Re: 3.1 vs. 2.6x 3.0x: Good; when to SQL; RFE's (to dev?)
On Samstag, 29. Oktober 2005 06:33 Linda Walsh wrote: Assuming it is some sort of berkeley db format, what is a good cut-over size as a rule-of-thumb...or is there? What should I expect in speeds for sa-learn or spamc? I.e. -- is there a rough guideline for when it becomes more effective to use SQL vs. the Berkeley DB? Or rephrased, when it is worth the effort to convert to SQL and ensure all the SQL software is setup and running? I don't know whether this really is a performance question, but I believe it's more of a do I need it question. For example, if you use a system wide bayes db, you probably won't need SQL. I do this for now. But if some users want/need their own bayes, or own settings, it starts becoming easier to use SQL for all that things - it's quickly becoming easier to manage, after 5 users or so need their special config. That's why I'm thinking of switching to SQL. Does anybody know whether MySQL or PostgreSQL is better suited for the job? I prefer PostgreSQL, but many times MySQL is better supported... mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpKJgM5KVQGA.pgp Description: PGP signature
helo tests
Hi I'm running a few helo tests with SA 3.1. However, SA dosn't seem to make the tests. test 1: nummeric helo = 1.2.3.4 SA says: Trusted Relays: [ ip=127.0.0.1 rdns=localhost helo=1.2.3.4 by=mail.mymailbox.com ident= envfrom= intl=0 id=F2D111C5542 auth= ] But in Reports: Report: * 0.6 NO_REAL_NAME From: does not include a real name * 0.9 UNDISC_RECIPS Valid-looking To undisclosed-recipients * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP * 1.3 MISSING_SUBJECT Missing Subject: header no nummeric helo mentioned here test 2: invalid host name (helo = ) Trusted Relays: [ ip=127.0.0.1 rdns=localhost helo=?? by=mail.rfc-check.com ident= envfrom= intl=0 id=9B06D1C5542 auth= ] Report: * 0.6 NO_REAL_NAME From: does not include a real name * 0.9 UNDISC_RECIPS Valid-looking To undisclosed-recipients * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP * 1.3 MISSING_SUBJECT Missing Subject: header test 3: no corresponding mx, ptr, a host to helo name (helo = cia.gov) Trusted Relays: [ ip=127.0.0.1 rdns=localhost helo=cia.gov by=mail.rfc-check.com ident= envfrom= intl=0 id=AD92B1C5542 auth=] The 20_head_tests.cf is in /usr/share/spamassassin/ and is read by spamassassin --lint -D. What am I missing? And where can I read about all possible eval tests? perldoc Mail::SpamAssassin::Eval-Tests doesn't exist. Thank you, Philipp
burning cpu since 3.1
Hello spamhunters, i upgraded two mailservers from 3.0.4 to 3.1.0. Like others on this mailing list, i am having a performance issue. platform: Spamasassin 3.1.0 (upgraded from ports) Perl 5.8.6 FreeBSD 5.4 qmail + vpopmail + qmail-scanner Both server have 1Go of Ram and two Xeon 2,4 with HTT enabled. Everything goes fine after spamd started. But after a while, spamd processes takes the whole CPU until i kill them. i got something like that: PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 14228 vpopmail 1140 28048K 26524K CPU0 0 23.5H 99.02% 99.02% perl5.8.6 14229 vpopmail 1140 26876K 25420K CPU2 2 23.3H 99.02% 99.02% perl5.8.6 I removed all *.cf rules i always use to keep it fast but anyway, after a while, it's away. in the log file: spamc[52447]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Operation timed out Does anyone knows what's the hell is going on ? Does anyone got better performance with perl 5.8.7 ? I read somewhere that spamassassin changed the way to fork process, and know is similar to apache httpd. Is it linked ? Hope to read good news from all of you Mathieu CHATEAU
Re: helo tests
At 06:45 AM 10/29/2005, Philipp Snizek wrote: Hi I'm running a few helo tests with SA 3.1. However, SA dosn't seem to make the tests. test 1: nummeric helo = 1.2.3.4 SA says: Trusted Relays: [ ip=127.0.0.1 rdns=localhost helo=1.2.3.4 by=mail.mymailbox.com ident= envfrom= intl=0 id=F2D111C5542 auth= ] But in Reports: Report: * 0.6 NO_REAL_NAME From: does not include a real name * 0.9 UNDISC_RECIPS Valid-looking To undisclosed-recipients * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP * 1.3 MISSING_SUBJECT Missing Subject: header no nummeric helo mentioned here Try that test from an untrusted host.. SA might be ignoring the numeric helo test because the actual IP is localhost, thus trusted, and there's no point in checking that..
