: rbl_query: addr=12.12.12.12, rbl=zen.spamhaus.org, result=127.0.0.11
3: envrcpt: greylist: status=defer, delay=900, remaining=795, attempts=4, remaining=140183437574147
3: close: No buffer space available
* counters are not saved after the first hit, when restarting
mopherd, counters will start from zero
* `define foo rbl_def_a || rbl_def_b' -> false (always)
`define foo tarpit_delayed || greylist_delayed' -> false (always)
`define foo rbl_def_a ||<\n><\t>rbl_def_b' -> true (always)
* defines seem to work with expressions but not actions
* on NetBSD, the bdb option pulls a ~30 MB db4 package, maybe SQLite
Amalgamation would make an interesting (embedded) alternative:
http://www.sqlite.org/amalgamation.html
Otherwise, mopherd runs very well---a pkgsrc-pkg can be found here:
http://smokva.net/src/mopher/
http://smokva.net/src/mopher.tar
Petar Bogdanovic
P.S.
mopherd.conf and mail.acl are attached.
badzong
May 5, 2012, 11:10:19 AM5/5/12
to mopher
On May 2, 6:48 pm, Petar Bogdanovic <pe...@smokva.net> wrote:
> * mopherd drops privileges before opening pidfile:
Fixed in HEAD.
> * mopherd drops privileges before opening pidfile:
> http://smokva.net/src/mopher/patches/patch-src_util.c
Just removing an existing pidfile is insecure as another mopherd could
still be running.
> * mopherd logs bogus error messages:
> (...)
> * manually setting path_acl doesn't work:
> parser: stat '': No such file or directory
> * `rbl_foo == 127.0.0.5' does not work, `rbl_foo == "127.0.0.5"' does
> * remaining attempts values are often garbled:
> (...)
>
> * when greylisting a (rbl-)host for the first time, the reason is
> not logged:
> (...)
> not logged:
Please attach a level 7 debug output.
> * counters are not saved after the first hit, when restarting
> mopherd, counters will start from zero
> * `define foo rbl_def_a || rbl_def_b' -> false (always)
> `define foo tarpit_delayed || greylist_delayed' -> false (always)
> `define foo rbl_def_a ||<\n><\t>rbl_def_b' -> true (always)
> * defines seem to work with expressions but not actions
anyways as I never use them. Do you consider defines useful?
> * on NetBSD, the bdb option pulls a ~30 MB db4 package, maybe SQLite
> Amalgamation would make an interesting (embedded) alternative:
> http://www.sqlite.org/amalgamation.html
Thank you for reporting and packaging mopher.
Manuel
Petar Bogdanovic
May 5, 2012, 1:40:12 PM5/5/12
to mopher
On Sat, May 05, 2012 at 08:10:19AM -0700, badzong wrote:
> On May 2, 6:48�pm, Petar Bogdanovic <pe...@smokva.net> wrote:
> > � � � �http://smokva.net/src/mopher/patches/patch-src_util.c
> On May 2, 6:48�pm, Petar Bogdanovic <pe...@smokva.net> wrote:
>
> Just removing an existing pidfile is insecure as another mopherd could
> still be running.
As it is right now, you can't restart mopherd, because unlink won't work
> Just removing an existing pidfile is insecure as another mopherd could
> still be running.
after mopherd dropped privileges and you end up with a stale pid-file.
> > � � * `rbl_foo == 127.0.0.5' does not work, `rbl_foo == "127.0.0.5"' does
>
> I filed a bug with low priority. I'll fix it sometime..
Is that supposed to be somewhere on GitHub? Because I can't find it:
> I filed a bug with low priority. I'll fix it sometime..
Issues: 0
> > � � * remaining attempts values are often garbled:
> > � � � � (...)
> >
> > � � * when greylisting a (rbl-)host for the first time, the reason is
> > � � � not logged:
> > (...)
>
> Please attach a level 7 debug output.
Ok, that will take one or two days.
> >
> > � � * when greylisting a (rbl-)host for the first time, the reason is
> > � � � not logged:
> > (...)
>
> Please attach a level 7 debug output.
