Re: lost whitelisted hosts with spamd
--- Bob Beck <[EMAIL PROTECTED]> wrote: > > spamlogd not only needs to be running, but it needs to > see the connections - your pf rules need to log them correctly. > > The best way to see if this is happening is to fire > off some debug level syslogging, and see if spamlogd is logging lines > for the hosts that connect in. You should see lines like this where > your debug level syslogs are going. > > Sep 13 07:03:49 mailcarp1 spamlogd[16523]: inbound 199.185.137.3 > > if you don't spamlogd ain't seeing them. check your pf rules. > > > * Juan Miscaro <[EMAIL PROTECTED]> [2007-09-13 09:38]: > > My OpenBSD 4.0 mail filter (running amavisd-new) has been up and > > running well for 70 days. I received a complaint of delays this > > morning. Indeed, I see that servers which had been whitelisted by > > spamd were no longer so. I verified that spamlogd is still > running. > > Does anyone have any ideas how this could have happened? Let it be known that everything was working in the past 70 days as well as when I inspected the server due to the complaints. I simply lost a lot of my dynamicallly whitelisted hosts (if not all of them; not sure). So I am currently re-validating senders right now. I did find a mention of possible corruption of the spamdb database in the changelog for 4.1 -> 4.2: RELIABILITY FIX: Bugs in spamd(8) could corrupt the database. I'm not sure if I have fallen victim to this. - Juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: lost whitelisted hosts with spamd
On Thu, Sep 13, 2007 at 10:29:02AM -0400, Juan Miscaro wrote: > My OpenBSD 4.0 mail filter (running amavisd-new) has been up and > running well for 70 days. I received a complaint of delays this > morning. Indeed, I see that servers which had been whitelisted by > spamd were no longer so. I verified that spamlogd is still running. > Does anyone have any ideas how this could have happened? As Craig & Peter mention, whitelisted server do expire. The defaults are sensible, but do not apply for everyone. One server I deal with is one such case, and I've increased the whitelist expiry in the -G option to almost double the default. This has worked fine. You should also check that you are logging in pf for port 25, and that spamlogd is seeing it and updating the timestamps on your whitelist entries. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: lost whitelisted hosts with spamd
spamlogd not only needs to be running, but it needs to see the connections - your pf rules need to log them correctly. The best way to see if this is happening is to fire off some debug level syslogging, and see if spamlogd is logging lines for the hosts that connect in. You should see lines like this where your debug level syslogs are going. Sep 13 07:03:49 mailcarp1 spamlogd[16523]: inbound 199.185.137.3 if you don't spamlogd ain't seeing them. check your pf rules. * Juan Miscaro <[EMAIL PROTECTED]> [2007-09-13 09:38]: > My OpenBSD 4.0 mail filter (running amavisd-new) has been up and > running well for 70 days. I received a complaint of delays this > morning. Indeed, I see that servers which had been whitelisted by > spamd were no longer so. I verified that spamlogd is still running. > Does anyone have any ideas how this could have happened? > > - Juan > > > Ask a question on any topic and get answers from real people. Go to > Yahoo! Answers and share what you know at http://ca.answers.yahoo.com > -- #!/usr/bin/perl if ((not 0 && not 1) != (! 0 && ! 1)) { print "Larry and Tom must smoke some really primo stuff...\n"; }
Re: lost whitelisted hosts with spamd
Juan Miscaro <[EMAIL PROTECTED]> writes: > morning. Indeed, I see that servers which had been whitelisted by > spamd were no longer so. I verified that spamlogd is still running. > Does anyone have any ideas how this could have happened? Whitelist entries do expire after a while (a little more than a month by default, if I remember correctly, but it's a tuneable). That's a likely explanation, unless of course those servers have been sending you mail at shorter intervals. For known good (or important, infrequent, impatient, or a few other varieties we'll skip here for brevity) senders it pays to whitelist by hand using either spamdb or by setting up a way around spamdb such as having a no rdr rule for members of your table. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: lost whitelisted hosts with spamd
Juan Miscaro wrote: My OpenBSD 4.0 mail filter (running amavisd-new) has been up and running well for 70 days. I received a complaint of delays this morning. Indeed, I see that servers which had been whitelisted by spamd were no longer so. I verified that spamlogd is still running. Does anyone have any ideas how this could have happened? From spamd(8), -G, whitelisted entries are dropped if the IP address does not send again within 36 days. Could the new messages have come from a different IP address? Or was the last message sent more than 36 days ago?
lost whitelisted hosts with spamd
My OpenBSD 4.0 mail filter (running amavisd-new) has been up and running well for 70 days. I received a complaint of delays this morning. Indeed, I see that servers which had been whitelisted by spamd were no longer so. I verified that spamlogd is still running. Does anyone have any ideas how this could have happened? - Juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com