Re: spamd keeps running at 99% CPU until i kill the process
Hello, One thing - you were given an excellent advice today on exim list by Graeme. Why don't you follow it? quote Anyway, this is probably your problem: http://spamassassin.apache.org/advisories/cve-2007-0451.txt Upgrade to 3.1.8 if you can. /quote On Tue, 28 Aug 2007 15:09:14 +, Richard Hobbs [EMAIL PROTECTED] wrote: No, those aren't really that big, but it does look like you have an expiration problem. I've heard that this file should be around 10MB on a standard system, so surely 80MB is huge? Also, our mail server deals with around 1000-1500 emails per day, and is a single-CPU Pentium(R) 4 CPU 2.26GHz with 512MB RAM - should this be able to cope? More than enough. I handle about 26K emails per day on a Pentium III, 512RAM pc and the system is almost idle most of the time. -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
Re: report_header and use_terse_report errors
Hello, On Mon, 27 Aug 2007 09:37:18 -0700, Loren Wilton [EMAIL PROTECTED] wrote: 2.How does mail get from spamd to the users? When the check has been finished, mail is delivered by exim to an appropriate user. Hum. I don't know exim, although others here do. It sounds to me like exim must have been modifying the SA produced markup and passing that along. Ah.. that's quite likely! I use vexim (an addon to make virtual domain handling easier) with exim. You could have gotten something like that line of + marks using STARS(+). But I have the impression you were upgrading from 2.6x or so, and I don't think you could change the character from an asterisk back then without modifying code. (I may be wrong though, its been a long time). I also don't think you could have gotten the specific spam header you showed without some modifications somewhere. I would be inclined to look around the exim config and see if there is anything there that will redo the SA markup into another form. Can you? I already commented some header_remove lines but their effect was that emails which were considered not spam, their headers were not modified. The below config file shows only uncommented lines. http://szalbot.homedns.org/exim.txt Many thanks in advance and thank you to Matt and you for bearing with me! -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
Re: report_header and use_terse_report errors
Hello, On Tue, 28 Aug 2007 00:32:23 -0400, Matt Kettler [EMAIL PROTECTED] wrote: In my MTA (exim) under FreeBSD I have spamd_address = 127.0.0.1 783 Sorry I dropped from the thread.. I missed it when you replied without leaving in a Matt Kettler wrote.. type text in the reply (I have a rule that flags such messages in a different color, so if you want to draw me to a thread, mention my full name or email address username in your message..) In any event, it looks like you're using exiscan. Exiscan generates its own header markups, based on what SA returns. Exiscan uses bit like this to generate its header markups: /* # put headers in all messages (no matter if spam or not) warn message = X-Spam-Score: $spam_score ($spam_bar) spam = nobody:true warn message = X-Spam-Report: $spam_report spam = nobody:true Yes, shame on me. That's exaxtly what is in vexim-acl-check-content.conf So no add header changes, or any other markup change in SA's config files will ever matter. exiscan will just do its own thing anyway. You might be able to modify the report formats, and change the X-Spam-Report.. but if you want to have your yes no in an X-Spam-Status you'll need to set that up in exiscan somehow. Fair enough. This configuration was done quite some time ago and as I was modifying local.cf I forgot to check whether it is not exim which is changing the headers. Thank you for your patience with me! -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
Re: report_header and use_terse_report errors
Hello, That example content will NOT happen from the configuration you quoted. In fact, that example CANNOT be made to happen in SA without considerable effort. Period. Something other than SpamAssassin is generating your headers. How can I check it then? # ps ax |grep spamd 70930 ?? Ss 1:01.50 /usr/local/bin/spamd -c -Q -d -r /var/run/spamd/spamd 81093 ?? I 0:04.48 spamd child (perl5.8.8) 84208 ?? I 0:09.40 spamd child (perl5.8.8) # ps ax |grep spamc 81629 p0 S+ 0:00.00 grep spamc # spamd -V SpamAssassin Server version 3.2.3 running on Perl 5.8.8 with SSL support (IO::Socket::SSL 1.07) with zlib support (Compress::Zlib 2.004) Many thanks in advance! -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
