Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On Fri, 4 Feb 2011 06:13:59 -0500, you wrote: On 2/4/11 5:42 AM, Mark Martinec wrote: On June 8, 2011, dubbed World IPv6 Day, participants will enable IPv6 on their main services for 24 hours. fug! anyone remember when you were only allowed one domain per company? I remember making a phone call asking for that domain name and our IP blocks and getting them assigned on the spot and having them restart the DNS Server (no that's not a typo there was only one of them and they guy reloaded it to get out DNS file into it in the middle of the day during the week). This was around Nov. 1992 or so. First heard of Bitnet/Arpanet/Internet in College around 1984was great to get weather data from Madison WI to Milwaukee to Champaign IL ;) -- George, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02- ), Rosie(9/1/07- ), Merlin/MR. Tibbs(8/1/90-5/24/06, 2/10/08- ), Nazarene(6/1/99-1/28/08) Jackson, WI USA geor...@netwrx1.com http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-'
***** SPAM ***** Re: Trouble after upgrade
On Tue, 26 Jan 2010 15:13:53 -0500, you wrote: Quoting john ffitch j...@codemist.co.uk: After attempting to move to Sa 3.3.0 water:~ # /etc/cron.daily/sa-update http: GET http://yerp.org/rules/stage/330903380.tar.gz request failed: 404 Not Found: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title404 Not Found/title /headbody h1Not Found/h1 pThe requested URL /rules/stage/330903380.tar.gz was not found on this server./p hr addressApache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_watch/4.3 Server at yerp.org Port 80/address /body/html channel: could not find working mirror, channel failed What sould I do next? ==John ffitch use http://yerp.org/rules/stage/330903281.tar.gz David: I'm seeing it here also with sa-update -D --gpgkey 6C6191E3 --channel sought.rules.yerp.org Where is this edit getting made? by the channel line or ??? And will this auto update somehow in the future to fix itself? -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186
Re: sought rules
On Wed, 11 Nov 2009 12:09:09 -0500, you wrote: Hi, Yep -- sorry -- I got to reboot the server, but it appears to have not fixed the problem. Right now I'm not likely to be able to perform more investigation for a week or two. :( Sorry about this -- the perils of volunteer infrastructure! Where is it physically located? Isn't there someone in the area that you trust, or could trust, to go and fix it? I guess if there was, you would have done that, but I'm sure you could find some volunteers to put it up in a more centrally-located or managed location for the future, if you'd like. Off-site backup? At the least, I'm sure someone could contribute there. I've got a few servers, and would be happy to provide remote ssh/rsync access to someone, should you like. Truewhat do you need to host this thingif I can help out with space/bandwidth I'd be willing. I've got a couple linux boxes here that I could give you some space on. George -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186
4.64 compile problem on Linux 2.6.19.1
Trying to compile 4.64 here using the same settings as 4.63 (which compiles just fine) and am seeing the following error during make: gcc transport.c In file included from transport.c:17: /usr/local/include/sys/sendfile.h:26:3: error: #error sys/sendfile.h cannot be used with _FILE_OFFSET_BITS=64 make[1]: *** [transport.o] Error 1 make[1]: Leaving directory `/mnt/scsi-1/Linux/exim-4.64/build-Linux-i386' make: *** [go] Error 2 Not being a programmer I have no idea how to remedy this.any assistance greatly appreciated. System is Linux running a 2.6.19.1 kernel on a P-III 600 CPU, gcc 4.11. Any other info needed please ask and I'll try to supply it. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: 4.64 compile problem on Linux 2.6.19.1
wrong list.. perhaps you meant to post it to the exim list? OOPS, sorry about thathit the wrong address book entry. Thanks for pointing it out. George
Re: This seen on Dice
On Fri, 08 Dec 2006 12:36:11 -0700, you wrote: Any takers? ;-) http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14dockey=xml/7/a/[EMAIL PROTECTED]bb=0source=15 They have got to be joking..then again, I'd believe just about anything these days ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: tmp files being left over from FuzzyOCR?
Its not a formal released version from Chris/decoder. I'm running b here as it seems the most stable. If you want J is at: To: [EMAIL PROTECTED] Subject: [Devel-spam] [Announce] Version 2.3j From: Jorge Valdes [EMAIL PROTECTED] Date: Mon, 25 Sep 2006 10:49:24 -0600 Hi all, Just wanted to let everyone now that version 2.3j available here: http://www.joval.info/proj/FuzzyOcr.html This version is VERY stable, and besides fixing a couple of bugs reported to me on this list, better traps and reports errors from ImageMagick, no new features have been added. Unless a serious bug is encountered, this should be very close to a stable release. On my todo list is that image inside application/ms-word (.doc) attachment spam. Jorge Ok, I wasn't going to ask but I guess I'll have to. Where do I get the j version. It's not at http://users.own-hero.net/~decoder/fuzzyocr/ Bill - Original Message - From: Duncan, Brian M. To: Bill ; users@spamassassin.apache.org Sent: Thursday, October 19, 2006 9:36 AM Subject: RE: tmp files being left over from FuzzyOCR? I am using 2.3j of Fuzzy OCR according to the Perl script. drwx-- 2 mail mail 4096 Oct 19 08:29 .spamassassin17656WleDs7tmp drwx-- 2 mail mail 4096 Oct 19 09:15 .spamassassin25775kNluNhtmp These are two dirs in my tmp folder currently. In one of those dirs I have: Line-multi-gif Line.gif raw.eml raw.err -Original Message- From: Bill [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 9:29 AM To: users@spamassassin.apache.org Subject: Re: tmp files being left over from FuzzyOCR? I'm using FuzzyOcr-2.3b and I can't find any reference to this option in any of the FuzzyOCR software I downloaded. focr_keep_bad_images 0 Here's a sample of the items in my /tmp folder. You said your's were folders, mine's not. All of these files are left behind as at the time I made this sample it was 9:25. -rw--- 1 mail mail 0 Oct 19 08:25 .spamassassin2053SgXN1Ktmp -rw--- 1 mail mail 0 Oct 19 08:31 .spamassassin2053uswH8Ttmp -rw--- 1 mail mail52 Oct 19 08:31 .spamassassin2053Wpxhuftmp -rw--- 1 mail mail 6549 Oct 19 08:31 .spamassassin26901cFX9cetmp -rw--- 1 mail mail 0 Oct 19 08:31 .spamassassin26901JsLOMYtmp -rw--- 1 mail mail 4267 Oct 19 08:36 .spamassassin300465gddzGtmp -rw--- 1 mail mail 0 Oct 19 08:31 .spamassassin30046lKDkjjtmp -rw--- 1 mail mail 3150 Oct 19 08:31 .spamassassin30046ptOrdstmp -rw--- 1 mail mail 0 Oct 19 08:36 .spamassassin30046xUScTotmp -rw--- 1 mail mail 4112 Oct 19 08:24 .spamassassin9067MfgpH3tmp Here's a sample of a file. _(PICTURE)_ _ _ _ _ _ _ _ _ _ (PICTURE)_ _ _ _ _ _ __ _ _ _ _ (PICTURE) _ (PICTURE)__ _ _ _ _ __ _ _ _ _ _ _ An _nves_or A_ER_!!! pE_RoSU_ DR_rr__C (pSUD ) '_ UU_ _ L Y_L LdUY_ _L __ _ L_ __ UU_L_ _Ld! L WdLL_ ___ _ LUUdY _ ' ' ' '' ' ' ' ' ' ' ' ' ' ' '' ' ' ''' ' ' ' ' ' ' '' '' ' ' ' '' ' ' ' '' ' ' '' ' ' ' ' ' '' ' '' ' '_' \ petro5un, Incorporeted (p5UD _ _ews) ennounced thet rU_ L_ _d__ _Y_ ___ _ ___ _L W_L_ _ ___LL_ d _ _ __! _ _ __ _ _ _ _ __ , Bill - Original Message - From: Duncan, Brian M. To: users@spamassassin.apache.org Sent: Thursday, October 19, 2006 8:42 AM Subject: RE: tmp files being left over from FuzzyOCR? I noticed that there is this directive in the fuzzyocr.cf: # 0 = always cleanup # 1 = keep only if error # 2 = always keep focr_keep_bad_images 0 Mine was set to 1 by default, to keep bad images. I set it to 0 but it still is keeping bad images. (If what is in the dirs is bad images, when I send a GIF I created no tmp dirs are left, if I send one of the images left from one of the dirs from before it leaves it) -Original Message- From: Duncan, Brian M. Sent: Thursday, October 19, 2006 8:27 AM To: users@spamassassin.apache.org Subject: RE: tmp files being left over from FuzzyOCR? I just looked and have tmp dirs being created by FuzzyOCR - with what looks like tmp files in those dirs. No tmp files in the root of /tmp It looks like certain images are causing FuzzyOCR to quit proccessing messages in my case based on what I see in these dead tmp dirs left behind. It's only happening on certain images it looks like. (only 3 tmp dirs left from all of today so far) For the heck of it I took one of the graphic files in one of those tmp dirs and put it inline and sent it in as a test. It created a tmp dir did not remove it, and the message that came in had a Spam score of 0 and it looks like Spam Assassin died because of FuzzyOCR having an issue with the image. (I have the patches applied to the couple of
Re: SA 3.1.7 children hang but don't die
Daryl - I switched back to 3.1.5 after my last post, and am sorry to report that I'm still seeing the same issue under 3.1.5. After running a while, the processes in a state of K start building up until I manually kill them. Regretfully (VERY regretfully) turning off FuzzyOCR. Sandy I'll second this, SA 3.1.5 FuzzyOCR on RHEL-AS4 I've been seeing this off on ever since I added FuzzyOCR. Logs seem to correlate to FuzzyOCR processing a gif image during a peak of messages. Get FuzzyOcr.log message: FuzzyOcr received timeout after running 10 seconds. I'm running SA 3.1.5 with FuzzyOCR. I'm seeing errors in the FuzzOCR log, like this: [2006-10-18 09:34:24] FuzzyOcr received timeout after running 10 seconds. [2006-10-18 09:49:14] FuzzyOcr received timeout after running 10 seconds. [2006-10-18 10:09:26] Unexpected error in pipe to external programs. Please check that all helper programs are installed and in the correct path. (Pipe Command /usr/bin/gifasm -d /tmp/.spamassassin2589Eye8ALtmp/out, Pipe exit code 1 (), Temporary file: /tmp/.spamassassin25893ZSX3Ltmp) But I'm no longer getting children in the K state, since I put a spamd restart into the logrotate script. I haven't turned off FuzzyOCR which is doing an excellent job for me. This isn't particularly conclusive, I'm afraid, because when I was seeing the problem it was sporadic and occasional, so it might just be luck, though it's been OK for a few days. I've got my timeout here higher at 60 (slower box) and am not seeing timeout errors or any K processes with 3.1.5 since switching back. It only started with SA 3.1.7 so I'm thinking its something there thats causing the issue. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
SA 3.1.7 children hang but don't die
I'm noticing in 3.1.7 here that SA children are entering the K state but not disappearing from the proc list, leaving me with eventually many hung SA items and no running children as I hit the max child limit. I've NOT seen the behavior in 3.1.5 which I've gone back to as of last evening. Has anyone else noticed this and if so is there are cause/solution for it out there? What can I provide to help with the solution?? Thanks, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Help filtering this type of spam
Any thoughts on how to filter this? I'm running the SARE rules and SA
3.1.5 and I seem to be having alot (hundreds in the last few days) of
this type of thing get through. Is there a rule score I should tweak
up or what?
Also it has about a 23K blank gif attached to it as well. I'm running
the FuzzyOCR plugin also but given there's nothing in the gif it gets
no hits.
Received: from [200.121.165.224]
by eagle.netwrx1.com with esmtp (Exim 4.63)
(envelope-from [EMAIL PROTECTED])
id 1GaBzN-0003qB-2x
for [EMAIL PROTECTED]; Wed, 18 Oct 2006 09:02:59 -0500
Message-ID: [EMAIL PROTECTED]
From: collection toolVideo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: stock
Date: Wed, 18 Oct 2006 09:01:35 -0500
MIME-Version: 1.0
Content-Type: multipart/related;
type=multipart/alternative;
boundary==_NextPart_000_000F_01C6F294.03434660
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Score: 3.8 (+++)
X-Spam-Report: Spam detection software, running on the system
eagle.netwrx1.com, has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
[EMAIL PROTECTED] for details.
Content preview: Company or officially refer was Fairchild Channel
article History appeared is until am that Magnavox released Odyssey in
Odyssey initially. Most filed bankruptcy am moved a into industries
abandoning Intv Corp who in produce develop new North American editthird
Robotic Operating of Buddy is came packaged Nesin Famicom Japan
supported highres full color am. Wikipedia the in free Your continued
donations keep running to navigation searchgame. Creating glut causing
rca abandon consoles stayed or marketthe or vcs be profit. Serious in
threats though cost combined extremely difficult program leading lack
extra a. Early systems its a however not synonymous with or same as
usage it refers. [...]
Content analysis details: (3.8 points, 5.0 required)
pts rule name description
--
--
2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel
letters
0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type=
entry
0.6 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of
words
0.0 HTML_MESSAGE BODY: HTML included in message
X-Spam-Flag: NO
X-UIDL: c:D!VD1!!-2O!UL!
