Re: SA date on 2 tmp file 1970
- Original Message - From: Martin.Hepworth [EMAIL PROTECTED] To: SpamAssassin Users users@spamassassin.apache.org; [EMAIL PROTECTED] Sent: Monday, November 05, 2007 7:15 AM Subject: Re: SA date on 2 tmp file 1970 Mark you mean 3.2.3 rather than 2.3.2??? ;-) -- martin Yes! snip
syswrite() to parent failed: Broken pipe at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/SpamdForkScaling.pm line 570
SpamD seems to die every now and again (every couple of days) and though I have a script which checks regularly for various key services and restarts them if they are missing, it is letting a couple of spam through each time... The error message I am getting in my maillog when this happens is: server spamd[9522]: syswrite() to parent failed: Broken pipe at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/SpamdForkScaling.pm line 570. I have installed the logging plugin and will grab a copy of the next message to cause this to see if that sheds any light on the problem, but I was wonderng if anyone had seen this problem before? This is running on a CentOS 4.4 (Red Hat) VPS with Exim 4.67 (not that this is probably relevant) and is running SpamAssassin 3.2.3 with all the normal additons (Razor, DCC, iXhash, BotNet, SARE, PDFInfo, ClamAV Plugin, Extra DNSBLs, and a few custom ShortCircuits). Thanks! -- View this message in context: http://www.nabble.com/syswrite%28%29-to-parent-failed%3A-Broken-pipe-at--usr-lib-perl5-site_perl-5.8.5-Mail-SpamAssassin-SpamdForkScaling.pm-line-570-tf4751769.html#a13587308 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
[no subject]
hi, i used spamcontrol-2316 with Qmail 1.03. the validrcptto patch is compatible with this? . Spmacontrol does not just that ?. Thank you so much. From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: RE: High Qmail-Server Load Date: Wed, 31 Oct 2007 08:59:50 -0700 If you need to reject unknown accounts at smtp time, go to http://qmail.jms1.net and check out validrcptto patch among other things please read site in full to make good decisions re qmail i.e. browser will not work there. - rh _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
High Load Qmail Server
hi, i used spamcontrol-2316 with Qmail 1.03. the validrcptto patch is compatible with this? . Spmacontrol does not just that ?. Thank you so much. From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: RE: High Qmail-Server Load Date: Wed, 31 Oct 2007 08:59:50 -0700 If you need to reject unknown accounts at smtp time, go to http://qmail.jms1.net and check out validrcptto patch among other things please read site in full to make good decisions re qmail i.e. browser will not work there. - rh _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
High Load Qmail Server
hi, i used spamcontrol-2316 with Qmail 1.03. the validrcptto patch is compatible with this? . Spmacontrol does not just that ?. Thank you so much. From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: RE: High Qmail-Server Load Date: Wed, 31 Oct 2007 08:59:50 -0700 If you need to reject unknown accounts at smtp time, go to http://qmail.jms1.net and check out validrcptto patch among other things please read site in full to make good decisions re qmail i.e. browser will not work there. - rh _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
It's a fine line...
Between the truly clueless administrator, and those that feign ignorance to cover up their implicit approval of spammers... What do you do in the case where someone is filtering deliveries to their abuse mailbox? (Like 99% of mail sent there isn't going to score positively...) Sigh. Return-Path: Received: from localhost (localhost) by mail.redfish-solutions.com (8.14.1/8.14.1) id lA5HEMTM017203; Mon, 5 Nov 2007 10:14:22 -0700 Date: Mon, 5 Nov 2007 10:14:22 -0700 From: Mail Delivery Subsystem [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=lA5HEMTM017203.1194282862/mail.redfish-solutions.com Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message --lA5HEMTM017203.1194282862/mail.redfish-solutions.com The original message was received at Mon, 5 Nov 2007 10:14:14 -0700 from pool-71-112-36-94.sttlwa.dsl-w.verizon.net [71.112.36.94] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 Rejecting message scored for more than 8.0 (9.0) SPAM points.) - Transcript of session follows - ... while talking to arminco.com.: DATA 550 Rejecting message scored for more than 8.0 (9.0) SPAM points. 