[Mimedefang] MD seems not to run SA...
Hi folks, I'm a bit new to MD, did my first installation of it a couple of days ago and got a problem I can't figure out... Incoming mail (and outgoing) are processed by MD and scanned by Clam, but all spam is let through without classification. Syslog entries look like (mailaddresses xxx'd out): Sep 22 10:08:49 mailboy mimedefang.pl[17146]: [ID 702911 mail.info] MDLOG,i8M88icM018136,mail_in,,,[EMAIL PROTECTED],[EMAIL PROTECTED],confirm 17fcd4d1a1b17ca7b1zz04a1ad The only X- line I get in the header is: X-Scanned-By: MIMEDefang 2.44 even if it is a really ugly spam, generating a 12+ score when i feed it to SA by hand. I have looked through the lists but didn't find any answer, though I found a few similar questions, so there has to be someone who knows :) The setup is tailored after the Big Admin feature article that is linked from the penguin. :) The system I'm running is: Solaris 10 Perl 5.8.5 Output from mimedefang.pl -feature: Archive::Zip : yes File::Scan: yes HTML::Parser : yes HTML::TokeParser : yes Path:CONFDIR : yes (/etc/mail) Path:QUARANTINEDIR: yes (/var/spool/MD-Quarantine) Path:SENDMAIL : yes (/usr/local/bin/sendmail) Path:SPOOLDIR : yes (/var/spool/MIMEDefang) SpamAssassin : yes Unix::Syslog : yes Virus:CLAMAV : yes (/opt/sfw/bin/clamscan) Virus:CLAMD : yes (/usr/local/sbin/clamd) Virus:FileScan: yes HTMLCleaner : no --snip-- Anomy::HTMLCleaner: missing Archive::Zip : Version 1.13 Digest::SHA1 : Version 2.10 File::Scan: Version 1.26 HTML::Parser : Version 3.36 HTML::TokeParser : Version 2.28 IO::Socket: Version 1.28 IO::Stringy : Version 2.109 MIME::Base64 : Version 3.03 MIME::Tools : Version 5.411 MIME::Words : Version 5.404 Mail::Mailer : Version 1.64 Mail::SpamAssassin: Version 3.00 Unix::Syslog : Version 0.100 Regards, Paul. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] again - Overlong line in RESULTS file
On 9/22/2004 04:12, Martin Blapp wrote: tests=BAYES_99,BIZ_TLD,COMBO_IMAGEONLY1,\n\tDIGEST_MULT[...] Not really a fix to your problem but those look like they don't really belong... ~Jason -- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine_entire_message: I don't get it
On Wed, 22 Sep 2004, Paul Boven wrote: my $msg = MIME::Entity-build(Type = text/plain, Encoding = 7bit, Data = [first line.\n, Second line.\n ]); replace_entire_message($msg); action_change_header(Subject, Virus warning); This generally works, as long as the message in question was a text/plain message to begin with. Oops. Try doing this: $msg-make_multipart(); right before the call to replace_entire_message. For historical reasons, MIMEDefang always likes a multipart message if it changes the message body. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] virus scanner errors..
On 9/21/2004 23:09, Kenneth Porter wrote: Are you running SpamAssassin? It had a umask bug until very recently that left the wrong permissions on the MD working directory. Do you have a bugzilla link or any other info on that bug? I'm suspicious that it may be affecting me. ~Jason -- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] quarantine_entire_message: I don't get it
Hi David, everyone, David F. Skoll wrote: *nod* I will have to look into that, then. I can see why you would call that 'intentionally difficult' yes ;-) It's not that bad. You can do it like this (untested!): my $msg = MIME::Entity-build(Type = text/plain, Encoding = 7bit, Data = [first line.\n, Second line.\n ]); replace_entire_message($msg); action_change_header(Subject, Virus warning); This generally works, as long as the message in question was a text/plain message to begin with. Almost every virus is in a multipart/mixed message however, and despite the fact that the 'Type' of the new MIME::Entity gets set to text/plain, the new message retains the original 'Content-Type:' header, including the 'boundary' specification. Appending 'action_change_header(Content-Type,text/plain);' doesn't help here either. Is there a way to change the Content-Type header that I should have used apart from setting it in the new entity or calling change_header? In the current situation, people don't get to see the warning message because the mailer expects a multipart message, but then it turns out not to have any mime parts. Regards, Paul Boven. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Test message
Diagnosing whether I'm still sending in HTML. Please disregard this message. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] again - Overlong line in RESULTS file
