Kisakye ALex wrote: > Eric Shubert wrote: >> Kisakye ALex wrote: >> >>> Eric Shubert wrote: >>> >>>> Kisakye ALex wrote: >>>> >>>> >>>>> Hello, >>>>> Am getting alot of spam mail these days into my toaster am running >>>>> spamdyke at the front and yes spam assassin is on. Funny that a couple >>>>> of weeks ago spam had tremendously gone down when I implemented >>>>> spamdyke. On some of the messages that are tagged spam, the actual >>>>> email >>>>> is blank?? is spam assassin wiping out the content?? >>>>> >>>>> Any help is welcome... >>>>> thanks >>>>> >>>>> ALex >>>>> >>>>> >>>> Kinda hard to tell much from what you've said so far. >>>> What distro/toaster versions ? >>>> Contents of: >>>> /etc/spamdyke/spamdyke.conf ? >>>> /etc/mail/spamassassin/local.cf ? >>>> /var/qmail/control/simcontrol ? >>>> Sample of spam log ? >>>> >>>> Anything else you'd like to share which might provide a hint, like the >>>> contents of the headers of one of the blank spams? >>>> >>>> >>> Thanks Eric, sorry for the shallow info >>> >>> Am running CentOS 4 toaster version is >>> -- >>> #rpm -qa | grep toaster >>> libdomainkeys-toaster-0.68-1.3.3 >>> courier-authlib-toaster-0.59.2-1.3.6 >>> ezmlm-toaster-0.53.324-1.3.3 >>> maildrop-toaster-2.0.3-1.3.5 >>> squirrelmail-toaster-1.4.13-1.3.9 >>> simscan-toaster-1.3.1-1.3.6 >>> daemontools-toaster-0.76-1.3.3 >>> vpopmail-toaster-5.4.17-1.3.4 >>> libsrs2-toaster-1.0.18-1.3.3 >>> qmail-pop3d-toaster-1.03-1.3.15 >>> courier-imap-toaster-4.1.2-1.3.7 >>> control-panel-toaster-0.5-1.3.4 >>> ezmlm-cgi-toaster-0.53.324-1.3.3 >>> qmailmrtg-toaster-4.2-1.3.3 >>> maildrop-toaster-devel-2.0.3-1.3.5 >>> vqadmin-toaster-2.3.4-1.3.3 >>> spamassassin-toaster-3.2.4-1.3.13 >>> ripmime-toaster-1.4.0.6-1.3.3 >>> qmailtoaster-plus.repo-0.1-1 >>> ucspi-tcp-toaster-0.88-1.3.5 >>> qmail-toaster-1.03-1.3.15 >>> autorespond-toaster-2.0.4-1.3.3 >>> qmailadmin-toaster-1.2.11-1.3.4 >>> isoqlog-toaster-2.1-1.3.4 >>> clamav-toaster-0.93-1.3.18 >>> qmailtoaster-plus-0.3.0-1.4.4 >>> -- >>> >>> spamdyke.conf >>> -- >>> #check-dnsrbl=zombie.dnsbl.sorbs.net >>> #check-dnsrbl=dul.dnsbl.sorbs.net >>> #check-dnsrbl=bogons.cymru.com >>> check-dnsrbl=zen.spamhaus.org >>> check-dnsrbl=bl.spamcop.net >>> check-dnsrbl=list.dsbl.org >>> graylist-dir=/var/spamdyke/graylist >>> graylist-max-secs=2678400 >>> graylist-min-secs=180 >>> greeting-delay-secs=5 >>> idle-timeout-secs=60 >>> ip-blacklist-file=/etc/spamdyke/blacklist_ip >>> ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords >>> ip-whitelist-file=/etc/spamdyke/whitelist_ip >>> local-domains-file=/var/qmail/control/rcpthosts >>> log-level=2 >>> log-target=0 >>> max-recipients=5 >>> #policy-url=http://my.policy.explanation.url/ >>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns >>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns >>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients >>> reject-empty-rdns >>> #reject-ip-in-cc-rdns >>> reject-missing-sender-mx >>> reject-unresolvable-rdns >>> sender-blacklist-file=/etc/spamdyke/blacklist_senders >>> tls-certificate-file=/var/qmail/control/servercert.pem >>> ---- >>> >>> contents of >>> >>> /etc/mail/spamassassin/local.cf >>> >>> ok_locales all >>> skip_rbl_checks 1 >>> >>> required_score 5 >>> report_safe 0 >>> rewrite_header Subject ***SPAM*** >>> >>> use_pyzor 1 >>> >>> use_auto_whitelist 1 >>> >>> use_bayes 1 >>> use_bayes_rules 1 >>> bayes_auto_learn 1 >>> -- >>> >>> contents of /var/qmail/control/simcontrol >>> >>> :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif >>> --- >>> >>> And this