Re: 3.1 vs. 2.6x 3.0x: Good; when to SQL; RFE's (to dev?)

[Michael Monnerie]

On Samstag, 29. Oktober 2005 06:33 Linda Walsh wrote:
 Assuming it is some sort of berkeley db format, what is a good
 cut-over size as a rule-of-thumb...or is there?  What should I
 expect in speeds  for sa-learn or spamc?  I.e. -- is there a
 rough guideline for when it becomes more effective to use SQL
 vs. the Berkeley DB?  Or rephrased, when it is worth the effort to
 convert to SQL and ensure all the SQL software is setup and running?

I don't know whether this really is a performance question, but I 
believe it's more of a do I need it question. For example, if you use 
a system wide bayes db, you probably won't need SQL. I do this for now.

But if some users want/need their own bayes, or own settings, it starts 
becoming easier to use SQL for all that things - it's quickly becoming 
easier to manage, after 5 users or so need their special config. That's 
why I'm thinking of switching to SQL.

Does anybody know whether MySQL or PostgreSQL is better suited for the 
job? I prefer PostgreSQL, but many times MySQL is better supported...

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at   Tel: 0660/4156531  Linux 2.6.11
// PGP Key:   lynx -source http://zmi.at/zmi2.asc | gpg --import
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879


pgpKJgM5KVQGA.pgp
Description: PGP signature

helo tests

[Philipp Snizek]

 
Hi 

I'm running a few helo tests with SA 3.1. However, SA dosn't seem to
make the tests. 

test 1: nummeric helo = 1.2.3.4

SA says:
Trusted Relays:   [ ip=127.0.0.1 rdns=localhost helo=1.2.3.4
by=mail.mymailbox.com ident= envfrom= intl=0 id=F2D111C5542 auth=
 ]

But in Reports:
Report:
*  0.6 NO_REAL_NAME From: does not include a real name
*  0.9 UNDISC_RECIPS Valid-looking To undisclosed-recipients
* -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
*  1.3 MISSING_SUBJECT Missing Subject: header

no nummeric helo mentioned here


test 2: invalid host name (helo  = )

Trusted Relays:   [ ip=127.0.0.1 rdns=localhost helo=??
by=mail.rfc-check.com ident= envfrom= intl=0 id=9B06D1C5542 auth= ]

Report:
*  0.6 NO_REAL_NAME From: does not include a real name
*  0.9 UNDISC_RECIPS Valid-looking To undisclosed-recipients
* -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
*  1.3 MISSING_SUBJECT Missing Subject: header


test 3: no corresponding mx, ptr, a host to helo name (helo = cia.gov)

Trusted Relays:   [ ip=127.0.0.1 rdns=localhost helo=cia.gov
by=mail.rfc-check.com ident= envfrom= intl=0 id=AD92B1C5542 auth=]

The 20_head_tests.cf is in /usr/share/spamassassin/ and is read by
spamassassin --lint -D. 
What am I missing? 
And where can I read about all possible eval tests? perldoc
Mail::SpamAssassin::Eval-Tests doesn't exist.

Thank you,
Philipp 

burning cpu since 3.1

[Mathieu CHATEAU]

Hello spamhunters,

i upgraded two mailservers from 3.0.4 to 3.1.0.

Like others on this mailing list, i am having a performance issue.

platform:
Spamasassin 3.1.0 (upgraded from ports)
Perl 5.8.6
FreeBSD 5.4
qmail + vpopmail + qmail-scanner

Both server have 1Go of Ram and two Xeon 2,4 with HTT enabled.

Everything goes fine after spamd started. But after a while, spamd
processes takes the whole CPU until i kill them.

i got something like that:
  PID USERNAME PRI NICE   SIZERES STATE  C   TIME   WCPUCPU COMMAND
14228 vpopmail 1140 28048K 26524K CPU0   0  23.5H 99.02% 99.02% perl5.8.6
14229 vpopmail 1140 26876K 25420K CPU2   2  23.3H 99.02% 99.02% perl5.8.6

I removed all *.cf rules i always use to keep it fast but anyway,
after a while, it's away.

in the log file:
spamc[52447]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 
3): Operation timed out


Does anyone knows what's the hell is going on ?
Does anyone got better performance with perl 5.8.7 ?

I read somewhere that spamassassin changed the way to fork process,
and know is similar to apache httpd. Is it linked ?