554 5.0.0 Service unavailable --lA5HEMTM017203.1194282862/mail.redfish-solutions.com Content-Type: message/delivery-status Reporting-MTA: dns; mail.redfish-solutions.com Received-From-MTA: DNS; pool-71-112-36-94.sttlwa.dsl-w.verizon.net Arrival-Date: Mon, 5 Nov 2007 10:14:14 -0700 Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.2.0 Remote-MTA: DNS; arminco.com Diagnostic-Code: SMTP; 550 Rejecting message scored for more than 8.0 (9.0) SPAM points. Last-Attempt-Date: Mon, 5 Nov 2007 10:14:22 -0700 --lA5HEMTM017203.1194282862/mail.redfish-solutions.com Content-Type: message/rfc822 Return-Path: [EMAIL PROTECTED] Received: from [192.168.10.148] (pool-71-112-36-94.sttlwa.dsl-w.verizon.net [71.112.36.94]) (authenticated bits=0) by mail.redfish-solutions.com (8.14.1/8.14.1) with ESMTP id lA5HECTN017198 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for [EMAIL PROTECTED]; Mon, 5 Nov 2007 10:14:14 -0700 Message-ID: [EMAIL PROTECTED] Date: Mon, 05 Nov 2007 09:14:05 -0800 From: Abuse Department [EMAIL PROTECTED] User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Filtering abuse reports Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.63 on 192.168.1.3 Of course submitted mail to the Abuse mailbox is going to score as spam. It is spam. Why else would anyone be reporting it? Please get a clue and turn off filtering on your abuse mailbox: The original message was received at Mon, 5 Nov 2007 10:10:58 -0700 from pool-71-112-36-94.sttlwa.dsl-w.verizon.net [71.112.36.94] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 Rejecting message scored for more than 8.0 (20.6) SPAM points.) - Transcript of session follows - ... while talking to styx.aic.net.: DATA 550 Rejecting message scored for more than 8.0 (15.1) SPAM points. 554 5.0.0 Service unavailable ... while talking to arminco.com.: DATA 550 Rejecting message scored for more than 8.0 (20.6) SPAM points. 554 5.0.0 Service unavailable --lA5HEMTM017203.1194282862/mail.redfish-solutions.com--
Re: It's a fine line...
Philip Prindeville wrote: Between the truly clueless administrator, and those that feign ignorance to cover up their implicit approval of spammers... What do you do in the case where someone is filtering deliveries to their abuse mailbox? (Like 99% of mail sent there isn't going to score positively...) I filter my abuse address. Otherwise it would get so many spam messages, the ham would get lost in the noise. Only send the headers. If the body is actually needed post it on some webpage.
[no subject]
Qnet .. schrieb: Hi Guys, I'm running a Qmail server with spamassassin + clamav + Simscam. The server i'm using is a HP ML110 CPU PIV (3.2 GHZ) 2mb chache , 1GB RAM. The problem is, the i'm getting very high load because spamd is the processes which take the most part of the load (invoked by spamassassin) si it's Spamassassin crash. i can stop spamassassin and them start it to work again. Do you know any way to solve it? sorry for my bad english . _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: It's a fine line...
Steven Kurylo wrote: Philip Prindeville wrote: Between the truly clueless administrator, and those that feign ignorance to cover up their implicit approval of spammers... What do you do in the case where someone is filtering deliveries to their abuse mailbox? (Like 99% of mail sent there isn't going to score positively...) I filter my abuse address. Otherwise it would get so many spam messages, the ham would get lost in the noise. Only send the headers. If the body is actually needed post it on some webpage. A lot of sites won't accept just header lines. They need both (to confirm that it's software piracy, or pornography, or phishing... and with phishing, you need the 4th party: the link that is being used to spoof the legitimate organization). And who bothers to keep track of who wants what? I send everyone a complete copy of the message inline, because some braindead sites don't accept attachments, etc. -Philip
High load Server !!
Qnet .. schrieb: Hi Guys, I'm running a Qmail server with spamassassin + clamav + Simscam. The server i'm using is a HP ML110 CPU PIV (3.2 GHZ) 2mb chache , 1GB RAM. The problem is, the i'm getting very high load because spamd is the processes which take the most part of the load (invoked by spamassassin) si it's Spamassassin crash. i can stop spamassassin and them start it to work again. Do you know any way to solve it? sorry for my bad english . _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Spamcontrol Question !!
