Kisakye ALex wrote:
> Eric Shubert wrote:
>> Kisakye ALex wrote:
>>
>>> Eric Shubert wrote:
>>>
>>>> Kisakye ALex wrote:
>>>>
>>>>
>>>>> Hello,
>>>>> Am getting alot of spam mail these days into my toaster am running
>>>>> spamdyke at the front and yes spam assassin is on. Funny that a couple
>>>>> of weeks ago spam had tremendously gone down when I implemented
>>>>> spamdyke. On some of the messages that are tagged spam, the actual
>>>>> email
>>>>> is blank?? is spam assassin wiping out the content??
>>>>>
>>>>> Any help is welcome...
>>>>> thanks
>>>>>
>>>>> ALex
>>>>>
>>>>>
>>>> Kinda hard to tell much from what you've said so far.
>>>> What distro/toaster versions ?
>>>> Contents of:
>>>> /etc/spamdyke/spamdyke.conf ?
>>>> /etc/mail/spamassassin/local.cf ?
>>>> /var/qmail/control/simcontrol ?
>>>> Sample of spam log ?
>>>>
>>>> Anything else you'd like to share which might provide a hint, like the
>>>> contents of the headers of one of the blank spams?
>>>>
>>>>
>>> Thanks Eric, sorry for the shallow info
>>>
>>> Am running CentOS 4 toaster version is
>>> --
>>> #rpm -qa | grep toaster
>>> libdomainkeys-toaster-0.68-1.3.3
>>> courier-authlib-toaster-0.59.2-1.3.6
>>> ezmlm-toaster-0.53.324-1.3.3
>>> maildrop-toaster-2.0.3-1.3.5
>>> squirrelmail-toaster-1.4.13-1.3.9
>>> simscan-toaster-1.3.1-1.3.6
>>> daemontools-toaster-0.76-1.3.3
>>> vpopmail-toaster-5.4.17-1.3.4
>>> libsrs2-toaster-1.0.18-1.3.3
>>> qmail-pop3d-toaster-1.03-1.3.15
>>> courier-imap-toaster-4.1.2-1.3.7
>>> control-panel-toaster-0.5-1.3.4
>>> ezmlm-cgi-toaster-0.53.324-1.3.3
>>> qmailmrtg-toaster-4.2-1.3.3
>>> maildrop-toaster-devel-2.0.3-1.3.5
>>> vqadmin-toaster-2.3.4-1.3.3
>>> spamassassin-toaster-3.2.4-1.3.13
>>> ripmime-toaster-1.4.0.6-1.3.3
>>> qmailtoaster-plus.repo-0.1-1
>>> ucspi-tcp-toaster-0.88-1.3.5
>>> qmail-toaster-1.03-1.3.15
>>> autorespond-toaster-2.0.4-1.3.3
>>> qmailadmin-toaster-1.2.11-1.3.4
>>> isoqlog-toaster-2.1-1.3.4
>>> clamav-toaster-0.93-1.3.18
>>> qmailtoaster-plus-0.3.0-1.4.4
>>> --
>>>
>>> spamdyke.conf
>>> --
>>> #check-dnsrbl=zombie.dnsbl.sorbs.net
>>> #check-dnsrbl=dul.dnsbl.sorbs.net
>>> #check-dnsrbl=bogons.cymru.com
>>> check-dnsrbl=zen.spamhaus.org
>>> check-dnsrbl=bl.spamcop.net
>>> check-dnsrbl=list.dsbl.org
>>> graylist-dir=/var/spamdyke/graylist
>>> graylist-max-secs=2678400
>>> graylist-min-secs=180
>>> greeting-delay-secs=5
>>> idle-timeout-secs=60
>>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>>> ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords
>>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>>> local-domains-file=/var/qmail/control/rcpthosts
>>> log-level=2
>>> log-target=0
>>> max-recipients=5
>>> #policy-url=http://my.policy.explanation.url/
>>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
>>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>>> reject-empty-rdns
>>> #reject-ip-in-cc-rdns
>>> reject-missing-sender-mx
>>> reject-unresolvable-rdns
>>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>>> tls-certificate-file=/var/qmail/control/servercert.pem
>>> ----
>>>
>>> contents of
>>>
>>> /etc/mail/spamassassin/local.cf
>>>
>>> ok_locales all
>>> skip_rbl_checks 1
>>>
>>> required_score 5
>>> report_safe 0
>>> rewrite_header Subject ***SPAM***
>>>
>>> use_pyzor 1
>>>
>>> use_auto_whitelist 1
>>>
>>> use_bayes 1
>>> use_bayes_rules 1
>>> bayes_auto_learn 1
>>> --
>>>
>>> contents of /var/qmail/control/simcontrol
>>>
>>> :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
>>> ---
>>>
>>> And this is a header from one of the emails
