Topic: Problem using RBLList with smtpfront

[rickjones]

After discovering the excellent HowTo, I enabled RBL checking in smtpfront. Results are very good, with a major reduction in spam reaching the server.

It's been running a couple of weeks, but since then I've noticed significant delays when sending outgoing email from clients, and also from Horde.

I suspect that smtpfront is trying resolve RBL results for local addresses, which it's obviously not going to find. Is this in fact what's happening, and is there a way to configure smtpfront not to do this?

TIA

[raem]

rick

What type of Internet connection do you have, dial up, cable, ADSL etc ?

Is your server busy ie handling large volumes of mail & web requests ?

How many RBL lists did you enable ?

[rickjones]

Ray

I'm on ADSL (576/144 kbps), the server is not busy most of the time, but is only an old PII 400. It's essentially a domestic hub and gateway with 3 users.

I have 9 RBL lists, being most of the ones on your recommended list IIRC.

I'm sure outgoing SMTP was not this slow before I enabled RBL checking, so I figured it's needlessly doing lookups for the local IPs - is that to be expected?

Thanks
Rick

[raem]

Rick

I have similar hardware and volume and don't see any significant problem.

Perhaps you recently (or at the same time you set up RBL) configured another feature that may be having an effect ?

You could try disabling RBL lists one by one and seeing if that changes the situation There was a problem with the contacts.abuse.net list last year that stopped ALL incoming & outgoing mail if I remember correctly.

It's possible that other list servers could get busy and slow things down a little.


> but since then I've noticed significant delays when sending outgoing email from clients...

What type of delay (time) is it that you are experiencing ?

I'm not sure what you mean about looking up local addresses/IPs.

[raem]

Rick

Any feedback available on this issue ?

Have you been able to relate your slowness to the use of certain RBL lists ?

[rickjones]

Ray

I've only just had time to experiment a bit further.

In terms of numbers, I was finding the delay could be from about 7 secs up to about 20 secs. A longer delay occurred if there had been no SMTP activity for a while. I put this down to caching and paging, in that a rapid re-invocation of smtp would involve less disk activity. OTOH it could be the result of DNS caching of the addresses of the RBL-list servers.

I've now cut the RBL lookups to just spamhaus (which the logs showed account for over 90% of rejections anyway), and the response is much quicker - i.e within 2 secs and quite acceptable. This confirms that the RBL lookups were taking the time.

The point I was trying to make initially is that rblsmtpd should not even be invoked for emails originating on the LAN. There's clearly no point doing an RBL lookup for a local address. This suggests to me that $RBLSMTPD should be set in tcprules rather than in runenv.

I'll try configuring tcprules to invoke rblsmtpd selectively, and let you know how I get on.

Cheers

[CharlieBrady]

There's clearly no point doing an RBL lookup for a local address. This suggests to me that $RBLSMTPD should be set in tcprules rather than in runenv.

Correct.

I'll try configuring tcprules to invoke rblsmtpd selectively, and let you know how I get on.

You could try my e-smith-mailfront-1.5.0-14cb4.

[rickjones]

Charlie

Thanks for the tip. I tried installing e-smith-mailfront-1.5.0-14cb5, but it says it needs ipsvd. I haven't seen that anywhere - is your rpm compatible with 6.0, or is it for 6.5? I'm on 6.0.1.

Thanks

[CharlieBrady]

I tried installing e-smith-mailfront-1.5.0-14cb5, but it says it needs ipsvd. I haven't seen that anywhere - is your rpm compatible with 6.0, or is it for 6.5? I'm on 6.0.1.

Sorry about the missing RPM. Look in the mirrors in a few hours.

I think it should work on any 6.x. But you'll test it carefully, right?

[raem]

Hullo Charlie

Looking at the Changelog for e-smith-mailfront-1.5.0-14cb5.noarch.rpm, I don't see this change made by Gordon re fake HELO/EHLO. Did that make it in to your rpm ?