At 10:16 AM 11/5/2007, Qnet .. wrote: Hi, the Spamcontrol do not accept the non-existent addresses the server? or a have to Patch my existing Server with http://qmail.jms1.net/patches/validrcptto.cdb.shtmlValidRcptTo.cdb to that does just this?.. Than You, sorry for my bad english Please try and figure out what's wrong with your mail cleint or mail server. I've gotten 3 copies of each of your messages. Spamassassin has no control over valid or invalid addresses. This is a question for whatever MTA you use. That would be the best way to reject messages sent to non existent addresses.
RE: Spamcontrol Question !!
Date: Mon, 5 Nov 2007 10:20:11 -0800 To: users@spamassassin.apache.org From: [EMAIL PROTECTED] Subject: Re: Spamcontrol Question !! At 10:16 AM 11/5/2007, Qnet .. wrote: Hi, the Spamcontrol do not accept the non-existent addresses the server? or a have to Patch my existing Server with http://qmail.jms1.net/patches/validrcptto.cdb.shtmlValidRcptTo.cdb to that does just this?.. Than You, sorry for my bad english Please try and figure out what's wrong with your mail cleint or mail server. I've gotten 3 copies of each of your messages. Spamassassin has no control over valid or invalid addresses. This is a question for whatever MTA you use. That would be the best way to reject messages sent to non existent addresses. sorry for 3 copies, but spamcontrol is not spamassassin, spamcontrol is installed in my Qmail server and i want to kwon if spamcontrol accept or not non-existent addresses. Thank You- _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
RE: Spamcontrol Question !!
On Mon, 5 Nov 2007, Qnet .. wrote: but spamcontrol is not spamassassin, spamcontrol is installed in my Qmail server and i want to kwon if spamcontrol accept or not non-existent addresses. Thank You- If SpamControl is not SpamAssassin, perhaps a SpamAssassin list is not the best place to ask for help. You might try, I dunno, a SpamControl list. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
RE: Spamcontrol Question !!
Date: Mon, 5 Nov 2007 10:20:11 -0800 To: users@spamassassin.apache.org From: [EMAIL PROTECTED] Subject: Re: Spamcontrol Question !! At 10:16 AM 11/5/2007, Qnet .. wrote: Hi, the Spamcontrol do not accept the non-existent addresses the server? or a have to Patch my existing Server with http://qmail.jms1.net/patches/validrcptto.cdb.shtmlValidRcptTo.cdb to that does just this?.. Than You, sorry for my bad english Please try and figure out what's wrong with your mail cleint or mail server. I've gotten 3 copies of each of your messages. Spamassassin has no control over valid or invalid addresses. This is a question for whatever MTA you use. That would be the best way to reject messages sent to non existent addresses. sorry for 3 copies, but spamcontrol is not spamassassin, spamcontrol is installed in my Qmail server and i want to kwon if spamcontrol accept or not non-existent addresses. Thank You- _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
RE: Spamcontrol Question !!
At 10:29 AM 11/5/2007, Qnet .. wrote: sorry for 3 copies, but spamcontrol is not spamassassin, spamcontrol is installed in my Qmail server and i want to kwon if spamcontrol accept or not non-existent addresses. Thank You- If spamcontrol is not spamassassin, why ask on a spamassassin mailing list?
[no subject]
Hi, My Qmail server work with spamassassin + clamav. The processes Spamd take the most part of the load so it 's Spamassassin crash. Do you know any way to solve it? Please look the attach file( top -d1 ). Thank you so munch ! _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: It's a fine line...
On Mon, 5 Nov 2007, Steven Kurylo wrote: Philip Prindeville wrote: Between the truly clueless administrator, and those that feign ignorance to cover up their implicit approval of spammers... What do you do in the case where someone is filtering deliveries to their abuse mailbox? (Like 99% of mail sent there isn't going to score positively...) I have a form note that I send to the postmaster address whenever a report to the abuse address is bounced. It says (1) you need a working abuse address and (2) you shouldn't filter it. I filter my abuse address. Otherwise it would get so many spam messages, the ham would get lost in the noise. Only send the headers. If the body is actually needed post it on some webpage. To heck with that. If I have to jump through that many hoops to report abuse in *your* network, I'm just going to roundfile it. It's enough work to pick out all of the relevant abuse addresses to forward the message to, and note the type of abuse (lottery, 419, money laundering, etc.). I almost don't report abuse to Yahoo because they refuse to deal with RFC-822 attachments and want the entire original message in the body, and that makes reporting abuse containing a Yahoo.* contact address two separate operations - forward as attachment to the relay owner, and forward in the body to Yahoo. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered. -- Lyndon B. Johnson --- 6 days until Veterans Day
Re: Spamd HIGH LOAD
Qnet .. wrote: Hi, My Qmail server work with spamassassin + clamav. The processes Spamd take the most part of the *load *so it 's Spamassassin crash. Do you know any way to solve it? Please look the attach file( top -d1 ). Thank you so munch ! I don't run qmail or spamd, but I can tell you that you shouldn't be running so many spamd processes. You probably only need a couple. Whatever program is calling the scanning should be calling spamc. Your system is most definitely not properly configured, so I would review the correct instructions to do so.
