Error enabling mail rate limit

Hi, I've just enabled the Mail rate limit on my virtualmin server and it seems works fine but, digging in mail.log, I noticed many of those errors:

Dec 6 13:19:33 sv01 milter-greylist: smfi_getsymval failed for {if_addr} Dec 6 13:19:48 sv01 milter-greylist: smfi_getsymval failed for {i}

Postfix version 2.9.6 Debian 7

I've enabled spamassassin, clamav and postgrey

sincerely

Nicola

Status: 
Active

Comments

I think those are harmless. Is rate limiting working properly for you?

I'm just testing the new rate limiting features too, and it seems they are ineffective in my case. (OS: Ubuntu 12.04 x64)

I had Virtualmin download and install the package and turn on the milter. I configured a global limit of "1 mail per minute" for the system.

Config files of milter and Postfix look okay:

pidfile "/var/run/milter-greylist.pid"
dumpfile "/var/lib/milter-greylist/greylist.db" 600
dumpfreq 10m
socket "/var/spool/postfix/var/run/milter-greylist/milter-greylist.sock" 666
user "smmsp"
quiet
ratelimit "virtualmin_limit" rcpt 1 / 1m
racl blacklist from /.*/ ratelimit "virtualmin_limit" msg "Message quota exceeded"
racl whitelist default
nospf

(That's only the non-comment lines)

Those lines were added to Postfix' main.cf:

milter_default_action = accept
milter_protocol = 2
smtpd_milters = local:/var/run/milter-greylist/milter-greylist.sock
non_smtpd_milters = local:/var/run/milter-greylist/milter-greylist.sock

I'm now sending email from a local account on the test server to the outside, and I can send emails on and on, they are delivered immediately. Could it have to do with the fact that the server is using IPv6? Excerpt from /var/log/mail.log for two consecutive deliveries:

Dec  7 11:19:35 lyra postfix/smtpd[5843]: connect from 2001-4dd0-201a-0-a5f4-cdf1-5f6c-7bcf.ipv6dyn.netcologne.de[2001:4dd0:201a:0:a5f4:cdf1:5f6c:7bcf]
Dec  7 11:19:36 lyra milter-greylist: reloading config file "/etc/milter-greylist/greylist.conf"
Dec  7 11:19:36 lyra milter-greylist: reloaded config file "/etc/milter-greylist/greylist.conf" in 0.018983s
Dec  7 11:19:36 lyra milter-greylist: smfi_getsymval failed for {i}
Dec  7 11:19:36 lyra milter-greylist: User sourceuser@test.tiahost.de authenticated, bypassing greylisting
Dec  7 11:19:36 lyra postfix/smtpd[5843]: 720E010518D: client=2001-4dd0-201a-0-a5f4-cdf1-5f6c-7bcf.ipv6dyn.netcologne.de[2001:4dd0:201a:0:a5f4:cdf1:5f6c:7bcf], sasl_method=PLAIN, sasl_username=sourceuser@test.tiahost.de
Dec  7 11:19:36 lyra postfix/cleanup[5849]: 720E010518D: message-id=<52A2F637.1080606@test.tiahost.de>
Dec  7 11:19:36 lyra milter-greylist: smfi_getsymval failed for {if_addr}
Dec  7 11:19:36 lyra postfix/qmgr[31460]: 720E010518D: from=<sourceuser@test.tiahost.de>, size=765, nrcpt=1 (queue active)
Dec  7 11:19:36 lyra postfix/smtpd[5843]: disconnect from 2001-4dd0-201a-0-a5f4-cdf1-5f6c-7bcf.ipv6dyn.netcologne.de[2001:4dd0:201a:0:a5f4:cdf1:5f6c:7bcf]
Dec  7 11:19:39 lyra postfix/smtp[5850]: 720E010518D: to=<destuser@tianet.de>, relay=mail.tianet.de[176.9.191.26]:25, delay=2.8, delays=0.11/0/0.12/2.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 30D9E46985)
Dec  7 11:19:39 lyra postfix/qmgr[31460]: 720E010518D: removed
Dec  7 11:19:40 lyra postfix/smtpd[5843]: connect from 2001-4dd0-201a-0-a5f4-cdf1-5f6c-7bcf.ipv6dyn.netcologne.de[2001:4dd0:201a:0:a5f4:cdf1:5f6c:7bcf]
Dec  7 11:19:40 lyra milter-greylist: smfi_getsymval failed for {i}
Dec  7 11:19:40 lyra milter-greylist: User sourceuser@test.tiahost.de authenticated, bypassing greylisting
Dec  7 11:19:40 lyra postfix/smtpd[5843]: B98D710518D: client=2001-4dd0-201a-0-a5f4-cdf1-5f6c-7bcf.ipv6dyn.netcologne.de[2001:4dd0:201a:0:a5f4:cdf1:5f6c:7bcf], sasl_method=PLAIN, sasl_username=sourceuser@test.tiahost.de
Dec  7 11:19:40 lyra postfix/cleanup[5849]: B98D710518D: message-id=<52A2F63C.1060006@test.tiahost.de>
Dec  7 11:19:40 lyra milter-greylist: smfi_getsymval failed for {if_addr}
Dec  7 11:19:40 lyra postfix/qmgr[31460]: B98D710518D: from=<sourceuser@test.tiahost.de>, size=765, nrcpt=1 (queue active)
Dec  7 11:19:40 lyra postfix/smtp[5850]: B98D710518D: to=<destuser@tianet.de>, relay=mail.tianet.de[176.9.191.26]:25, delay=0.1, delays=0.09/0/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CA32446985)
Dec  7 11:19:40 lyra postfix/qmgr[31460]: B98D710518D: removed
Dec  7 11:19:40 lyra postfix/smtpd[5843]: disconnect from 2001-4dd0-201a-0-a5f4-cdf1-5f6c-7bcf.ipv6dyn.netcologne.de[2001:4dd0:201a:0:a5f4:cdf1:5f6c:7bcf]

