Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#4 sid_marid_check ignores [-t] ?

v0.2.3
closed-fixed
5
2004-12-08
2004-11-29
Nelson S. Fung
No

When running sid-filter v.0.2.3 with the recommended -t
(test mode) option, I noticed that some messages were
temp-failed with sid_marid_check(): -1 This is when
DNS timed out after 16s. Doesn't -t (test mode) tell
sid-filter to accept ALL messages?

TIA for any pointers.

Discussion

  • Nelson S. Fung
    Nelson S. Fung
    2004-11-29

    • summary: sid_marid_check look at -t? --> sid_marid_check ignores [-t] ?
     
  • Nelson S. Fung
    Nelson S. Fung
    2004-11-29

    Logged In: YES
    user_id=786866

    CRUDE patch to sid_filter.c to accept a message when
    sid_marid_check() times out while running with -t (TEST mode):

    diff -r1.1 sid-filter.c
    1762c1762,1763
    < return SMFIS_TEMPFAIL;
    ---

    > /* return SMFIS_TEMPFAIL; */
    > return (testmode ? SMFIS_ACCEPT :
    SMFIS_TEMPFAIL);

    1788c1789,1790
    < return SMFIS_TEMPFAIL;
    ---

    > /* return SMFIS_TEMPFAIL; */
    > return (testmode ? SMFIS_ACCEPT :
    SMFIS_TEMPFAIL);

     
    • assigned_to: nobody --> sm-msk
     
  • Logged In: YES
    user_id=1048957

    This is deliberate.

    "-t" is intended to accept, rather than temp-fail, messages
    for which the SPF or PRA check could not be completed
    because of bad headers or messages that actually fail the
    SPF/PRA checks. Transient DNS errors are not covered.

    Instead of the proposed patch, I would rather make the DNS
    timeout configurable.

    By the way, the DNS timeout is five seconds, not 16. See
    DEFTIMEOUT in sid-filter.h.

     
  • Nelson S. Fung
    Nelson S. Fung
    2004-12-01

    Logged In: YES
    user_id=786866

    I stand corrected. The default timeout is of course 5
    seconds. I got confused when the log file said:

    DNS timeout (16 some.domain.here)

    I have since increased the timeout to 8 seconds and the
    timeouts have halfed.

    Making the timeout configurable is good. However, for a
    newbie like myself who just want to see how sid-milter works
    while having ZERO effect on mail delivery, a way to skip
    timeouts (with a "tempfail" logged in the headers) would be
    great! I can then adjust the timeout value accordingly.

     
  • Logged In: YES
    user_id=1048957

    The 16 refers to the DNS query type that failed. In that
    case, it was a T_TXT record (16, in <arpa/nameser.h>).

    I'll add configurable timeouts to the next release, with "0"
    meaning "wait forever" or something.

     
    • milestone: --> v0.2.3
    • status: open --> closed-fixed
     
  • Logged In: YES
    user_id=1048957

    "-T" added to v0.2.4.