is a header from one of the emails >>> >>> >>> From: - Tue Jun 10 13:53:15 2008 >>> X-Account-Key: account2 >>> X-UIDL: 1213094543.26404.abram.domain.com,S=1345 >>> X-Mozilla-Status: 0001 >>> X-Mozilla-Status2: 00000000 >>> X-Mozilla-Keys: Return-Path: <[EMAIL PROTECTED]> >>> Delivered-To: [EMAIL PROTECTED] >>> Received: (qmail 26402 invoked by uid 89); 10 Jun 2008 10:42:23 >>> -0000 >>> Received: by simscan 1.3.1 ppid: 26302, pid: 26343, t: 60.5942s >>> scanners: attach: 1.3.1 clamav: 0.93 >>> /m: 46/d:7046 spam: 3.2.4 >>> X-Spam-Flag: YES >>> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on >>> abram.domain.com >>> X-Spam-Level: ******** >>> X-Spam-Status: Yes, score=9.0 required=5.0 >>> tests=EMPTY_MESSAGE,MISSING_DATE, >>> MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE, >>> TVD_SPACE_RATIO autolearn=no version=3.2.4 >>> X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 0.0 >>> MISSING_DATE Missing Date: header * 2.5 MISSING_HB_SEP Missing blank >>> line between message header and body * 1.6 MISSING_HEADERS Missing To: >>> header * 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO * 1.3 MISSING_SUBJECT >>> Missing Subject: header * 0.6 EMPTY_MESSAGE Message appears to have no >>> textual parts and no * Subject: text * 0.1 RDNS_NONE Delivered to >>> trusted network by a host with no rDNS >>> Received: from unknown (HELO ole.kenic.or.ke) (198.32.67.19) by >>> abram.domain.com with SMTP; 10 Jun 2008 10:41:22 -0000 >>> Received-SPF: none (abram.domain.com: domain at my.co.ke does not >>> designate permitted sender hosts) >>> Subject: ***SPAM*** >>> X-Spam-Prev-Subject: (nonexistent) >>> >>> >>> >>> thanks >>> >>> >>> ALex >>> >>> >> >> ALex, >> >> I don't see any glaring problem. In local.cf I'd use >> skip_rbl_checks 0 >> but that's not a big thing. >> >> Can you find and post the smtp log messages that correspond to this >> message? >> >> If the smtp log for this message appears normal, I think I'd try using >> full-log-dir=/var/log/spamdyke >> in spamdyke.conf for a while and see if you can capture the whole smtp >> session for one of these. Be sure you have plenty of disk space at the >> specified location, because it'll log a ton of stuff. ;) Much easier >> to use >> though than recordio, as each message is logged in a separate file. >> >> > Eric, Below are some of the smtp logs for the messages... I can see > TIMEOUT in them but from looking at the rest of the smtp log file I can > see other messages that TIMED out but still made it... for me it seems > that this is happening only for this my.co.ke domain but there other > users on this toaster with the same issue from other domains... > > > @40000000484feb090b2bdef4 TIMEOUT from: [EMAIL PROTECTED] to: > [EMAIL PROTECTED] origin_ip: 198.32.67.19 origin_rdns: ole.kenic.or.ke > auth: (unknown) reason: (unknown) > @40000000484feb09117ce7e4 simscan:[3130]:CLEAN > (9.00/12.00):61.0956s:***SPAM*** > :198.32.67.19:[EMAIL PROTECTED]:[EMAIL PROTECTED]: > > --Another One > > @40000000484fd73c1d34e7e4 TIMEOUT from: [EMAIL PROTECTED] to: > [EMAIL PROTECTED] origin_ip: 198.32.67.19 origin_rdns: ole.kenic.or.ke > auth: (unknown) reason: (unknown) > @40000000484fd73c23a04704 simscan:[30585]:CLEAN > (9.00/12.00):61.0979s:***SPAM*** > :198.32.67.19:[EMAIL PROTECTED]:[EMAIL PROTECTED]: > > > thanks > > ALex
There is still a bug in spamdyke 3.1.8 relating to Timeouts. They symptoms I've seen though is with large emails, not blank ones. Try using idle-timeout-secs=700 or something in that range. -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]