Re: [ietf-smtp] [Emailcore] Status of Greylisting (i'd wish MessageID were part of SMTP prologue)
Steffen Nurpmeso <steffen@sdaoden.eu> Sat, 08 January 2022 22:37 UTC
Return-Path: <steffen@sdaoden.eu>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8543A0ADF for <ietf-smtp@ietfa.amsl.com>; Sat, 8 Jan 2022 14:37:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLk35kx5-oh4 for <ietf-smtp@ietfa.amsl.com>; Sat, 8 Jan 2022 14:37:50 -0800 (PST)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 720333A0AD8 for <ietf-smtp@ietf.org>; Sat, 8 Jan 2022 14:37:49 -0800 (PST)
Received: from kent.sdaoden.eu (kent.sdaoden.eu [10.5.0.2]) by sdaoden.eu (Postfix) with ESMTPS id 4B22116057; Sat, 8 Jan 2022 23:37:46 +0100 (CET)
Received: by kent.sdaoden.eu (Postfix, from userid 1000) id CA6A62C35; Sat, 8 Jan 2022 23:37:43 +0100 (CET)
Date: Sat, 08 Jan 2022 23:37:43 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: ietf-smtp@ietf.org
Message-ID: <20220108223743.3556w%steffen@sdaoden.eu>
In-Reply-To: <20220108212708.6C5A23472A52@ary.qy>
References: <20220108212708.6C5A23472A52@ary.qy>
Mail-Followup-To: ietf-smtp@ietf.org
User-Agent: s-nail v14.9.23-206-gfff8ce373d
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/_wRxxCcwMA4KHZ6jXNNTS2T_1rg>
Subject: Re: [ietf-smtp] [Emailcore] Status of Greylisting (i'd wish MessageID were part of SMTP prologue)
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jan 2022 22:37:56 -0000
John Levine wrote in <20220108212708.6C5A23472A52@ary.qy>: |It appears that Steffen Nurpmeso <steffen@sdaoden.eu> said: |>I am only implementing a greylisting daemon, a standardized |>anti-spam aka anti-abuse policy, then further hopefully next week, ... | |Everyone I know who does greylisting with Postfix uses Postgrey, |available here: | |https://postgrey.schweikert.ch/ | |Are you sure you need to reinvent this particular wheel? Well, the answer is a bit lengthy, i know this software, and i have perl on my server at the moment. (Ever since lighttpd suddenly stopped creating cgit output, and on the cgit list then was no support at all even though maintainer of lighttpd correctly pointed out that failing a sendfile(2) should be covered as per "Applications may wish to fall back to read(2)/write(2) in the case where sendfile() fails with EINVAL or ENOSYS", but the provided patch did not even get a response ... the maintainer as a kernel guru in some sense of guru seems to have known it is a kernel bug, but no report was given to the kernel people until someone finally stepped up .. anyhow it took months before the very combination Linux / lighttpd / cgit resumed normal operation without local effort, and one day i was no longer willing to and fell back to gitweb that ships with git anyhow, .. which requires perl.) So that postgrey uses perl would be ok even though it uses quite a bit of modules. It uses BerkeleyDB, which is no longer free software, version 5.3.28 is, aka Berkeley DB 11g Release 2, library version 11.2.5.3.28: (September 9, 2013) as via [1], which is quite old. But ok. It however seems to use what i call "[Chris ]Torek Hash", which faded a bit to grey when facing possible real world attacks me thinks. It is also very big and slow, and imposes expensive locking. [1] http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/ As an effort to restrict all my (easy non-SQL, and only those here right now) DB use cases to only LMDB of the OpenLDAP project for example i wrote an accepted patch for bogofilter(1) in 2018, and by then these were the numbers | |> it is very small (the raw AlpineLinux code package is 90KB, | |> whereas DB is 1.6MB; the cloned repo is 1.2MB, whereas the 5.3.28 | |> DB tar ball unpacked in git is 31MB), and the code is also open | |> and openly maintained. And Postfix supports LMDB as a replacement | |> for DB out of the box, too. All this is very desirable to me. | | | |Repo size of a support library isn't normally a relevant metric, but | |this is a valid point, as is its license: | | | | text data bss dec hex filename | | 80510 1504 8 82022 14066 /usr/lib64/liblmdb.so | |Runtime is much smaller here, too: | | #?0[steffen@essex nail.git]$ size /usr/lib/liblmdb.so | text data bss dec hex filename | 69680 1344 80 71104 115c0 /usr/lib/liblmdb.so | #?0[steffen@essex nail.git]$ size /usr/lib/libdb.so | text data bss dec hex filename | 1549515 38744 64 1588323 183c63 /usr/lib/libdb.so (It does not support VACUUM or any such, therefore i dump-out and recreate these DBs in such heavy use cases once a month .. automatically.) Very, very fast and minimal overhead. But in fact all this is part of an effort to replace the end-of-life Python2 Mailman2 with something homegrown. I initially planned to use the policy server to whitelist subscribers fast, for example. That it also should do regular greylisting was not the first use case. However, in the meantime i added regular use cases for a postfix configuration check_sender_access lmdb:/etc/postfix-lmdb/sender_access, before the envisioned check_policy_service, which made this less desirable, because LMDB uses fast read/write locks (or what i do not like, "robust" mutexes) if available, and then even very fast unix(7) communication will likely be outperformed. However, maybe that will be replaced by whitelist on the policy server side (again). It will use SipHash for its all-in-memory dictionaries. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… John Levine
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… Steffen Nurpmeso
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… John Levine
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… Steffen Nurpmeso
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… John Levine
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… Steffen Nurpmeso
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… John Levine
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… Steffen Nurpmeso
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… John Levine
- Re: [ietf-smtp] [Emailcore] Status of Greylisting… Steffen Nurpmeso