X-Agent-Received: from Netwrx POP Server (pop.netwrx1.com); Wed, 18 Oct 2006
09:10:49 -0500
X-Agent-Train-Legitimate: 0
X-Agent-Junk-Probability: 0
Company or officially refer was Fairchild Channel article History appeared is
until am that Magnavox released Odyssey in Odyssey initially.
Most filed bankruptcy am moved a into industries abandoning Intv Corp who in
produce develop new North American editthird Robotic Operating of Buddy is
came packaged Nesin Famicom Japan supported highres full color am.
Wikipedia the in free Your continued donations keep running to navigation
searchgame.
Creating glut causing rca abandon consoles stayed or marketthe or vcs be
profit.
Serious in threats though cost combined extremely difficult program leading
lack extra a.
Early systems its a however not synonymous with or same as usage it refers.
Continued donations keep running to navigation searchgame redirects here for
command line of in modern computer games am see in pc Atari Sony Psone in
Nintendo am Gamecube.
These jump started in consumer market soon flooded of dedicated simple derived
ves While there.
After both Bally of Library brought or based wasnt or conversion hit Space!
Length processor although value sometimes am misused example cpu graphics
processor dependent factors using crude in gauge overall ability is between.
===[George R. Kasica]===+1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
Re: Joe Blow wrote: Spam
THANK YOU yep, there's a rule for them that should be coming through in updates tomorrow or the day after... --j. George, Nazarene(6/1/99- ), Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-), MR. Tibbs(8/1/90-5/24/06) Jackson, WI USA [EMAIL PROTECTED] http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-'
Re: Help filtering this type of spam
EXCELLENT!! The new update to SARE stock ruleset will take care of these. I'm just waiting on the ninja in chage of that to update it. I'm running it, and I love it ;) Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com -Original Message- From: George R. Kasica [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 10:18 AM To: users@spamassassin.apache.org Subject: Help filtering this type of spam Any thoughts on how to filter this? I'm running the SARE rules and SA 3.1.5 and I seem to be having alot (hundreds in the last few days) of this type of thing get through. Is there a rule score I should tweak up or what? Also it has about a 23K blank gif attached to it as well. I'm running the FuzzyOCR plugin also but given there's nothing in the gif it gets no hits. Received: from [200.121.165.224] by eagle.netwrx1.com with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1GaBzN-0003qB-2x for [EMAIL PROTECTED]; Wed, 18 Oct 2006 09:02:59 -0500 Message-ID: [EMAIL PROTECTED] From: collection toolVideo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: stock Date: Wed, 18 Oct 2006 09:01:35 -0500 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_000F_01C6F294.03434660 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system eagle.netwrx1.com, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see [EMAIL PROTECTED] for details. Content preview: Company or officially refer was Fairchild Channel article History appeared is until am that Magnavox released Odyssey in Odyssey initially. Most filed bankruptcy am moved a into industries abandoning Intv Corp who in produce develop new North American editthird Robotic Operating of Buddy is came packaged Nesin Famicom Japan supported highres full color am. Wikipedia the in free Your continued donations keep running to navigation searchgame. Creating glut causing rca abandon consoles stayed or marketthe or vcs be profit. Serious in threats though cost combined extremely difficult program leading lack extra a. Early systems its a however not synonymous with or same as usage it refers. [...] Content analysis details: (3.8 points, 5.0 required) pts rule name description -- -- 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 0.6 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message X-Spam-Flag: NO X-UIDL: c:D!VD1!!-2O!UL! X-Agent-Received: from Netwrx POP Server (pop.netwrx1.com); Wed, 18 Oct 2006 09:10:49 -0500 X-Agent-Train-Legitimate: 0 X-Agent-Junk-Probability: 0 Company or officially refer was Fairchild Channel article History appeared is until am that Magnavox released Odyssey in Odyssey initially. Most filed bankruptcy am moved a into industries abandoning Intv Corp who in produce develop new North American editthird Robotic Operating of Buddy is came packaged Nesin Famicom Japan supported highres full color am. Wikipedia the in free Your continued donations keep running to navigation searchgame. Creating glut causing rca abandon consoles stayed or marketthe or vcs be profit. Serious in threats though cost combined extremely difficult program leading lack extra a. Early systems its a however not synonymous with or same as usage it refers. Continued donations keep running to navigation searchgame redirects here for command line of in modern computer games am see in pc Atari Sony Psone in Nintendo am Gamecube. These jump started in consumer market soon flooded of dedicated simple derived ves While there. After both Bally of Library brought or based wasnt or conversion hit Space! Length processor although value sometimes am misused example cpu graphics processor dependent factors using crude in gauge overall ability is between. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: SA 3.1.7 children hang but don't die
* George R. Kasica wrote (18/10/06 14:55): I'm noticing in 3.1.7 here that SA children are entering the K state but not disappearing from the proc list, leaving me with eventually many hung SA items and no running children as I hit the max child limit. I've NOT seen the behavior in 3.1.5 which I've gone back to as of last evening. Has anyone else noticed this and if so is there are cause/solution for it out there? What can I provide to help with the solution?? I've been seeing this (or something similar) with 3.1.5, and I reported it, with a similarly suspect subject line, a few days ago. OK. Well, assuming I don't end up in FBI custody for my poor choice of words. My best guess is that it's related to logrotate. I've added a spamd restart (SIGHUP should do it) after logrotate runs, and I'm not seeing the problem any more. But, since it occurs unpredictably, I may be speaking too soon. There are a few bugzilla entries that might be relevant. Eg http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4237 and http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4316 I have one log rotate about 0400 here and a full restart of the mail system at 0500 every day to keep things happy and I'm seeing this later in the day say 9-10am so I don't think its log rotate related. Those bugs are not what I'm seeing, I'm seeing totally stuck in K state children that won't go away until you go out and start killing procs. George, Nazarene(6/1/99- ), Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-), MR. Tibbs(8/1/90-5/24/06) Jackson, WI USA [EMAIL PROTECTED] http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-'
