Hi all,
I've been having a problem recently. We have three relay servers
(relay1, relay2, and relay3) that are round robin MX for the most part.
We have a cisco local director hooked up to them and some domains use it
in DNS.
Anyway, the servers run fine for the most part, with 20-30 messa
instead of rotating, could this mean something?
Thanks!
-Matt
Matt Juszczak wrote:
relay1# perl qshape.pl -s active | head
T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 4155 159 161 392 989 2023 431 0 0 0 0
bounces.amazon.com 504 0 0 3 3 442 56 0 0 0 0
returns.groups.yahoo.com 78 2 3 7 19 38
relay1# perl qshape.pl -s active | head
T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 4155 159 161 392 989 2023 431 0 0 0 0
bounces.amazon.com 504 0 0 3 3 442 56 0 0 0 0
returns.groups.yahoo.com 78 2 3 7 19 38 9 0 0 0 0
comcast.net 40 2 2 7 18 8 3 0 0 0 0
preachinglyurbannai.com 37 0 4 7 26 0 0 0 0
Hi all,
The queues for our three relay servers have been very odd lately.
Relay 1 ---> 1000 messages (way too high, mail is delayed)
Relay 2 ---> Normal (1-10)
Relay 3 ---> Normal (1-10)
It seems relay1 is more busier because it is the first MX record
listed. Even though they are set as even
Hi all,
I need a program that can analyze three separate mail logs (one from
relay1, one from relay2, and one from relay3) and generate statistics on
them.
I know there was an amavis program that is no longer maintained, and
someone sent me a patched version of something which I couldn't get
On Sat, 10 Sep 2005, Gary V wrote:
To be more succinct:
kill the spamd process
prevent it from starting on reboot
Done :) Thank you :) That was my issue.
-Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
Sep
Sure enough
# Amavis stuff
amavisd_enable="YES"
clamav_clamd_enable="YES"
spamd_enable="YES"
All I have to have are the first two lines, correct? :)
On Sat, 10 Sep 2005, Gary V wrote:
Matt wrote:
The question is, why is spamd in use? Typically SpamAssassin is called
by amavisd-new and
The question is, why is spamd in use? Typically SpamAssassin is called
by amavisd-new and therefore only your vscan user would use
/var/amavis/.razor/razor-agent.conf.
Maybe the spamd user isn't in use. I know it exists in /etc/passwd (was
created by the port), but I just assumed that the fol
This may be obvious, but since you didn't explicitly mention it, check the
permissions on the /var/amavisd/.razor folder and the actual file as well.
/var/amavis/.razor is 755
/var/amavis/.razor/razor-agent.conf is 644
However, /var/amavis is symlinked to /hd2/amavis, which is 750 and owned
by
Hi all,
I followed instructions given to me for creating /var/amavis/.razor and
all files inside of it.
When I added the razor location to the spamassassin config file, I get:
Sep 9 18:56:23 relay3 spamd[491]: razor2 check skipped: No such file or
directory Can't read conf file: /var/amavis
Well I think I'm going to create three anyway. Right now if one goes
down, the single remaining server wouldn't be able to process all of our
email no matter what. Atleast if I create a third, one can go down
without us ceasing to function. :)
So its a good decision anyway :)
Thanks,
Matt
Turns out 85% of the time is used by the SA CHECK.
Sounds like time for more memory or a new relay server, yeah?
Mark Martinec wrote:
Matt,
We're using round robin MX. ...
I assume since relay1 is the first MX record, more mail goes to
that server.
If they are the same priority M
We are doing LDAP queries, but we can't cache them. Long story.
We're using round robin MX. Everything is setup correctly. It just seems
like the relay servers can't handle it.
How can you tell that you handled 2.1 million messages? is there some
kind of program that can analyze the log?
I
hi all,
We've got two 3 ghz 1 gb RAM relay servers (relay1 and relay2) at work.
We recently combined our two mail servers into one, which means these
two relay servers are now doing virtual user table translation and
amavis (spamassassin and clamav) scanning for about 6,000 accounts.
Relay2
Matt,
Lowering a general kill level is not effective against carefully crafted
spam mail, way too much collateral damage. A targeted defense is
what solves such cases. I believe that a kill level of 3 is already
way too low. Plug in additional rules, check SARE, add RBL/URI tests, ...
Mark
My recent reply to this was NOT meant to hit the lists. Please ignore it.
Regards,
Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile
Are there any documents out there that show the false positive rate if
everyone's spam level is set down to 1?
-Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Developmen
Nevermind :) it kinda bogged down the server with 20. Any other ideas?
On Tue, 23 Aug 2005, Matt Juszczak wrote:
Hi all,
Our mailq's are lagging behind a bit and mail is taking a bit of time to get
to its destination. Our LDAP servers handle the queries fine. Our process
limit w
Hi all,
Our mailq's are lagging behind a bit and mail is taking a bit of time to
get to its destination. Our LDAP servers handle the queries fine. Our
process limit was 15, but I've amped this up to 20. Was this a good try
to fix the problem? Maybe we need to get a third relay server in?
