[qmailtoaster] Re: Duplicate e-mails

Thu, 01 Apr 2010 12:04:56 -0700 

Postmaster wrote:

On 01/04/2010 16:35, Eric Shubert wrote:

Postmaster wrote:

Hi,
I recently can see an increase amount of duplicate e-mails on my qmailtoaster, which is very annoying. After searching through the archive, I found out that SpamAssassin/ClamAV are to blame. 
SpamAssassin - 3.2.5 and ClamAV - 0.95.3
Is there any ready to go script to monitor spamassassin/ClamAV to know which is causing the problem? I do have DNBL checks which may network time out problems as well. What is the standard time out and 
where do I change it? Any advice on time-out please?
Not really anything you can do with timeout, as it's the sender who is timing out because your QMT is taking too long to scan. 

What are your scan times looking like?
How many messages are being scanned concurrently?
A sampling of your spamd log would help to answer these questions.



Smapdyke is in the debug mode:

2010-04-01 17:47:27.617663500 tcpserver: pid 28804 from 212.113.23.140
2010-04-01 17:47:27.617812500 tcpserver: ok 28804 
xxxxxxxxxxxxxxx.uk:109.74.205.xx:25 :212.113.23.140::26123
2010-04-01 17:47:27.623569500 spamdyke[28804]: 
DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns: 
listservc.advfn.com
2010-04-01 17:47:27.623650500 spamdyke[28804]: 
DEBUG(filter_rdns_whitelist_file()@filter.c:956): searching rDNS whitelist 
file(s); rdns: listservc.advfn.com
2010-04-01 17:47:27.623742500 spamdyke[28804]: 
DEBUG(filter_rdns_blacklist_file()@filter.c:1059): searching rDNS blacklist 
file(s); rdns: listservc.advfn.com
2010-04-01 17:47:27.623822500 spamdyke[28804]: 
DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip: 
212.113.23.140
2010-04-01 17:47:27.623929500 spamdyke[28804]: 
DEBUG(filter_ip_blacklist()@filter.c:1177): searching IP blacklist file(s); ip: 
212.113.23.140
2010-04-01 17:47:27.624148500 spamdyke[28804]: 
DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1272): checking for IP in rDNS 
+keyword(s) in whitelist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:47:27.624262500 spamdyke[28804]: 
DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1226): checking for IP in rDNS 
+keyword(s) in blacklist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:47:27.624347500 spamdyke[28804]: 
DEBUG(filter_rdns_resolve()@filter.c:1318): checking rDNS resolution; rdns: 
listservc.advfn.com
2010-04-01 17:47:27.626867500 spamdyke[28804]: 
DEBUG(filter_dns_rbl()@filter.c:1527): checking DNS RBL(s); ip: 212.113.23.140
2010-04-01 17:47:27.664906500 spamdyke[28804]: 
DEBUG(filter_earlytalker()@filter.c:1695): checking for earlytalker; delay: 5
2010-04-01 17:47:32.891226500 spamdyke[28804]: 
DEBUG(filter_sender_whitelist()@filter.c:1747): searching sender whitelist(s); 
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:47:32.901638500 spamdyke[28804]: 
DEBUG(filter_sender_blacklist()@filter.c:1881): searching sender blacklist(s); 
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:47:32.901764500 spamdyke[28804]: 
DEBUG(filter_sender_no_mx()@filter.c:2080): checking for sender domain MX 
record; domain: listserv.advfn.com
2010-04-01 17:47:32.903432500 CHKUSER accepted sender: from 
<bounceadvfn-alexander=xxxxxxxxxxxxxx...@listserv.advfn.com::> remote 
<listservc.advfn.com:unknown:212.113.23..140> rcpt <> : sender accepted
2010-04-01 17:47:32.906144500 spamdyke[28804]: 
DEBUG(filter_recipient_whitelist()@filter.c:2113): searching recipient 
whitelist(s); recipient: alexan...@xxxxxxxxxxxxxxx.uk
2010-04-01 17:47:32.906271500 spamdyke[28804]: 
DEBUG(filter_recipient_relay()@filter.c:2183): checking relaying; relay-level: 
0 recipient: alexan...@xxxxxxxxxxxxxx.uk ip: 212.113.23.140 rdns: 
listservc.advfn.com local_recipient: true relaying_allowed: false
2010-04-01 17:47:32.906395500 spamdyke[28804]: 
DEBUG(filter_recipient_local()@filter.c:2154): checking for unqualified 
recipient; recipient: alexan...@xxxxxxxxxxxxx.uk
2010-04-01 17:47:32.906497500 spamdyke[28804]: 
DEBUG(filter_recipient_max()@filter.c:2244): checking maximum recipients; 
maximum: 50 current: 0
2010-04-01 17:47:32.906583500 spamdyke[28804]: 
DEBUG(filter_recipient_blacklist()@filter.c:2278): searching recipient 
blacklist(s); recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:47:32.911919500 spamdyke[28804]: 
DEBUG(filter_recipient_graylist()@filter.c:2342): checking graylist; recipient: 
alexan...@xxxxxxxxxxx.uk sender: 
bounceadvfn-alexander=xxxxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:47:33.031832500 CHKUSER accepted rcpt: from 
<bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com::> remote 
<listservc.advfn.com:unknown:212.113.23.140> rcpt <alexan...@xxxxxxxxxxxxx.uk> : 
found existing recipient
2010-04-01 17:47:33.031892500 policy_check: remote 
bounceadvfn-alexander=xxxxxxxxxxxxxxxx...@listserv.advfn.com -> local 
alexan...@xxxxxxxxxxxx.uk (UNAUTHENTICATED SENDER)
2010-04-01 17:47:33.031980500 policy_check: policy allows transmission
2010-04-01 17:47:33.032161500 spamdyke[28804]: ALLOWED from: 
bounceadvfn-alexander=xxxxxxxxxxxxx...@listserv.advfn.com to: 
alexan...@xxxxxxxxxxxxxxx.uk origin_ip: 212.113.23.140 origin_rdns: 
listservc.advfn.com auth: (unknown)
2010-04-01 17:47:51.878073500 tcpserver: status: 2/100


