Re: prefork: oops! no idle kids in need_to_del_server?
Karsten Bräckelmann wrote: I was about to open a bugreport on this until I did a search for spamd reports: https://issues.apache.org/SpamAssassin/buglist.cgi?quicksearch=spamd That's a rather broad comment plain-text search and includes totally unrelated stuff. Instead, try limiting your search on Component spamc/spamd, then do it again without feature requests (Severity enhancement). This draws a slightly different and more accurate picture. Thanks, you're right, a very different picture - only one open report. I'll open another one. /Per Jessen, Zürich
RE: German for the backscatter-plagued
If I've been following this thread correctly, linux4michelle has already stated he/she receives messages from their ISP. Therefore, rejecting at the SMTP level will ultimately cause the ISP to be a source of backscatter (i.e. not receiving messages directly), which he/she can not reject. Then he should talkt to his ISP and tell him to either reject or discard the backscatter for him. My point was: There are technical ways for the receiving MTA to get rid of backscatter. If his ISP is not able/willing to do so it would still be a very good idea for him to change his e-mail infrastructure so that he has control and can reject backscatter. Rejecting backscatter btw. is not causing new backscatter and if so the problem lies on the other end. So his choice would be to live with the 200.000 e-mails because other admins are too dumb to do their job or make sure he is not flooded anymore. I would certainly go for option 2! :-) Therefore, linux4michelle has no real control over SMTP level filtering., Agreed. Then let him change just that... :-)
Re: prefork: oops! no idle kids in need_to_del_server?
Per Jessen wrote: Karsten Bräckelmann wrote: I was about to open a bugreport on this until I did a search for spamd reports: https://issues.apache.org/SpamAssassin/buglist.cgi?quicksearch=spamd That's a rather broad comment plain-text search and includes totally unrelated stuff. Instead, try limiting your search on Component spamc/spamd, then do it again without feature requests (Severity enhancement). This draws a slightly different and more accurate picture. Thanks, you're right, a very different picture - only one open report. I'll open another one. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6006 /Per Jessen, Zürich
Re: false positive in cleint using OUTLOOK EXPRESS
My spamassassin version is 3.2.5. I go to /var/lib/spamassassin/3.002005/updates_spamassassin_org and edit 50_scores.cf and edit FORGED_MUA_OUTLOOK and set it to 0. Is this the correct way to edit default rules or I have to put it on local.cf? You should do the score in local.cf You can just enter a new score there, not the whole rule. That way, the setting remains. If you edit the original setting, it will get rewritten on a later update.
Re: false positive in cleint using OUTLOOK EXPRESS
On 28.10.08 11:01, Nelson Serafica wrote: I have setup qmail-scanner to quarantine and notify admin for any spam receive. I just notice that it tagged an email which was legitimate (false positive). As I check spamd.log, I saw AWL,FAKE_REPLY_C,FORGED_MUA_OUTLOOK FORGED_MUA_OUTLOOK,HS_FORGED_OE_FW AWL,FORGED_MUA_OUTLOOK,HS_FORGED_OE_FW AWL,FAKE_REPLY_C,FORGED_MUA_OUTLOOK,UPPERCASE_50_75 My spamassassin version is 3.2.5. I go to /var/lib/spamassassin/3.002005/updates_spamassassin_org and edit 50_scores.cf and edit FORGED_MUA_OUTLOOK and set it to 0. Is this the correct way to edit default rules or I have to put it on local.cf? it's the incorrect one - after sa-update your change will be lost. btw one of last updates had to fix this problem. When did you sa-update last time? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set.
Re: prefork: oops! no idle kids in need_to_del_server?
Karsten =?ISO-8859-1?Q?Br=E4ckelmann?= writes: I was about to open a bugreport on this until I did a search for spamd reports: https://issues.apache.org/SpamAssassin/buglist.cgi?quicksearch=spamd That's a rather broad comment plain-text search and includes totally unrelated stuff. Instead, try limiting your search on Component spamc/spamd, then do it again without feature requests (Severity enhancement). This draws a slightly different and more accurate picture. for what it's worth -- there's also currently no way to tell when a bug report has become stalled waiting for a reporter to provide additional info, or confirm if a fix or workaround has fixed the issue. In those cases, the bug just appears to be open. --j.