> > � � * defines seem to work with expressions but not actions
>
> That's right. I'm thinking about removing defines from the acl grammar
> anyways as I never use them. Do you consider defines useful?
Yes, I like the idea.. but if they aren't going to be cpp-like, I'd
> That's right. I'm thinking about removing defines from the acl grammar
> anyways as I never use them. Do you consider defines useful?
rather use cpp and a Makefile.
Additional Issue: The injected mopher received-header should be
sendmail-like in order to trigger certain spamd-tests. Right now the
header looks like this:
Received: from sender.foo.com ([109.246.16.16] [109.246.16.16])
by receiver.bar.com (envelope-sender <<us...@domain.net>>) (mopherd) with SMTP id 3760A10696FA;
Thu, 03 May 2012 16:12:05 +0000
* there are double `<<' `>>' in the envsender address
* hosts with no rdns get ([109.246.16.16] [109.246.16.16])
instead of ([109.246.16.16]) which is sendmail-style and
triggers RDNS_NONE
Here is a sendmail-received-header:
Received: from uchoosem.com (207-36-31-72.ptr.primarydns.com [207.36.31.72])
by mx01.i-is.com (8.12.11/8.12.11) with ESMTP id k32GfMBr059052
for <k...@oakis.com>; Sun, 2 Apr 2006 12:41:22 -0400 (EDT)
(envelope-from richlawryh...@uchoosem.com)
without rdns:
Received: from uchoosem.com ([207.36.31.72])
by mx01.i-is.com (8.12.11/8.12.11) with ESMTP id k32GfMBr059052
for <k...@oakis.com>; Sun, 2 Apr 2006 12:41:22 -0400 (EDT)
(envelope-from richlawryh...@uchoosem.com)
And one last idea for the record.. instead of:
envrcpt: greylist: status=defer, delay=900, remaining=213, attempts=4, remaining=2
why not
envrcpt: greylist: status=defer, delay=213/900, attempts=2/4
Petar Bogdanovic
Manuel Badzong
May 6, 2012, 10:14:44 AM5/6/12
to mop...@googlegroups.com
On Sat, May 05, 2012 at 07:40:12PM +0200, Petar Bogdanovic wrote:
> As it is right now, you can't restart mopherd, because unlink won't work
> after mopherd dropped privileges and you end up with a stale pid-file.
My bad. I think restoring the original behavior is the best solution. RFC.
> As it is right now, you can't restart mopherd, because unlink won't work
> after mopherd dropped privileges and you end up with a stale pid-file.
> Is that supposed to be somewhere on GitHub? Because I can't find it:
> Issues: 0
> Additional Issue: The injected mopher received-header should be
> sendmail-like in order to trigger certain spamd-tests. Right now the
> header looks like this:
> why not
>
> envrcpt: greylist: status=defer, delay=213/900, attempts=2/4
Manuel
Petar Bogdanovic
May 9, 2012, 4:55:06 PM5/9/12
to mop...@googlegroups.com
On Sun, May 06, 2012 at 04:14:44PM +0200, Manuel Badzong wrote:
> On Sat, May 05, 2012 at 07:40:12PM +0200, Petar Bogdanovic wrote:
> > As it is right now, you can't restart mopherd, because unlink won't work
> > after mopherd dropped privileges and you end up with a stale pid-file.
>
> My bad. I think restoring the original behavior is the best solution. RFC.
I agree. The packager can create a $user:$group /var/run/$dir for
> On Sat, May 05, 2012 at 07:40:12PM +0200, Petar Bogdanovic wrote:
> > As it is right now, you can't restart mopherd, because unlink won't work
> > after mopherd dropped privileges and you end up with a stale pid-file.
>
> My bad. I think restoring the original behavior is the best solution. RFC.
the PID-file by making it part of the package or the rc/init-script
(in cases where /var/run is a tmpfs):
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2009q1/002840.html
Petar Bogdanovic
May 11, 2012, 2:29:15 PM5/11/12
to mopher
On Sat, May 05, 2012 at 07:40:12PM +0200, Petar Bogdanovic wrote:
> On Sat, May 05, 2012 at 08:10:19AM -0700, badzong wrote:
> > On May 2, 6:48�pm, Petar Bogdanovic <pe...@smokva.net> wrote:
> > >
> > > � � * remaining attempts values are often garbled:
> > > � � � � (...)