Re: SA 3.1.7 children hang but don't die
* George R. Kasica wrote (18/10/06 14:55): I'm noticing in 3.1.7 here that SA children are entering the K state but not disappearing from the proc list, leaving me with eventually many hung SA items and no running children as I hit the max child limit. I've NOT seen the behavior in 3.1.5 which I've gone back to as of last evening. Has anyone else noticed this and if so is there are cause/solution for it out there? What can I provide to help with the solution?? I've been seeing this (or something similar) with 3.1.5, and I reported it, with a similarly suspect subject line, a few days ago. OK. Well, assuming I don't end up in FBI custody for my poor choice of words. My best guess is that it's related to logrotate. I've added a spamd restart (SIGHUP should do it) after logrotate runs, and I'm not seeing the problem any more. But, since it occurs unpredictably, I may be speaking too soon. There are a few bugzilla entries that might be relevant. Eg http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4237 and http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4316 I have one log rotate about 0400 here and a full restart of the mail system at 0500 every day to keep things happy and I'm seeing this later in the day say 9-10am so I don't think its log rotate related. Those bugs are not what I'm seeing, I'm seeing totally stuck in K state children that won't go away until you go out and start killing procs. Seeing the exact same thing here, running SA 3.1.7 on FreeBSD. My logs rotate once a day at midnight, and I can kill spamd and restart spamassassin during the day and very quickly these undead processes start building up. On my box it's definitely related to FuzzyOCR - I turn off FuzzyOCR and the problem goes away. The problem is I LOVE FuzzyOCR - it kills a lot of spam! I will probably try going back to SA 3.1.5 and see if that fixes it. Sandy: I've dropped back to 3.1.5 last evening about 2200 CDT and no problems since. I'm also running FuzzyOCR 2.3b here and did not see the problem until I got to 3.1.7 I'll cc this to the FuzzyOCR list and see if anyone there is seeing this Thanks, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: SA 3.1.7 children hang but don't die
On Wed, 18 Oct 2006 13:20:06 -0500, you wrote: - Original Message - From: Daryl C. W. O'Shea [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Sandy S [EMAIL PROTECTED]; Chris Lear [EMAIL PROTECTED]; users@spamassassin.apache.org; [EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 1:09 PM Subject: Re: SA 3.1.7 children hang but don't die George R. Kasica wrote: I've dropped back to 3.1.5 last evening about 2200 CDT and no problems since. I'm also running FuzzyOCR 2.3b here and did not see the problem until I got to 3.1.7 I'll cc this to the FuzzyOCR list and see if anyone there is seeing this If someone(s) can definitively confirm whether this problem only happens under 3.1.6/3.1.7 and not 3.1.5 or earlier, please make sure we hear about it. IIRC, it's possible that the fix for bug 5081 (3.1.6) could be affecting this. Daryl Daryl - I switched back to 3.1.5 after my last post, and am sorry to report that I'm still seeing the same issue under 3.1.5. After running a while, the processes in a state of K start building up until I manually kill them. Regretfully (VERY regretfully) turning off FuzzyOCR. Sandy Sandy: I'm NOT Seeing it here with 3.1.5 and FuzzyOCR since 2200 CDT last evening 10/17/06. Normally it would have shown up a couple times since then. FuzzyOCR is still running here no other changes except dropping back to 3.1.5. George
Re: Discourage broken configs (was: Discourage broken content (was: Broken images in mails)
I think we should discourage all broken content in email and on the
web.
At one time we could assume that broken content was an honest
mistake and make an attempt at fixing it. But with the rise of
malicious content attempting to exploit bugs in content handlers
(like overruns in image libraries), we should simply reject
anything that fails to pass validation, on the assumption that's it
out to get us.
This includes not just broken images but also broken HTML, which is
so commonly used to conceal spam.
We need to stop giving a free pass to broken content creation
software just because it's popular. When someone sends you broken
content, you should react the same way you would if they sent you
documents on dirt-smeared paper. Stop letting your emperor walk
around naked.
I would, and do, go even further and discourage broken Server/DNS
configurations.
I've downright had it with all this crap hitting my server.
I'm now doing checks right at the MTA and if the sending server fails
any hostname, HELO, domain name, SPF etc., checks they don't even get
to my content filters. The biggest thing we have in our favour is
that the spambots are mostly broken or running on machines that will
fail most of these checks.
For legitimate email, I send an message to the admins responsible for
the broken configs with my log entries explaining why their email was
blocked. It's up to them to fix it if they want to send email my way.
I know this isn't practical in an environment where you're
administering hundreds or thousands of accounts, and I feel your
pain, but I think it's time we encouraged proper and correct server
and DNS configurations so we can use all the tools at our disposal to
our advantage.
I am with you right up until the moment my head says, Who defines
proper content? Then I come back to email format rwars and say
Fahgeddit.
One man's cilantro spice is another man's intolerable bitterness.
Do we try to force the bitterness on the other man or do we try to
accommodate? Who gets to define how much we must tolerate? It's
purely an rwar issue when you apply this to formatting wars. It is
best to do what YOU will and not get evangelistic about it. If you
do characters like me get contrary.
{^_^} Joanne, The Stubborn
A great and a wonderful idea until you have users paying you for
e-mail service and you start bouncing their mails because someone or
some program has a bug in it that they have no control over and they
lose that email from their employer, client or whatever and I can
assure you that they will find another provider right quick.
===[George R. Kasica]===+1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
Re: [exim] Exim+SA=Server Overloaded!