spamassassin.apache.org refuses mail
I got a score of 6.6 for an ordinary question about why DCC fails. Rather makes the list pointless ==John ffitch
[EMAIL PROTECTED]: Mail delivery failed: returning message to sender]
Another attempt --- Start of forwarded message --- Envelope-to: [EMAIL PROTECTED] Delivery-date: Sat, 29 Oct 2005 18:02:58 +0100 X-Failed-Recipients: users@spamassassin.apache.org Auto-Submitted: auto-generated From: Mail Delivery System [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail delivery failed: returning message to sender Date: Sat, 29 Oct 2005 18:02:57 +0100 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: users@spamassassin.apache.org SMTP error from remote mail server after end of data: host asf.osuosl.org [140.211.166.49]: 552 spam score (6.6) exceeded threshold - -- This is a copy of the message, including all the headers. -- Return-path: [EMAIL PROTECTED] Received: from cardew.codemist.co.uk ([172.16.4.17]) by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54) id 1EVu6E-0005As-L7; Sat, 29 Oct 2005 18:02:34 +0100 Received: from jpff by cardew.codemist.co.uk with local (Exim 4.44) id 1EVu8c-0001yh-B5; Sat, 29 Oct 2005 18:05:02 +0100 Date: Sat, 29 Oct 2005 18:05:01 +0100 Message-Id: [EMAIL PROTECTED] X-Mailer: emacs 21.3.1 (via feedmail 8 I) From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: Trying to get DCC to work I uncommented the line in v310.pre and made sure that DCC was installed (this is a Debian box so used aptitude). However spamassassin -D --line says [19739] dbg: dcc: got response: socket(UDP): Address family not supported by protocol and so I assume something is wrong. I have tried various things but no success. btw /var/lib/dcc/dccifd is the socket and it exists Fuller log below ==John ffitch ... [19778] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x93366c0)) [19778] dbg: dcc: dccifd is not available: no r/w dccifd socket found [19778] dbg: util: executable for dccproc was found at /usr/bin/dccproc [19778] dbg: dcc: dccproc is available: /usr/bin/dccproc [19778] dbg: info: entering helper-app run mode [19778] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R /tmp/.spamassassin19778ZmYs70tmp [19779] dbg: util: setuid: ruid=0 euid=0 [19778] dbg: dcc: got response: socket(UDP): Address family not supported by protocol [19778] dbg: info: leaving helper-app run mode [19778] dbg: dcc: check failed: no X-DCC returned (did you create a map file?): socket(UDP): Address family not supported by protocol ... --- End of forwarded message --- ==John ffitch
Re: spamassassin.apache.org refuses mail
At 10:46 AM 10/29/2005, you wrote: I got a score of 6.6 for an ordinary question about why DCC fails. Rather makes the list pointless My guess is you asked more than a question, and included quite a bit of things that made the message look like spam. Oh, and from your mail: NO_REAL_NAME Consider adding a real name to your e-mail, that will knock off some points there.