Hope to read good news from all of you

Mathieu CHATEAU

Re: helo tests

[Matt Kettler]

At 06:45 AM 10/29/2005, Philipp Snizek wrote:

Hi

I'm running a few helo tests with SA 3.1. However, SA dosn't seem to
make the tests.

test 1: nummeric helo = 1.2.3.4

SA says:
Trusted Relays:   [ ip=127.0.0.1 rdns=localhost helo=1.2.3.4
by=mail.mymailbox.com ident= envfrom= intl=0 id=F2D111C5542 auth=
 ]

But in Reports:
Report:
*  0.6 NO_REAL_NAME From: does not include a real name
*  0.9 UNDISC_RECIPS Valid-looking To undisclosed-recipients
* -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
*  1.3 MISSING_SUBJECT Missing Subject: header

no nummeric helo mentioned here


Try that test from an untrusted host.. SA might be ignoring the numeric 
helo test because the actual IP is localhost, thus trusted, and there's no 
point in checking that..

spamassassin.apache.org refuses mail

[jpff]

I got a score of 6.6 for an ordinary question about why DCC fails.
Rather makes the list pointless
==John ffitch

[EMAIL PROTECTED]: Mail delivery failed: returning message to sender]

[jpff]

Another attempt
--- Start of forwarded message ---
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Sat, 29 Oct 2005 18:02:58 +0100
X-Failed-Recipients: users@spamassassin.apache.org
Auto-Submitted: auto-generated
From: Mail Delivery System [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Mail delivery failed: returning message to sender
Date: Sat, 29 Oct 2005 18:02:57 +0100

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  users@spamassassin.apache.org
SMTP error from remote mail server after end of data:
host asf.osuosl.org [140.211.166.49]: 552 spam score (6.6) exceeded 
threshold

- -- This is a copy of the message, including all the headers. --

Return-path: [EMAIL PROTECTED]
Received: from cardew.codemist.co.uk ([172.16.4.17])
by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54)
id 1EVu6E-0005As-L7; Sat, 29 Oct 2005 18:02:34 +0100
Received: from jpff by cardew.codemist.co.uk with local (Exim 4.44)
id 1EVu8c-0001yh-B5; Sat, 29 Oct 2005 18:05:02 +0100
Date: Sat, 29 Oct 2005 18:05:01 +0100
Message-Id: [EMAIL PROTECTED]
X-Mailer: emacs 21.3.1 (via feedmail 8 I)
From: [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Subject: Trying to get DCC to work

I uncommented the line in v310.pre and made sure that DCC was
installed (this is a Debian box so used aptitude).  However
spamassassin -D  --line says

[19739] dbg: dcc: got response: socket(UDP): Address family not supported by 
protocol

and so I assume something is wrong.  I have tried various things but
no success.  btw /var/lib/dcc/dccifd is the socket and it exists

Fuller log below
==John ffitch

...
[19778] dbg: plugin: registering glue method for check_dcc 
(Mail::SpamAssassin::Plugin::DCC=HASH(0x93366c0))
[19778] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[19778] dbg: util: executable for dccproc was found at /usr/bin/dccproc
[19778] dbg: dcc: dccproc is available: /usr/bin/dccproc
[19778] dbg: info: entering helper-app run mode
[19778] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R  
/tmp/.spamassassin19778ZmYs70tmp
[19779] dbg: util: setuid: ruid=0 euid=0
[19778] dbg: dcc: got response: socket(UDP): Address family not supported by 
protocol
[19778] dbg: info: leaving helper-app run mode
[19778] dbg: dcc: check failed: no X-DCC returned (did you create a map file?): 
socket(UDP): Address family not supported by protocol
...
--- End of forwarded message ---

==John ffitch

Re: spamassassin.apache.org refuses mail

[Evan Platt]

At 10:46 AM 10/29/2005, you wrote:

I got a score of 6.6 for an ordinary question about why DCC fails.
Rather makes the list pointless


My guess is you asked more than a question, and included quite a bit 
of things that made the message look like spam.


Oh, and from your mail:

NO_REAL_NAME

Consider adding a real name to your e-mail, that will knock off some 
points there. 

Re: burning cpu since 3.1

[Loren Wilton]

 Everything goes fine after spamd started. But after a while, spamd
 processes takes the whole CPU until i kill them.

 I removed all *.cf rules i always use to keep it fast but anyway,
 after a while, it's away.

If it isn't rules causing it, it must be something else.  The usual cases
would be a bayes or awl expire run.  You should check the size of these
databases.

Loren

Re: spamassassin.apache.org refuses mail

[Matt Kettler]

At 01:46 PM 10/29/2005, [EMAIL PROTECTED] wrote:

I got a score of 6.6 for an ordinary question about why DCC fails.
Rather makes the list pointless


Not really.. the list is set up with a tagging threshold of 10. 6.6 should 
not have mattered.