David, I'm debugging the problem with a segfault and a 16k buffer on FreeBSD right now. Raising the buffer to 10k worked fine, but 16 seems to have problems. Notice for your FreeBSD users: If you wanna have coredumps, you have to enable sugid_coredump first. Else Mimedefang does not dump core ! sysctl kern.sugid_coredump=1 Martin Martin Blapp, [EMAIL PROTECTED] [EMAIL PROTECTED] -- ImproWare AG, UNIXSP ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 61 826 93 00 Fax: +41 61 826 93 01 PGP: finger -l [EMAIL PROTECTED] PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E -- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] again - Overlong line in RESULTS file
Hi, I'm debugging the problem with a segfault and a 16k buffer on FreeBSD right now. Raising the buffer to 10k worked fine, but 16 seems to have problems. (gdb) bt #0 0x28102da3 in getdiskbyname (name=0x5d Address 0x5d out of bounds) at /usr/src/lib/libc/gen/disklabel.c:114 #1 0x0805057c in ?? () #2 0x0005 in ?? () #3 0xbfbfea40 in ?? () #4 0x in ?? () #5 0xbfbfe9c0 in ?? () #6 0xbfbfe9b8 in ?? () Uhm. Something very bad happens here: Stack corruption and it looks like a stack overflow. The stack limit in libc_r or libpthreads in FreeBSD is 65536 and it is likely that we hit it here. So I experimentally raised the stack size for threaded apps in /usr/src/lib/libpthread/thread/thr_private.h to 128k: #define THR_STACK_DEFAULT 131072 recompiled the pthread lib and now it works. That means it is not save here to place SMALLBUF on the stack. I'll try to convert it to malloc(). Agreed David ? Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] mimedefang spamassassin 3.0
With the release of spamassassin 3.0 today, what version of mimedefang will be required to run spamassassin 3.0? Todd [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang spamassassin 3.0
On Wed, 22 Sep 2004, Todd Adamson wrote: With the release of spamassassin 3.0 today, what version of mimedefang will be required to run spamassassin 3.0? Unless things have changed between the release candidates and 3.0 final, MIMEDefang has supported SA 3.0 since MIMEDefang 2.42. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] again - Overlong line in RESULTS file
On Wed, 22 Sep 2004, Martin Blapp wrote: recompiled the pthread lib and now it works. That means it is not save here to place SMALLBUF on the stack. I'll try to convert it to malloc(). Agreed David ? Disagreed :-). There should be no reason to have such a long line in the RESULTS file; I would rather the Perl filter be a bit more sensible about what it does. If you read the code, it's not as simple as just allocating a buffer in eom(); there may be other places that assume each line in RESULTS will fit in a SMALLBUF-sized buffer. (The entire RESULTS file can be longer than SMALLBUF; this limit applies only to each line in the file.) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] mimedefang spamassassin 3.0
According to the changelog, support for SA 3.0 was added to MimeDefang back in March of this year with the release of v2.42-BETA-1. I started running the two together back in late June with one of the 2.44-BETA releases, and haven't had any problems. 2.45-BETA-4 and SA-3.0.0 are currently playing quite nicely together. -- Mark Roedel Web Programmer / Analyst LeTourneau University -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Adamson Sent: Wednesday, September 22, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Mimedefang] mimedefang spamassassin 3.0 With the release of spamassassin 3.0 today, what version of mimedefang will be required to run spamassassin 3.0? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] again - Overlong line in RESULTS file
Hi, Disagreed :-). There should be no reason to have such a long line in the RESULTS file; I would rather the Perl filter be a bit more sensible about what it does. If you read the code, it's not as simple as just allocating a buffer in eom(); there may be other places that assume each line in RESULTS will fit in a SMALLBUF-sized buffer. As said, it even happens if I disable adding reports. These must be some special spam-mails which have lines that long ... Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.45 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MIMEDefang 2.45 is at the usual http://www.mimedefang.org/node.php?id=1 This is a big release with lots of new features. Major new features: o New -a option on mimedefang-multiplexor to have a less-privileged socket so non-privileged users can still do status requests. o Completely revamped watch-mimedefang program that gives lots of useful load information and can monitor a remote mail server. o New notification messages indicating busy timeout and unexpected slave death. o Add optional argument to md_check_against_smtp_server to use non-standard port instead of port 25. o New set of RBL functions that perform parallel DNS lookups to reduce latency. Complete changelog to 2.44 follows. Regards, David. 2004-09-22 David F. Skoll [EMAIL PROTECTED] * Version 2.45 RELEASED 2004-09-22 David F. Skoll [EMAIL PROTECTED] * mimedefang-multiplexor.c: Add the -a command-line option for opening a socket that only allows unprivileged commands. These are commands that fetch status, but can't affect operation of multiplexor. 2004-09-15 David F. Skoll [EMAIL PROTECTED] * Version 2.45-BETA-4 released. * mimedefang.pl.in: Put a use libs directive at the top to use Perl modules from the site directory before searching the core directory. * mimedefang.pl.in: Added filter_create_parser user-supplied callback to create a MIME::Parser object. This lets you customize how parsing happens. * mimedefang-multiplexor.8.in: Added warning that $$ will be incorrect if you use embedded Perl. * mimedefang-multiplexor.c: Keep track of age of slaves, and track activations and reaps over last 10 minutes. * mimedefang-multiplexor.c: Add new notification messages: B indicates a busy timeout, and U indicates unexpected slave death. * mimedefang.c: Add -b option to set the backlog parameter in listen(2). * notifier.c: Fixed (harmless) bug which would attempt to send out notifications even if no notification socket was specified. It would just waste a tiny bit of CPU time before. * watch-mimedefang.in: Fix Tcl code so you can run watch-mimedefang on a Windows box, monitoring the mail server via SSH. 2004-09-14 David F. Skoll [EMAIL PROTECTED] * mimedefang.pl.in (md_check_against_smtp_server): Add optional $port argument to specify checking against a port other than 25. 2004-08-23 David F. Skoll [EMAIL PROTECTED] * Version 2.45-BETA-3 released. * Makefile.in: Prevent sa-mimedefang.cf from being overwritten. * mimedefang.filter.5.in: Correct some documentation errors. * mimedefang.pl.in: Added and documented read_commands_file function so that you can initialize certain global variables in filter_sender and filter_recipient. Code contributed by Jan Pieter Cornet. * mimedefang-multiplexor.c: Log UNIX error code if problem communicating with a slave. * mimedefang-multiplexor.c: Implement new commands help, slaves, and slaveinfo. * watch-mimedefang: added -command, -interval, -10s, -1m, -5m, -10m and -title command-line options. * mimedefang.pl.in(message_contains_virus_clamd): Time out if clamd doesn't respond in 8 seconds. Based on a patch from Chris Myers. * mimedefang-spec.in: Fix error in %preun script. * watch-mimedefang.in: Many bug fixes. 2004-07-28 David F. Skoll [EMAIL PROTECTED] * Version 2.45-BETA-2 released. * Makefile.in: Do not overwrite /etc/mail/sa-mimedefang.cf in install-redhat target * mimedefang-multiplexor.c: Track average latency of scan commands. * watch-mimedefang.in: Huge rewrite. Displays a lot more info about the MIMEDefang server. Can monitor a remote MIMEDefang server over a low-bandwidth SSH connection. * mimedefang.pl.in: Log helpful messages if clamd fails with an error (Tomas Kopal) * md-mx-ctrl.c: Support the -i command-line option to read commands from stdin and send results to stdout. Used to support watch-mimedefang's low-bandwidth remote monitoring. 2004-07-23 David F. Skoll [EMAIL PROTECTED] * Version 2.45-BETA-1 released. * mimedefang-filter.5.in: Clarified description of action_bounce. * mimedefang-multiplexor.c: Added support for keeping load average histories so you can see how loaded your system is. * mimedefang-multiplexor.c: Raw 'status' output includes time when multiplexor was first started. * md-mx-ctrl.8.in: Documented new 'load' and 'rawload' commands. * mimedefang.pl.in: Implemented a new set of RBL lookup functions that perform multiple lookups in
Re: [Mimedefang] again - Overlong line in RESULTS file
On Wed, 22 Sep 2004, Martin Blapp wrote: As said, it even happens if I disable adding reports. These must be some special spam-mails which have lines that long ... But the length of lines in a spam mail shouldn't affect the length of a line in RESULTS (unless you use action_change_header to add to a huge header, or something like that.) I would really like to see one of the RESULTS files that causes the problem. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang + spamd
What's the conventional wisdom with using MIMDefang and SpamAssassin? Can MIMEDefang
invoke spamc to communicate with spamd? Is this better than calling the
Mail::SpamAssassin perl module directly?
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
[EMAIL PROTECTED] wrote: What's the conventional wisdom with using MIMDefang and SpamAssassin? Can MIMEDefang invoke spamc to communicate with spamd? Is this better than calling the Mail::SpamAssassin perl module directly? No, and no. Since MD is already in Perl, invoking spamc and calling spamd would just be extra overhead. -- Kelson Vibber SpeedGate Communications www.speed.net ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
Hello All:
I'm new with Mimedefang but here my question:
1) Is sub filter() applied automatically after one defines it in mimedefang-filter
or do I
have to call at explicitely at a point?
I saw sub filter_begin() and sub filter_end() calls in main() of mimedefang.pl.
2) How can I verify that mimedefang is scanning files with bad extensions?
Thank you, peter
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wed, 22 Sep 2004 09:59:07 -0700
Subject: [Mimedefang] MIMEDefang + spamd
What's the conventional wisdom with using MIMDefang and SpamAssassin? Can
MIMEDefang invoke spamc to communicate with spamd? Is this better than calling the
Mail::SpamAssassin perl module directly?
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
**
This email was brought to you by Mybestonline Mail
http://www.mybestonline.com
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
I found a very large performance increase by using spamc/spamd over the Mail::SpamAssassin module for several reasons: 1) The compiled C spamd processes messages faster then the perl module. I know it should notbut if you have a lot of custom rule sets there is a real difference. Since we have the Mimedefang working dir on ramdisk there is virtually zero overhead of having spamc feed the message to spamd. 2) We run DCC via dccifd before SA and don't bother running SA if DCC has the message listed. 3) We check account status, quota, blacklists etc before running SA These last two items mean that SA is run on only about 1 out of 4 messages - epecially when we are under some sort of dictionary spam attack. We have 60 MD slaves runing, but only 15 SA threads (and it never ties up all 15). Since we run a LOT of custom rule sets each SA thread is about 50M, so if I had SA embedded in each MD slave SA would be consuming 3G of memory instead of 750M. I also found a huge gain by using an old server to load local RBLs using rbldnsd from www.surbl.org. This is a good use for that PII linux server lying around, as the load is so low as to be difficult to measure, and rbldnsd uses less then 100M memory. John Scully iSupportISP.com - Original Message - From: Kelson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 22, 2004 1:26 PM Subject: Re: [Mimedefang] MIMEDefang + spamd [EMAIL PROTECTED] wrote: What's the conventional wisdom with using MIMDefang and SpamAssassin? Can MIMEDefang invoke spamc to communicate with spamd? Is this better than calling the Mail::SpamAssassin perl module directly? No, and no. Since MD is already in Perl, invoking spamc and calling spamd would just be extra overhead. -- Kelson Vibber SpeedGate Communications www.speed.net ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang + spamd
John Scully wrote:
I found a very large performance increase by using
spamc/spamd over the
Mail::SpamAssassin module for several reasons:
How do you configure MIMEDefang to use spamc?
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
On Wed, 22 Sep 2004, John Scully wrote: 1) The compiled C spamd processes messages faster then the perl module. I can't believe that. The message processing is still done in Perl, after all. 2) We run DCC via dccifd before SA and don't bother running SA if DCC has the message listed. That probably is what helps. 3) We check account status, quota, blacklists etc before running SA And that. These last two items mean that SA is run on only about 1 out of 4 messages - epecially when we are under some sort of dictionary spam attack. We have 60 MD slaves runing, but only 15 SA threads (and it never ties up all 15). Since we run a LOT of custom rule sets each SA thread is about 50M, so if I had SA embedded in each MD slave SA would be consuming 3G of memory instead of 750M. If you use the embedded Perl interpreter, almost all of that memory should be shared by all the slaves. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang + spamd
David F. Skoll wrote:
On Wed, 22 Sep 2004, John Scully wrote:
1) The compiled C spamd processes messages faster then the perl
module.
I can't believe that. The message processing is still done in Perl,
after all.
There are other reasons to run spamc/spamd besides C... for example, spamc can connect
to spamd's running on other servers. So you could have a bunch of small servers on
the perimeter, using spamc to connect to a few high-powered servers running internally.
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Is this mimedefang or spamassassin? re-send
Sorry to have to re-send this, but I'm still getting this problem with the bayes locking file. Can anyone help me. I've double- triple- checked my configs and I can't see the cause. /var/spool/MIMEDefang is 0700 defang.defang MX_USER=defang Every couple of hours I get these messages, but I cannot find why. I think the initial error comes from the UnixNFSSafe.pm module, but I'm not sure. Can anyone give me a clue? Unfortunately I can't send to the spamassassin list as they can't cope with my SPF/SRS setup :-( Sep 19 20:48:13 b090lx4 mimedefang-multiplexor[15864]: Slave 0 stderr: unlock: 15864 failed to create lock tmpfile /var/spool/MIMEDefang/bayes.lock.b090lx4.elgas.com.au.15864 at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Locker/UnixNFSSafe.pm line 144. Sep 19 20:48:13 b090lx4 mimedefang.pl[15864]: MDLOG,i8JAm7fR016241,spam,44.489,203.50.4.186,[EMAIL PROTECTED],[EMAIL PROTECTED], Sep 19 20:48:13 b090lx4 mimedefang.pl[15864]: filter: i8JAm7fR016241: bounce=1 discard=1 Sep 19 20:48:13 b090lx4 mimedefang[16244]: i8JAm7fR016241: Bouncing because filter instructed us to Sep 19 20:48:13 b090lx4 sendmail[16241]: i8JAm7fR016241: Milter: data, reject=554 5.7.1 Spam email rejected. Sep 19 20:48:13 b090lx4 sendmail[16241]: i8JAm7fR016241: to=[EMAIL PROTECTED], delay=00:00:06, pri=31112, stat=Spam email rejected. Sep 19 20:48:15 b090lx4 sendmail[16240]: i8JAm2fR016240: lost input channel from linux.tfcis.org [210.70.137.19] to MTA after rcpt Sep 19 20:48:15 b090lx4 sendmail[16240]: i8JAm2fR016240: from=[EMAIL PROTECTED], size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=linux.tfcis.org [210.70.137.19] Sep 19 20:48:22 b090lx4 mimedefang-multiplexor[15864]: Slave 1 stderr: lock: 15864 unlink of temp lock /var/spool/MIMEDefang/bayes.lock.b090lx4.elgas.com.au.15864 failed: No such file or directory Sep 19 20:48:22 b090lx4 mimedefang-multiplexor[15864]: Slave 1 stderr: Cannot open bayes databases /var/spool/MIMEDefang/bayes_* R/W: lock failed: No such file or directory -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
On any system with a lot of rule sets SA represents about 90% of the total message prosessing time. C vs perl makes a difference on that part. Trust me - I used a lot of time checks to make sure it was worth it. spamd made a big difference over embedded perl, not to mention the differeence in ram used. - Original Message - From: David F. Skoll [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 22, 2004 7:39 PM Subject: Re: [Mimedefang] MIMEDefang + spamd On Wed, 22 Sep 2004, John Scully wrote: 1) The compiled C spamd processes messages faster then the perl module. I can't believe that. The message processing is still done in Perl, after all. 2) We run DCC via dccifd before SA and don't bother running SA if DCC has the message listed. That probably is what helps. 3) We check account status, quota, blacklists etc before running SA And that. These last two items mean that SA is run on only about 1 out of 4 messages - epecially when we are under some sort of dictionary spam attack. We have 60 MD slaves runing, but only 15 SA threads (and it never ties up all 15). Since we run a LOT of custom rule sets each SA thread is about 50M, so if I had SA embedded in each MD slave SA would be consuming 3G of memory instead of 750M. If you use the embedded Perl interpreter, almost all of that memory should be shared by all the slaves. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
On Wed, 22 Sep 2004, John Scully wrote: On any system with a lot of rule sets SA represents about 90% of the total message prosessing time. C vs perl makes a difference on that part. Yes, but I fail to see how spamd helps -- it still must, ultimately, call into the exact same Perl API as any other SA user. Trust me - I used a lot of time checks to make sure it was worth it. spamd made a big difference over embedded perl, not to mention the differeence in ram used. I would love to see how you measured that and under what conditions. It's something I wouldn't have predicted. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang + spamd
On Wed, 22 Sep 2004, John Scully wrote: On any system with a lot of rule sets SA represents about 90% of the total message prosessing time. C vs perl makes a difference on that part. ??? But spamd is written in pure Perl -- there's not an ounce of C there. So you're saying that invoking spamc, which involves a fork and exec, followed by transmitting the message to the Perl spamd and getting the answer back, is faster than calling the Perl API directly? I don't doubt your measurements, but they must have been done under some pretty strange conditions. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang + spamd
--On Wednesday, September 22, 2004 4:39 PM -0700 [EMAIL PROTECTED] wrote: How do you configure MIMEDefang to use spamc? There's no API in MD for it. You have to modify your custom filter to do it. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