Re: bogusmx [Was: DNS restrictions for a mail server]
Benny Pedersen wrote: [About CNAME MX records...] rfc means 'request for comment'. and rfc's change as technology changes. but not much in smtp have changed since first version deployed The RFC in question (RFC2181) is about DNS, not SMTP. Actually, in STD0010 and STD0013 (the standards documents describing SMTP and DNS), there is no clear prohibition against CNAME MX records. There is this in STD0010: ---8--- There is one other special case. If the response contains an answer which is a CNAME RR, it indicates that REMOTE is actually an alias for some other domain name. The query should be repeated with the canonical domain name. ---8--- Using a CNAME MX record might break the standards track proposal RFC2181, but (AFAICS) it does not break the actual standards (STD0010, STD0013). OTH, not resolving a CNAME MX record to the actual A record does break the SMTP standard (STD0010) from what I can see. Note: I only browsed STD0010 and STD0013 now, and one of the improvements in later RFCs is the use of MUST and SHOULD to make requirements and suggestions easier to distinguish. So if this matters to you, read the documents. References: STD0010: http://vvv.truls.org/RFCs/pages/std10.html STD0013: http://vvv.truls.org/RFCs/pages/std13.html RFC2181: http://vvv.truls.org/RFCs/pages/rfc2181.html Appendix: This really has little bearing on wether one can refuse to accept a mail with a sender domain the MX of wich points to a CNAME. Of course one can refuse to accept such a mail. One can refuse to accept mail based on the air humidity in Glasgow and the temperature at Luleå if one wants to. Regards /Jonas -- Jonas Eckerman, FSDB Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
Re: OT: DNS restrictions for a mail server
Matus UHLAR - fantomas wrote: In my understanding, these are different concepts. In particular, RMX doesn't hijack the TXT record, which is one of the major sins of SPF. Yes, but they both were designed to do the same work. SPF however can do more. TXT was used because nothing else could, at least I think so. They could have used a prefix host to avoid hijacking the main TXT record. (So you'd query the TXT record for __spf__.domain.tld or something like that instead of the TXT record for domain.tld when checking SPF. /Jonas -- Jonas Eckerman, FSDB Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
I hate Spam Assassin, don't know how it got on my computer and desperately need to get rid of it
75% of my mail one on one to clients is getting blocked...I keep having to back-door mail through an online mail service which means I can't access items I need easily...please, please, how do I remove it? I didn't ask for it, I don't want it and my clients are furious at what looks like my lack of response...when I wrote to J Mason he said it was my ISP, and their tech people say it definitely is not. Rev. Corbie Mitleid FIRE THROUGH SPIRIT www.firethroughspirit.com 518-275-9575 877-321-CORBIE CROSS THE BRIDGE from fear to fearlessness -- and fly! Follow the White Raven... All readings are for entertainment only!
Re: I hate Spam Assassin, don't know how it got on my computer and desperately need to get rid of it
On Mon, 2008-10-27 at 17:54 -0400, [EMAIL PROTECTED] wrote: 75% of my mail one on one to clients is getting blocked...I keep having to back-door mail through an online mail service which means I can't access items I need easily...please, please, how do I remove it? I didn't ask for it, I don't want it and my clients are furious at what looks like my lack of response...when I wrote to J Mason he said it was my ISP, and their tech people say it definitely is not. Rev. Corbie Mitleid FIRE THROUGH SPIRIT www.firethroughspirit.com 518-275-9575 877-321-CORBIE A little more information would be appropriate; what is your email program, how do you know SpamAssassin is blocking your mail, etc.? Also, putting the subject I hate SpamAssassin on a message sent to a list of people who like SpamAssassin a lot and whom you are asking for help is probably not the best plan ever... Rubin CROSS THE BRIDGE from fear to fearlessness -- and fly! Follow the White Raven... All readings are for entertainment only! -- Rubin Bennett rbTechnologies, LLC 80 Carleton Boulevard East Montpelier, VT 05651 (802)223-4448 http://thatitguy.com Think for yourselves and let others enjoy the privilege to do so too. Voltaire, Essay on Tolerance French author, humanist, rationalist, satirist (1694 - 1778)
Re: I hate Spam Assassin, don't know how it got on my computer and desperately need to get rid of it
On Monday, October 27, 2008, 4:54:56 PM, Rev. Corbie Mitleid wrote: ccn 75% of my mail one on one to clients is getting blocked...I keep ccn having to back-door mail through an online mail service which means I ccn can't access items I need easily...please, please, how do I remove ccn it? I didn't ask for it, I don't want it and my clients are furious ccn at what looks like my lack of response...when I wrote to J Mason he ccn said it was my ISP, and their tech people say it definitely is not. More information would be helpful. We are all not psychic as you profess to be. If a large portion of your recipients, presumably at a variety of destinations, are not getting your emails, this indicates that the common denominator as to the problem is on your end. Either there is a problem with the reputation of your sending machine or ISP, you are sending directly from a dynamic IP, and/or there are problems with the content of your email that appear spammy for some reason. ccn FIRE THROUGH SPIRIT ccn www.firethroughspirit.com What do your psychic abilities tell you about the source of the problem? If you hit a wall with that, (as you apparently are since you're posting here with obvious frustration), finding some examples of messages that got sent to a recipient's spam folder by Spamassassin may be helpful, as the headers will often indicate the rules that were triggered. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re: OT: DNS restrictions for a mail server