From your message:

X-ASF-Spam-Status: No, hits=0.6 required=10.0
tests=NO_REAL_NAME

Re: spamassassin.apache.org refuses mail

[jpff]

Well it said that the message was not delivered with a score of 6.6
--- even for an empty message
==John ffitch

Re: Trying to get DCC to work

[Matt Kettler]

At 01:48 PM 10/29/2005, [EMAIL PROTECTED] wrote:
snip


I uncommented the line in v310.pre and made sure that DCC was
installed (this is a Debian box so used aptitude).  However
spamassassin -D  --line says

[19739] dbg: dcc: got response: socket(UDP): Address family not supported 
by protocol


and so I assume something is wrong.  I have tried various things but
no success.  btw /var/lib/dcc/dccifd is the socket and it exists

Fuller log below
==John ffitch

...
[19778] dbg: plugin: registering glue method for check_dcc 
(Mail::SpamAssassin::Plugin::DCC=HASH(0x93366c0))

[19778] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[19778] dbg: util: executable for dccproc was found at /usr/bin/dccproc
[19778] dbg: dcc: dccproc is available: /usr/bin/dccproc
[19778] dbg: info: entering helper-app run mode
[19778] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R  
/tmp/.spamassassin19778ZmYs70tmp

[19779] dbg: util: setuid: ruid=0 euid=0
[19778] dbg: dcc: got response: socket(UDP): Address family not supported 
by protocol

[19778] dbg: info: leaving helper-app run mode
[19778] dbg: dcc: check failed: no X-DCC returned (did you create a map 
file?): socket(UDP): Address family not supported by protocol




Problems with the list aside:

1) you're dccifd might exist, but SA isn't finding it. You probably need to 
set this SA option:


dcc_dccifd_path /var/lib/dcc/
Right now it's probably going to look for it somewhere under /usr...

2) where is your dcc map file? is it in /var/dcc or /var/lib/dcc? You might 
need to set the dcc_home SA option to point to where your mapfile is.


In general it sounds like DCC is trying to use garbage as a server address, 
and fails to create a socket. If DCC couldn't find a map file, that might 
happen. 

Re: spamassassin.apache.org refuses mail

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


[EMAIL PROTECTED] writes:
 Well it said that the message was not delivered with a score of 6.6
 --- even for an empty message
 ==John ffitch

I'm chasing this up with the ASF infrastructure team now.

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDZAKpMJF5cimLx9ARAuaWAKCn9c6p8ixpeCmGEPQYb8Qr3ArW1QCgm96A
W+sNUJlIgn4vR39eJpi3DBs=
=zXwS
-END PGP SIGNATURE-

Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


OK, the line was:

 Oct 29 10:02:55 asf spamd[84538]: spamd: result: .  6 -
 HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,NO_REAL_NAME
 scantime=0.9,size=2039,user=smtpd,uid=99,required_score=10.0,
 rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd,
 mid=[EMAIL PROTECTED],
 autolearn=disabled

I'm not sure what the hostname's HELO was, because that's not logged,
but going by this line:

 by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54)

I'll bet it HELO'd as dsl-217-155-197-248.zen.co.uk.  Any idea
why it did that?  Most mailservers use a real hostname, instead of
a dialup IP rDNS name -- that's a pretty reliable spam trait.

- --j.

[EMAIL PROTECTED] writes:
 Another attempt
 --- Start of forwarded message ---
 Envelope-to: [EMAIL PROTECTED]
 Delivery-date: Sat, 29 Oct 2005 18:02:58 +0100
 X-Failed-Recipients: users@spamassassin.apache.org
 Auto-Submitted: auto-generated
 From: Mail Delivery System [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Mail delivery failed: returning message to sender
 Date: Sat, 29 Oct 2005 18:02:57 +0100
 
 This message was created automatically by mail delivery software.
 
 A message that you sent could not be delivered to one or more of its
 recipients. This is a permanent error. The following address(es) failed:
 
   users@spamassassin.apache.org
 SMTP error from remote mail server after end of data:
 host asf.osuosl.org [140.211.166.49]: 552 spam score (6.6) exceeded 
 threshold
 
 - -- This is a copy of the message, including all the headers. --
 
 Return-path: [EMAIL PROTECTED]
 Received: from cardew.codemist.co.uk ([172.16.4.17])
 by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54)
 id 1EVu6E-0005As-L7; Sat, 29 Oct 2005 18:02:34 +0100
 Received: from jpff by cardew.codemist.co.uk with local (Exim 4.44)
 id 1EVu8c-0001yh-B5; Sat, 29 Oct 2005 18:05:02 +0100
 Date: Sat, 29 Oct 2005 18:05:01 +0100
 Message-Id: [EMAIL PROTECTED]
 X-Mailer: emacs 21.3.1 (via feedmail 8 I)
 From: [EMAIL PROTECTED]
 To: users@spamassassin.apache.org
 Subject: Trying to get DCC to work
 
