Linux Today: Linux News On Internet Time.

Release Digest: GNU, January 15, 2004

Jan 16, 2004, 05:00 (0 Talkback[s])

SAUCE (paranoid anti-spam mailserver) 0.7.15, 0.8.1 BETA


I am pleased to announce a new public BETA release of GNU SAUCE, version 0.8.1. This contains new features, bugfixes, and some changes to the default settings and policies (to cope with new spam patterns).

However, I also regret to inform you that there is moderately serious time-dependent bug in GNU SAUCE before 0.7.16. All users are encouraged to upgrade, either to the bugfix release 0.7.16, or to the newer version 0.8.1, or to apply the immediate remedy below. Please read the information below about the time-dependent bug.

0.7.16 and 0.8.1 are not currently available via ftp ftp.gnu.org, but they are available via my own server at http://www.chiark.greenend.org.uk/~ian/sauce/ http://www.chiark.greenend.org.uk/~ian/sauce/ftp/ along with more information about SAUCE, including details of the mailing lists, CVS repository, and of course the distribution files.

Debian users should be able to acquire the current version of SAUCE (0.8.1) from the Debian unstable distribution shortly, and can use usual Debian support channels.

Changes in 0.8.1


  • site-annoy database expires properly (NB you must clean it when you upgrade!)
  • Fix descriptor leak in ic msg_checkeof.
  • More sensible debug.log entries for firewall commands.
  • Display ipchains/iptables commands in debug.log.

New features:

  • Support Linux 2.4 iptables.
  • Sobig.F shibboleth implemented (taboo_virus_hack, default=off).
  • New X-SAUCE-Notice header informs receiving user of anger towards sending site.
  • busyfury_firewall has new value `immed' meaning firewall for every `421 too busy' or `421 excessive concurrency', not just when maximally furious.
  • New `errok-' policy option for stopping SAUCE from getting too upset with .forward-upstreams and mailing list hosts. Untested yet.
  • Stalling pure-teergrube server for over-aggressive callers.
  • Reinvoking thread_typedefine made safe: doesn't reset id counter. (Means you can patch the running SAUCE more easily.)

Changes to autoblacklisting:

  • blmessage.text split into blmessage-site.text and -addr.text.
  • blmessage.text updated from chiark (no unblacklist policy).
  • Update blacklist timeouts. (2mth/2mth -> 7d/12mth)

MD5 checksums

53de5879aa4162f1b111c76da471a29d sauce-0.7.14-0.7.16.diff.gz
daab7a3e61a33a2e596227e3683008f5 sauce_0.7.16.dsc
445366bf12284f33533ce4a0c91a454a sauce_0.7.16.tar.gz
0a1167bff75c368946815538070ed77c sauce_0.7.16_all.deb
235fe0eb1d594d367ecd6d383ba1660a sauce_0.7.16_i386.changes
64c5651645461cfb626eaaf4f838ad0b sauce_0.8.1.dsc
52f473d24eb80acdd0503b21ca3dc893 sauce_0.8.1.tar.gz
a5f68900c6ba1384ea56e3131fde083e sauce_0.8.1_all.deb
3b14d09e3780573112075283bc642537 sauce_0.8.1_i386.changes

Time-dependent bug

SAUCE maintains a database known as `site-annoy', in which it records its current `opinion' about calling IP addresses. This information is used for various purposes, including capacity reservation and teergrube. Each site's entry is supposed to be kept for a certain length of time and then to expire.

All previous versions of SAUCE have had a bug which means that the expiry time was calculated incorrectly. The expiry time is converted from an elapsed interval in seconds to an absolute time as a time_t, by adding the current time - however, buggy versions of SAUCE perform this calculation twice.

This has two effects:

Firstly, entries created before some time around the 10th of January 2004 (or all entries on 64-bit machines) have a ridiculously large expiry time. This is a performance and disk space problem (the site-annoy decay algorithm means that the very old data is not acted on erroneously).

Secondly, entries created (on 32-bit machines) after approximately the 10th of January 2004 expire immediately (since on the 10th of January time_t reached 0x40000000, so that 2*time_t overflows a signed integer). This effectively lobotomises SAUCE, so that it forgets which sites are `friendly' and which `hostile'.

I recommend correcting the bug, and I also recommend cleaning the site-annoy database to remove the overly-persistent entries. Depending on your circumstances, the following routes may be followed for a fix:

  1. Debian users: Download the replacement 0.7.16 .deb package (or 0.8.1) and install it with dpkg -i. (Alternatively, Debian users can take one of the approaches below.) The package (or a derivative) may go into the next update of Debian stable, but this is not certain.
  2. Install new version:
    1. Download the 0.7.16 or 0.8.1 source, or fetch and apply the 0.7.14-0.7.16 patch.
    2. Build the new version (`make').
    3. Stop SAUCE.
    4. make install
    5. Either run /usr/local/share/sauce/clean-site-annoy, or delete /var/lib/sauce/db-site.annoy.* [1]
    6. Restart SAUCE.
  3. Minimal fix by hand:
    1. Stop SAUCE.
    2. Apply the patch below to the installed /usr/local/share/sauce/smtp.
    3. Delete /var/lib/sauce/db-site.annoy.* [1]
    4. Restart SAUCE.

[1] Cleaning the site-annoy database can be postponed. You can either

run the supplied cleaning script, which deletes only entries with implausible expiry times, or you can delete the whole database (which is fairly harmless, and in any case no worse than the effects of the bug). But, you must not mess with the site-annoy database while SAUCE is running, or it will probably undo your changes.


The following patch fixes the actual problem, and can be applied to the source code smtp.tcl, or to the installed file (usually /usr/local/share/sauce/smtp).

 diff -u -u -r1.14 -r1.14.2.1
  smtp.tcl   15 Jun 2003 15:46:40 -0000      1.14
 +++ smtp.tcl   14 Jan 2004 22:56:33 -0000
 @@ -274,7 +274,7 @@
      if {$cv < -$annoy_love_max} { set cv -$annoy_love_max }
      ds_set site-annoy $ra 
             [string map {{ } a - m} [list $now $cv]] 
    [expr {$now + 3*$annoy_halflife}]
 +          [expr {3*$annoy_halflife}]
      if {$cv <= -$annoy_love_max/2 && $cv <= -($annoy_grumpy+$annoy_actout_max)} {
         set irritamt Ecstatic
      } elseif {$cv <= 0} {

This is not the complete diff between 0.7.14 and 0.7.16. 0.7.16 also contains the clean-site-annoy script, Debian packaging to invoke it, plus of course new-release administrivia.