On Tue, 24 Jan 2006 14:01:55 -0200, you wrote: Hello! Sorry to send another email about the same subject. But my mail server crashed so i couldn't see the answers. I am calling my spamassassin service in SMTP time with some ACL rules in my exim4 configuration file. I start the SA service, start exim4 service and i wait only some minutes and the server gets overloaded!... almost impossible to loggin and shutdown manually the server. I have 216 users in the server, and I have an avarege about 10 access / minute. I THINK that the problem is that I am calling the SA service from ACL rules (in SMTP time)... but dont know how to change it to another way to fix the problem. Ah! When I turn off the SA service the server goes perfectly. Could somebody help me?! Thanks anyway! Also check to make sure your not using HUGE rulesets like the 2 blacklist ones, that's what caused a problem here, once we stopped using those 2 all was happy. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: Exim 4.60 SpamAssassin 3.1.0 Problems
Bradley: Fought the same battle here just last week literally. With the help of Larry Rosenman from the SA/Exim lists we got it working VERY well here. It's basically a machine load issue for me, and I'm guessing for you as well. First thing...with SA are you running either of these rules: blacklist-uri.cafe blacklist.cf They are both HUGE CPU hogs, remove tem from your rule sets. Second: Are your cleaning up after exim/SA? If not this script will do it for you, I'd run it nightly around midnight here check the path names and correct to match your setup: # more /usr/sbin/exim-cleanup exim_dbdir=/var/spool/exim exim_tidydb=/usr/local/exim/sbin/exim_tidydb echo echo Tidying Exim hints databases: for db in $exim_dbdir/db/*.lockfile; do echo $exim_tidydb $exim_dbdir `basename $db .lockfile` done ll /usr/local/exim/exiscan/virusmails ll /usr/local/exim/spool/scan rm /usr/local/exim/exiscan/virusmails/* rm -r /usr/local/exim/spool/scan/* These 2 items basically took my system load from a 10-12 and put it at .89 and my mail queue from HOURS of queue time to avg less than a minute: Plus these command lines (with appropriate editing will give some nice stats: Subject: Cron /usr/sbin/sa-stats -l /var/log/exim -f mail From: [EMAIL PROTECTED] (Cron Daemon) Date: Wed, 18 Jan 2006 23:50:47 -0600 Email:22065 Autolearn: 2 AvgScore: 13.51 AvgScanTime: 32.73 sec Spam: 10091 Autolearn: 1 AvgScore: 29.70 AvgScanTime: 32.59 sec Ham: 11974 Autolearn: 1 AvgScore: -0.14 AvgScanTime: 32.85 sec Time Spent Running SA: 200.62 hours Time Spent Processing Spam: 91.34 hours Time Spent Processing Ham: 109.28 hours Subject: Cron /usr/local/exim/sbin/eximstats -ne -nr /var/log/exim/mainlog From: [EMAIL PROTECTED] (Cron Daemon) Date: Wed, 18 Jan 2006 23:50:58 -0600 Exim statistics from 2006-01-15 05:05:09 to 2006-01-18 23:50:48 Grand total summary --- At least one address TOTAL VolumeMessages Hosts Delayed Failed Received 107MB7712 1032 417 5.4% 113 1.5% Delivered266MB 36558 378 Deliveries by transport --- VolumeMessages address_file2518KB 544 address_pipe 11MB1196 procmail 84MB6393 remote_smtp 169MB 28425 Try these suggestions and let me know how it goes. I'm happy to try to help out more. George ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: [exim] Continuing Exim 4.60 SpamAssassin 3.1.0 Problems
On Fri, 13 Jan 2006 12:40:14 +0100, you wrote: George R. Kasica schrieb: Help needed please! We are trying to upgrade from exim 3.36 and SA 3.0.4 to Exim 4.60 and SA 3.1 and are having no end of difficulties here. We just decided to pull SA 3.1 out and go back to 3.0.4 as we cannot get it to scan each message, not time out or crash and not use up all the CPU cycles. without SA running load with a w is generally 2 with it up and going 10, 12 or higher is not unusual and causes many problems. 3.0.4 does not have this problem. We have cut our rules files down from the SARE set we are running to the stock set from the 3.1 install with little difference - it still times out and skips mail scans here for no obvious reason. The latest glitch is that we are sending out multiple copies of e-mails I'm thinking due to system load caused by SA 3.1 messing up Exim. Well, without relevant configuration (SA invocation) and log snippets we won't be able to tell you what happens on your machine. But in the past, people who reported similar problems piped every message into SA. Since SA takes quite some time processing a message, specially bigger ones, exim loses patience, assumes SA is down and returns a temporary error to the sender. To avoid this, you should limit the size of messages that you want to be content-scanned with SA. There's no need to check whether a 1 MB message is spam. We are only feeding messages smaller than 250KB to SA and haven't had any problem with SA timeouts yet. HTH, Patrick Eisenacher Pat: Things are looking back to normal here with 4.60 and 3.1 now after some help by Larry Rosenman ler@lerctr.org, turns out that one of the SARE rules (I'm thinking one of the blacklist URI ones about 13 meg in size (sorry I don't recall the name of it at the moment) may have been causing our grief along with not being on Perl 5.8.7 which we also did here. After cleaning up those 2 items it is looking good so far. Now to slowly add back the rest of the SARE stuff and reactivate Bayes and see how we do. Thanks for the response, George ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Continuing Exim 4.60 SpamAssassin 3.1.0 Problems
Help needed please! We are trying to upgrade from exim 3.36 and SA 3.0.4 to Exim 4.60 and SA 3.1 and are having no end of difficulties here. We just decided to pull SA 3.1 out and go back to 3.0.4 as we cannot get it to scan each message, not time out or crash and not use up all the CPU cycles. without SA running load with a w is generally 2 with it up and going 10, 12 or higher is not unusual and causes many problems. 3.0.4 does not have this problem. We have cut our rules files down from the SARE set we are running to the stock set from the 3.1 install with little difference - it still times out and skips mail scans here for no obvious reason. The latest glitch is that we are sending out multiple copies of e-mails I'm thinking due to system load caused by SA 3.1 messing up Exim. I'm happy to supply any info anyone needs to solve this - configs, traces, etc. Just ask for what you need to see and I'll get it to you (possibly off list for security reasons) ASAP. Don't get me wrong, I'm not bashing SA or Exim (have used both here for many years quite happily and promote them whenever the opportunity comes up) and am not angry at anyone but we need to have a functional system here and right now I don't know how to do that with SA 3.1 and Exim 4.60 and am looking for help in getting back to current software revs and a working combination. Thanks in advance, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: SA 3.10 skipping some emails or errors in log??
On Tue, 10 Jan 2006 21:29:02 -0600, you wrote: On Tue, 10 Jan 2006 20:56:48 -0500, you wrote: On 10/01/2006 8:17 PM, George R. Kasica wrote: On Tue, 10 Jan 2006 18:58:37 -0500, you wrote: If you can get a strace -ftp PID of the parent spamd process while this happens (along with a matching debug log) and *attach* it to the bug, I'm sure Justin would take a look at it. I haven't been able to reproduce it myself, so I haven't looked at it further. Daryl: Not a programmer here, but with a little direction I think I can get the info. I'm assuming the following here: strace -ftp PID where PID is the PID of the parent spamd process correct? Yeah PID is the process ID of the parent spamd process. Also, you can redirect the output to a file with normal redirection, or just specify an output file with the -o option, ala: strace -ftp PID -o /path/to/output/file As to debug log, how would I go about that? Is it the info I provided earlier just doing it over again to match with strace output? Yeah. You might want to add -Dprefork as one of the options to your spamd call though. It's running now. I will hopefully have some items to upload soon. Daryl: I've uploaded a zip of 4 files, 2 logs, 2 traces to the 4696 bug report. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: SA 3.10 skipping some emails or errors in log??
Daryl all:
To help get around the problem of SA 3.1 dying here a friend wrote the
following pair of shell scripts:
spamw.bash - run from cron to make sure the spam.bash script hasn't
stopped
spam.bash - watched for spamd to be running and if it stops restarts
it.
