Binkd is gone down

Discussion:

Binkd is gone down

(too old to reply)

Gert Andersen

2010-02-27 21:01:06 UTC

Hello All!

I have in the last months seen my binkd linux not working, like that the srvmgr
is been lost and not working while the server bind still is on.
Then trying connect with another mailer like another system with binkd oor mbse
is i getting 'too many servers' on my binkd for main system, and by other
mailer say failes connection reason error on hosts server program.

Can it be why there is some error on my binkd ?
I can restart my pc and binkd but after 1 to 2 hours is binkd again not
working. This has happen in 3-5 days and then is all ok again in a month and so
come the poblem.

CCould it be a error in the binkd compiled bin file.

Take care
Gert Andersen

----------------------------------------------------------------------

Stas Degteff

2010-02-28 13:39:44 UTC

Permalink

Hello Gert!

28 Feb 10 00:01, you wrote to All:

GA> I have in the last months seen my binkd linux not working, like that
GA> the srvmgr is been lost and not working while the server bind still is
GA> on. Then trying connect with another mailer like another system with
GA> binkd oor mbse is i getting 'too many servers' on my binkd for main
GA> system, and by other mailer say failes connection reason error on
GA> hosts server program.

GA> Can it be why there is some error on my binkd ?

Look optional statement "maxservers" in binkd configuration file. I uses
setting:
====
maxservers 10
====

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

Gert Koefoed Andersen

2010-03-01 19:32:20 UTC

Permalink

Hello Stas!

Sun Feb 28 2010, Stas Degteff wrote to Gert Andersen:

GA>> I have in the last months seen my binkd linux not working, like that
GA>> the srvmgr is been lost and not working while the server bind still is
GA>> on. Then trying connect with another mailer like another system with
GA>> binkd oor mbse is i getting 'too many servers' on my binkd for main
GA>> system, and by other mailer say failes connection reason error on
GA>> hosts server program.

GA>> Can it be why there is some error on my binkd ?

SD>Look optional statement "maxservers" in binkd configuration file. I
SD>uses setting:
SD>====
SD>maxservers 10
SD>====

Is to what I have done now with that I have set it to be 12 and here 8 hours
after thange was done down again for the srvmgr, while a link in UK Scotland
has bomb my binkd with doubbelt polls several time, where his system of argus
mailer was polling secund time to fast afterhis first poll with his double
setup of argus, one with all akas and one with only one aka in.
The polling was done in 12 polls very shortly after the first poll and so by
binkd not had got finish with his first poll.

Sittings now is:
maxservers 14
maxclients 6

Take care,
Gert

- Get the best with linux -

Stas Degteff

2010-03-02 16:25:38 UTC

Permalink

Hello Gert!

01 Mar 10 22:32, you wrote to me:

GA> a link in
GA> UK Scotland has bomb my binkd with doubbelt polls several time,

1. While one connection is established with one node, another connection
rejected with message ERR "all cmomon aka are busy"

2. flood poll may be stopped using firewall (possible set limit for incoming
TCP SYN packets in minute from one host to the binkp port). If you may use
"tarpit" technology, this will moralize flooder :) (tarpit set TCP windows of
illegal connections to zero and program-poller is stay "zombi"-like).

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

Gert Koefoed Andersen

2010-03-02 15:17:26 UTC

Permalink

* Reply to message originally in area CarbonArea

Hello Stas!

Tue Mar 02 2010, Stas Degteff wrote to Gert Koefoed Andersen:

GA>> a link in
GA>> UK Scotland has bomb my binkd with doubbelt polls several time,

SD>1. While one connection is established with one node, another
SD>connection rejected with message ERR "all cmomon aka are busy"

SD>2. flood poll may be stopped using firewall (possible set limit for
SD>incoming TCP SYN packets in minute from one host to the binkp port). If
SD>you may use "tarpit" technology, this will moralize flooder :) (tarpit
SD>set TCP windows of illegal connections to zero and program-poller is
SD>stay "zombi"-like).

I using Gentoo Linux as router and with firewall.
The problem was caused by I first had maxserver 2 and maxclients 2, so I set
maxservers 20 and maxclients 4.
But this gives it so the binkd.log show more than one node got connect in same
time, I could liek if it could be one after one.
Node a connects
goodbye node a
all over for node a
node b connects
getting his mail
al done and finish
goodbye node a
bink gets ready for next node
node c connects
etc getting mail and files
then binkd quiting the connection af all gone fine and ends the connections

so maybe max clients has to be only 1 for one time and no connection before
first node a is well done and the first connection is over and aneded with the
rc code.

Take care,
Gert

- Get the best with linux -

Stas Degteff

2010-03-02 21:59:42 UTC

Permalink

Hello Gert!

02 Mar 10 18:17, you wrote to me:

SD>> 1. While one connection is established with one node, another
SD>> connection rejected with message ERR "all cmomon aka are busy"

SD>> 2. flood poll may be stopped using firewall (possible set limit
SD>> for incoming TCP SYN packets in minute from one host to the binkp
SD>> port). If you may use "tarpit" technology, this will moralize
SD>> flooder :) (tarpit set TCP windows of illegal connections to zero
SD>> and program-poller is stay "zombi"-like).

GA> I using Gentoo Linux as router and with firewall.

You may use "recent" module of iptables:
====
iptables -I INPUT 1 -i eth1 -p tcp --syn --dport binkp -m recent --name binkpin
--set -m comment --comment "Set incoming binkp connection into table binkpin"

iptables -I INPUT 2 -i eth1 -p tcp --syn --dport binkp -m recent --name binkpin
--update --seconds 60 --hitcount 2 -j REJECT --reject-with tcp-reset -m comment
--comment "Reject too quickly new binkp connection attempts"
====
Or you may use "connlimit" module of iptables (look man iptables)

GA> The problem was caused by I first had maxserver 2 and maxclients 2, so
GA> I set maxservers 20 and maxclients 4. But this gives it so the
GA> binkd.log show more than one node got connect in same time,

This is NORMAL! My node serve several downlinks simultaneous. Binkd is
"multi-line" mailer. But only one connection with one link simultaneous.

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

Bo Simonsen

2010-03-03 04:25:08 UTC

Permalink

SD>This is NORMAL! My node serve several downlinks simultaneous. Binkd is
SD>"multi-line" mailer. But only one connection with one link simultaneous.

That's why you get the "busy" message I guess, if a session already exists.
(Or you reached the limit).

I remember my home crafted binkp mailer kept crashing so it did not
remove the .bsy file. This file should probably store the pid.

Gert: Have you checked for .bsy files?

Bo

Stas Degteff

2010-03-03 15:05:20 UTC

Permalink

Hello Bo!

03 Mar 10 07:25, you wrote to me:

SD>> This is NORMAL! My node serve several downlinks simultaneous. Binkd
SD>> is "multi-line" mailer. But only one connection with one link
SD>> simultaneous.

BS> That's why you get the "busy" message I guess, if a session already
BS> exists. (Or you reached the limit).

Yes

BS> I remember my home crafted binkp mailer kept crashing
BS> so it did not remove the .bsy file.

You use binkd or not? If binkd, update to last release please.

BS> This file should probably store the pid.

I known about this problem but I did not try to realise it yet.
If you use binkd, You may use workaround in binkd configuration: kill-old-bsy
43200 # seconds

BS> Gert: Have you checked for .bsy files?

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

Bo Simonsen

2010-03-03 14:40:55 UTC

Permalink

SD> BS> This file should probably store the pid.
SD>
SD>I known about this problem but I did not try to realise it yet.
SD>If you use binkd, You may use workaround in binkd configuration:
SD>kill-old-bsy 43200 # seconds

So binkd does not store the pid in the .bsy file?

Bo

Stas Degteff

2010-03-04 22:26:04 UTC

Permalink

Hello Bo!

03 Mar 10 17:40, you wrote to me:

SD>> BS> This file should probably store the pid.
SD>>
SD>> I known about this problem but I did not try to realise it yet.
SD>> If you use binkd, You may use workaround in binkd configuration:
SD>> kill-old-bsy 43200 # seconds

BS> So binkd does not store the pid in the .bsy file?

Binkd stores PID in the "pid-file" and bsy files. But binkd does not use PID
from bsy or pid-file for process checking

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

mark lewis

2010-03-04 22:36:37 UTC

Permalink

SD> Binkd stores PID in the "pid-file" and bsy files. But binkd does
SD> not use PID from bsy or pid-file for process checking

am i to understand that this allows one to start binkd more than one time with
the same config file?? should it not check for the PID file and abort if an
active one is found?

)\/(ark

Peter Knapper

2010-03-05 19:19:26 UTC

Permalink

Hi Mark,

SD> Binkd stores PID in the "pid-file" and bsy files. But binkd does
SD> not use PID from bsy or pid-file for process checking

ml> am i to understand that this allows one to start binkd
ml> more than one time with the same config file?? should
ml> it not check for the PID file and abort if an active
ml> one is found?

I haven't tried it, but depending on how BinkD was written, a second instance
wont be able to open the SAME TCP/IP Port, so will probably fail to start. It
would need a new Config file to alter the port to be able to start...

Cheers.............pk.

Stas Degteff

2010-03-05 14:32:18 UTC

Permalink

Hello mark.

05 Mar 10 01:36, you wrote to me:

ml> am i to understand that this allows one to start binkd more than one
ml> time with the same config file??