Mail getting stripped and delivered blank
Hello All, I have a situation where a user gets a blank subject, and blank body, there is really NO information in the email so it's not possible to add too much info here. I believe the following is the transaction between postfix and then spamd I believe re-injecting the message: Nov 5 14:28:24 pluto postfix/smtpd[7161]: NOQUEUE: filter: RCPT from sender-server.com[12.185.14.14]: [EMAIL PROTECTED]: Recipient address triggers FILTER filter:dummy; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=sender-server.com Nov 5 14:28:29 pluto postfix/qmgr[5904]: 2A0202340FD: from=[EMAIL PROTECTED], size=15085, nrcpt=1 (queue active) Nov 5 14:28:32 pluto postfix/pickup[8557]: F233E234106: uid=10816 from=[EMAIL PROTECTED] Nov 5 14:28:33 pluto postfix/qmgr[5904]: F233E234106: from=[EMAIL PROTECTED], size=300, nrcpt=1 (queue active) From what I see here I see the size of the original email is larger then the final email. Has there become a way to maintain the message ID throughout the process to be certain of every step? I am thinking the SPAMD was NOT loaded since we had just restarted the server to update kernel's. Would this type of thing happen if spamd isn't loaded? Shouldn't spamd load on it's own non-damonized. ( if that's a word ) My master.cf file has this filter entry: filterunix - n n - - pipe flags=Rq user=filter argv=/var/spool/filter/filter.sh -f ${sender} -- ${recipient} I have this in my filter.sh: SENDMAIL=/usr/sbin/sendmail -i #SPAMASSASSIN=/usr/bin/spamassassin SPAMASSASSIN=/usr/bin/spamc # Exit codes from sysexits.h EX_TEMPFAIL=75 EX_UNAVAILABLE=69 cat | $SPAMASSASSIN -x | $SENDMAIL $@ || \ { echo Message content rejected; exit $EX_UNAVAILABLE; } exit 0 Any help is appreciated! Joey
Re: It's a fine line...
John D. Hardin wrote: On Mon, 5 Nov 2007, Steven Kurylo wrote: Philip Prindeville wrote: Between the truly clueless administrator, and those that feign ignorance to cover up their implicit approval of spammers... What do you do in the case where someone is filtering deliveries to their abuse mailbox? (Like 99% of mail sent there isn't going to score positively...) I have a form note that I send to the postmaster address whenever a report to the abuse address is bounced. It says (1) you need a working abuse address and (2) you shouldn't filter it. I filter my abuse address. Otherwise it would get so many spam messages, the ham would get lost in the noise. Only send the headers. If the body is actually needed post it on some webpage. To heck with that. If I have to jump through that many hoops to report abuse in *your* network, I'm just going to roundfile it. It's enough work to pick out all of the relevant abuse addresses to forward the message to, and note the type of abuse (lottery, 419, money laundering, etc.). I almost don't report abuse to Yahoo because they refuse to deal with RFC-822 attachments and want the entire original message in the body, and that makes reporting abuse containing a Yahoo.* contact address two separate operations - forward as attachment to the relay owner, and forward in the body to Yahoo. Well, Yahoo is a waste of time for other reasons, right? They tell you that it doesn't come from their site... but to use the top-most Received: line's IP address, then to look that up on ARIN which... surprise! ... typically points to Yahoo! (or one of their surrogates, like Inktomi... do their tier-1 people not *know* that Yahoo owns Inktomi? or are they just playing dumb?). -Philip
RE: Confirm configuration settings
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, November 01, 2007 8:38 AM To: Joey Cc: users@spamassassin.apache.org Subject: Re: Confirm configuration settings After my post Help figuring our why SA is taking like 1.5 minutes to filter I decided to kind of clean up my configuration and also get rid of RulesDeJour. Hmm interesting.. Question, what tools do you use to call SA? Do you know for sure what user SA runs as while scanning mail? If so, try running a sa-learn --force-expire as that user. On one of my Dual P3 1GHZ servers I received the following after running the above: sa-learn --force-expire bayes: synced databases from journal in 2 seconds: 1325 unique entries (1861 total entries) On another Dual P4 2.4GHZ I got this: bayes: synced databases from journal in 0 seconds: 1511 unique entries (2186 total entries) expired old bayes