[Mimedefang] Revisiting the bombardment of 451 Tempfailing errors

Justin Shore listuser at numbnuts.net
Tue Jul 8 09:22:00 EDT 2003

On Tue, 8 Jul 2003, David F. Skoll wrote:

> On Mon, 7 Jul 2003, Justin Shore wrote:
> > Howdy all.  I'm still having trouble with my server deciding to tempfail
> > everything after only a handful of minutes running.  It has all but made
> > the mail system unusable.
> I'm completely stumped; I've never seen this behaviour before.  I test
> MIMEDefang on a Sun Blade 100 which is much less powerful than your box,
> and it works fine.
> Are you running Solaris 9?  Maybe it's a Solaris 8 problem?  Any other
> Solaris users out there with helpful info?

Ah.  Leave it to me to leave out something important again. :)  This is a 
Redhat 7.3 box with most everything that listens on a port compiled by 
hand.  I think you can still get Solaris for x86 but I'm not for certain. 

> This is too high.  I would use 1 or 0.

I'll change this shortly.

> This is way too low.  I suggest 500.

I'll change this too.  IIRC the reason I set it lower was to hopefully get
MD to restart the child processes after only a few requests before they go
braindead.  In the end I believe I determined that it was the parent 
process that had the mental reservations.

> > Jul  7 21:14:59 bubba mimedefang[20616]: h682EmlQ020615: Unknown command
> > '%' in RESULTS file
> Could you have a partially-installed version of MIMEDefang, like a set
> of "C" programs from a different version than the Perl program?  Are you
> linking against a recent libmilter.a?

I suppose that a possibility.  I'm heading out of town again for the rest 
of the week.  When I get back I'll bring the mail system down, uninstall 
MD and SA, recompile and reinstall both and see what happens.  I'm 
assuming the libmilter.a I'm using is 8.12.9's.

I just noticed one odd thing.  I enabled named querylogging to make 
absolutely certain that MD wasn't querying all the DNSBLs I added to SA 
and then disabled.  Everytime a MD slave starts up there A record queries 
for two of three of hosts at cloudmark.com.


Also there is a query for kernel.org's MX.  This happens each and 
everytime a slave is spawned.  If I haven't actually enabled SA's local 
tests then why is razor being run?  This is exactly what I have in my 

# Lets SA run its DNSBLs and Razor stuff, I think
#$SALocalTestsOnly = 0;

I commented out that line some time back while trying to diagnose this 
problem.  It seems to me like this _could_ be part of the problem.  If SA 
can't get an answer out of the razor2 server it queries, couldn't that 
cause MD to wait indefinitely?  Is there a way to set a timeout on that 
query?  Just shooting in the dark here but I thought I'd mention it.  I'll 
be checking my email while I'm out of town.


More information about the MIMEDefang mailing list