Second Binkd may run in client mode or inetd mode. Second binkd-server may be
run on separated port only, otherwise binkd-server can't listed port (port is
listen by first binkd instance) and second binkd exits with error message. This
is normal.

ml> should it not check for the PID file and abort if an active one is
ml> found?

This varian is possible for implementation.

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)
... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

Bo Simonsen

2010-03-05 10:19:00 UTC

Permalink

SD> SD>> BS> This file should probably store the pid.
SD> SD>>
SD> SD>> I known about this problem but I did not try to realise it yet.
SD> SD>> If you use binkd, You may use workaround in binkd configuration:
SD> SD>> kill-old-bsy 43200 # seconds
SD>
SD> BS> So binkd does not store the pid in the .bsy file?
SD>
SD>Binkd stores PID in the "pid-file" and bsy files. But binkd does not use
SD>PID from bsy or pid-file for process checking

It should be an easy fix.. Just kill the process in the .bsy file with
signal 0, and if you get a non--1 return value it should be alive.

I don't know how portable this trick is.

Bo

Stas Degteff

2010-03-05 21:59:04 UTC

Permalink

Hello Bo!

05 Mar 10 13:19, you wrote to me:

SD>> Binkd stores PID in the "pid-file" and bsy files. But binkd does
SD>> not use PID from bsy or pid-file for process checking

BS> It should be an easy fix.. Just kill the process in the .bsy file with
BS> signal 0, and if you get a non--1 return value it should be alive.

No!NO!NO! Does not KILL any running program!

True algorithm: read PID from .bsy, look process witt this PID, if NOT in
active processes list, then remove .bsy.

BS> I don't know how portable this trick is.

Is not portable.

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster

Bo Simonsen

2010-03-06 21:28:56 UTC

Permalink

SD> SD>> Binkd stores PID in the "pid-file" and bsy files. But binkd does
SD> SD>> not use PID from bsy or pid-file for process checking
SD>
SD> BS> It should be an easy fix.. Just kill the process in the .bsy file
SD>with
SD> BS> signal 0, and if you get a non--1 return value it should be alive.
SD>
SD>No!NO!NO! Does not KILL any running program!

Killing a process with signal 0 will not have any effect.

SD>True algorithm: read PID from .bsy, look process witt this PID, if NOT
SD>in active processes list, then remove .bsy.

Parsing the process list is not free of charge.. However this is not
portable either..

SD> BS> I don't know how portable this trick is.
SD>
SD>Is not portable.

Agreeed.

Bo

Benny Pedersen

2010-03-11 23:33:34 UTC

Permalink

Hello Bo!

03 Mar 10 17:40, Bo Simonsen wrote to Stas Degteff:

BS> So binkd does not store the pid in the .bsy file?

you know one pid can do more then one connect to multiple nodes at just one pid
running ?

Regards Benny

... there can only be one way of life, and it works :)

Gert Koefoed Andersen

2010-03-03 14:35:58 UTC

Permalink

Hello Bo!

Wed Mar 03 2010, Bo Simonsen wrote to Stas Degteff:

SD>>This is NORMAL! My node serve several downlinks simultaneous. Binkd is
SD>>"multi-line" mailer. But only one connection with one link
SD>>simultaneous.

BS>That's why you get the "busy" message I guess, if a session already
BS>exists.
BS>(Or you reached the limit).

BS>I remember my home crafted binkp mailer kept crashing so it did not
BS>remove the .bsy file. This file should probably store the pid.

BS>Gert: Have you checked for .bsy files?

Yes those flags is been daily checked and if there is some old try files too
from more than a hour.

Take care,
Gert

- Get the best with linux -

Bo Simonsen

2010-03-03 17:23:20 UTC

Permalink

GKA> BS>Gert: Have you checked for .bsy files?
GKA>
GKA>Yes those flags is been daily checked and if there is some old try
GKA>files too from more than a hour.

Good..

Bo

Benny Pedersen

2010-03-11 23:25:30 UTC

Permalink

Hello Stas!

03 Mar 10 00:59, Stas Degteff wrote to Gert Koefoed Andersen:

SD> iptables -I INPUT 1 -i eth1 -p tcp --syn --dport binkp -m recent
SD> --name binkpin --set -m comment --comment "Set incoming binkp
SD> connection into table binkpin"

SD> iptables -I INPUT 2 -i eth1 -p tcp --syn --dport binkp -m recent
SD> --name binkpin --update --seconds 60 --hitcount 2 -j REJECT
SD> --reject-with tcp-reset -m comment --comment "Reject too quickly new
SD> binkp connection attempts"

Gert needs all this in shorewall to get it to work

using fail2ban can do it with syslog-ng amd network syslog from all his servers
to the router :)

when we are at it, gert polls me every 3 mins :(

Regards Benny

... there can only be one way of life, and it works :)