Can you guys post your milter-greylist config file, which is located in /etc/milter-greylist/greylist.conf? Thanks!

I already did, check the first "code" block in my previous post. :)

I think the issue may be the line :

DecĀ  7 11:19:36 lyra milter-greylist: User sourceuser@test.tiahost.de authenticated, bypassing greylisting

Try editing greylist.conf and adding the line noauth , and see if that makes any difference.

I'll try the "noauth" thing in a minute! Here's another issue:

While checking the mail logs on the test server, to prepare for the "noauth" test, I found blocks of these messages, once per minute. They started when I created a testing virtual server yesterday and Webmin tried to send the confirmation mail to the local recipient.

Maybe a limit of "1 mail per minute" is too few? :) Or maybe Webmin/Postfix is retrying too quickly, so that the milter "overflow" cannot decrease? Also note the error message "cannot reject recipient in non-smtpd submission".

Dec  8 15:56:44 lyra postfix/pickup[23798]: 82F8010518D: uid=0 from=<webmin@lyra.tianet.de>
Dec  8 15:56:44 lyra milter-greylist: 82F8010518D: skipping greylist because this is the default action, (from=webmin@lyra.tianet.de, rcpt=tiatest@test.tiahost.de, addr
Dec  8 15:56:44 lyra milter-greylist: ratelimit overflow for class virtualmin_limit: 2, limit is 1 recipients / 60 sec, key = "127.0.0.1"
Dec  8 15:56:44 lyra milter-greylist: 82F8010518D: addr localhost[127.0.0.1] from webmin@lyra.tianet.de to admin@tianet.de blacklisted (ACL 74)
Dec  8 15:56:44 lyra postfix/cleanup[2622]: 82F8010518D: milter-reject: RCPT from localhost[127.0.0.1]: 5.7.1 Message quota exceeded; from=<webmin@lyra.tianet.de> to=<a
Dec  8 15:56:44 lyra postfix/cleanup[2622]: warning: 82F8010518D: milter configuration error: can't reject recipient in non-smtpd(8) submission
Dec  8 15:56:44 lyra postfix/cleanup[2622]: warning: 82F8010518D: deferring delivery of this message

About the original issue:

Adding "noauth" to the milter config file helped!

I did that, and configured the milter to allow 2 mails per minute. I could send 2 mails, and the third was rejected with "551 5.7.1 Message quota exceeded".

Ok .. so is it all working as expected now?

Limiting works as expected now in my test, yes.

You might want to check the error message though that I noted in my second-to-last post.

sorry for the delay...

it work also for me, adding noauth at the end of the greylist.conf

but the errors remains

thanks!

@Locutus - are you sending email using an SMTP connection, or via the mail or sendmail commands?

@Jamie: You don't really fully read my posts, do you? ;) Lemme repeat:

"While checking the mail logs on the test server, to prepare for the "noauth" test, I found blocks of these messages, once per minute. They started when I created a testing virtual server yesterday and Webmin tried to send the confirmation mail to the local recipient."

Oops, I missed the part about them being sent by Webmin.

So what this means is that Webmin is sending emails via the sendmail command, but under Postfix a milter doesn't have the ability to reject a message sent that way (vs via SMTP). Instead, Postfix just defers it for later delivery.

A limit of 1 message per limit is too low, as this mean that if a single other email comes it to any user in the minute prior to creating a domain, then the email from Virtualmin will be deferred. I'd recommend a limit of at least 10 per minute.

Alrighty! The "1 mail per minute" of course was only for testing purposes, to see if the rate limiting works at all.

I get both of these in the logs: milter-greylist: smfi_getsymval failed for {i} milter-greylist: smfi_getsymval failed for {if_addr}

I have the noauth at the end of the config. I know the milter works for the localhost, but I don't know if it works for other clients. I've noticed the greylist.db is not created in the directory specified by the conf file... It's a production server, so I am leery of dropping it down to 1 per min for testing. Is there another way to check?

Those two messages should be harmless. The greylist db is probably not created because the milter is not used for greylisting, only for rate limiting. Either that, or the file is only updated when the milter is stopped.

To test it, you could create a low limit for a specific test domain and send mails from that, while leaving the global limit high.

They may be harmless, but there are thousands of entries everyday which increases the logfile size dramatically. I'll try a test account

So I uninstalled and reinstalled and it still isn't working with a test subdomain... Still getting the same errors