Here they are, YMMV, no guarantees, etc.
spamw.bash
==
#!/bin/bash
##
# PSSPAM.KSH #
##
# Usage: To check for the spam assassin process. #
# Author:Bill Hodgkinson #
# Written: 1-10.2006 #
# #
##
# Can be run from cron with
# #00-59/1 * * * * /root/spamw.bash /dev/null 21
set -x
##
# S C R I P T S E T U P #
##
#-- Global Variable
[EMAIL PROTECTED]
DATE=`date`
DIR1=/usr/sbin
BIN1=spam.bash
LOG=/tmp/restart-spamd.tmp
MESSAGE1=The Spam monitor process was restarted on $DATE
PROC=spam.bash
#***#
#S E TU PF U N C T I O N #
#***#
#
function CHECKSA
{
# looks for the target process
TESTPS=`ps -e | grep $PROC | head -n 1 | grep -v grep`
TESTSA=$TESTPSjunk
echo $TESTSA
if [[ $TESTSA = junk ]]; then
nohup $DIR1/$BIN1 /dev/null 21
sleep 5
echo $MESSAGE1 $LOG
echo $MESSAGE1 | mail -s $MESSAGE1 $ADMIN
fi
exit
}
#***#
# O U T E TB L O C K O FS C R I P T #
#***#
#
CHECKSA
#***#
# E N D O F S C R I P T #
#***#
spam.bash
=
#!/bin/bash
##
# PSSPAM.KSH #
##
# Usage: To check for the spam assassin process. #
# Author:Bill Hodgkinson #
# Written: 1-10.2006 #
# #
##
set -x
##
# S C R I P T S E T U P #
##
#-- Global Variable
[EMAIL PROTECTED]
DATE=`date`
DIR1=/usr/local/bin
BIN1=spamd -d -u spamd -m 10 --max-conn-per-child=50
LOG=/tmp/restart-spamd.tmp
MESSAGE1=The Spamd process was restarted on $DATE PROC=spamd
PROC=spamd
#***#
#S E TU PF U N C T I O N #
#***#
#
function CHECKSA
{
# looks for the target process
TESTPS=`ps -e | grep $PROC | head -n 1 | grep -v grep`
TESTSA=$TESTPSjunk
echo $TESTSA
if [[ $TESTSA = junk ]]; then
$DIR1/$BIN1
echo $MESSAGE1 $LOG
echo $MESSAGE1 | mail -s $MESSAGE1 $ADMIN
fi
}
#__
#
function BACKGRD
{
#
while [ 1 ]
do
CHECKSA
sleep 10
done
}
#***#
# O U T E TB L O C K O FS C R I P T #
#***#
#
BACKGRD
#***#
# E N D O F S C R I P T #
#***#
===[George R. Kasica]===+1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
Re: SA 3.10 skipping some emails or errors in log??
On Mon, 09 Jan 2006 21:45:11 -0500, you wrote: On 09/01/2006 7:36 PM, George R. Kasica wrote: Jan 9 15:31:07 eagle spamd[8420]: spamd: processing message [EMAIL PROTECTED] for mail:561 Jan 9 15:34:55 eagle spamd[8715]: __alarm__ Jan 9 15:35:01 eagle spamd[8715]: __alarm__ Jan 9 15:35:01 eagle spamd[8311]: prefork: child states: BBBIB Jan 9 15:35:02 eagle spamd[8719]: spamd: processing message [EMAIL PROTECTED] for mail:561 Jan 9 15:35:12 eagle spamd[8311]: tcp timeout at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 195. Jan 9 15:35:12 eagle spamd[8311]: tcp timeout at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 195. Jan 9 15:35:12 eagle spamd[8311]: prefork: select returned undef! recovering Jan 9 15:35:48 eagle spamd[8712]: spamd: clean message (0.0/5.0) for mail:561 in 186.2 seconds, 14503 bytes. Jan 9 15:35:48 eagle spamd[8712]: spamd: result: . 0 - HTML_MESSAGE scantime=186.2,size=14503,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=54421,mid=[EMAIL PROTECTED],autolearn=disabled Please see, and comment on, bug 4696: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4696 Daryl Daryl: Just curious as to the estimate for how long it will be until the problem is corrected? Right now with the way SA 3.1 is operating here it is almost worthless, catching and scanning about 20% of the spam due to the bug causing difficulties I'm assuming? George ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Re: SA 3.10 skipping some emails or errors in log??
On Tue, 10 Jan 2006 18:58:37 -0500, you wrote: On 10/01/2006 11:29 AM, George R. Kasica wrote: On Mon, 09 Jan 2006 21:45:11 -0500, you wrote: Please see, and comment on, bug 4696: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4696 Just curious as to the estimate for how long it will be until the problem is corrected? Right now with the way SA 3.1 is operating here it is almost worthless, catching and scanning about 20% of the spam due to the bug causing difficulties I'm assuming? If you can get a strace -ftp PID of the parent spamd process while this happens (along with a matching debug log) and *attach* it to the bug, I'm sure Justin would take a look at it. I haven't been able to reproduce it myself, so I haven't looked at it further. Daryl: Not a programmer here, but with a little direction I think I can get the info. I'm assuming the following here: strace -ftp PID where PID is the PID of the parent spamd process correct? As to debug log, how would I go about that? Is it the info I provided earlier just doing it over again to match with strace output? George George, MR. Tibbs, Nazarene, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-) Jackson, WI USA [EMAIL PROTECTED] http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-'
Re: SA 3.10 skipping some emails or errors in log??