Part of changelog from e-smith-mailfront-1.5.0-13gr07.noarch.rpm

* Wed Mar  9 09:00:00 2005 Gordon Rowell <gordonr@gormand.com.au>
- [1.5.0-13gr07]
- Add /var/qmail/control/badhelo to reject SMTP connections which
  says HELO/EHLO yahoo.com/aoo.com/$ExternalIP
- Updated to depend on new mailfront


Changelog from e-smith-mailfront-1.5.0-14cb5.noarch.rpm (only seems to include changes up to [1.5.0-13gr06])

File: CHANGELOG         Col 0              21822 bytes   [grow]               0%
* Tue Dec 28 09:00:00 2004 Charlie Brady <charlieb@e-smith.com> 1.5.0-14cb5
- Add ssmtpfront-qmail service
- Combine mailfront-conf-env and mailfront-conf-control into
  mailfront-conf
- Add TCPPort property for smtp and ssmtp services.
- Replace sed mangling of filelist with params to genfilelist.

* Fri Oct  1 08:00:00 2004 Charlie Brady <charlieb@e-smith.com> 1.5.0-14cb4
- Set MAILRULES environment variable for external connections.
- Make missing peers subdirectory of smtpfront-qmail service
  directory

* Fri Oct  1 08:00:00 2004 Charlie Brady <charlieb@e-smith.com> 1.5.0-14cb3
- Fix inversion of filters for internal and external connections in ipsvd
  peers config files.
- Create empty template-begin files in templates for ipsvd peers config
  files (to prevent log noise).

* Thu Aug 12 08:00:00 2004 Charlie Brady <charlieb@e-smith.com> - 1.5.0-14cb2
- Complete conversion to tcpsvd. /etc/tcprules/tcp.smtp/ is obsoleted
  in favour of /service/smtpfront-qmail/peers/*.
- Add recipient verification.

* Thu Aug 12 08:00:00 2004 Charlie Brady <charlieb@e-smith.com> - 1.5.0-14cb1
- Switch to tcpsvd rather than tcpserver - add per IP concurrency control
- Don't apply RBL lookup to local addresses
- Remove smtpfront-qmail/env directory - use exports in runenv instead.

* Fri Jun 25 08:00:00 2004 Gordon Rowell <gordonr@e-smith.com>
- [1.5.0-13gr06]
- Put Body pattern code back into SMTP error message [gordonr MN00024867]

* Thu Jun 24 08:00:00 2004 Gordon Rowell <gordonr@e-smith.com>
- [1.5.0-13gr05]
- Allow the Body property of each pattern to have multiple
  patterns, separated by commas. This allows all executables
  to be in one pattern set.
- Add EXEFILES defaults which groups all the previous EXE01..EXE12
- Remove EXE01..EXE12 [gordonr MN00024867]


Regards

[CharlieBrady]

Looking at the Changelog for e-smith-mailfront-1.5.0-14cb5.noarch.rpm, I don't see this change made by Gordon re fake HELO/EHLO. Did that make it in to your rpm ?

Check the dates. Do you think I time travel?

[raem]

I seem to be having a problem with dates this year. I keep thinking it's still 2004 !

> Do you think I time travel?

It would be a handy tool to have !

Thanks for the reminder

[rickjones]

Charlie

Your rpm is clearly a significant change to the SMTP service. If I install it then find I want to rewind to the tcpserver-based one, will rpm -e of yours put everything back, or will I need to re-install the previous rpm.

Just trying to anticipate the worst!

Thanks

[mbachmann]

I really have missed to announce this one on New Development Announcements. Good, that you have brought this up again.

[CharlieBrady]

Your rpm is clearly a significant change to the SMTP service. If I install it then find I want to rewind to the tcpserver-based one, will rpm -e of yours put everything back, or will I need to re-install the previous rpm.

"rpm -e" just uninstalls an rpm. It doesn't do rollback.

You'll need "rpm -Uhv --oldpackage ..." with the previous rpm.