Anyone here run SpamAssassin AND Dspam at the same time? Any extra
benefits?
I'm skeptical. I love DSPAM, but I don't think they work well together,
especially when you have lazy users who will refuse to train (it will just
make things worse)
However, the big boss thinks its a good ide
We want all of our messages tagged with the score whether it spam or not.
Right now I have spamTagLevel set to .001. If I set this to -100, will
that be a low enough score to add spam header info to all messages?
Thanks,
Matt
---
SF.Net em
All fixed ;) thanks all!
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing &
On Mon, 15 Aug 2005, Michael Scheidell wrote:
And complaining to geocities, aka yahoo goes into the blackhole. Until
they do something about it, all email from users of uk.geocities.com
should be bounces.. (isn't spam illegal in the UK?)
This will do it. Add this to local.cf
(adjust the scor
We want all of our messages tagged with the score whether it spam or not.
Right now I have spamTagLevel set to .001. If I set this to -100, will
that be a low enough score to add spam header info to all messages?
Thanks,
Matt
---
SF.Net e
Hi all,
We're getting some user complaints of spam and they all seem to follow the
same general template.
Something like this:
---snip---
nicky
http://uk.geocities.com/Hyman_Barrientos/?Wn=Seek_quick.and_effective.cures
---snip---
After which they have some random words at the end (random e
You decide, it can make a big difference in the speed that the Bayes
database is written to or read from:
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#miscellaneous_options
Is the Bayesian database on by default? If so, doesn't it require
training?
BTW, do you have 'lock_method flock' enabled?
In postfix and dovecot I do, but not in the spamassassin config file ...
should I? :)
-Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Fr
Correctly sizing the cache can make a big difference as answers can be
pulled from it vs acessing the disks.
Thanks :) That helped as well. I appreciate your response.
Now I just need to figure out how to do virtualAccounts. I'm thinking of
creating something like ou=virtual,dc=ourdomain,dc=
Paolo Cravero as2594 wrote:
Matt Juszczak wrote:
lookup_ldap: 3861 (51%) (4 seconds) I personally don't use LDAP so I
have no idea how to improve this, or if this is as good as it gets.
But this is obviously where amavisd-new spends half its time.
Ahhh ... so we need a better pool of
The only bad part is stopping and starting amavisd-new on a busy
server. So maybe you could set it up, then save the stop and start for
when you have other changes to make.
We have two relays though :) Take one down and the other one is used.
So I kill postfix first, and then work with amavis,
Then I'm not sure where razor is set up for you. If your amavis user
is named 'vscan':
su vscan -c 'razor-admin -create'
should create /var/amavis/.razor
with these files in it:
-rw-r--r-- 1 vscan vscan 698 Aug 10 10:45 razor-agent.conf
-rw-r--r-- 1 vscan vscan 484 Aug 10 10:45 server.fol
Try this
set:
debuglevel = 0
in:
vi /path/to/amavis/.razor/razor-agent.conf
Which path to amavis? My config is in /usr/local/etc/amavisd.conf and my
amavis dir is /var/amavis but there's no .razor there. I need to create
it?
--
Then you may need a crap load of memory!
How many amavis* directories are there? A large number may indicate a problem.
About 20? The directory never gets above 2 or 3 megs though, as long as
the razor-agent.log is wiped. Thats why I want to know how to turn it off
:)
lookup_ldap: 3861 (5
Hi all,
Is there a way to turn off the annoying razor log in /var/amavis/tmp ?
Thanks,
Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Ag
Wow, I was wrong.
/var/amavis/tmp does get a crap load of traffic :)
I'll look into putting this into memory.
-Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Developmen
What would work for you is to globally change $final_spam_destiny to
D_DISCARD, set amavisSpamQuarantineTo to undef for all users (I'm not
sure if LDAP differs in the actual setting, but you simply need to not have
quarantines), then set amavisSpamKillLevel to .9 for everyone
(this MUST be the
To use spam_quarantine_cutoff_level, first you need a
quarantine. So you would have to define a separate quarantine_to for each
user who desires this. You would also have to set spam_kill_level for
each user. spam_kill_level is the trigger to quarantine something. I
believe you would also globally
I know you have said you are 100% LDAP.
Looking at the amavisd executable, and README.ldap,
spam_quarantine_cutoff_level is not to be found, so you would have to
start customizing at any rate.
So maybe using procmail to /dev/null scoring messages greater than 20 or
30 would be good, IF a user r
1.2 is an increadibly low level. I personally would not allow users to set
levels below some "reasonable" level, as this just introduces the "where's
my lost email". Once its gone, its gone. Be sure to enable more detailed
log messages so you can see the results of various actions.
Agreed.
What is the parallelism set to now? This sounds like too few
concurrent channels. In a similar hardware config, I'm seeing typical
end-to-end delays of under 2 sec through amavisd.
-- Clifton
I hae 15 processes running by default, if that's what you're asking.
-
Any other ideas?