On Wed, 2008-10-22 at 23:59 +0200, Jonas Eckerman wrote: Matus UHLAR - fantomas wrote: In my understanding, these are different concepts. In particular, RMX doesn't hijack the TXT record, which is one of the major sins of SPF. Yes, but they both were designed to do the same work. SPF however can do more. TXT was used because nothing else could, at least I think so. They could have used a prefix host to avoid hijacking the main TXT record. (So you'd query the TXT record for __spf__.domain.tld or something like that instead of the TXT record for domain.tld when checking SPF. Could of, but underscores are not a legal character in domain names. And now BIND 9.4 supports the SPF RR type, so we just have to wait a decade or two until everyone still running bind 4.0 has a chance to upgrade ;-) -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
Re: I hate Spam Assassin, don't know how it got on my computer and desperately need to get rid of it
[EMAIL PROTECTED] wrote on Mon, 27 Oct 2008 17:54:56 -0400: and their tech people say it definitely is not. And they are probably right! It's well-known that malicious supernatural beings do try to sabotage followers of the Light. I suggest you untertake a specialized house blessing for all electrical lines and computer equipment in your house. This may prove successful only for a few hours and you may need to follow up with Violet Fire Myst on all outgoing fiber. Identify as many of the lines as you can and then rub in gently a 1:100 blessed and purified water dilution of the resolvent in as much of the cable surface you have access to. In case the supernatural influence proves to be overwhelming and lasting I may be available for consultation at my normal rates. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: German for the backscatter-plagued
[EMAIL PROTECTED] Reply-To: users@spamassassin.apache.org Duane Hill wrote on Tue, 28 Oct 2008 00:09:02 + (UTC): Therefore, linux4michelle has no real control over SMTP level filtering., whatever, can we please have this off-topic discussion stopped? Thanks. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: false positive in cleint using OUTLOOK EXPRESS
btw one of last updates had to fix this problem. When did you sa-update last time? It's been a week. I'll be putting this on my crontab today probably every 12am
Re: false positive in cleint using OUTLOOK EXPRESS
On Tue, Oct 28, 2008 at 8:55 PM, Nelson Serafica [EMAIL PROTECTED]wrote: btw one of last updates had to fix this problem. When did you sa-update last time? It's been a week. I'll be putting this on my crontab today probably every 12am I already put this on my crontab after installing spamassassin. I just did sa-update. However, when I check 50_scores.cf, the line that I edit which was SUBJ_ALL_CAPS doesn't return to its original value. It was still 0. It was suppose to be back to its original value or atleast change from being 0. What is the preferred things to do since some spammer do ALL CAPS in their subject? And also, why it wasn't change which it was suppose to change automatically after sa-update
Re: false positive in cleint using OUTLOOK EXPRESS
On Tue, 2008-10-28 at 21:05 +0800, Nelson Serafica wrote: On Tue, Oct 28, 2008 at 8:55 PM, Nelson Serafica [EMAIL PROTECTED] wrote: btw one of last updates had to fix this problem. When did you sa-update last time? It's been a week. I'll be putting this on my crontab today probably every 12am I already put this on my crontab after installing spamassassin. I just did sa-update. However, when I check 50_scores.cf, the line that I edit which was SUBJ_ALL_CAPS doesn't return to its original value. It was still 0. It was suppose to be back to its original value or atleast change from being 0. What is the preferred things to do since some spammer do ALL CAPS in their subject? And also, why it wasn't change which it was suppose to change automatically after sa-update sa-update puts files in /var/lib/spamassassin/3.00x00y/updates.spamassassin.com/ /etc/mail/spamassassin/*.cf overrides anything in that directory. /usr/lib/spamassassin is not used once the /var/lib/spamassassin/... directories are created. -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
RE: I hate Spam Assassin, don't know how it got on my computer anddesperately need to get rid of it
Corbie Wrote: 75% of my mail one on one to clients is getting blocked...I keep having to back-door mail through an online mail service which means I can't access items I need easily...please, please, how do I remove it? I didn't ask for it, I don't want it and my clients are furious at what looks like my lack of response...when I wrote to J Mason he said it was my ISP, and their tech people say it definitely is not. Corbie, if your isp will not help you, then get out your checkbook and call and hire a qualified computer and networking specialist to diagnose and fix your computer, email, and internet technical issues. ...although it appears that you have much more dangerous sidelines to be concerned about. - rh
Re: Spamassassin+amavis
Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. Im calling amavis from postfix in main.cf : content_filter=smtp-amavis:[127.0.0.1]:10024 My master.cf: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd . . . smtp-amavis unix - - n - 100 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 and I have the same number of procs for amavisd: $max_servers = 100; I dont know if I have something wrong in my conf files or I m missing some confs. the system continues slow... yesterday I was doing some tests... I sente 500 mail from my PC to the server just working with postfix (no amavis) and the mails are delivery inmediatly, but when I enable the amavisd, the mails keep in the queue for a while and slowly starts the delivery which use somethig like 3 minutes. I feel that amavis works very well filtering... right now my unique problem is the performance and the efficient processing of the mail queue. Any ideas or advices ? Thank you very much. On Fri, 2008-10-24 at 18:59 -0500, Luis Croker wrote: Hi.. thanks all for the answers.. I have enabled the most high debug level and I have figured out some rules that I modified and put the scro directly in local.cf and now Im filtering very well the mails... So, now I have another issue... My performance is not good. Some times I have a lot of petitions and the mails goes to the mail queue and the delivery rate is slow... How can I get a better delivery rate ? is there a variable for the active mail queue or somethig like that ? Thans.. regards. On Fri, 2008-10-24 at 10:21 -0700, John Hardin wrote: On Fri, 24 Oct 2008, Luis Croker wrote: I have updated the SARE rules... how often should I update them ? Daily ? SARE development has frozen while Real Life intrudes. The ninjas have said they will announce any updates on the list, when and if they occur, and will announce if regular maintenance resumes. Grab what's on the website once, and watch the SA list.
Re: Spamassassin+amavis
On Tue, 28 Oct 2008, Luis Croker wrote: I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance Have you checked to see whether your computer is simply overloaded? How much memory is installed? Are you hitting swap? How many spamd child processes are running? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 3 days until Halloween
Re: Spamassassin+amavis
I have 4 CPUS and 4 Gigs of RAM. The server have just the mail applications and is doing nothing else the CPUs are 100% available. About the spamd childs... The amavis-new calls the utilities of spamassassin but i think it doesnt need the spamd deamon running... just use it to get the score and reinject the mail to postfix again. Is that correct ? On Tue, 2008-10-28 at 08:50 -0700, John Hardin wrote: On Tue, 28 Oct 2008, Luis Croker wrote: I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance Have you checked to see whether your computer is simply overloaded? How much memory is installed? Are you hitting swap? How many spamd child processes are running? Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
RE: Spamassassin+amavis
Luis Croker wrote: Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. and I have the same number of procs for amavisd: $max_servers = 100; 100 amavisd processes??? That looks like your problem. How much memory do you have? Assuming that each process needs 50M (conservative), this would be 5GB of ram just for amavisd. This doesn't count your mail server, antivirus, dns, etc. Lower the number of amavisd processes so that the system doesn't go into swap. Swap is the #1 killer of SA performance. Also, if you are calling SA through amavisd, make sure you don't have spamd running. Amavisd runs SA internally and doesn't need spamd. -- Bowie
Re: Spamassassin+amavis
On Tue, 2008-10-28 at 09:34 -0600, Luis Croker wrote: Hi all... . smtp-amavis unix - - n - 100 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes and I have the same number of procs for amavisd: $max_servers = 100; Wow, 100 procs! How many terabytes of ram do you have? You probably want to reduce that number until you stop swapping... -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
RE: Spamassassin+amavis
Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... Regards. On Tue, 2008-10-28 at 11:01 -0500, Bowie Bailey wrote: Luis Croker wrote: Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. and I have the same number of procs for amavisd: $max_servers = 100; 100 amavisd processes??? That looks like your problem. How much memory do you have? Assuming that each process needs 50M (conservative), this would be 5GB of ram just for amavisd. This doesn't count your mail server, antivirus, dns, etc. Lower the number of amavisd processes so that the system doesn't go into swap. Swap is the #1 killer of SA performance. Also, if you are calling SA through amavisd, make sure you don't have spamd running. Amavisd runs SA internally and doesn't need spamd. Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
RE: Spamassassin+amavis
Luis Croker wrote: On Tue, 2008-10-28 at 11:01 -0500, Bowie Bailey wrote: Luis Croker wrote: Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. and I have the same number of procs for amavisd: $max_servers = 100; 100 amavisd processes??? That looks like your problem. How much memory do you have? Assuming that each process needs 50M (conservative), this would be 5GB of ram just for amavisd. This doesn't count your mail server, antivirus, dns, etc. Lower the number of amavisd processes so that the system doesn't go into swap. Swap is the #1 killer of SA performance. Also, if you are calling SA through amavisd, make sure you don't have spamd running. Amavisd runs SA internally and doesn't need spamd. Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... I can't imagine you being able to run 100 amavisd processes without going into swap with only 4GB of RAM. My server uses over 90MB per amavisd process. How big is each amavisd process on your server? Make absolutely sure that your system is not using ANY swap while trying to deliver mail. Once you have done that, then you can look at other issues. I think amavisd can output timing information for debug purposes. Try enabling that and see if it gives you any ideas where the slowdown is happening. -- Bowie
Re: OT: DNS restrictions for a mail server
