felix / gross Goto Github PK

requesting a new type of check that will query the client_ip against
various DNS WhiteLists

There should be an option for grossd that makes it always send STATUS_TRUST 
response. That way 
one could safely simulate grossd in a live environment.

We could have Python hooks so that checks could be written in Python instead of 
C. Also, the check 
result evaluation could be handed over to a Python module. That way complicated 
policy 
requirements could be easily fulfilled.

This is a request for enhancement for a new check type to perform a reverse
dns lookup on the client_ip, then perform a lookup on this value and
confirm that it resolves back to the client_ip.

the blocker queries seem to work as expected, but they cause a segmentation
fault after a short time period

debugging information sent to Eino.

From wikipedia: http://en.wikipedia.org/wiki/Greylisting

"In practice, most greylisting systems do not require an exact match on the
IP address and the sender address. Because large senders often have a pool
of machines that can send (and resend) e-mail from, IP addresses that have
the most-significant 24 bits (/24) the same are treated the equivalent, or
in some cases SPF records are used to determine the sending pool.
Similarly, because many mailing lists use Variable envelope return path
(VERP), if an exact match on the sender address is required, each post from
the mailing list will be delayed. Instead, some greylisting systems try to
eliminate the variable parts of the VERP by using only the sender domain
and the beginning of the local-part of the sender address."

Perhaps there could be a configurable options to make gross treat pooled IP
addresses equivalent
e.g.
match_ipaddr=24

It would be interesting to configure gross to query the sophos puremessage
IP blocker in addition to (or instead of) the DNSBLs.  I think I have some
example code laying around somewhere.

$prefix/lib installs with wrong permissions, and is not world accessible. 

Processing delay (query received - response sent) should be logged. 

Tolerance counters break on OS X because it has no sem_getvalue()

Feature request: allow for configurable error message in SMTP response

Make it possible to have ONE instance of grossd, which can both be called for a 
check-WITH-dnsbl 
and for a check-WITHOUT-dnsbl

synchost, syncport and peerhost should be replaced by

sync = [localip:[port:]]peerip

Here is an idea for new configurable option:

grey_update_max = int 

where the database will not update if more than grey_update_max checks match

this will give these senders a perpetual temp block, which is effectively
the same as a perm block, without too much of a code redesign.

it would require that check short-cutting would have to be disabled

Would it be possible to have an option to set the amount of time a triplet
will be greylisted?  Currently, it's effectively set to 0, since it will
accept the 2nd attempt immediately.  I've heard of other greylisting
implementations that will greylist for up to 24 hours (extreme setting IMO)
before letting the messages through.

Assuming you have Y buffers, and X is your 'greylisting_buffer_offset' (or
whatever) option.  Instead of doing a logical OR on 0 through Y-1 buffers,
only do the logical OR on X through Y-1 buffers.  0 through X-1 buffers are
never queried.

[email protected]:
"it would be nice if gross would log to the $BASE/log directory. E.g.
when having /usr/local/gross, log to /usr/local/gross/log/grossd.log."

I gave it a low priority for now as we already have syslog logging.

The default location for the config file is $PREFIX/etc/grossd. grossd should 
look for the file there, 
not in the current working directory.

I was reading through http://en.wikipedia.org/wiki/Greylisting

"When a mail server is greylisted, the duration of time between the initial
delay and the re-transmission is variable. Some mail servers use a default
of 4 hours, though most will retry sooner."

we should configure the default number_buffers and rotate_interval to give
a total time of 4+ hours.

It would be worthwhile to survey other greylisting implementations to
figure out what they have found to be successful

Feature request: allow for configurable logging location

(I know that this is already on the TODO list in the README.)

We must provide users a table showing how the size of the bloom filter affects 
the error probability.

Update queues should be synchronized. This is vital if the greylist_delay
is much longer than the default 10 seconds.

Change configuration to allow host names.

