Loading ...
Sorry, an error occurred while loading the content.

postfix need reload after cidr changes?

Expand Messages
  • Marko Weber | ZBF
    hello, when i change a cidr map, do i have to reload postfix like on chnages by texthash? i was on http://www.postfix.org/cidr_table.5.html and cant find
    Message 1 of 7 , May 23, 2013
    • 0 Attachment
      hello,

      when i change a cidr map,
      do i have to "reload" postfix like on chnages by texthash?

      i was on http://www.postfix.org/cidr_table.5.html
      and cant find that info.

      thanks

      marko
    • Benny Pedersen
      ... yes, would be nice to have man pages updated to contain reload needs, eg sql maps does in terms of reload not need to be running postfix reload, nearly all
      Message 2 of 7 , May 23, 2013
      • 0 Attachment
        Marko Weber | ZBF skrev den 2013-05-23 21:05:

        > when i change a cidr map,
        > do i have to "reload" postfix like on chnages by texthash?

        yes, would be nice to have man pages updated to contain reload needs,
        eg sql maps does in terms of reload not need to be running postfix
        reload, nearly all other do, it could be solved if postfix code change
        to support filenotify, but its just a dream still here :)

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      • /dev/rob0
        ... If you re willing to wait until the process in question exits, no, reload is not necessary. If you want to be sure to have it NOW, indeed, postfix
        Message 3 of 7 , May 23, 2013
        • 0 Attachment
          On Thu, May 23, 2013 at 09:12:23PM +0200, Benny Pedersen wrote:
          > Marko Weber | ZBF skrev den 2013-05-23 21:05:
          >
          > >when i change a cidr map,
          > >do i have to "reload" postfix like on chnages by texthash?

          If you're willing to wait until the process in question exits, no,
          reload is not necessary. If you want to be sure to have it NOW,
          indeed, "postfix reload". The same is true of texthash, pcre, and
          regexp maps: map types which are read entirely into memory.

          > yes, would be nice to have man pages updated to contain reload
          > needs, eg sql maps does in terms of reload not need to be running
          > postfix reload, nearly all other do,

          Cdb and hash (indexed maps) do not require a reload.

          For changes to a SQL/LDAP query file, see above (reload if you can't
          wait.)

          See also: DATABASE_README.html#detect

          > it could be solved if postfix code change to support filenotify,
          > but its just a dream still here :)

          Postfix runs on a lot of systems. If they don't all support
          filenotify, it gets messy to try to make it work for those which are
          different.
          --
          http://rob0.nodns4.us/ -- system administration and consulting
          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
        • Wietse Venema
          ... It is safe to assume that if you change a file, then a reload will be needed. cidr is like texthash, pcre and regexp: these tables are read into memory
          Message 4 of 7 , May 23, 2013
          • 0 Attachment
            Marko Weber | ZBF:
            >
            > when i change a cidr map,
            > do i have to "reload" postfix like on chnages by texthash?
            >
            > i was on http://www.postfix.org/cidr_table.5.html
            > and cant find that info.

            It is safe to assume that if you change a file, then a "reload"
            will be needed.

            cidr is like texthash, pcre and regexp: these tables are read into
            memory and then closed, so they don't have a file handle to access
            the file after entering a chroot jail and/or dropping privileges.
            With other files that remain open, Postfix daemons try to detect
            if it has changed and will voluntarily terminate.

            There is no manpage for every Postfix table type so that would not
            be the place to document whether a reload is desired. For example
            there is no manpage for hash, btree, dbm, and texthash. That leaves
            DATABASE_README.html, and the postconf manpage text for the "-m"
            option. Would you have found it if it was documented there?

            Wietse
          • Marko Weber | ZBF
            hey wietse, ... i dunno. i just asked to get a an answer. thats all. i dont show with the finger here on anyone that missed to docuemt these and that. just
            Message 5 of 7 , May 23, 2013
            • 0 Attachment
              hey wietse,

              Am 2013-05-23 21:33, schrieb wietse@...:
              > Marko Weber | ZBF:
              >
              > when i change a cidr map,
              > do i have to "reload" postfix like on chnages by texthash?
              >
              > i was on http://www.postfix.org/cidr_table.5.html
              > and cant find that info.
              >
              > It is safe to assume that if you change a file, then a "reload"
              > will be needed.
              >
              > cidr is like texthash, pcre and regexp: these tables are read into
              > memory and then closed, so they don't have a file handle to access
              > the file after entering a chroot jail and/or dropping privileges.
              > With other files that remain open, Postfix daemons try to detect
              > if it has changed and will voluntarily terminate.
              >
              > There is no manpage for every Postfix table type so that would not
              > be the place to document whether a reload is desired. For example
              > there is no manpage for hash, btree, dbm, and texthash. That leaves
              > DATABASE_README.html, and the postconf manpage text for the "-m"
              > option. Would you have found it if it was documented there?

              i dunno. i just asked to get a an answer. thats all.
              i dont show with the finger here on anyone that missed to docuemt these
              and that.
              just wanted to know.

              all fine, i decided to do reload.

              background: i use the LASSO DROP from spamhaus. this list you can update
              hourly
              and i read it with the cidr option.

              postscreen_access_list =
              cidr:/etc/postfix/lookups/cidr/postscreen_access.cidr
              cidr:/etc/postfix/lookups/cidr/spamhausdrop.cidr

              ...and asked myself if postfix need a reload after updte of the list ;-)

              all fine.

              marko

              >
              > Wietse
            • Benny Pedersen
              ... how much blocked trafic do you get from it ? -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get
              Message 6 of 7 , May 23, 2013
              • 0 Attachment
                Marko Weber | ZBF skrev den 2013-05-23 21:47:

                > postscreen_access_list =
                > cidr:/etc/postfix/lookups/cidr/postscreen_access.cidr
                > cidr:/etc/postfix/lookups/cidr/spamhausdrop.cidr

                how much blocked trafic do you get from it ?

                --
                senders that put my email into body content will deliver it to my own
                trashcan, so if you like to get reply, dont do it
              • Stan Hoeppner
                ... Spamhaus DROP - [D]on t [R]oute [O]n [P]eer list http://www.spamhaus.org/drop/ When implemented at a network or ISP s core routers , DROP and EDROP will
                Message 7 of 7 , May 23, 2013
                • 0 Attachment
                  On 5/23/2013 2:47 PM, Marko Weber | ZBF wrote:

                  > background: i use the LASSO DROP from spamhaus. this list you can update
                  > hourly
                  > and i read it with the cidr option.

                  Spamhaus DROP - [D]on't [R]oute [O]n [P]eer list
                  http://www.spamhaus.org/drop/

                  "When implemented at a network or ISP's 'core routers', DROP and EDROP
                  will help protect the network's users from spamming, scanning,
                  harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks.

                  Spamhaus strongly encourages the use of DROP and EDROP by tier-1s and
                  backbones."

                  > postscreen_access_list =
                  > cidr:/etc/postfix/lookups/cidr/postscreen_access.cidr
                  > cidr:/etc/postfix/lookups/cidr/spamhausdrop.cidr

                  This is not a valid use of DROP. Someone upstream of you is already
                  taking care of DROP long before such packets reach your MTA. The DROP
                  list is for use by infrastructure providers, not end users of networks.

                  You are simply wasting your time with this. It will stop no spam.
                  Forget it and move on to something that will actually be of benefit.

                  --
                  Stan
                Your message has been successfully submitted and would be delivered to recipients shortly.