Release Digest: GNU, January 15, 2004

SAUCE (paranoid anti-spam mailserver) 0.7.15, 0.8.1 BETA


I am pleased to announce a new public BETA release of GNU SAUCE,
version 0.8.1. This contains new features, bugfixes, and some
changes to the default settings and policies (to cope with new spam

However, I also regret to inform you that there is moderately
serious time-dependent bug in GNU SAUCE before 0.7.16. All users
are encouraged to upgrade, either to the bugfix release 0.7.16, or
to the newer version 0.8.1, or to apply the immediate remedy below.
Please read the information below about the time-dependent bug.

0.7.16 and 0.8.1 are not currently available via ftp ftp.gnu.org, but they are available via my
own server at http://www.chiark.greenend.org.uk/~ian/sauce/
along with more information about SAUCE, including details of the
mailing lists, CVS repository, and of course the distribution

Debian users should be able to acquire the current version of
SAUCE (0.8.1) from the Debian unstable distribution shortly, and
can use usual Debian support channels.

Changes in 0.8.1


  • site-annoy database expires properly (NB you must clean it when
    you upgrade!)
  • Fix descriptor leak in ic msg_checkeof.
  • More sensible debug.log entries for firewall commands.
  • Display ipchains/iptables commands in debug.log.

New features:

  • Support Linux 2.4 iptables.
  • Sobig.F shibboleth implemented (taboo_virus_hack,
  • New X-SAUCE-Notice header informs receiving user of anger
    towards sending site.
  • busyfury_firewall has new value `immed’ meaning firewall for
    every `421 too busy’ or `421 excessive concurrency’, not just when
    maximally furious.
  • New `errok-‘ policy option for stopping SAUCE from getting too
    upset with .forward-upstreams and mailing list hosts. Untested
  • Stalling pure-teergrube server for over-aggressive
  • Reinvoking thread_typedefine made safe: doesn’t reset id
    counter. (Means you can patch the running SAUCE more easily.)

Changes to autoblacklisting:

  • blmessage.text split into blmessage-site.text and
  • blmessage.text updated from chiark (no unblacklist
  • Update blacklist timeouts. (2mth/2mth -> 7d/12mth)

MD5 checksums

53de5879aa4162f1b111c76da471a29d sauce-0.7.14-0.7.16.diff.gz
daab7a3e61a33a2e596227e3683008f5 sauce_0.7.16.dsc
445366bf12284f33533ce4a0c91a454a sauce_0.7.16.tar.gz
0a1167bff75c368946815538070ed77c sauce_0.7.16_all.deb
235fe0eb1d594d367ecd6d383ba1660a sauce_0.7.16_i386.changes
64c5651645461cfb626eaaf4f838ad0b sauce_0.8.1.dsc
52f473d24eb80acdd0503b21ca3dc893 sauce_0.8.1.tar.gz
a5f68900c6ba1384ea56e3131fde083e sauce_0.8.1_all.deb
3b14d09e3780573112075283bc642537 sauce_0.8.1_i386.changes

Time-dependent bug

SAUCE maintains a database known as `site-annoy’, in which it
records its current `opinion’ about calling IP addresses. This
information is used for various purposes, including capacity
reservation and teergrube. Each site’s entry is supposed to be kept
for a certain length of time and then to expire.

All previous versions of SAUCE have had a bug which means that
the expiry time was calculated incorrectly. The expiry time is
converted from an elapsed interval in seconds to an absolute time
as a time_t, by adding the current time – however, buggy versions
of SAUCE perform this calculation twice.

This has two effects:

Firstly, entries created before some time around the 10th of
January 2004 (or all entries on 64-bit machines) have a
ridiculously large expiry time. This is a performance and disk
space problem (the site-annoy decay algorithm means that the very
old data is not acted on erroneously).

Secondly, entries created (on 32-bit machines) after
approximately the 10th of January 2004 expire immediately (since on
the 10th of January time_t reached 0x40000000, so that 2*time_t
overflows a signed integer). This effectively lobotomises SAUCE, so
that it forgets which sites are `friendly’ and which `hostile’.

I recommend correcting the bug, and I also recommend cleaning
the site-annoy database to remove the overly-persistent entries.
Depending on your circumstances, the following routes may be
followed for a fix:

  1. Debian users: Download the replacement 0.7.16 .deb package (or
    0.8.1) and install it with dpkg -i. (Alternatively, Debian users
    can take one of the approaches below.) The package (or a
    derivative) may go into the next update of Debian stable, but this
    is not certain.
  2. Install new version:
    1. Download the 0.7.16 or 0.8.1 source, or fetch and apply the
      0.7.14-0.7.16 patch.
    2. Build the new version (`make’).
    3. Stop SAUCE.
    4. make install
    5. Either run /usr/local/share/sauce/clean-site-annoy, or delete
      /var/lib/sauce/db-site.annoy.* [1]
    6. Restart SAUCE.
  3. Minimal fix by hand:
    1. Stop SAUCE.
    2. Apply the patch below to the installed
    3. Delete /var/lib/sauce/db-site.annoy.* [1]
    4. Restart SAUCE.

[1] Cleaning the site-annoy database can be postponed. You can

run the supplied cleaning script, which deletes only entries
with implausible expiry times, or you can delete the whole database
(which is fairly harmless, and in any case no worse than the
effects of the bug). But, you must not mess with the site-annoy
database while SAUCE is running, or it will probably undo your


The following patch fixes the actual problem, and can be applied
to the source code smtp.tcl, or to the installed file (usually

 diff -u -u -r1.14 -r1.14.2.1
  smtp.tcl   15 Jun 2003 15:46:40 -0000      1.14
 +++ smtp.tcl   14 Jan 2004 22:56:33 -0000
 @@ -274,7 +274,7 @@
      if {$cv < -$annoy_love_max} { set cv -$annoy_love_max }
      ds_set site-annoy $ra 
             [string map {{ } a - m} [list $now $cv]] 
    [expr {$now + 3*$annoy_halflife}]
 +          [expr {3*$annoy_halflife}]
      if {$cv <= -$annoy_love_max/2 && $cv <= -($annoy_grumpy+$annoy_actout_max)} {
         set irritamt Ecstatic
      } elseif {$cv <= 0} {

This is not the complete diff between 0.7.14 and 0.7.16. 0.7.16
also contains the clean-site-annoy script, Debian packaging to
invoke it, plus of course new-release administrivia.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis