RE: [qmailtoaster] Spam issues
This is showing the message as rejected, but I do see an error in your spamd log that may be causing you some grief: info: prefork: server reached --max-children setting, consider raising it You set a limit on the number of children spawnable in your run file and you're exceeding that. You either need to tune your system to process messages faster, or raise that limit in your run file. (As a side note, is there a way to make your MSN auto wrap message lines that are too long?) jake, can you please tell me where should i change the settings for the above recommendations? btw i am using putty to access the machine, i dont use MSN at work place. my spamd/run contents as follows #!/bin/sh exec /usr/bin/spamd -x -u vpopmail -s stderr 2>&1 Date: Fri, 6 Nov 2009 07:38:38 -0500 From: j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spam issues nicole thomson wrote: from smtp @40004af3c9c62ff93254 simscan:[16170]:SPAM REJECT (16.30/12.00):25.1791s:We Provide Nice Choice Of Affordable Soft.:222.254.140.77:mole...@rgleq.com:mydomainu...@mydomain.com: @40004af3c9c62ff99014 qmail-smtpd: qq hard reject (Your email is considered spam (16.30 spam-hits)): MAILFROM: RCPTTO:mydomainu...@mydomain.com @40004af3c9c70707fed4 tcpserver: end 16170 status 256 @40004af3c9c7070806a4 tcpserver: status: 2/50 @40004af3c9d51b8ed904 tcpserver: end 16336 status 0 @40004af3c9d51b8f32dc tcpserver: status: 1/50 @40004af3c9e51b78d44c tcpserver: end 16335 status 0 @40004af3c9e51b79226c tcpserver: status: 0/50 from spamd @40004af3c9c62f9c703c [16157] info: spamd: identified spam (16.3/12.0) for clamav:508 in 9.9 seconds, 4446 bytes. @40004af3c9c62f9e21d4 [16157] info: spamd: result: Y 16 - BAYES_99,HELO_LOCALHOST,HTML_MESSAGE,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=9.9,size=4446,user=clamav,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52586,mid=<000d01ca5eae$d178b630$6400a...@molests>,bayes=1.00,autolearn=spam @40004af3c9c6314a9d3c [2460] info: prefork: child states: B @40004af3c9c6314aa50c [2460] info: prefork: server reached --max-children setting, consider raising it @40004af3c9c631727c44 [16157] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 52596 @40004af3c9c631f423ac [16157] info: spamd: processing message <008c01ca5eae$f2cd4620$d867d2...@com> for vpopmail:508 @40004af3c9c917309794 [12120] info: spamd: clean message (-3.2/12.0) for vpopmail:508 in 4.2 seconds, 53607 bytes. @40004af3c9c917325cb4 [12120] info: spamd: result: . -3 - AWL,BAYES_00,HTML_MESSAGE,NO_RELAYS scantime=4.2,size=53607,user=vpopmail,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52591,mid=<00b101ca5eae$e1c22d00$a54687...@com>,bayes=0.00,autolearn=unavailable This is showing the message as rejected, but I do see an error in your spamd log that may be causing you some grief: info: prefork: server reached --max-children setting, consider raising it You set a limit on the number of children spawnable in your run file and you're exceeding that. You either need to tune your system to process messages faster, or raise that limit in your run file. (As a side note, is there a way to make your MSN auto wrap message lines that are too long?) _ New Windows 7: Simplify what you do everyday. Find the right PC for you. http://windows.microsoft.com/shop
RE: [qmailtoaster] Spam issues
from smtp @40004af3c9c62ff93254 simscan:[16170]:SPAM REJECT (16.30/12.00):25.1791s:We Provide Nice Choice Of Affordable Soft.:222.254.140.77:mole...@rgleq.com:mydomainu...@mydomain.com: @40004af3c9c62ff99014 qmail-smtpd: qq hard reject (Your email is considered spam (16.30 spam-hits)): MAILFROM: RCPTTO:mydomainu...@mydomain.com @40004af3c9c70707fed4 tcpserver: end 16170 status 256 @40004af3c9c7070806a4 tcpserver: status: 2/50 @40004af3c9d51b8ed904 tcpserver: end 16336 status 0 @40004af3c9d51b8f32dc tcpserver: status: 1/50 @40004af3c9e51b78d44c tcpserver: end 16335 status 0 @40004af3c9e51b79226c tcpserver: status: 0/50 from spamd @40004af3c9c62f9c703c [16157] info: spamd: identified spam (16.3/12.0) for clamav:508 in 9.9 seconds, 4446 bytes. @40004af3c9c62f9e21d4 [16157] info: spamd: result: Y 16 - BAYES_99,HELO_LOCALHOST,HTML_MESSAGE,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=9.9,size=4446,user=clamav,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52586,mid=<000d01ca5eae$d178b630$6400a...@molests>,bayes=1.00,autolearn=spam @40004af3c9c6314a9d3c [2460] info: prefork: child states: B @40004af3c9c6314aa50c [2460] info: prefork: server reached --max-children setting, consider raising it @40004af3c9c631727c44 [16157] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 52596 @40004af3c9c631f423ac [16157] info: spamd: processing message <008c01ca5eae$f2cd4620$d867d2...@com> for vpopmail:508 @40004af3c9c917309794 [12120] info: spamd: clean message (-3.2/12.0) for vpopmail:508 in 4.2 seconds, 53607 bytes. @40004af3c9c917325cb4 [12120] info: spamd: result: . -3 - AWL,BAYES_00,HTML_MESSAGE,NO_RELAYS scantime=4.2,size=53607,user=vpopmail,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52591,mid=<00b101ca5eae$e1c22d00$a54687...@com>,bayes=0.00,autolearn=unavailable Date: Thu, 5 Nov 2009 22:29:23 -0500 From: j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spam issues nicole thomson wrote: here it is jake tcp.smtp #cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="",SENDER_NOCHECK="" 192.168.25.:allow,SENDER_NOCHECK="" 172.16.0.:allow,RELAYCLIENT="",SENDER_NOCHECK="" 216.9.253.191,allow,RBLSMTPD="-rblsmtpd deny: take your spam elsewhere!" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="1",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Hmm. This should have caught it. Can you show us a log entry (20 lines or so) when the message came in so we can trace it's path on your system? And FWIW, chkuser has a RCPTLIMIT of around 350 or so, hard coded in the C source. _ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop
RE: [qmailtoaster] Spam issues
jake which log file i need to paste it here? smtp or spamd? Date: Thu, 5 Nov 2009 22:29:23 -0500 From: j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spam issues nicole thomson wrote: here it is jake tcp.smtp #cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="",SENDER_NOCHECK="" 192.168.25.:allow,SENDER_NOCHECK="" 172.16.0.:allow,RELAYCLIENT="",SENDER_NOCHECK="" 216.9.253.191,allow,RBLSMTPD="-rblsmtpd deny: take your spam elsewhere!" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="1",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Hmm. This should have caught it. Can you show us a log entry (20 lines or so) when the message came in so we can trace it's path on your system? And FWIW, chkuser has a RCPTLIMIT of around 350 or so, hard coded in the C source. _ Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop
RE: [qmailtoaster] Spam issues
at present i did stopped the spamdyke, (close to 3 months it was not in use because of some SPAM tag issues) i did used the default settings it provides when we install it. > From: mcol...@norcalisp.com > To: qmailtoaster-list@qmailtoaster.com > Date: Thu, 5 Nov 2009 08:58:50 -0800 > Subject: RE: [qmailtoaster] Spam issues > > I was actually referring to Nicole's posts Rafael... > > > Michael J. Colvin > NorCal Internet Services > www.norcalisp.com > > > > > > -Original Message- > > From: Rafael Andrade [mailto:raf...@riosulense.com.br] > > Sent: Thursday, November 05, 2009 8:05 AM > > To: qmailtoaster-list@qmailtoaster.com > > Subject: Re: [qmailtoaster] Spam issues > > > > See my confs below... :) > > > > [r...@net ~]# ps aux | grep spamdyke > > vpopmail 7922 0.0 0.1 5992 2084 ? S 13:48 0:00 /usr/local/bin/spamdyke > > -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd > > /home/vpopmail/bin/vchkpw /bin/true > > vpopmail 7941 0.0 0.1 5104 2088 ? S 13:59 0:00 /usr/local/bin/spamdyke > > -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd > > /home/vpopmail/bin/vchkpw /bin/true > > root 8014 0.0 0.0 4120 612 pts/0 D+ 14:02 0:00 grep spamdyke > > vpopmail 21889 0.0 0.0 1736 532 ? S Nov03 0:00 /usr/bin/tcpserver -D -t > > 1 -v -P -R -H -l net -x /etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 > > 0 smtp /usr/local/bin/spamdyke -f /etc/spamdyke/spamdyke.conf > > /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true > > > > Nov 5 13:48:40 net spamdyke[7924]: DENIED_RBL_MATCH from: > > comprasbr...@geraarte.com.br to: comprascomp...@domain.com origin_ip: > > 94.178.208.254 origin_rdns: 254-208-178-94.pool.ukrtel.net auth: (unknown) > > Nov 5 13:57:03 net spamdyke[7937]: DENIED_RDNS_MISSING from: > > ayobanv...@metalservice.ind.br to: rafae...@domain.com origin_ip: > > 151.62.6.23 origin_rdns: (unknown) auth: (unknown) > > Nov 5 13:59:19 net spamdyke[7941]: DENIED_IP_IN_CC_RDNS from: > > jua...@faquibras.com.br to: ven...@domain.com origin_ip: 200.174.43.26 > > origin_rdns: 200-174-43-26.gegnet.com.br auth: (unknown) > > Nov 5 14:00:43 net spamdyke[8005]: DENIED_GRAYLISTED from: > > getmai...@getmailer.com to: comp...@domain.com origin_ip: 74.126.30.180 > > origin_rdns: mail.getmailer.com auth: (unknown) > > Nov 5 14:01:11 net spamdyke[8007]: DENIED_RDNS_RESOLVE from: > > finance...@natalshopping.com.br to: finance...@domain.com origin_ip: > > 58.186.19.63 origin_rdns: 58-186-19-xxx-dynamic.hcm.fpt.vn auth: (unknown) > > > > > > > > My spamdyke Conf: > > [r...@net ~]# cat /etc/spamdyke/spamdyke.conf > > # rbl > > dns-blacklist-entry=bl.spamcop.net > > dns-blacklist-entry=zen.spamhaus.org > > dns-blacklist-entry=dnsbl.sorbs.net > > dns-blacklist-entry=bogons.cymru.com > > dns-blacklist-entry=ix.dnsbl.manitu.net > > dns-blacklist-entry=cbl.abuseat.org > > dns-blacklist-entry=dnsbl.njabl.org > > > > > > # graylist > > #graylist-dir=/etc/spamdyke/graylist.d > > graylist-dir=/home/vpopmail/graylist.d > > graylist-level=always > > graylist-max-secs=2678400 > > graylist-min-secs=180 > > greeting-delay-secs=5 > > > > > > local-domains-file=/var/qmail/control/rcpthosts > > #log-level=debug > > log-level=info > > log-target=syslog > > #log-target=stderr > > max-recipients=50 > > #policy-url=http://my.policy.explanation.url/ > > reject-empty-rdns > > reject-ip-in-cc-rdns > > reject-missing-sender-mx > > reject-unresolvable-rdns > > tls-certificate-file=/var/qmail/control/servercert.pem > > > > > > # blacklist and whitelist ip > > ip-blacklist-file=/etc/spamdyke/blacklist_ip > > ip-whitelist-file=/etc/spamdyke/whitelist_ip > > > > # blacklist and whitelist keywords > > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > > > > # blacklist and whitelist senders > > sender-blacklist-file=/etc/spamdyke/blacklist_senders > > sender-whitelist-file=/etc/spamdyke/whitelist_senders > > > > # blacklist and whitelist rdns > > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > > > > # whitelist dns > > dns-whitelist-file=/etc/spamdyke/whitelist_dns > > > > # blacklist and whitelist recipients > > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients >
Re: [qmailtoaster] Spam issues
nicole thomson wrote: here it is jake tcp.smtp #cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT="",SENDER_NOCHECK="" 192.168.25.:allow,SENDER_NOCHECK="" 172.16.0.:allow,RELAYCLIENT="",SENDER_NOCHECK="" 216.9.253.191,allow,RBLSMTPD="-rblsmtpd deny: take your spam elsewhere!" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="1",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Hmm. This should have caught it. Can you show us a log entry (20 lines or so) when the message came in so we can trace it's path on your system? And FWIW, chkuser has a RCPTLIMIT of around 350 or so, hard coded in the C source.