database entries in 49 seconds 137607 entries kept, 27993 deleted token frequency: 1-occurrence tokens: 56.77% token frequency: less than 8 occurrences: 24.52% 1. Is there a way for me to have sa-update update the .cf files here? Some of them can be sa-updated. It's really up to the particular ruleset maintainer to set up the DNS features needed. (sa-update doesn't just fetch a web page like RDJ does. To save bandwidth it uses DNS to find out what the latest update rev is before it goes to HTTP) A lot of the SARE rules support sa-update, as can be found here. http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt I have seen this page before, but I wasn't able to see what cf's are available there, is there another link that you are aware of? I have scanned through a lot of that. Thanks for your help! Joey
RE: Spamd HIGH LOAD
From: Qnet .. [mailto:[EMAIL PROTECTED] Sent: Monday, November 05, 2007 2:47 PM To: users@spamassassin.apache.org Subject: Spamd HIGH LOAD Hi, My Qmail server work with spamassassin + clamav. The processes Spamd take the most part of the load so it 's Spamassassin crash. Do you know any way to solve it? Please look the attach file( top -d1 ). Thank you so munch ! _ Try running /usr/bin/sa-update -D, then restart SA see if this helps. Also do you run rulesdajour? Joey
Re: Mail getting stripped and delivered blank
On 11/5/07, Joey [EMAIL PROTECTED] wrote: I have a situation where a user gets a blank subject, and blank body, there is really NO information in the email so it's not possible to add too much info here. I believe the following is the transaction between postfix and then spamd I believe re-injecting the message: Nov 5 14:28:24 pluto postfix/smtpd[7161]: NOQUEUE: filter: RCPT from sender-server.com[12.185.14.14]: [EMAIL PROTECTED]: Recipient address triggers FILTER filter:dummy; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=sender-server.com Nov 5 14:28:29 pluto postfix/qmgr[5904]: 2A0202340FD: from=[EMAIL PROTECTED], size=15085, nrcpt=1 (queue active) OK, message size ~15k. Nov 5 14:28:32 pluto postfix/pickup[8557]: F233E234106: uid=10816 from=[EMAIL PROTECTED] Nov 5 14:28:33 pluto postfix/qmgr[5904]: F233E234106: from=[EMAIL PROTECTED], size=300, nrcpt=1 (queue active) Message size 300 bytes. Either it's a different message or something ate the content. Has there become a way to maintain the message ID throughout the process to be certain of every step? The Message-ID (a message header) will stay the same, and is logged by the postfix cleanup process - but if something eats the message content, the Message-ID will get eaten along with the rest. The postfix QUEUEID (shown in your logging samples above) will always be different when using a content_filter, because it's a different queue file. Don't confuse the QUEUEID with the Message-ID. I am thinking the SPAMD was NOT loaded since we had just restarted the server to update kernel's. Would this type of thing happen if spamd isn't loaded? Possibly yes, if you use the -x flag to spamc. Shouldn't spamd load on it's own non-damonized. ( if that's a word ) Spamc will pass the mail through unchecked if spamd isn't running, unless you use the -x flag. See the spamc man page. My master.cf file has this filter entry: filterunix - n n - - pipe flags=Rq user=filter argv=/var/spool/filter/filter.sh -f ${sender} -- ${recipient} OK. I have this in my filter.sh: SENDMAIL=/usr/sbin/sendmail -i #SPAMASSASSIN=/usr/bin/spamassassin SPAMASSASSIN=/usr/bin/spamc # Exit codes from sysexits.h EX_TEMPFAIL=75 EX_UNAVAILABLE=69 cat | $SPAMASSASSIN -x | $SENDMAIL $@ || \ { echo Message content rejected; exit $EX_UNAVAILABLE; } Looks as if you're passing spamc the -x flag, telling spamc to fail if spamd isn't available, and then not checking for the exit status of $SPAMASSASSIN. exit 0 Any help is appreciated! Joey -- Noel Jones
FW: Spamd HIGH LOAD
I used /usr/bin/sa-update –D allways. then restart. but I have the load problem still. Do you know other way to solve it? thanks. From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: RE: Spamd HIGH LOAD Date: Mon, 5 Nov 2007 16:11:57 -0500 From: Qnet .. [mailto:[EMAIL PROTECTED] Sent: Monday, November 05, 2007 2:47 PM To: users@spamassassin.apache.org Subject: Spamd HIGH LOAD Hi, My Qmail server work with spamassassin + clamav. The processes Spamd take the most part of the load so it 's Spamassassin crash. Do you know any way to solve it? Please look the attach file( top -d1 ). Thank you so munch ! Try running /usr/bin/sa-update –D, then restart SA see if this helps. Also do you run rulesdajour? Joey _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Spamd HIGH LOAD
