Age | Commit message (Collapse) | Author |
|
signal handler could be interrupted by another instance
of itself because it was used for multiple signals and
only one signal was blocked.
ok beck@ henning@
|
|
- Implement RSET in spamd - some virus scanning products (notably symantec's
viruswall) spew a RSET into the smtp stream before every attempted delivery.
(noticed by reitenba@fh-brandenburg.de and some others). This ensures
such things can successfully talk to a spamd greylister.
ok millert@ henning@
|
|
MTA's with a quadratic retry schedule have a retry after 26 minutes, and
then again after an hour, so this probably makes a lot more sense than the
old 30 minute default.
ok henning@
|
|
people on misc, and some observations by Evan harris on the greylisting
mailing list that a number of clustered mailers like aol behave better
(and retry from the same IP) when they see a 451, but do not when
they see a 450 (traditionally used for mailbox lock failure)
450 was the original for spamd, as the default for the tarpit is to
encourage quick retries to punish blacklisted smtp servers more. This
got carried over to the greylisting implementation, and isnt' really
optimal for that case.
ok millert@, henning@, todd@
|
|
ok henning@
|
|
|
|
|
|
with an expire time in the past. From beck@, OK deraadt@
|
|
|
|
|
|
|
|
sys/types.h after sys/param.h
|
|
|
|
|
|
with -v, you get From/To/Subject at LOG_INFO, and the first ten body
lines at LOG_DEBUG. ok beck@
|
|
so separate lines before logging headers/body. doesn't make logging
more verbose, just fixes the case where chunks contain multiple lines.
ok beck@
|
|
would get messed up when the blacklist limit was hit.
tested by danh@ and me
ok cedric@
|
|
|
|
connections to something less than maxcon when greylisting. This ensures
you don't completely run out of connections tarpitting spammers, and not
allow real mail through.
ok dhartmei@ millert@
|
|
connection. This ensures that greylisted connections are not delayed
by a small windows size, but blacklisted connections still have to
send the body through a tiny window, and presumably the body is
the vast majority of what is being sent anyway.
ok dhartmei@ millert@
|
|
kill all three processes to make it go away. Adjust daemon() call and
logging appropriately.
ok henning@, millert@
|
|
|
|
ok millert@ dhartmei@
|
|
ok xsa@ henning@
|
|
found by yongari@kt-is.co.kr
ok dhartmei@, millert@
|
|
close() calls sync() itself the standalone sync() is a no-op. OK beck@
|
|
frequent in the scheme of things and this avoids the possibility
of database corruption. Run here for a week.
ok millert@ deraadt@
|
|
|
|
yongari@kt-is.co.kr
ok deraadt@
|
|
yongari@kt-is.co.kr
ok deraadt@
|
|
servers having their pf update process growing massive as it leaked
huge tracks of whitelist.
ok millert@
|
|
ok beck@
|
|
ok beck@
|
|
to avoid keeping multiple grey entries around from a single host for
extra time.
- make -G work
- paranoia and cleanup suggestions from deraadt@
ok millert@
|
|
|
|
|
|
|
|
|
|
|
|
originates from a paper by Evan Harris which can be found at
http://projects.puremagic.com/greylisting/. This implementation makes
spamd allow for non-blacklisted addresses to be treated as "greylisted".
where they are tracked in a db file, and whitelisted by addition to a
pf table when the same envelope from and to are retried from the same
source IP address. Testing by many, ok deraadt@
|
|
the outside world -- in fact 'rdr pass' was designed for this, but once
again someone forgot to updated the bloody man page; mcbride ok
|
|
|
|
|
|
- new sentence, new line
- .Dv for variables
- fix .Xr
|
|
and blacklist matches. Add -v (verbose) flag to allow other detailed
logging (subject, body, smtp dialogue, etc.) when it's needed.
ok dhartmei@ -> ok deraadt@
|
|
2) Allow multiple RCPT's
ok mpech@, helpful stress testing by Chris Nadovich <chris@jtan.com>
|
|
|
|
ok deraadt@
|
|
|
|
- use -offset rather than indenting the actual display
- kill unnecessary .Pp
|