 I uncommented the line in v310.pre and made sure that DCC was
 installed (this is a Debian box so used aptitude).  However
 spamassassin -D  --line says
 
 [19739] dbg: dcc: got response: socket(UDP): Address family not supported by 
 protocol
 
 and so I assume something is wrong.  I have tried various things but
 no success.  btw /var/lib/dcc/dccifd is the socket and it exists
 
 Fuller log below
 ==John ffitch
 
 ...
 [19778] dbg: plugin: registering glue method for check_dcc 
 (Mail::SpamAssassin::Plugin::DCC=HASH(0x93366c0))
 [19778] dbg: dcc: dccifd is not available: no r/w dccifd socket found
 [19778] dbg: util: executable for dccproc was found at /usr/bin/dccproc
 [19778] dbg: dcc: dccproc is available: /usr/bin/dccproc
 [19778] dbg: info: entering helper-app run mode
 [19778] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R  
 /tmp/.spamassassin19778ZmYs70tmp
 [19779] dbg: util: setuid: ruid=0 euid=0
 [19778] dbg: dcc: got response: socket(UDP): Address family not supported by 
 protocol
 [19778] dbg: info: leaving helper-app run mode
 [19778] dbg: dcc: check failed: no X-DCC returned (did you create a map 
 file?): socket(UDP): Address family not supported by protocol
 ...
 --- End of forwarded message ---
 
 ==John ffitch
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDZAQyMJF5cimLx9ARAr/sAKCloFZl2xZUcJVaADNdg8uBP/db8QCff75h
Iax9/8zIfH753fIWS6XQtF4=
=8C/L
-END PGP SIGNATURE-

Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]

[jdow]

From: Justin Mason [EMAIL PROTECTED]



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


OK, the line was:


Oct 29 10:02:55 asf spamd[84538]: spamd: result: .  6 -
HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,NO_REAL_NAME
scantime=0.9,size=2039,user=smtpd,uid=99,required_score=10.0,
rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd,
mid=[EMAIL PROTECTED],
autolearn=disabled


I'm not sure what the hostname's HELO was, because that's not logged,
but going by this line:


by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54)


I'll bet it HELO'd as dsl-217-155-197-248.zen.co.uk.  Any idea
why it did that?  Most mailservers use a real hostname, instead of
a dialup IP rDNS name -- that's a pretty reliable spam trait.

- --j.



Oh what tangled webs
===8---
[jdow ~/.spamassassin]$ host codemist.co.uk
codemist.co.uk has address 81.174.238.154
codemist.co.uk mail is handled by 5 dsl-217-155-197-248.zen.co.uk.
[jdow ~/.spamassassin]$ host 81.174.238.154
154.238.174.81.in-addr.arpa domain name pointer hanif001.plus.com.
===8---

It IS a dialup as near as I can figure.
{^_^}

Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


  OK, the line was:
  
  Oct 29 10:02:55 asf spamd[84538]: spamd: result: .  6 -
  HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,NO_REAL_NAME
  scantime=0.9,size=2039,user=smtpd,uid=99,required_score=10.0,
  rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd,
  mid=[EMAIL PROTECTED],
  autolearn=disabled
  
  I'm not sure what the hostname's HELO was, because that's not logged,
  but going by this line:
  
  by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54)
  
  I'll bet it HELO'd as dsl-217-155-197-248.zen.co.uk.  Any idea
  why it did that?  Most mailservers use a real hostname, instead of
  a dialup IP rDNS name -- that's a pretty reliable spam trait.
  
  - --j.
 
 
 Oh what tangled webs
 ===8---
 [jdow ~/.spamassassin]$ host codemist.co.uk
 codemist.co.uk has address 81.174.238.154
 codemist.co.uk mail is handled by 5 dsl-217-155-197-248.zen.co.uk.
 [jdow ~/.spamassassin]$ host 81.174.238.154
 154.238.174.81.in-addr.arpa domain name pointer hanif001.plus.com.
 ===8---
 
 It IS a dialup as near as I can figure.

Yes, that's fine.  I'm not talking about it's rDNS, or aliases in DNS
that point to the host.  I'm talking about what the MTA on that machine
thinks it's called.

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDZB3ZMJF5cimLx9ARAm1xAKCgq6h8NNX+Ccd9NpH6pDBCQvQ05QCgi8Wc
zd6Xz7QSinppgHGgHgXSdP4=
=hQdu
-END PGP SIGNATURE-