How do you start spamassassin? On 11/5/07, Qnet .. [EMAIL PROTECTED] wrote: I used /usr/bin/sa-update –D allways. then restart. but I have the load problem still. Do you know other way to solve it? thanks. From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: RE: Spamd HIGH LOAD Date: Mon, 5 Nov 2007 16:11:57 -0500 From: Qnet .. [mailto:[EMAIL PROTECTED] Sent: Monday, November 05, 2007 2:47 PM To: users@spamassassin.apache.org Subject: Spamd HIGH LOAD Hi, My Qmail server work with spamassassin + clamav. The processes Spamd take the most part of the load so it 's Spamassassin crash. Do you know any way to solve it? Please look the attach file( top -d1 ). Thank you so munch ! Try running /usr/bin/sa-update –D, then restart SA see if this helps. Also do you run rulesdajour? Joey _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: FW: Spamd HIGH LOAD
At 14:13 05-11-2007, Qnet .. wrote: I used /usr/bin/sa-update D allways. then restart. but I have the load problem still. Do you know other way to solve it? thanks. http://wiki.apache.org/spamassassin/FasterPerformance Regards, -sm
RE: Spamd HIGH LOAD
I start : #!/bin/sh # spamassassin This script starts and stops the spamd daemon # PATH=$PATH:/usr/local/sbin:/usr/local/bin case $1 in start) cd / /usr/bin/spamd -v -u vpopmail -m 60 -x -q -s stderr -r /var/run/spamd/spamd.pid \ -i 172.16.10.14 -A 172.16.10.0/24 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t !spamdappend /var/log/qmail/spamd echo spamd started ;; stop) if [ -r /var/run/spamd/spamd.pid ]; then pid=`cat /var/run/spamd/spamd.pid` kill $pid || ( echo failed to stop spamd exit 1 ) echo spamd (pid $pid) stopped else echo /var/run/spamd/spamd.pid doesn't exist, is spamd running? fi ;; restart) $0 stop sleep 2 $0 start ;; *) echo usage: spamassassin.rc (start|stop|restart) ;; esac Date: Mon, 5 Nov 2007 17:16:29 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; users@spamassassin.apache.org Subject: Re: Spamd HIGH LOAD How do you start spamassassin? On 11/5/07, Qnet .. [EMAIL PROTECTED] wrote: I used /usr/bin/sa-update –D allways. then restart. but I have the load problem still. Do you know other way to solve it? thanks. From: [EMAIL PROTECTED] To: users@spamassassin.apache.org Subject: RE: Spamd HIGH LOAD Date: Mon, 5 Nov 2007 16:11:57 -0500 From: Qnet .. [mailto:[EMAIL PROTECTED] Sent: Monday, November 05, 2007 2:47 PM To: users@spamassassin.apache.org Subject: Spamd HIGH LOAD Hi, My Qmail server work with spamassassin + clamav. The processes Spamd take the most part of the load so it 's Spamassassin crash. Do you know any way to solve it? Please look the attach file( top -d1 ). Thank you so munch ! Try running /usr/bin/sa-update –D, then restart SA see if this helps. Also do you run rulesdajour? Joey _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Spamd HIGH LOAD
Qnet .. wrote: I start : #!/bin/sh # spamassassin This script starts and stops the spamd daemon # PATH=$PATH:/usr/local/sbin:/usr/local/bin case $1 in start) cd / /usr/bin/spamd -v -u vpopmail -m 60 -x -q -s stderr -r /var/run/spamd/spamd.pid \ -i 172.16.10.14 -A 172.16.10.0/24 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t !spamdappend /var/log/qmail/spamd echo spamd started 60 is *WAY* too many spamd children unless you've got a *VERY* beefy system. Try modifying that -m 60 to something more sane, like the default, which would be -m 5. If you've got a lot of mail going through, 5 won't handle it, so for that I might start at 15. If your mail starts backing up, you can increase the number of spamd children, but be aware that too many will just grind your system to a halt. Try adding spamd children in increments of 5, and watch the top output. Your swap used should never be more than mem free if you can avoid it. You've got a gig of ram, and your spamds are 30mb a pop or so... you should be ok up to about 20-25 spamd children, depending on how much other stuff is eating your memory, but you'll quickly run into trouble if you go over 30. (30 spamds at 30mb each is 900mb of ram.. probably the absolute max you can fit even if the server isn't doing anything else but mail..)