On Wed, 2008-10-22 at 23:59 +0200, Jonas Eckerman wrote: Matus UHLAR - fantomas wrote: In my understanding, these are different concepts. In particular, RMX doesn't hijack the TXT record, which is one of the major sins of SPF. Yes, but they both were designed to do the same work. SPF however can do more. TXT was used because nothing else could, at least I think so. They could have used a prefix host to avoid hijacking the main TXT record. (So you'd query the TXT record for __spf__.domain.tld or something like that instead of the TXT record for domain.tld when checking SPF. On 28.10.08 07:01, Daniel J McDonald wrote: Could of, but underscores are not a legal character in domain names. in _host_ names. they are being tested in other DNS names, like SRV -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
Re: false positive in cleint using OUTLOOK EXPRESS
btw one of last updates had to fix this problem. When did you sa-update last time? On Tue, Oct 28, 2008 at 8:55 PM, Nelson Serafica [EMAIL PROTECTED]wrote: It's been a week. I'll be putting this on my crontab today probably every 12am On 28.10.08 21:05, Nelson Serafica wrote: I already put this on my crontab after installing spamassassin. I just did sa-update. However, when I check 50_scores.cf, the line that I edit which was SUBJ_ALL_CAPS doesn't return to its original value. It was still 0. It was suppose to be back to its original value or atleast change from being 0. What is the preferred things to do since some spammer do ALL CAPS in their subject? And also, why it wasn't change which it was suppose to change automatically after sa-update it only rewrites data when new rules are available. btw please try using client that can wrap quoted text properly. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: Spamassassin+amavis
On 28.10.08 10:04, Luis Croker wrote: Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... lower it back to 10 or so, unless you receive that much of mail. Luis Croker wrote: Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. In such case the problem won't be in spamassassin. Aren't you using redhat? There was some bugreprt about perl in redhat causing slow processing.. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?
Re: I hate Spam Assassin, don't know how it got on my computer anddesperately need to get rid of it
Let's not make a confusing situation any worse by piling on ridicule, please. Clearly this isn't a SpamAssassin issue, as the user is not running a mail server. Perhaps we could help them identify the source of their issue and then turn them over to the appropriate support people? Rev. Mitleid, it sounds less like you have installed SpamAssassin and more like your clients are using mail filters that are blocking your mail. You did not mention that this is a problem with all of your outgoing mail, just that it is disrupting some of the messages you are sending to your clients. SpamAssassin is not used for outgoing email, therefore your issue is more than likely not a SpamAssassin issue. There is an excellent chance that the text or nature of the messages you are attempting to send is triggering spam filters on your clients' end. It is also possible that your messages have caused the mail server through which you send your messages to be placed on a black list, perhaps because of the text or nature of your messages, and so your clients are not receiving mail sent by you using that resource because their own mail servers' spam protection is denying any mail sent from your mail service. As a temporary workaround, you should consider using the online mail service to send your messages, as you note that you have successfully sent mail to the problematic clients using that service. For the long term, you should consider hiring a local technical representative from one of your local stores to visit you and attempt to analyze what is happening, and then to fix the issue. You will want to locate a tech person who understands spam filtering so they can evaluate your messages and help you define the true nature of the problem. This issue is probably unrelated to the discussions found on this list, and we would require data that you are unlikely able to provide, so continuing to ask users here will likely only increase your frustration. James Butler Internet Society - Los Angeles Chapter Chairman of the Board [EMAIL PROTECTED] * 75% of my mail one on one to clients is getting blocked...I keep having to back-door mail through an online mail service which means I can't access items I need easily...please, please, how do I remove it? I didn't ask for it, I don't want it and my clients are furious at what looks like my lack of response...when I wrote to J Mason he said it was my ISP, and their tech people say it definitely is not. Rev. Corbie Mitleid FIRE THROUGH SPIRIT www.firethroughspirit.com 518-275-9575 877-321-CORBIE CROSS THE BRIDGE from fear to fearlessness -- and fly! Follow the White Raven... All readings are for entertainment only! *
Re: Spamassassin+amavis
Hi guys.. I have read all your mails and I have decreased the number of procs to 10. the performance is better but continues slow. The server is not using swap and I have no spamd running, this is called from amavisd. How many procs is the recommended for this server with 4 Gb RAM and a lot of traffic ? On Tue, 2008-10-28 at 17:55 +0100, Matus UHLAR - fantomas wrote: On 28.10.08 10:04, Luis Croker wrote: Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... lower it back to 10 or so, unless you receive that much of mail. Luis Croker wrote: Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. In such case the problem won't be in spamassassin. Aren't you using redhat? There was some bugreprt about perl in redhat causing slow processing..