Re: report_header and use_terse_report errors
Hello, On Sun, 26 Aug 2007 12:18:46 -0700, Loren Wilton [EMAIL PROTECTED] wrote: How can I check it then? 1.How does mail get to spamd? In my MTA (exim) under FreeBSD I have spamd_address = 127.0.0.1 783 2.How does mail get from spamd to the users? When the check has been finished, mail is delivered by exim to an appropriate user. I used /usr/ports/mail/p5-Mail-SpamAssassin port to install it. Pretty much default settings. Thank you very much! -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
Re: report_header and use_terse_report errors
Hello, On Fri, 24 Aug 2007 20:38:13 -0400, Matt Kettler [EMAIL PROTECTED] wrote: Zbigniew Szalbot wrote: I went for the report_safe 0 option but what I would really like to get is also the spam YES/NO flag in it. I have X-Spam-Score: 22.7 (++) X-Spam-Report - rather lengthy description of why the email was classified as such but no X-Spam-Status or -Flag which makes it harder for some dumb MUAs to filter emails. That's interesting, as that's nothing like the defaults. My (uncommented) settings are: report_safe 0 trusted_networks 192.168/16 lock_method flock required_score 5.0 use_bayes 1 bayes_auto_learn 1 bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status add_header spam Flag _YESNOCAPS_ skip_rbl_checks 0 use_razor2 1 use_pyzor 1 Is there an X-Spam-Checker-Version in the headers? or just that weird score and spam-report? No, there isn't. The exmaple content is this: X-Spam-Score: 17.7 (+) X-Spam-Report: Spam detection software, running on the system szalbot.homedns.org, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: has made you an Ecard at 2000greetings.com. To recieve your greeting, click on this link: 2000greetings.com Have Fun, 2000greetings.com [...] Content analysis details: (17.7 points, 5.0 required) pts rule name description -- -- 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?72.64.78.137] 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL 0.0 HTML_MESSAGE BODY: HTML included in message 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 56] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 0.0 WHOIS_NETSOLPR URL registered as a NetSol Private Registration [URIs: 2000greetings.com] 2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: 12.105.109.110] 0.2 URIBL_GREY Contains an URL listed in the URIBL greylist [URIs: 2000greetings.com] 2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: 12.105.109.110] 2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: 12.105.109.110] 2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: 12.105.109.110] How are you calling SA? Are you using something like MailScanner, I use spamd, nothing like MailScanner is involved. mimdefang, etc? or are you just doing something like calling spamassassin or spamc from a procmail script? No - the only relationship is between MTA and spamd. Do you use spamc/spamd? If so, did you restart spamd after your edits? Yes, spamd got restarted after each edit. -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
report_header and use_terse_report errors
Hello, Using SpamAssassin Server version 3.2.1. I added report_header and use_terse_report to local.cf but when restarting spamd, I got information that sa cannot parse these options. Are these options obsolete or should they be placed elsewhere? Thank you! Zbigniew Szalbot
Re: report_header and use_terse_report errors
Dear Matt and others, On Fri, 24 Aug 2007 08:53:19 -0400, Matt Kettler [EMAIL PROTECTED] wrote: Using SpamAssassin Server version 3.2.1. I added report_header and use_terse_report to local.cf but when restarting spamd, I got information that sa cannot parse these options. Are these options obsolete or should they be placed elsewhere? Actually, one more relevant option... report_safe 0 That will, by itself, give you headers-only markups. You can then use the add_header command to add different kinds of reports to the headers, if the defaults aren't enough. I went for the report_safe 0 option but what I would really like to get is also the spam YES/NO flag in it. I have X-Spam-Score: 22.7 (++) X-Spam-Report - rather lengthy description of why the email was classified as such but no X-Spam-Status or -Flag which makes it harder for some dumb MUAs to filter emails. How can I set it? I used to have add_header all Status _YESNO_ but it did not give me the simple YES/NO code and still does not. -- Zbigniew Szalbot www.slowo.pl www.lcwords.com
Re: A rule for empty body and pdf attachment??