Re: Spamd HIGH LOAD
Matt Kettler wrote: Your swap used should never be more than mem free if you can avoid it. Note: by mem free I mean total free memory.. i.e.: mem free + buffers + cache. It's quite normal for just the free memory number to be low. Most OS's will turn free memory into a really big disk cache if they can, but they'll readily turn this back into memory for processes when needed. In your example, you've got 37024k of total free memory, even though there's only 1848k that's truly not being used at all. However, 1335848k of swap is being used, which is more than 3 times as much as your total free memory.. That's not good, and likely indicates you'll be grinding your disk quite heavily as processes thrash in and out of the swap.
Re: It's a fine line...
On Mon, 5 Nov 2007, Philip Prindeville wrote: Well, Yahoo is a waste of time for other reasons, right? They tell you that it doesn't come from their site... I generally don't get spam from Yahoo MTAs; most of my reporting is of fraud spams with yahoo contact addresses. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Of the twenty-two civilizations that have appeared in history, nineteen of them collapsed when they reached the moral state the United States is in now. -- Arnold Toynbee --- 6 days until Veterans Day
Re: It's a fine line...
Hi, Between the truly clueless administrator, and those that feign ignorance to cover up their implicit approval of spammers... What do you do in the case where someone is filtering deliveries to their abuse mailbox? (Like 99% of mail sent there isn't going to score positively...) If I am in the mood, I would try to report one step above, to their ISP for example. Bests, Olivier
Re: It's a fine line...
And not to point fingers, how to react with a narrow minded sysadmin that ban per IP? From my legitimate mail server in Thailand, that has never been blacklisted as far as I know: mailon45: telnet mail.redfish-solutions.com 25 Trying 66.232.79.143... Connected to mail.redfish-solutions.com (66.232.79.143). Escape character is '^]'. 554 mail.redfish-solutions.com ESMTP not accepting messages From another mailserver I administrate, but located in Germany: sinoon72: telnet mail.redfish-solutions.com 25 Trying 66.232.79.143... Connected to mail.redfish-solutions.com. Escape character is '^]'. 220 mail.redfish-solutions.com ESMTP Sendmail 8.14.1/8.14.1; Mon, 5 Nov 2007 19:10:02 -0700 No need to remind that any person seriously looking at spam problem know that spam is mainly originated from USA, even if relayed through other, possibly Asian, countries. Yes I am quite pisse dby such attitude. Olivier
Re: Everything beying flagged positive by Bayes
Matus UHLAR - fantomas wrote: On 29.10.07 10:19, tad1214 wrote: Ok so I just threw a few hundred (thousand?) hams at it, we will see if that helps, here is my dump magic 0.000 0 110832 0 non-token data: nspam 0.000 0 11160 0 non-token data: nham still not enough I'd say... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One World. One Web. One Program. - Microsoft promotional advertisement Ein Volk, ein Reich, ein Fuhrer! - Adolf Hitler Hmm.. Well , I have been pushing more and more ham at it, and I disabled the catchall - spam, so spam won't grow so fast any more. I will post the spam:ham again tomorrow. It is MUCH better though now. -- View this message in context: http://www.nabble.com/Everything-beying-flagged-positive-by-Bayes-tf4712332.html#a13599847 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Confirm configuration settings
Joey wrote: A lot of the SARE rules support sa-update, as can be found here. http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt I have seen this page before, but I wasn't able to see what cf's are available there, is there another link that you are aware of? I have scanned through a lot of that. Rather than scan, read it all. :) It's literally less than a page. Where to find the ruleset filenames is linked to in the third of the four steps. Daryl
Re: It's a fine line...
