Spillover queue (was RE: [Mimedefang] Quarantine based on con tent)

Cormack, Ken kcormack at acs.roadway.com
Wed Aug 6 09:46:02 EDT 2003 

I've already trimmed the queue times way down from default, and that alone,
had greatly reduced the queue size.  Our rationale was that if an
undeliverable message was sent Friday afternoon, by Moday, the sender would
receive the undeliverable notification, rather than waiting until Wednesday
morning, to get the notice.

By the same token, dont take these ideas for trimming message lifetime to
the extreme.  We just last week had a customer complain to us that their
attempt to send a mail to us bounced back as undeliverable.  When they faxed
us the undeliverable notice they received, it showed their mail server
expired the message after just one hour!  We looked at our logs and found
nothing.  Their logs revealed that their server had made only one initial
attempt to deliver, during that hour.

They were tuned to run the queue only once per hour, and had their
QUEUERETURN also set to one hour.  We expect there was a mail-traffic
"spike" on our end that was just busy enough to momentarily refuse
additional connections, at the one time that their server tried to contact
ours.  With no further attempts made by them to push the message before it
expired, the message bounced back as undeliverable.  When we explained to
the sender that the default timeout is 5 days, and that retries default to
several times per hour, their response was a sheepish "oh".

Just for reference, my QUEUERETURN values are roughly half the defaults.
These have worked well for us over the last 3 years that this particular
server has been in service:

define(`confTO_QUEUERETURN', `2d')
define(`confTO_QUEUERETURN_NORMAL', `2d')
define(`confTO_QUEUERETURN_URGENT', `1d')
define(`confTO_QUEUERETURN_NONURGENT', `2d')
define(`confTO_QUEUEWARN', `4h')

Ken

-----Original Message-----
From: Clayton, Nik [IT] [mailto:nik.clayton at citigroup.com]
Sent: Wednesday, August 06, 2003 9:05 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: Spillover queue (was RE: [Mimedefang] Quarantine based on
con tent)


> So basically after a few hours all the undeliverable spam bounces are 
> moved to the 1day queue where i can just forget about them.  

Something that's probably not well known is that Sendmail has a bunch
of definitions that can be enabled at compile time to switch on additional
functionality.  These are typically indicated with a leading _FFR_ in the
option name (FFR == For Future Release).

One of the ones you can enable on recent Sendmails is _FFR_QUEUERETURN_DSN.
Do this with a line like:

     APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_QUEUERETURN_DSN=1')dnl

in your site.config.m4 file and then recompile.

This gives you two new timeout options, one to set the timeout before
warning messages about DSN non-delivery are generated, and one to set the
timeout before DSN non-delivery messages are bounced.

Since the default for this is 4 hours and 5 days respectively, you can do
something like this:

    define(`confTO_QUEUEWARN_DSN', `2h')dnl
    define(`confTO_QUEUERETURN_DSN', `2d')dnl

in your .mc file to set them them 2 hours and 2 days.  So a non-deliverable
DSN (e.g., you've bounced a spam, and the envelope sender address is
non-existent) will only stay in the queue for 2 days.  Other 
non-deliverable messages will use whatever timeout you've set.

Another useful _FFR_ option is _FFR_BLOCK_PROXIES, which causes Sendmail 
to look for non-SMTP commands at the beginning of the SMTP session which 
are indicative that the remote end is a poorly configured HTTP proxy 
which is being used to relay spam.

Note that _FFR_ options may not exist between different versions of 
Sendmail, and may be removed entirely in later versions.  The code is,
by definition, unsupported, so I recommend you're comfortable with the
Sendmail source code before you come to rely on this.

N
-- 
1        1         2         3         4         5         6         7    7
         0         0         0         0         0         0         0    5
                                                    -- The 75 column-ometer
Global Messaging,                 A: Top posting
120 Cheapside, x83331             Q: What's the most annoying e-mail habit?

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list