One thought is to thwart the common practice of spammers that target
only the secondary MX.
That's actually a good idea :) I'll consider that! But all of our MX
records are the same priority anyway, but adding a fake secondary might
actually be pretty neat (since spammers m
[EMAIL PROTECTED] wrote:
You mean, something like:
$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is
off
Yeah, this one :)
You don't have to quarantine, you could just discard the messages over 20.
But what will you do with messages between $sa_kill_level_deflt
Hi all,
Is there a setting to set where you can say "Discard spam for this user
if the level is 20 or above"? Is this spam_kill_level? If so it didn't
seem to want to work (and to be descriptive, it was basically ignoring
the setting).
Do you have to have a quarantine or something setup as
5B>> Hi all,
We've got two relay servers setup (relay1 and relay2) and its working
fine, but the mail coming in is amazing. I'm glad we went with the two
relay server solution instead of everything on one box.
Each of these relay servers is a 3 GIG processor with 1 GB ram.
Today, the server
pj wrote:
I'd hesitate to call a load average of 1.02 an "overload".
There is a really good explanation (well it certainly helped me!) of
what is actually being measured in a series of articles available at:
http://www.teamquest.com/resources/gunther/ldavg1.shtml
and
http://www.teamquest.com
Hi all,
We've got two relay servers setup (relay1 and relay2) and its working
fine, but the mail coming in is amazing. I'm glad we went with the two
relay server solution instead of everything on one box.
Each of these relay servers is a 3 GIG processor with 1 GB ram.
However.
relay1:
HI all,
Looking for a good graphing utility for amavis.
I wanted to use amavis-stats but it seems to give me errors when I try to
run it on FreeBSD (even using the port).
Any other alternatives?
Thanks!
-Matt
---
SF.Net email is sponsore
Hi all,
I'm developing a portal for our users to increase/decrease spam levels.
I'm wondering what good levels are for the users.
I'd like to start them at 6.31, and allow them to "drag the bar" down to
4, and up to 15.
Basically, the levels would be like this:
3.0 - RED
4.0 - ORANGE - RED
Hi all,
The amavis schema for LDAP requires the attribute 'mail'. All of our
users have virtual mailboxes (a bunch of domains) that eventually map to
their "REAL" email address, which is [EMAIL PROTECTED]
So for instance, a postfix virtual user table could be:
[EMAIL PROTECTED] [EMAI
I completely agree with Gary. Rejecting e-mail for non existent users *at
the front-end* is a MUST.
There are multiple ways to do it. Using a relay_recipients (or
virtual_alias_maps, if you have virtual domains) map will be, of course,
more efficient because postfix just checks a local hash tabl
"I'm going to setup MX records for the 500+ domains we have. Half
of them will have relay1 as their primary and half of them will have
relay2 as their primary. The remaining server will be set as secondary
MX."
Depends what Matt meant by 'the remaining server' ie the 'other' 1U,
Hi all,
OK, I think I've made a final decision on what I'd like to do.
I think I'm going to setup two of the 1U boxes we have (the 3.06 ghz
machines with IDE drives). I'm going to call one "relay1" and one "relay2".
I'm going to setup MX records for the 500+ domains we have. Half of them
wil
All of your suggestions have been great. Thank you.
My only concern is this
If I were to setup another server, that server would be a single 3.06
ghz machine with 1 GB RAM and IDE drives. The current server is dual
3.06 ghz 4 GB RAM with SCSI drives and RAID.
So my choice is either to ke
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_PASS;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
Gary,
Thanks for the reply. I believe i want to discard viruses, and just tag
everything else in headers and deliver it to the user. When
messages per day, with antivirus/antispam and local mail
delivery?
I have measures in place to bounce incoming mail with invalid HELO's,
invalid domains, etc. and that happens first, so that will block a lot of
messages.
Thanks,
Matt
On Wed, 20 Jul 2005, Matt Juszczak wrote:
Hi all,
Hi all,
We're running postfix right now on our mail server. Mail server always
has 97% CPU idle and we have 4 gb of RAM, to which most is usually free.
We deliver mail for about 5000 accounts, but our spam filtering is
currently outsourced to Postini. I don't know off the top of my head how
Hi all,
I just need amavis to tag spam. I'm using procmail to filter spam thats
tagged to a "SPAM" IMAP folder on our server to which user's can access
via our "Webmail Quarantine".
In my amavisd.conf, I have:
# $final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_PASS;
$fin
I don't know what/how the 'mailRoutingAddress' is or how you're using
it. All amavisd-new cares about is what attribute contains the
envelope address (or parts of, @domain.com, @, etc.) of the messages
intended recipient(s) so that it can do a search and find the settings
associated with that addr
Hi all,
We just switched to amavisd-new and an LDAP back end. For my LDAP schema,
I use mailLocalAddress and mailRoutingAddress. It seems that
amavisd-new's schema requires the "mail" attribute. I assume this is the
equivelent of the "mailLocalAddress" attribute I'm using? If so, what is
59 matches
Mail list logo