On 01/04/2010 16:35, Eric Shubert wrote:
Postmaster wrote:
Hi,
I recently can see an increase amount of duplicate e-mails on my
qmailtoaster, which is very annoying.
After searching through the archive, I found out that
SpamAssassin/ClamAV are to blame.
SpamAssassin - 3.2.5 and ClamAV - 0.95.3
Is there any ready to go script to monitor spamassassin/ClamAV to
know which is causing the problem?
I do have DNBL checks which may network time out problems as well.
What is the standard time out and
where do I change it? Any advice on time-out please?
Not really anything you can do with timeout, as it's the sender who is
timing out because your QMT is taking too long to scan.
What are your scan times looking like?
How many messages are being scanned concurrently?
A sampling of your spamd log would help to answer these questions.
Smapdyke is in the debug mode:
2010-04-01 17:47:27.617663500 tcpserver: pid 28804 from 212.113.23.140
2010-04-01 17:47:27.617812500 tcpserver: ok 28804
xxxxxxxxxxxxxxx.uk:109.74.205.xx:25 :212.113.23.140::26123
2010-04-01 17:47:27.623569500 spamdyke[28804]:
DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns:
listservc.advfn.com
2010-04-01 17:47:27.623650500 spamdyke[28804]:
DEBUG(filter_rdns_whitelist_file()@filter.c:956): searching rDNS whitelist
file(s); rdns: listservc.advfn.com
2010-04-01 17:47:27.623742500 spamdyke[28804]:
DEBUG(filter_rdns_blacklist_file()@filter.c:1059): searching rDNS blacklist
file(s); rdns: listservc.advfn.com
2010-04-01 17:47:27.623822500 spamdyke[28804]:
DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip:
212.113.23.140
2010-04-01 17:47:27.623929500 spamdyke[28804]:
DEBUG(filter_ip_blacklist()@filter.c:1177): searching IP blacklist file(s); ip:
212.113.23.140
2010-04-01 17:47:27.624148500 spamdyke[28804]:
DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1272): checking for IP in rDNS
+keyword(s) in whitelist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:47:27.624262500 spamdyke[28804]:
DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1226): checking for IP in rDNS
+keyword(s) in blacklist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:47:27.624347500 spamdyke[28804]:
DEBUG(filter_rdns_resolve()@filter.c:1318): checking rDNS resolution; rdns:
listservc.advfn.com
2010-04-01 17:47:27.626867500 spamdyke[28804]:
DEBUG(filter_dns_rbl()@filter.c:1527): checking DNS RBL(s); ip: 212.113.23.140
2010-04-01 17:47:27.664906500 spamdyke[28804]:
DEBUG(filter_earlytalker()@filter.c:1695): checking for earlytalker; delay: 5
2010-04-01 17:47:32.891226500 spamdyke[28804]:
DEBUG(filter_sender_whitelist()@filter.c:1747): searching sender whitelist(s);
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:47:32.901638500 spamdyke[28804]:
DEBUG(filter_sender_blacklist()@filter.c:1881): searching sender blacklist(s);
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:47:32.901764500 spamdyke[28804]:
DEBUG(filter_sender_no_mx()@filter.c:2080): checking for sender domain MX
record; domain: listserv.advfn.com
2010-04-01 17:47:32.903432500 CHKUSER accepted sender:
from<bounceadvfn-alexander=xxxxxxxxxxxxxx...@listserv.advfn.com::>
remote<listservc.advfn.com:unknown:212.113.23.140> rcpt<> : sender accepted
2010-04-01 17:47:32.906144500 spamdyke[28804]:
DEBUG(filter_recipient_whitelist()@filter.c:2113): searching recipient
whitelist(s); recipient: alexan...@xxxxxxxxxxxxxxx.uk
2010-04-01 17:47:32.906271500 spamdyke[28804]:
DEBUG(filter_recipient_relay()@filter.c:2183): checking relaying; relay-level:
0 recipient: alexan...@xxxxxxxxxxxxxx.uk ip: 212.113.23.140 rdns:
listservc.advfn.com local_recipient: true relaying_allowed: false
2010-04-01 17:47:32.906395500 spamdyke[28804]:
DEBUG(filter_recipient_local()@filter.c:2154): checking for unqualified
recipient; recipient: alexan...@xxxxxxxxxxxxx.uk
2010-04-01 17:47:32.906497500 spamdyke[28804]:
DEBUG(filter_recipient_max()@filter.c:2244): checking maximum recipients;
maximum: 50 current: 0
2010-04-01 17:47:32.906583500 spamdyke[28804]:
DEBUG(filter_recipient_blacklist()@filter.c:2278): searching recipient
blacklist(s); recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:47:32.911919500 spamdyke[28804]:
DEBUG(filter_recipient_graylist()@filter.c:2342): checking graylist; recipient:
alexan...@xxxxxxxxxxx.uk sender:
bounceadvfn-alexander=xxxxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:47:33.031832500 CHKUSER accepted rcpt:
from<bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com::>
remote<listservc.advfn.com:unknown:212.113.23.140> rcpt<alexan...@xxxxxxxxxxxxx.uk>
: found existing recipient
2010-04-01 17:47:33.031892500 policy_check: remote
bounceadvfn-alexander=xxxxxxxxxxxxxxxx...@listserv.advfn.com -> local
alexan...@xxxxxxxxxxxx.uk (UNAUTHENTICATED SENDER)
2010-04-01 17:47:33.031980500 policy_check: policy allows transmission
2010-04-01 17:47:33.032161500 spamdyke[28804]: ALLOWED from:
bounceadvfn-alexander=xxxxxxxxxxxxx...@listserv.advfn.com to:
alexan...@xxxxxxxxxxxxxxx.uk origin_ip: 212.113.23.140 origin_rdns:
listservc.advfn.com auth: (unknown)
2010-04-01 17:47:51.878073500 tcpserver: status: 2/100
Then another message
2010-04-01 17:48:43.177424500 tcpserver: status: 1/100
2010-04-01 17:48:44.345581500 simscan:[28806]:CLEAN
(-8.00/12.00):71.3092s:Evening Euro Markets
Bulletin:212.113.23.140:bounceadvfn-alexander=xxxxxxxxxxxxx...@listserv.advfn.com:alexan...@xxxxxxxxxxxxxx.uk
2010-04-01 17:48:46.739561500 tcpserver: end 28804 status 0
2010-04-01 17:48:46.739564500 tcpserver: status: 0/100
2010-04-01 17:52:21.140747500 tcpserver: status: 1/100
2010-04-01 17:52:21.141620500 tcpserver: pid 29492 from 127.0.0.1
2010-04-01 17:52:21.160434500 tcpserver: ok 29492 xxxxxxxxxxxxx.uk:127.0.0.1:25
:127.0.0.1::44311
2010-04-01 17:52:21.240662500 spamdyke[29492]:
DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns:
localhost
2010-04-01 17:52:21.240688500 spamdyke[29492]:
DEBUG(filter_rdns_whitelist_file()@filter.c:956): searching rDNS whitelist
file(s); rdns: localhost
2010-04-01 17:52:21.240749500 spamdyke[29492]:
DEBUG(filter_rdns_blacklist_file()@filter.c:1059): searching rDNS blacklist
file(s); rdns: localhost
2010-04-01 17:52:21.240807500 spamdyke[29492]:
DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip:
127.0.0.1
2010-04-01 17:52:21.246480500 spamdyke[29492]: FILTER_WHITELIST_IP ip:
127.0.0.1 file: /etc/spamdyke/whitelist_ip(1)
2010-04-01 17:52:21.428421500 tcpserver: end 29492 status 0
2010-04-01 17:52:21.428467500 tcpserver: status: 0/100
2010-04-01 17:53:33.661770500 tcpserver: status: 1/100
2010-04-01 17:53:33.662234500 tcpserver: pid 30821 from 212.113.23.140
2010-04-01 17:53:33.696211500 tcpserver: ok 30821
xxxxxxxxxxxxxx.uk:109.74.205.xx:25 :212.113.23.140::30042
2010-04-01 17:53:34.138092500 spamdyke[30821]:
DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns:
listservc.advfn.com
2010-04-01 17:53:34.138236500 spamdyke[30821]:
DEBUG(filter_rdns_whitelist_file()@filter.c:956): searching rDNS whitelist
file(s); rdns: listservc.advfn.com
2010-04-01 17:53:34.138378500 spamdyke[30821]:
DEBUG(filter_rdns_blacklist_file()@filter.c:1059): searching rDNS blacklist
file(s); rdns: listservc.advfn.com
2010-04-01 17:53:34.138501500 spamdyke[30821]:
DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip:
212.113.23.140
2010-04-01 17:53:34.138791500 spamdyke[30821]:
DEBUG(filter_ip_blacklist()@filter.c:1177): searching IP blacklist file(s); ip:
212.113.23.140
2010-04-01 17:53:34.138920500 spamdyke[30821]:
DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1272): checking for IP in rDNS
+keyword(s) in whitelist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:53:34.139035500 spamdyke[30821]:
DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1226): checking for IP in rDNS
+keyword(s) in blacklist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:53:34.139119500 spamdyke[30821]:
DEBUG(filter_rdns_resolve()@filter.c:1318): checking rDNS resolution; rdns:
listservc.advfn.com
2010-04-01 17:53:34.139643500 spamdyke[30821]:
DEBUG(filter_dns_rbl()@filter.c:1527): checking DNS RBL(s); ip: 212.113.23.140
2010-04-01 17:53:34.160235500 spamdyke[30821]:
DEBUG(filter_earlytalker()@filter.c:1695): checking for earlytalker; delay: 5
2010-04-01 17:53:39.587434500 spamdyke[30821]:
DEBUG(filter_sender_whitelist()@filter.c:1747): searching sender whitelist(s);
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:53:39.601649500 spamdyke[30821]:
DEBUG(filter_sender_blacklist()@filter.c:1881): searching sender blacklist(s);
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:53:39.601701500 spamdyke[30821]:
DEBUG(filter_sender_no_mx()@filter.c:2080): checking for sender domain MX
record; domain: listserv.advfn.com
2010-04-01 17:53:39.603728500 CHKUSER accepted sender:
from<bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com::>
remote<listservc.advfn.com:unknown:212.113.23.140> rcpt<> : sender accepted
2010-04-01 17:53:39.604358500 spamdyke[30821]:
DEBUG(filter_recipient_whitelist()@filter.c:2113): searching recipient
whitelist(s); recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:39.604410500 spamdyke[30821]:
DEBUG(filter_recipient_relay()@filter.c:2183): checking relaying; relay-level:
0 recipient: alexan...@xxxxxxxxxxxx.uk ip: 212.113.23.140 rdns:
listservc.advfn.com local_recipient: true relaying_allowed: false
2010-04-01 17:53:39.604500500 spamdyke[30821]:
DEBUG(filter_recipient_local()@filter.c:2154): checking for unqualified
recipient; recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:39.604581500 spamdyke[30821]:
DEBUG(filter_recipient_max()@filter.c:2244): checking maximum recipients;
maximum: 50 current: 0
2010-04-01 17:53:39.604657500 spamdyke[30821]:
DEBUG(filter_recipient_blacklist()@filter.c:2278): searching recipient
blacklist(s); recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:39.609931500 spamdyke[30821]:
DEBUG(filter_recipient_graylist()@filter.c:2342): checking graylist; recipient:
alexan...@xxxxxxxxxxxx.uk sender:
bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:53:39.670182500 CHKUSER accepted rcpt:
from<bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com::>
remote<listservc.advfn.com:unknown:212.113.23.140> rcpt<alexan...@xxxxxxxxxxxx.uk>
: found existing recipient
2010-04-01 17:53:39.670202500 policy_check: remote
bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com -> local
alexan...@xxxxxxxxxxxx.uk (UNAUTHENTICATED SENDER)
2010-04-01 17:53:39.670256500 policy_check: policy allows transmission
2010-04-01 17:53:39.670344500 spamdyke[30821]: ALLOWED from:
bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com to:
alexan...@xxxxxxxxxxxx.uk origin_ip: 212.113.23.140 origin_rdns:
listservc.advfn.com auth: (unknown)
2010-04-01 17:53:57.826849500 simscan:[30822]:CLEAN
(-8.00/12.00):18.1544s:Evening Euro Markets
Bulletin:212.113.23.140:bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com:alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:57.913901500 tcpserver: end 30821 status 0
2010-04-01 17:53:57.913903500 tcpserver: status: 0/100
Looks like simscan is the culprit and times out the remote server.
I am also running Qmailtoaster at a Linode VPS (360Mb) so memory is
my issue.
Any recommendation/tuning advice/ideas welcome!
Are you running spamdyke? If not, installing it will lighten the load
on your host because there will be a lot less to scan. Spamdyke
typically rejects 80+% of messages before they're even received.
Yes, I am using spamdyke, this is such a great tool to decrease the load
on the server.
Kind Regards
Alexander Shestakovskiy