Hi, adding to the list, I recently came across domain contacts like [EMAIL PROTECTED] (not sure about the exact domain name) This service also refuses some mails, particularly those that are sent via one of the mail servers of german telecom and it is operated by verisign Wolfgang Hamann
Re: It's a fine line...
Olivier Nicole wrote: And not to point fingers, how to react with a narrow minded sysadmin that ban per IP? From my legitimate mail server in Thailand, that has never been blacklisted as far as I know: mailon45: telnet mail.redfish-solutions.com 25 Trying 66.232.79.143... Connected to mail.redfish-solutions.com (66.232.79.143). Escape character is '^]'. 554 mail.redfish-solutions.com ESMTP not accepting messages From another mailserver I administrate, but located in Germany: sinoon72: telnet mail.redfish-solutions.com 25 Trying 66.232.79.143... Connected to mail.redfish-solutions.com. Escape character is '^]'. 220 mail.redfish-solutions.com ESMTP Sendmail 8.14.1/8.14.1; Mon, 5 Nov 2007 19:10:02 -0700 No need to remind that any person seriously looking at spam problem know that spam is mainly originated from USA, even if relayed through other, possibly Asian, countries. Yes I am quite pisse dby such attitude. Olivier It's not a matter of cultural imperialism, if that's what you're getting at. It's an acknowledgment of the importance of the rule of law in cyberspace. Some countries enforce anti-spam, anti-trespass laws. Others lack them or don't enforce them. When these countries put some teeth into the enforcement of their laws, then they will stop being blacklisted. -Philip
Pretty good, Paypal are making their own phish these days!
Just got a thing that claims to come from email-109.paypal.com. It backtracks to there, too. pts rule name description -- -- 0.0 DK_POLICY_TESTING Domain Keys: policy says domain is testing DK 0.0 DK_SIGNED Domain Keys: message has a signature -0.0 DK_VERIFIEDDomain Keys: signature passes verification 0.2 HTML_IMAGE_RATIO_04BODY: HTML has a low ratio of text to image area 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5007] 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 10 CLAMAV Clam AntiVirus detected a virus -0.0 SARE_LEGIT_PAYPAL Has signs it's from paypal, from, headers, uri 0.6 HELO_MISMATCH_COM HELO_MISMATCH_COM Clam seems to think it is a phish. I think it is a phish. It looks like a phish. The disturbing thing is it seems to have come from the real Paypal servers, AND, it has my correct name in the body of the email. Now, they don't actually ask me to log on to a link in the email. They just say click here to win with a link with a tracking id. I have to wonder if they have been taking lessons on how to make spam look and feel like week-old dead phish, or if they just brilliantly came up with the idea all on their own. Loren
Re: It's a fine line...
It's not a matter of cultural imperialism, if that's what you're getting at. It's an acknowledgment of the importance of the rule of law in cyberspace. Except that I don't think it is anything close to a rule of law, but rather a sign of short view. As I said, I doubt you ever got any spam from my organisation (either originated from, or relayed). Some countries enforce anti-spam, anti-trespass laws. Others lack them or don't enforce them. The attitude goes by organisation, not by country. When these countries put some teeth into the enforcement of their laws, then they will stop being blacklisted. Plus if we would to ban the oginating country for 50% of spam (not my figure), USA should be banned. But hey, that is a too big cut from Internet, so in some way it is cultural imperialism. Bests, Olivier
Re: It's a fine line...
Olivier Nicole wrote: It's not a matter of cultural imperialism, if that's what you're getting at. It's an acknowledgment of the importance of the rule of law in cyberspace. Except that I don't think it is anything close to a rule of law, but rather a sign of short view. As I said, I doubt you ever got any spam from my organisation (either originated from, or relayed). Some countries enforce anti-spam, anti-trespass laws. Others lack them or don't enforce them. The attitude goes by organisation, not by country. we know almost all countries. I don't even know a small part of the organizations in my own town. and there is no DNS equivalent of whois. When these countries put some teeth into the enforcement of their laws, then they will stop being blacklisted. Plus if we would to ban the oginating country for 50% of spam (not my figure), USA should be banned. But hey, that is a too big cut from Internet, so in some way it is cultural imperialism. I won't argue about imperialism. but some people block countries based on the fact that they get very few mail from these countries, so the propability of an FP is very low. Ironically, such an approach is used by people who fear FPs too much that they don't use common checks such as DNSBLs, basic helo checks, ... etc.