Re: I hate Spam Assassin, don't know how it got on my computeranddesperately need to get rid of it
I stand corrected. I guess I should have said that *I* don't use SpamAssassin for outgoing email. :) James Butler Internet Society - Los Angeles Chapter Chairman of the Board [EMAIL PROTECTED] *** REPLY SEPARATOR *** On 10/28/08 at 12:32 PM Larry Nedry wrote: On 10/28/08 at 10:06 AM -0800 you wrote: SpamAssassin is not used for outgoing email, therefore your issue is more than likely not a SpamAssassin issue. FYI, SpamAssassin is used by many large ISP for outgoing mail to determine if they should block or not. I know for a fact that rr.com and godaddy.com use it to check outgoing mail. Try sending a GTube test through your ISP's system and see if it makes it through. :-) Nedry
Re: Spamassassin+amavis
I have put the log level to 4 in amavisd.conf and this is one operation... Everything is Ok in times... until SA is called and the delay goes to 6 seconds... actually at the end of the log amavisd displays a timing statistics and SA check spent 97% of the time... Regards. Oct 28 11:50:36 mailgw postfix/smtpd[37332]: connect from unknown[x.x.x.x] Oct 28 11:50:36 mailgw postfix/smtpd[37332]: 33D7835301B: client=unknown[x.x.x.x] Oct 28 11:50:36 mailgw postfix/cleanup[37702]: 33D7835301B: message-id=[EMAIL PROTECTED] Oct 28 11:50:36 mailgw postfix/smtpd[37332]: disconnect from unknown[x.x.x.x] Oct 28 11:50:36 mailgw postfix/qmgr[37034]: 33D7835301B: from=[EMAIL PROTECTED], size=3899, nrcpt=1 (queue active) Oct 28 11:50:36 mailgw amavis[37687]: loaded base policy bank Oct 28 11:50:36 mailgw amavis[37687]: lookup_ip_acl (inet_acl): key=127.0.0.1 matches 127.0.0.1, result=1 Oct 28 11:50:36 mailgw amavis[37687]: process_request: fileno sock=12, STDIN=0, STDOUT=1 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) SMTP 220 [127.0.0.1] ESMTP amavisd-new service ready Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) SMTP EHLO mailgw Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-[127.0.0.1] Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-VRFY Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-PIPELINING Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-SIZE Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-ENHANCEDSTATUSCODES Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-8BITMIME Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250-DSN Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP XFORWARD NAME=[UNAVAILABLE] ADDR=200.52.193.35 PORT=1392\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250 2.5.0 Ok XFORWARD Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP XFORWARD PROTO=ESMTP HELO=PC761620635160 SOURCE=REMOTE\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250 2.5.0 Ok XFORWARD Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP MAIL FROM:[EMAIL PROTECTED] SIZE=3899\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) check_mail_begin_task: task_count=1 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) TempDir::prepare: creating directory /var/amavis/tmp/amavis-20081028T115036-37687 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) TempDir::prepare_file: creating file /var/amavis/tmp/amavis-20081028T115036-37687/email.txt Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup_ip_acl (mynetworks): key=x.x.x.x, no match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (debug_sender) = undef, [EMAIL PROTECTED] does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250 2.1.0 Sender [EMAIL PROTECTED] OK Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP RCPT TO:[EMAIL PROTECTED] ORCPT=rfc822;[EMAIL PROTECTED] Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 250 2.1.5 Recipient [EMAIL PROTECTED] OK Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP DATA\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP::10024 /var/amavis/tmp/amavis-20081028T115036-37687: [EMAIL PROTECTED] - [EMAIL PROTECTED] SIZE=3899 Received: from mailgw ([127.0.0.1]) by localhost (mailgw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for [EMAIL PROTECTED]; Tue, 28 Oct 2008 11:50:36 -0600 (CST) Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP 354 End data with CRLF.CRLF Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP .CRLF Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) body type (ESMTP BODY): unlabeled, good (h=0, b=0) Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) body hash: b4993223230999e78d98b7d15853f9d8 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Original mail