This doesn't tell much one way or another. Not enough of the log to see.


Then another message

2010-04-01 17:48:43.177424500 tcpserver: status: 1/100
2010-04-01 17:48:44.345581500 simscan:[28806]:CLEAN 
(-8.00/12.00):71.3092s:Evening Euro Markets 
Bulletin:212.113.23.140:bounceadvfn-alexander=xxxxxxxxxxxxx...@listserv.advfn.com:alexan...@xxxxxxxxxxxxxx.uk
2010-04-01 17:48:46.739561500 tcpserver: end 28804 status 0
2010-04-01 17:48:46.739564500 tcpserver: status: 0/100
2010-04-01 17:52:21.140747500 tcpserver: status: 1/100
2010-04-01 17:52:21.141620500 tcpserver: pid 29492 from 127.0.0.1
2010-04-01 17:52:21.160434500 tcpserver: ok 29492 xxxxxxxxxxxxx.uk:127.0.0.1:25 
:127.0.0.1::44311
2010-04-01 17:52:21.240662500 spamdyke[29492]: 
DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns: 
localhost
2010-04-01 17:52:21.240688500 spamdyke[29492]: 
DEBUG(filter_rdns_whitelist_file()@filter.c:956): searching rDNS whitelist 
file(s); rdns: localhost
2010-04-01 17:52:21.240749500 spamdyke[29492]: 
DEBUG(filter_rdns_blacklist_file()@filter.c:1059): searching rDNS blacklist 
file(s); rdns: localhost
2010-04-01 17:52:21.240807500 spamdyke[29492]: 
DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip: 
127.0.0.1
2010-04-01 17:52:21.246480500 spamdyke[29492]: FILTER_WHITELIST_IP ip: 
127.0.0.1 file: /etc/spamdyke/whitelist_ip(1)
2010-04-01 17:52:21.428421500 tcpserver: end 29492 status 0
2010-04-01 17:52:21.428467500 tcpserver: status: 0/100
2010-04-01 17:53:33.661770500 tcpserver: status: 1/100
2010-04-01 17:53:33.662234500 tcpserver: pid 30821 from 212.113.23.140
2010-04-01 17:53:33.696211500 tcpserver: ok 30821 
xxxxxxxxxxxxxx.uk:109.74.205.xx:25 :212.113.23.140::30042
2010-04-01 17:53:34.138092500 spamdyke[30821]: 
DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns: 
listservc.advfn.com
2010-04-01 17:53:34.138236500 spamdyke[30821]: 
DEBUG(filter_rdns_whitelist_file()@filter.c:956): searching rDNS whitelist 
file(s); rdns: listservc.advfn.com
2010-04-01 17:53:34.138378500 spamdyke[30821]: 
DEBUG(filter_rdns_blacklist_file()@filter.c:1059): searching rDNS blacklist 
file(s); rdns: listservc.advfn.com
2010-04-01 17:53:34.138501500 spamdyke[30821]: 
DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip: 
212.113.23.140
2010-04-01 17:53:34.138791500 spamdyke[30821]: 
DEBUG(filter_ip_blacklist()@filter.c:1177): searching IP blacklist file(s); ip: 
212.113.23.140
2010-04-01 17:53:34.138920500 spamdyke[30821]: 
DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1272): checking for IP in rDNS 
+keyword(s) in whitelist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:53:34.139035500 spamdyke[30821]: 
DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1226): checking for IP in rDNS 
+keyword(s) in blacklist file; ip: 212.113.23.140 rdns: listservc.advfn.com
2010-04-01 17:53:34.139119500 spamdyke[30821]: 
DEBUG(filter_rdns_resolve()@filter.c:1318): checking rDNS resolution; rdns: 
listservc.advfn.com
2010-04-01 17:53:34.139643500 spamdyke[30821]: 
DEBUG(filter_dns_rbl()@filter.c:1527): checking DNS RBL(s); ip: 212.113.23.140
2010-04-01 17:53:34.160235500 spamdyke[30821]: 
DEBUG(filter_earlytalker()@filter.c:1695): checking for earlytalker; delay: 5
2010-04-01 17:53:39.587434500 spamdyke[30821]: 
DEBUG(filter_sender_whitelist()@filter.c:1747): searching sender whitelist(s); 
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:53:39.601649500 spamdyke[30821]: 