Re: burning cpu since 3.1
Everything goes fine after spamd started. But after a while, spamd processes takes the whole CPU until i kill them. I removed all *.cf rules i always use to keep it fast but anyway, after a while, it's away. If it isn't rules causing it, it must be something else. The usual cases would be a bayes or awl expire run. You should check the size of these databases. Loren
Re: spamassassin.apache.org refuses mail
At 01:46 PM 10/29/2005, [EMAIL PROTECTED] wrote: I got a score of 6.6 for an ordinary question about why DCC fails. Rather makes the list pointless Not really.. the list is set up with a tagging threshold of 10. 6.6 should not have mattered. From your message: X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME
Re: spamassassin.apache.org refuses mail
Well it said that the message was not delivered with a score of 6.6 --- even for an empty message ==John ffitch
Re: Trying to get DCC to work
At 01:48 PM 10/29/2005, [EMAIL PROTECTED] wrote: snip I uncommented the line in v310.pre and made sure that DCC was installed (this is a Debian box so used aptitude). However spamassassin -D --line says [19739] dbg: dcc: got response: socket(UDP): Address family not supported by protocol and so I assume something is wrong. I have tried various things but no success. btw /var/lib/dcc/dccifd is the socket and it exists Fuller log below ==John ffitch ... [19778] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x93366c0)) [19778] dbg: dcc: dccifd is not available: no r/w dccifd socket found [19778] dbg: util: executable for dccproc was found at /usr/bin/dccproc [19778] dbg: dcc: dccproc is available: /usr/bin/dccproc [19778] dbg: info: entering helper-app run mode [19778] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R /tmp/.spamassassin19778ZmYs70tmp [19779] dbg: util: setuid: ruid=0 euid=0 [19778] dbg: dcc: got response: socket(UDP): Address family not supported by protocol [19778] dbg: info: leaving helper-app run mode [19778] dbg: dcc: check failed: no X-DCC returned (did you create a map file?): socket(UDP): Address family not supported by protocol Problems with the list aside: 1) you're dccifd might exist, but SA isn't finding it. You probably need to set this SA option: dcc_dccifd_path /var/lib/dcc/ Right now it's probably going to look for it somewhere under /usr... 2) where is your dcc map file? is it in /var/dcc or /var/lib/dcc? You might need to set the dcc_home SA option to point to where your mapfile is. In general it sounds like DCC is trying to use garbage as a server address, and fails to create a socket. If DCC couldn't find a map file, that might happen.
Re: spamassassin.apache.org refuses mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] writes: Well it said that the message was not delivered with a score of 6.6 --- even for an empty message ==John ffitch I'm chasing this up with the ASF infrastructure team now. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDZAKpMJF5cimLx9ARAuaWAKCn9c6p8ixpeCmGEPQYb8Qr3ArW1QCgm96A W+sNUJlIgn4vR39eJpi3DBs= =zXwS -END PGP SIGNATURE-
Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OK, the line was: Oct 29 10:02:55 asf spamd[84538]: spamd: result: . 6 - HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,NO_REAL_NAME scantime=0.9,size=2039,user=smtpd,uid=99,required_score=10.0, rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd, mid=[EMAIL PROTECTED], autolearn=disabled I'm not sure what the hostname's HELO was, because that's not logged, but going by this line: by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54) I'll bet it HELO'd as dsl-217-155-197-248.zen.co.uk. Any idea why it did that? Most mailservers use a real hostname, instead of a dialup IP rDNS name -- that's a pretty reliable spam trait. - --j. [EMAIL PROTECTED] writes: Another attempt --- Start of forwarded message --- Envelope-to: [EMAIL PROTECTED] Delivery-date: Sat, 29 Oct 2005 18:02:58 +0100 X-Failed-Recipients: users@spamassassin.apache.org Auto-Submitted: auto-generated From: Mail Delivery System [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail delivery failed: returning message to sender Date: Sat, 29 Oct 2005 18:02:57 +0100 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: users@spamassassin.apache.org SMTP error from remote mail server after end of data: host asf.osuosl.org [140.211.166.49]: 552 spam score (6.6) exceeded threshold - -- This is a copy of the message, including all the headers. -- Return-path: [EMAIL PROTECTED] Received: from cardew.codemist.co.uk ([172.16.4.17]) by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54) id 1EVu6E-0005As-L7; Sat, 29 Oct 2005 18:02:34 +0100 Received: from jpff by cardew.codemist.co.uk with local (Exim 4.44) id 1EVu8c-0001yh-B5; Sat, 29 Oct 2005 18:05:02 +0100 Date: Sat, 29 Oct 2005 18:05:01 +0100 Message-Id: [EMAIL PROTECTED] X-Mailer: emacs 21.3.1 (via feedmail 8 I) From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: Trying to get DCC to work I uncommented the line in v310.pre and made sure that DCC was installed (this is a Debian box so used aptitude). However spamassassin -D --line says [19739] dbg: dcc: got response: socket(UDP): Address family not supported by protocol and so I assume something is wrong. I have tried various things but no success. btw /var/lib/dcc/dccifd is the socket and it exists Fuller log below ==John ffitch ... [19778] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x93366c0)) [19778] dbg: dcc: dccifd is not available: no r/w dccifd socket found [19778] dbg: util: executable for dccproc was found at /usr/bin/dccproc [19778] dbg: dcc: dccproc is available: /usr/bin/dccproc [19778] dbg: info: entering helper-app run mode [19778] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R /tmp/.spamassassin19778ZmYs70tmp [19779] dbg: util: setuid: ruid=0 euid=0 [19778] dbg: dcc: got response: socket(UDP): Address family not supported by protocol [19778] dbg: info: leaving helper-app run mode [19778] dbg: dcc: check failed: no X-DCC returned (did you create a map file?): socket(UDP): Address family not supported by protocol ... --- End of forwarded message --- ==John ffitch -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDZAQyMJF5cimLx9ARAr/sAKCloFZl2xZUcJVaADNdg8uBP/db8QCff75h Iax9/8zIfH753fIWS6XQtF4= =8C/L -END PGP SIGNATURE-
Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]
From: Justin Mason [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OK, the line was: Oct 29 10:02:55 asf spamd[84538]: spamd: result: . 6 - HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,NO_REAL_NAME scantime=0.9,size=2039,user=smtpd,uid=99,required_score=10.0, rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd, mid=[EMAIL PROTECTED], autolearn=disabled I'm not sure what the hostname's HELO was, because that's not logged, but going by this line: by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54) I'll bet it HELO'd as dsl-217-155-197-248.zen.co.uk. Any idea why it did that? Most mailservers use a real hostname, instead of a dialup IP rDNS name -- that's a pretty reliable spam trait. - --j. Oh what tangled webs ===8--- [jdow ~/.spamassassin]$ host codemist.co.uk codemist.co.uk has address 81.174.238.154 codemist.co.uk mail is handled by 5 dsl-217-155-197-248.zen.co.uk. [jdow ~/.spamassassin]$ host 81.174.238.154 154.238.174.81.in-addr.arpa domain name pointer hanif001.plus.com. ===8--- It IS a dialup as near as I can figure. {^_^}
Re: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OK, the line was: Oct 29 10:02:55 asf spamd[84538]: spamd: result: . 6 - HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,NO_REAL_NAME scantime=0.9,size=2039,user=smtpd,uid=99,required_score=10.0, rhost=localhost,raddr=127.0.0.1,rport=/var/run/spamd, mid=[EMAIL PROTECTED], autolearn=disabled I'm not sure what the hostname's HELO was, because that's not logged, but going by this line: by dsl-217-155-197-248.zen.co.uk with esmtp (Exim 4.54) I'll bet it HELO'd as dsl-217-155-197-248.zen.co.uk. Any idea why it did that? Most mailservers use a real hostname, instead of a dialup IP rDNS name -- that's a pretty reliable spam trait. - --j. Oh what tangled webs ===8--- [jdow ~/.spamassassin]$ host codemist.co.uk codemist.co.uk has address 81.174.238.154 codemist.co.uk mail is handled by 5 dsl-217-155-197-248.zen.co.uk. [jdow ~/.spamassassin]$ host 81.174.238.154 154.238.174.81.in-addr.arpa domain name pointer hanif001.plus.com. ===8--- It IS a dialup as near as I can figure. Yes, that's fine. I'm not talking about it's rDNS, or aliases in DNS that point to the host. I'm talking about what the MTA on that machine thinks it's called. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDZB3ZMJF5cimLx9ARAm1xAKCgq6h8NNX+Ccd9NpH6pDBCQvQ05QCgi8Wc zd6Xz7QSinppgHGgHgXSdP4= =hQdu -END PGP SIGNATURE-