size: 3899; quota set to: 1949500 bytes Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Checking: mACNRl7gTIjB [200.52.193.35] [EMAIL PROTECTED] - [EMAIL PROTECTED] Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) 2822.From: [EMAIL PROTECTED] Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (snp1) = undef, [EMAIL PROTECTED] does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (snp2) = undef, [EMAIL PROTECTED] does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (local_domains) = true, [EMAIL PROTECTED] matches, result=OK, matching_key=megacable.com.mx Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (bypass_banned_checks) = undef, [EMAIL PROTECTED] does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (bypass_spam_checks) = undef, [EMAIL PROTECTED] does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Extracting mime components Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Issued a new file name: p001 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Charging 3232 bytes to remaining quota 1949500 (out of 1949500, (0%)) - by
Re: I hate Spam Assassin, don't know how it got on my computer anddesperately need to get rid of it
Thank you, Rev. Mitleid. It does appear that your MAIL service provider, capital.net, is indeed using SpamAssassin, and that your message indicated below has been identified as spam and blocked by capital.net. You should send that same data to your representative at your ACCESS provider (ISP), Logical.net, and ask them about it. I do not know how Logical.net is set up, or if capital.net is one of its affiliates. If it is blocking ALL of your mail from going out, then the information you posted will help them identify your issue. Your first message indicated that it was a sporadic problem with some of your clients, and your second message indicates that you are now completely unable to send mail through that mail server. This sounds like what was initially a small issue with the contents of your messages (recognized as spam) and, when you kept trying to send out the spam-classified messages, capital.net finally had enough, and has blacklisted your IP address, because they think you are a spammer. Only they (capital.net) can clear that up for you. As far as moving forward with sending more messages to your clients, you should endeavour to educate yourself about WHY your messages are being classified as spam, and learn to write messages that are less spammy. I suggest this because even if you succeed in getting off the black list, you will undoubtedly end up back on it again as soon as you start to send messages that are similar in content to the ones that caused the condition in the first place. James Butler Internet Society - Los Angeles Chapter Chairman of the Board [EMAIL PROTECTED] *** REPLY SEPARATOR *** On 10/28/08 at 1:29 PM Corbie Mitleid/Fire Through Spirit wrote: James, thank you for your courteous answer. It's the first one I received that did not treat me like a carney fortune teller, IQ challenged idiot, or whining ninny. My husband, who is quite competent with computers, also could not make head or tails regarding our SA problem. As I explained before, I came here because I was directed to this list by J Monroe, from the Spam Assassin site itself, when he said he no longer gave any kind of assistance. My ISP, Logical.net, said it was definitely not from their end, and therefore had to have been loaded on to my computer. As I sent to someone else, the message is not an unable to deliver such as one gets when an address is not known, mailbox is full, or some other simple issue. It is blocking me from even sending it out of my machine, and it remains in the outbox, also blocking all my other mail from being sent. The following is an example: An unknown error has occurred. Subject 'report for you and Dan', Account: 'pop.capital.net', Server: 'mail.capital.net', Protocol: SMTP, Server Response: '550 5.7.1 Blocked by SpamAssassin', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC69 I will certainly attempt to get hold of technical personnel locally, but was under the impression that those who used Spam Assassin and found it useful would know how to help me. Again, thank you for being professional enough to address me with courtesy and clarity. Rev. Corbie Mitleid
Re: Spamassassin+amavis
Matus UHLAR - fantomas wrote: Aren't you using redhat? There was some bugreprt about perl in redhat causing slow processing.. I believe that issue was fixed with the update of perl last month.