>>>
>>>
>>> From: - Tue Jun 10 13:53:15 2008
>>> X-Account-Key: account2
>>> X-UIDL: 1213094543.26404.abram.domain.com,S=1345
>>> X-Mozilla-Status: 0001
>>> X-Mozilla-Status2: 00000000
>>> X-Mozilla-Keys: Return-Path: <[EMAIL PROTECTED]>
>>> Delivered-To: [EMAIL PROTECTED]
>>> Received: (qmail 26402 invoked by uid 89); 10 Jun 2008 10:42:23
>>> -0000
>>> Received: by simscan 1.3.1 ppid: 26302, pid: 26343, t: 60.5942s
>>> scanners: attach: 1.3.1 clamav: 0.93
>>> /m: 46/d:7046 spam: 3.2.4
>>> X-Spam-Flag: YES
>>> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
>>> abram.domain.com
>>> X-Spam-Level: ********
>>> X-Spam-Status: Yes, score=9.0 required=5.0
>>> tests=EMPTY_MESSAGE,MISSING_DATE,
>>> MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE,
>>> TVD_SPACE_RATIO autolearn=no version=3.2.4
>>> X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 0.0
>>> MISSING_DATE Missing Date: header * 2.5 MISSING_HB_SEP Missing blank
>>> line between message header and body * 1.6 MISSING_HEADERS Missing To:
>>> header * 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO * 1.3 MISSING_SUBJECT
>>> Missing Subject: header * 0.6 EMPTY_MESSAGE Message appears to have no
>>> textual parts and no * Subject: text * 0.1 RDNS_NONE Delivered to
>>> trusted network by a host with no rDNS
>>> Received: from unknown (HELO ole.kenic.or.ke) (198.32.67.19) by
>>> abram.domain.com with SMTP; 10 Jun 2008 10:41:22 -0000
>>> Received-SPF: none (abram.domain.com: domain at my.co.ke does not
>>> designate permitted sender hosts)
>>> Subject: ***SPAM***
>>> X-Spam-Prev-Subject: (nonexistent)
>>>
>>>
>>>
>>> thanks
>>>
>>>
>>> ALex
>>>
>>>
>>
>> ALex,
>>
>> I don't see any glaring problem. In local.cf I'd use
>> skip_rbl_checks 0
>> but that's not a big thing.
>>
>> Can you find and post the smtp log messages that correspond to this
>> message?
>>
>> If the smtp log for this message appears normal, I think I'd try using
>> full-log-dir=/var/log/spamdyke
>> in spamdyke.conf for a while and see if you can capture the whole smtp
>> session for one of these. Be sure you have plenty of disk space at the
>> specified location, because it'll log a ton of stuff. ;) Much easier
>> to use
>> though than recordio, as each message is logged in a separate file.
>>
>>
> Eric, Below are some of the smtp logs for the messages... I can see
> TIMEOUT in them but from looking at the rest of the smtp log file I can
> see other messages that TIMED out but still made it... for me it seems
> that this is happening only for this my.co.ke domain but there other
> users on this toaster with the same issue from other domains...
>
>
> @40000000484feb090b2bdef4 TIMEOUT from: [EMAIL PROTECTED] to:
> [EMAIL PROTECTED] origin_ip: 198.32.67.19 origin_rdns: ole.kenic.or.ke
> auth: (unknown) reason: (unknown)
> @40000000484feb09117ce7e4 simscan:[3130]:CLEAN
> (9.00/12.00):61.0956s:***SPAM***
> :198.32.67.19:[EMAIL PROTECTED]:[EMAIL PROTECTED]:
>
> --Another One
>
> @40000000484fd73c1d34e7e4 TIMEOUT from: [EMAIL PROTECTED] to:
> [EMAIL PROTECTED] origin_ip: 198.32.67.19 origin_rdns: ole.kenic.or.ke
> auth: (unknown) reason: (unknown)
> @40000000484fd73c23a04704 simscan:[30585]:CLEAN
> (9.00/12.00):61.0979s:***SPAM***
> :198.32.67.19:[EMAIL PROTECTED]:[EMAIL PROTECTED]:
>
>
> thanks
>
> ALex
There is still a bug in spamdyke 3.1.8 relating to Timeouts. They symptoms
I've seen though is with large emails, not blank ones. Try using
idle-timeout-secs=700
or something in that range.
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