On Tue, 10 Jan 2006 20:56:48 -0500, you wrote: On 10/01/2006 8:17 PM, George R. Kasica wrote: On Tue, 10 Jan 2006 18:58:37 -0500, you wrote: If you can get a strace -ftp PID of the parent spamd process while this happens (along with a matching debug log) and *attach* it to the bug, I'm sure Justin would take a look at it. I haven't been able to reproduce it myself, so I haven't looked at it further. Daryl: Not a programmer here, but with a little direction I think I can get the info. I'm assuming the following here: strace -ftp PID where PID is the PID of the parent spamd process correct? Yeah PID is the process ID of the parent spamd process. Also, you can redirect the output to a file with normal redirection, or just specify an output file with the -o option, ala: strace -ftp PID -o /path/to/output/file As to debug log, how would I go about that? Is it the info I provided earlier just doing it over again to match with strace output? Yeah. You might want to add -Dprefork as one of the options to your spamd call though. It's running now. I will hopefully have some items to upload soon. George George, MR. Tibbs, Nazarene, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-) Jackson, WI USA [EMAIL PROTECTED] http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-'
Re: Syslog setting help needed
On Sun, 08 Jan 2006 21:10:48 -0500, you wrote: At 02:45 PM 1/8/2006, George R. Kasica wrote: I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting alot of logging to my screen rather than into log files on the server from either spamd or exim (I'm thinking spamd) and I'm wondering how I can configure either of them or syslog.conf to not have this happen but go to files as before. Nothing has changed here in syslog.conf so I'm a little stumped. Can you show us the command line for spamd.. the syslogd.conf really won't help debug this. If it's going to the screen, it's not going to syslog, and I'd wonder why. Here you go: /usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 Syslog.conf is below: snip spamd.* /var/log/exim/mail mail.* /var/log/exim/mail info.* /var/log/exim/mail Does your syslogd actually accept that, or is the spamd line merely ignored by your syslogd? Sorry, bad copy (old attempt) it is: # Log all the mail messages in 1 place. mail.* /var/log/exim/mail (AFAIK there's no such log facility as spamd, and adding one would require hacking your c libraries and syslogd. Spamd should be using the facility mail.) See above, I was just grabbing straws. George
Re: Syslog setting help needed
FYI, This doesn't happen with SA 3.0.4 George On Mon, 09 Jan 2006 06:33:00 -0600, you wrote: On Sun, 08 Jan 2006 21:10:48 -0500, you wrote: At 02:45 PM 1/8/2006, George R. Kasica wrote: I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting alot of logging to my screen rather than into log files on the server from either spamd or exim (I'm thinking spamd) and I'm wondering how I can configure either of them or syslog.conf to not have this happen but go to files as before. Nothing has changed here in syslog.conf so I'm a little stumped. Can you show us the command line for spamd.. the syslogd.conf really won't help debug this. If it's going to the screen, it's not going to syslog, and I'd wonder why. Here you go: /usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 Syslog.conf is below: snip spamd.* /var/log/exim/mail mail.* /var/log/exim/mail info.* /var/log/exim/mail Does your syslogd actually accept that, or is the spamd line merely ignored by your syslogd? Sorry, bad copy (old attempt) it is: # Log all the mail messages in 1 place. mail.* /var/log/exim/mail (AFAIK there's no such log facility as spamd, and adding one would require hacking your c libraries and syslogd. Spamd should be using the facility mail.) See above, I was just grabbing straws. George
Re: Syslog setting help needed
On Mon, 09 Jan 2006 09:36:04 -0500, you wrote: At 07:33 AM 1/9/2006, George R. Kasica wrote: Here you go: /usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 Ditch the , and add a -d instead. spamd will start logging to syslog if you tell it to daemonize, instead of starting it in console mode and forcing it to the background with . OK. Will try that one. Will move 3.1 back into production here, but I'm still left with a problem there at this time of MANY timeouts as shown below: 2006-01-07 00:00:19 1Ev75l-0002qs-UL spam acl condition: error reading from spam d socket: Connection timed out 2006-01-07 00:00:19 1Ev75l-0002qs-UL H=(211.220.37.149) [211.220.37.149] I=[192. 168.1.1]:25 Warning: ACL warn statement skipped: condition test deferred 2006-01-07 00:00:19 1Ev75l-0002qs-UL = [EMAIL PROTECTED] H=(211.220.37.149) [211.220.37.149] I=[192.168.1.1]:25 P=smtp S=2987 [EMAIL PROTECTED] .com 2006-01-07 00:00:19 1Ev75l-0002qs-UL = georgek [EMAIL PROTECTED] R=procmail T=procmail 2006-01-07 00:00:19 1Ev75l-0002qs-UL Completed George ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Exim 4.60 and Spamassassin 3.1 and sophie ACL help needed
I could use some help with the proper ACLs for the above itemsI have some given to me but I'm not sure they are correct or functioning at all in terms of Virus checking. Here is my setup Exim 4.60 Spamassassin 3.1 Sophie 3.05 Sophos (Latest rev - yes, licensed and running fine with Exim 3.36) All have been built correctly (they run at least :)) I've supplied my exim.conf, and both sophie confs here as well. Can someone take a look and let me know what I'm missing as I'm having two largeish problems: 1) spamd is timing out ALOT (almost every message) so we're doing little or no spam filtering) Here are logs snippets from both Exim 3.36 and 4.6 running SA 3.1 When I run exim 3.36 and SA 3.1: Jan 7 17:19:13 eagle spamd[3111]: spamd: connection from localhost [127.0.0.1] at port 46278 Jan 7 17:19:13 eagle spamd[3111]: spamd: processing message [EMAIL PROTECTED] for mail:561 Jan 7 17:19:16 eagle spamd[3112]: spamd: connection from localhost [127.0.0.1] at port 46279 Jan 7 17:19:17 eagle spamd[3112]: spamd: processing message [EMAIL PROTECTED] for mail:561 Jan 7 17:20:02 eagle spamd[4566]: spamd: identified spam (12.6/5.0) for mail:561 in 108.3 seconds, 2889 bytes. Jan 7 17:20:02 eagle spamd[4566]: spamd: result: Y 12 - ADVANCE_FEE_1,ADVANCE_FEE_2,BAYES_00,DATE_IN_FUTURE_06_12,DCC_CHECK,FAKE_HELO_MAIL_COM,FORGED_MUA_OUTLOOK,RCVD_NUMERIC_HELO,SUBJ_ALL_CAPS,TO_CC_NONE,URG_BIZ scantime=108.3,size=2889,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=46267,mid=[EMAIL PROTECTED],bayes=0.00148341614097802,autolearn=no When I run 4.60 exim and SA 3.1: 2006-01-07 00:00:19 1Ev75l-0002qs-UL spam acl condition: error reading from spam d socket: Connection timed out 2006-01-07 00:00:19 1Ev75l-0002qs-UL H=(211.220.37.149) [211.220.37.149] I=[192. 