> > >
> >
> > On May 2, 6:48�pm, Petar Bogdanovic <pe...@smokva.net> wrote:
> > >
> > > � � * remaining attempts values are often garbled:
> > > � � � � (...)
> > >
> >
> > Please attach a level 7 debug output.
>
> Ok, that will take one or two days.
remaining attempts = 140183437574146
>
> Ok, that will take one or two days.
mopherd: 149: connect: host=mta-inap10.bluestatedigital.com addr=69.25.202.120
mopherd: bdb_get: no record found
mopherd: 149: connect: tarpit: delay=5
mopherd: acl: no match in "connect": continue
mopherd: 149: helo: name=mta-inap10.bluestatedigital.com
mopherd: acl: no rules for "helo"
mopherd: acl: no match in "helo": continue
mopherd: 149: envfrom: envfrom=<CgdXWAJtVw1dCgFQCAdWVFRbVgJQ...@bounce.bluestatedigital.com>
mopherd: acl: no rules for "envfrom"
mopherd: acl: no match in "envfrom": continue
mopherd: 149: envrcpt: envrcpt=<us...@smokva.net>
mopherd: bdb_get: no record found
mopherd: bdb_get: no record found
mopherd: 149: envrcpt: spf: helo=mta-inap10.bluestatedigital.com, from=CgdXWAJtVw1dCgFQCAdWVFRbVgJQ...@bounce.bluestatedigital.com, spf=pass
mopherd: acl: no match in "envrcpt": continue
mopherd: 149: data: queueid=DF08010696FA
mopherd: acl: no rules for "data"
mopherd: acl: no match in "data": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "header"
mopherd: acl: no match in "header": continue
mopherd: acl: no rules for "eoh"
mopherd: acl: no match in "eoh": continue
mopherd: acl: no rules for "body"
mopherd: acl: no match in "body": continue
mopherd: 149: eom: message=6021, headers=1291, body=4730
mopherd: bdb_get: no record found
mopherd: 149: eom: spamd: spam=0, score=4.1, symbols=DCC_CHECK,DKIM_SIGNED,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_NJABL_SPAM,T_DKIM_INVALID,T_RP_MATCHES_RCVD: Network is unreachable
mopherd: bdb_get: no record found
mopherd: 149: eom: greylist: status=defer, delay=900, attempts=3
mopherd: acl: no rules for "close"
mopherd: acl: no match in "close": continue
mopherd: 149: close
mopherd: 150: connect: host=mta-inap4.bluestatedigital.com addr=70.42.50.186
mopherd: bdb_get: no record found
mopherd: 150: connect: tarpit: delay=5
mopherd: acl: no match in "connect": continue
mopherd: 150: helo: name=mta-inap4.bluestatedigital.com
mopherd: acl: no rules for "helo"
mopherd: acl: no match in "helo": continue
mopherd: 150: envfrom: envfrom=<CgdXWAJtVw1dCgFQCAdWVFRbVgJQ...@bounce.bluestatedigital.com>
mopherd: acl: no rules for "envfrom"
mopherd: acl: no match in "envfrom": continue
mopherd: 150: envrcpt: envrcpt=<us...@smokva.net>
mopherd: bdb_get: no record found
mopherd: 150: envrcpt: greylist: status=defer, delay=900, remaining=806, attempts=3, remaining=140183437574146
mopherd: acl: no rules for "abort"
mopherd: acl: no match in "abort": continue
mopherd: acl: no rules for "close"
mopherd: acl: no match in "close": continue
mopherd: 150: close
Manuel Badzong
May 12, 2012, 8:04:43 AM5/12/12
to mop...@googlegroups.com
remaining attempts = 140183437574146
Uninitialized int. This particular variable is no longer used and has been removed due to the new greylist logging format.
Reply all
Reply to author
Forward
0 new messages