Re: Spamassassin+amavis
Luis Croker wrote: Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... Regards. You also need to make sure the maxproc column of the feed to amavisd in /etc/postfix/master.cf matches whatever you've set the $max_servers setting to in /etc/amavisd.conf (ie, they should be the same). I note you said this was the case in a previous mail. For a server with 4 processors (or cores) and 4GB of ram I normally start at 4 processes and work up if needed. It seems like a logical place to start with 1 process per cpu. If you take a look at: ps aux | grep amavisd and see how much *time* each child process has run for. On my server I see that mostly the first 2 child processes are used, the 3rd occasionally and that the 4th child process has barely been used much indicating that 3 child processes is probably enough (for me). If you see near equal usage across all 4 child processes then you would probably benefit from more processes to the point where your hardware can adequately cope with the additional load. If you don't have enough processes to cope with the flow of mail then the MTA (postfix) will just queue the mail before handing it off to amavisd once a process becomes available.
Re: Spamassassin+amavis
On 10/28/08, Ned Slider [EMAIL PROTECTED] wrote: Luis Croker wrote: Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... Regards. You also need to make sure the maxproc column of the feed to amavisd in /etc/postfix/master.cf matches whatever you've set the $max_servers setting to in /etc/amavisd.conf (ie, they should be the same). I note you said this was the case in a previous mail. From what I understand from: http://marc.info/?l=postfix-usersm=120612390511480 Only 20 maxproc will be used, even if you specify higher in the smtp-amavis transport in master.cf. If you need more than 20, better to leave at the default (-) and set: smtp-amavis_destination_concurrency_limit = N in main.cf For your setup, I would try between 20 and 30 for the value of N (along with $max_servers) 6 seconds seems somewhat typical. Mostly due to network tests. Some RBLs are no longer and you could turn the non functional RBL rules off by setting to 0. I'm not sure which ones though. Maybe someone else knows. -- Gary V
Re: Spamassassin+amavis
Gary V wrote: 6 seconds seems somewhat typical. Mostly due to network tests. Some RBLs are no longer and you could turn the non functional RBL rules off by setting to 0. I'm not sure which ones though. Maybe someone else knows. From my own stats of hits against DNSBLs and URIBLs for the last ~1000 spam (these results are typical for me): ## DNSBL Statistics ## 1223 RCVD_IN_ZEN (Spamhaus PBL, SBL or XBL) 1067 RCVD_IN_UCE_COMBINED (UCEPROTECT level 1, 2 or 3) 1052 RCVD_IN_PBL 900 RCVD_IN_UCEPROTECT3 834 RCVD_IN_UCEPROTECT2 678 RCVD_IN_SBLXBL 427 RCVD_IN_UCEPROTECT1 163 RCVD_IN_PSBL 105 RCVD_IN_BL_SPAMCOP_NET 15 RCVD_IN_SORBS_WEB 14 RCVD_IN_NJABL_PROXY 1 RCVD_IN_SORBS_DUL 1329 Total Spam ## URIBL Statistics ## 1060 URIBL_BLACK 829 URIBL_JP_SURBL 695 URIBL_OB_SURBL 611 URIBL_SC_SURBL 444 URIBL_SBLXBL 440 URIBL_WS_SURBL 427 URIBL_AB_SURBL 163 URIBL_RHS_DOB 42 URIBL_PH_SURBL 1329 Total Spam Spamhaus Zen is highly effective for me and hits on 90% of spam when used as -lastexternal, and is the only DNSRBL I'd trust to use at the smtp level. I've also added custom rules for UCE Protect levels 1-3 and PSBL blacklists. I wouldn't use either at the smtp level as they do generate the occasional FP, but UCE Protect is useful in a scoring environment such as SA. For me NJABL, SORBS and pretty much anything else are a waste of space relative to the effectiveness of Spamhaus. If you can implement Spamhaus Zen at the smtp level then blocking ~90% of spam before it ever reaches SA is hugely beneficial to system load and the rest could probably be dropped from SA with minimal impact. I also find the URIBLs to be very effective, especially URIBL_BLACK. Between Bayes and my top DNSRBLs and URIBLs, nothing gets through - everything else is just bumping the score further past the spam threshold. I'd recommend taking a look at your own stats to see which are effective for you and maybe drop those that are ineffective or, better still, look at ways to pre-filter spam at the smtp level before it ever reaches amavisd/SA so as to reduce the load (for example, http://wiki.centos.org/HowTos/postfix_restrictions). A good setup like this can easily block the vast majority of spam at the smtp level meaning that your server/SA now primarily only has to deal with the ham and an insignificantly small proportion of spam. BTW, checking my logs I note typical delays of 4-6secs on a 3.0GHz quad core server with 4GB RAM running 4 amavisd child processes that handles a very light load. -Ned