Hello, Please ignore, have just found out the location. Sorry to have bothered! Zbigniew Szalbot On Thu, 2 Aug 2007 11:45:13 +0200, Zbigniew Szalbot [EMAIL PROTECTED] wrote: Hello, On Thu, 2 Aug 2007 10:37:27 +0200 (CEST), Jeroen Tebbens [EMAIL PROTECTED] wrote: Hi, Get the plugin PDFinfo http://www.rulesemporium.com/plugins/ And it will give you more control about PDF spam. It has a rule for empty body emails with PDF attachment (GMD_PDF_EMPTY_BODY) and give it a score to your liking. Excume my lack of knowlegde but where is the plugin directory for SA? I tried putting it in /usr/local/etc/mail/spamassassin/ then in /etc/mail and then in /usr/local/share/spamassassin When I restart spamd, it does not like when I put the path to /usr/local/share/spamassassin in init.pre and neither can it by itself find the PDFInfo.pm in /etc/mail nor in /usr/local/share/spamassassin. Thank you in advance for your help! Warm regards, -- Zbigniew Szalbot -- Zbigniew Szalbot
sa-update error
Hello, I'd be glad for your suggestions re sa-update error. $ sa-update can't resolve l27.0.0.1 to address at /usr/local/lib/perl5/site_perl/5.8.8/mach/Net/DNS/Resolver/Base.pm line 751. I think the issue started when I switched from my ISP DNS server to using my own caching name server at localhost. All things work properly but I see this error when the system boots and when I issue sa-update. Many thanks in advance for pointing me in the right direction! -- Zbigniew Szalbot
Re: sa-update error
Hi Daryl, On Tue, 24 Jul 2007 02:56:02 -0400, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: Zbigniew Szalbot wrote: Hello, I'd be glad for your suggestions re sa-update error. $ sa-update can't resolve l27.0.0.1 to address at L27.0.0.1 isn't quite the same as 127.0.0.1. Well, I'm red all over my face. Wonder how my box worked with such an interesting local resolve address. Warm regards, -- Zbigniew Szalbot
Re: Returned mail: see transcript for details
Hi, Yes: [EMAIL PROTECTED], to whom I was trying to respond. But I worded my question badly - what I meant was: why on earth should their machine think that I am a Polish spammer ? The IP address is in one of the static blocks administered by my (UK) ISP. And for the sake of argument, why on earth a POLISH spammer? Why does a spammer have to be Polish. I happen to live in Poland but I am no way a spammer, never have been and never will be. Warm regards, Zbigniew Szalbot
no headers in email despite add_headers option
Hello, I am new to SA but hope you will be able to guide me. I have in my local.cf the following line: add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ exim's log shows this: Jun 26 07:54:23 szalbot spamd[738]: spamd: connection from localhost.homedns.org [127.0.0.1] at port 56486 Jun 26 07:54:23 szalbot spamd[738]: spamd: setuid to spamd succeeded Jun 26 07:54:23 szalbot spamd[738]: spamd: checking message [EMAIL PROTECTED] for spamd:58 Jun 26 07:54:28 szalbot spamd[738]: spamd: clean message (0.0/5.0) for spamd:58 in 5.4 seconds, 47392 bytes. Jun 26 07:54:28 szalbot spamd[738]: spamd: result: . 0 - HTML_MESSAGE,SPF_PASS scantime=5.4,size=47392,user=spamd,uid=58,required_score=5.0,rhost=localhost.homedns.org,raddr=127.0.0.1,rport=56486,mid=[EMAIL PROTECTED],autolearn=ham and yet SA does not add any headers to the emails. What am I missing? Thank you in advance! Zbignie Szalbot
Re: no headers in email despite add_headers option
Hi, I have the following that does show headers. I don't know if exim will be suppressing them on your setup. Yes, think before you ask. That was it. Exim was configured not to show score for non-spam emails. Thank you! Zbigniew Szalbot