If gclient is run on host of different endianess of the server, the protocol 
breaks and grossd exits.

ordb has announced that they are shutting down their DNSBL. relays.ordb.org 
must be removed 
from the example config.

grossd should skip only dnsbl checks when configured with --disable-dnsbl

There seems to be a lot of open udp connections when using grosscheck.so with 
SJSMS.

I would prefer only one log line per request.  I know that this may
sacrifice readability, but it would make it easier to parse and give a
potentially smaller overall log size.

dns-query accounting should be configurable.

SJSMS client library path is wrong in the INSTALL document. It's due to package 
name change from 
grossd to gross.

grossd needs a separate command line option to enable debug logging. -d should 
only run the 
server on foreground with the default log level.

The default config file path seems to be NONE/etc/grossd.conf, if --prefix was 
not supplied 
explicitly during configure.

open("NONE/etc/grossd.conf", O_RDONLY)          Err#2 ENOENT

This is an RFE for the addition of a new check to perform a dns lookup on
the client_ip and obtain the reverse dns value and then match this value
against multiple regular expressions to determine if the message should be
greylisted.

The idea is that the reverse dns of the client_ip may indicate that the
sending host is not a normal mail server.  e.g. it contains 'dhcp' or 'pool'

It should be considered that this could be used as a blacklist of sorts,
and what will happen if an administrator adds an excessive number of
regular expressions.

There should be a command line option to create the configured state file.

It would be helpful if the timeout/retry/failover behavior was documented.

how feasible will it be to configure replication across more than 2 servers
for greater load balancing and redundancy?

Grossd crashes:

Thu Jan 18 12:06:06 2007 #8: threadpool 'sjsms' starting
Thu Jan 18 12:06:06 2007 #5: initializing postfix thread pool
Thu Jan 18 12:06:06 2007 #5: doubling the space for message queues from 4 to 8
Thu Jan 18 12:06:06 2007 #9: threadpool 'postfix' starting
Thu Jan 18 12:06:06 2007 #8: threadpool 'sjsms' processing
Thu Jan 18 12:06:06 2007 #8: threadpool 'sjsms' starting another thread
Thu Jan 18 12:06:06 2007 #8: query from 127.0.0.1
Thu Jan 18 12:06:06 2007 #a: threadpool 'sjsms' starting
Assertion failed: brq, file bloom.c, line 350
Abort - core dumped 

There should be man pages for at least grossd.

There is no need for --with-worker configure option. Different servers should 
be configured in 
config file.

Currently it is possible to compile gross with- and without dnsbl. It would
be useful to be able to use gross both with- AND without dnsbl, using the
same instance with only one configuration file.

E.g. compile always with support for dnsbl

Gross determines whether dnsbl's lookups must be done or not, based upon
the presence (or absence) of dnsbl statements in the configuration file. IF
no dnsbl entries in the configfile THEN do not query any dnsbl, ELSE do
query the defined dnsbl's.

When testing postfix protocol I discovered that there is no \r\n line 
terminators in the policy 
protocol. They must be changed to plain \n.

requesting new feature to query the right-hand side of the sender address
against various RHSBLs

Make grossd to accept milter connections                                   

What steps will reproduce the problem?
1. compile
2. start grossd -d

What is the expected output? What do you see instead?
Grossd shutdown with exit code 2: pthread_create No such file or directory

Please use labels and text to provide additional information.

No grosscheck treats empty sender address as an error. It means that DSN's will 
never get 
greylisted. Sometimes spammers send mail with MAIL FROM:<>.

No grosscheck treats empty sender address as an error. It means that DSN's will 
never get 
greylisted. Sometimes spammers send mail with MAIL FROM:<>.

It seems that automake is not yet aware of the file

This is because delay() gets one message out from the queue when sleeping.

gcc makes grosscheck so dependent on libgcc_s.so.1

configure should add -static-libgcc option for grosscheck target when compiling 
with gcc.

Having an empty secondary host in mappings entry will break grosscheck. It will 
treat client ip as a 
port number to connect to. Right way to disable failover queries is set the 
secondary server address 
to '0'. 

It would be helpful if the timeout/retry/failover behavior was documented.
It would also be helpful if this were somewhat configurable