DEBUG(filter_sender_blacklist()@filter.c:1881): searching sender blacklist(s); 
sender: bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:53:39.601701500 spamdyke[30821]: 
DEBUG(filter_sender_no_mx()@filter.c:2080): checking for sender domain MX 
record; domain: listserv.advfn.com
2010-04-01 17:53:39.603728500 CHKUSER accepted sender: from 
<bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com::> remote 
<listservc.advfn.com:unknown:212.113.23.140> rcpt <> : sender accepted
2010-04-01 17:53:39.604358500 spamdyke[30821]: 
DEBUG(filter_recipient_whitelist()@filter.c:2113): searching recipient 
whitelist(s); recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:39.604410500 spamdyke[30821]: 
DEBUG(filter_recipient_relay()@filter.c:2183): checking relaying; relay-level: 
0 recipient: alexan...@xxxxxxxxxxxx.uk ip: 212.113.23.140 rdns: 
listservc.advfn.com local_recipient: true relaying_allowed: false
2010-04-01 17:53:39.604500500 spamdyke[30821]: 
DEBUG(filter_recipient_local()@filter.c:2154): checking for unqualified 
recipient; recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:39.604581500 spamdyke[30821]: 
DEBUG(filter_recipient_max()@filter.c:2244): checking maximum recipients; 
maximum: 50 current: 0
2010-04-01 17:53:39.604657500 spamdyke[30821]: 
DEBUG(filter_recipient_blacklist()@filter.c:2278): searching recipient 
blacklist(s); recipient: alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:39.609931500 spamdyke[30821]: 
DEBUG(filter_recipient_graylist()@filter.c:2342): checking graylist; recipient: 
alexan...@xxxxxxxxxxxx.uk sender: 
bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com
2010-04-01 17:53:39.670182500 CHKUSER accepted rcpt: from 
<bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com::> remote 
<listservc.advfn.com:unknown:212.113.23.140> rcpt <alexan...@xxxxxxxxxxxx.uk> : found 
existing recipient
2010-04-01 17:53:39.670202500 policy_check: remote 
bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com -> local 
alexan...@xxxxxxxxxxxx.uk (UNAUTHENTICATED SENDER)
2010-04-01 17:53:39.670256500 policy_check: policy allows transmission
2010-04-01 17:53:39.670344500 spamdyke[30821]: ALLOWED from: 
bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com to: 
alexan...@xxxxxxxxxxxx.uk origin_ip: 212.113.23.140 origin_rdns: 
listservc.advfn.com auth: (unknown)
2010-04-01 17:53:57.826849500 simscan:[30822]:CLEAN 
(-8.00/12.00):18.1544s:Evening Euro Markets 
Bulletin:212.113.23.140:bounceadvfn-alexander=xxxxxxxxxxxx...@listserv.advfn.com:alexan...@xxxxxxxxxxxx.uk
2010-04-01 17:53:57.913901500 tcpserver: end 30821 status 0
2010-04-01 17:53:57.913903500 tcpserver: status: 0/100



Looks like simscan is the culprit and times out the remote server.
Is this the log from a duplicated message, and not the last time it was received?
18.1544s is a little long for a scan, but I wouldn't think it'd be long enough to generate a timeout.
Can you find the smtp log messages that correspond to the first receipt of a duplicated message?
Will you post a bit of your spamd log? That might give some sort of indication.
Given that this is a virtual host, it's a bit hard to make a knowledgeable recommendation for improving performance. Is your host paging at all? I'm not familiar at all with Linode VPS. Can you fill us in on that environment? (what type of virtualization, etc) 

--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to