168.1.1]:25 Warning: ACL warn statement skipped: condition test deferred 2006-01-07 00:00:19 1Ev75l-0002qs-UL = [EMAIL PROTECTED] H=(211.220.37.149) [211.220.37.149] I=[192.168.1.1]:25 P=smtp S=2987 [EMAIL PROTECTED] .com 2006-01-07 00:00:19 1Ev75l-0002qs-UL = georgek [EMAIL PROTECTED] R=procmail T=procmail 2006-01-07 00:00:19 1Ev75l-0002qs-UL Completed 2) There is NO sopie activity of any sort in the logs beyond startup and shutdown I'm thinking there should be something...: Jan 7 14:31:22 eagle sophie[30783]: /usr/local/bin/sophie Placed in the background [PID: 30784] Jan 7 14:31:22 eagle sophie[30785]: NOTICE : Setting configuration options - please wait... Jan 7 14:31:22 eagle sophie[30785]: NOTICE : Configuration options set Jan 7 14:31:30 eagle sophie[30785]: Sophos engine: Sophos engine version 2.32 Jan 7 14:31:30 eagle sophie[30785]: Sophie IDE : Sophos IDE version 4.01 (detects 117045 viruses) Jan 7 14:31:30 eagle sophie[30785]: SAVI config : /etc/sophie.savi Jan 7 14:31:30 eagle sophie[30785]: Max processes: 20 Jan 7 14:31:30 eagle sophie[30785]: Socket path : /var/run/sophie Jan 7 14:31:30 eagle sophie[30785]: Umask: 7 Jan 7 14:31:30 eagle sophie[30785]: PID file : /var/run/sophie.pid Jan 7 14:31:30 eagle sophie[30785]: Timeout : 300 seconds Jan 7 14:31:30 eagle sophie[30785]: Running as user : mail Jan 7 14:31:30 eagle sophie[30785]: Socket group : mail Jan 7 14:31:30 eagle sophie[30785]: Logname : sophie Jan 7 14:31:30 eagle sophie[30785]: Log facility : 16 (mail) Jan 7 14:31:30 eagle sophie[30785]: Log priority : 5 (notice) Jan 7 14:31:30 eagle sophie[30785]: Error strings? : yes Jan 7 14:31:30 eagle sophie[30785]: Timestamps? : no Jan 7 14:31:30 eagle sophie[30785]: Show virus name? : yes Jan 7 14:31:30 eagle sophie[30785]: Callbacks? : yes Jan 7 14:31:30 eagle sophie[30785]: limit_classif: 10 Jan 7 14:31:30 eagle sophie[30785]: limit_nextfile : 1 Jan 7 14:31:30 eagle sophie[30785]: limit_decompr: 1000 Jan 7 14:31:30 eagle sophie[30785]: socket_check : yes Jan 7 14:31:30 eagle sophie[30785]: Port : 4009 Jan 7 14:31:30 eagle sophie[30785]: Temporary dir: /tmp Jan 7 14:31:30 eagle sophie[30785]: Sophie version : 3.05 Thank you very much in advance, exim-4.60.conf Description: Binary data sophie.cfg Description: Binary data sophie.savi Description: Binary data
Syslog setting help needed
I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting alot of logging to my screen rather than into log files on the server from either spamd or exim (I'm thinking spamd) and I'm wondering how I can configure either of them or syslog.conf to not have this happen but go to files as before. Nothing has changed here in syslog.conf so I'm a little stumped. Example: [12441] error: __alarm__ [11265] info: prefork: child states: IBII [11265] info: spamd: handled cleanup of child pid 12441 due to SIGCHLD [11265] warn: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 598. [11265] warn: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 598. [11265] warn: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 598. [11265] warn: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 598. [11265] warn: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm line 598. [11265] info: prefork: child states: IBIS [11430] error: __alarm__ [11430] error: __alarm__ [11365] info: spamd: connection from localhost [127.0.0.1] at port 39080 [11365] info: spamd: processing message [EMAIL PROTECTED] for mail:561 [11265] info: prefork: child states: BII [11430] info: spamd: connection from localhost [127.0.0.1] at port 39082 [11430] info: spamd: processing message [EMAIL PROTECTED] for mail:561 [12231] info: spamd: connection from localhost [127.0.0.1] at port 39083 [12231] info: spamd: processing message [EMAIL PROTECTED] for mail:561 [11365] info: spamd: clean message (0.0/5.0) for mail:561 in 74.5 seconds, 7080 bytes. [11365] info: spamd: result: . 0 - scantime=74.5,size=7080,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=39080,mid=[EMAIL PROTECTED],autolearn=disabled [11365] error: __alarm__ [11365] error: __alarm__ Syslog.conf is below: # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log everything (except mail and news) of level info or higher. # Hmm--also don't log private authentication messages here! *.info -/var/log/messages *.warn -/var/log/messages # Log debugging too #*.debug;news,mail,authpriv,auth.none -/var/log/debug # The authpriv file has restricted access. authpriv.*;auth.* /var/log/secure # true, 'auth' in the two previous rules is deprecated, # but nonetheless still in use... # Log all the mail messages in one place. spamd.* /var/log/exim/mail mail.* /var/log/exim/mail info.* /var/log/exim/mail # Save uucp and news errors of level err and higher # in a special file. uucp,news.err /var/log/spooler # Everybody gets emergency messages, plus log them on # another machine. *.emerg * #*.emerg@loghost
Re: [exim] Exim 4.60 and Spamassassin 3.0.4 time out problems
FYI That should have said NOW seeing timeouts.if I wasn't seeing them I wouldn't have a problem :) That's what I get for working late. George On Fri, 06 Jan 2006 22:10:13 -0600, you wrote: Hello: Just upgraded to 4.60 here with Spamassassin 3.0.4 and all seems to work OK with the exception that I'm not seeing time out errors in the spam scanningI didn't see that (at least in logs) with exim 3.36 and SA 3.0.4. I haven't changed configurations on SA at all and Exim is also the same except for the necessary changes in the conf file to go from 3x to 4x. Mail is delivering properly, but I'm missing alot of spam checks I think. Any suggestions on fixing this problem?? 2006-01-06 15:47:24 1EuzOl-ab-QJ spam acl condition: error reading from spamd socket: Connection timed out 2006-01-06 15:47:24 1EuzOl-ab-QJ H=mx1.wildfour.com [209.190.13.93] I=[192.168.1.1]:25 Warning: ACL warn statement skipped: condition test deferred 2006-01-06 15:47:24 1EuzOl-ab-QJ = [EMAIL PROTECTED] H=mx1.wildfour.com [209.190.13.93] I=[192.168.1.1]:25 P=esmtp S=4941 2006-01-06 15:47:24 1EuzOl-ab-QJ = danab [EMAIL PROTECTED] R=procmail T=procmail 2006-01-06 15:47:24 1EuzOl-ab-QJ Completed Command lines are as follows: /usr/local/bin/spamd --local -u spamd -m 15 --max-conn-per-child=50 /usr/local/exim/sbin/exim -bd I can provide config files if needed. Thanks, George ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Exim 4.60 and Spamassassin 3.0.4 time out problems
Hello: Just upgraded to 4.60 here with Spamassassin 3.0.4 and all seems to work OK with the exception that I'm not seeing time out errors in the spam scanningI didn't see that (at least in logs) with exim 3.36 and SA 3.0.4. I haven't changed configurations on SA at all and Exim is also the same except for the necessary changes in the conf file to go from 3x to 4x. Mail is delivering properly, but I'm missing alot of spam checks I think. Any suggestions on fixing this problem?? 2006-01-06 15:47:24 1EuzOl-ab-QJ spam acl condition: error reading from spamd socket: Connection timed out 2006-01-06 15:47:24 1EuzOl-ab-QJ H=mx1.wildfour.com [209.190.13.93] I=[192.168.1.1]:25 Warning: ACL warn statement skipped: condition test deferred 2006-01-06 15:47:24 1EuzOl-ab-QJ = [EMAIL PROTECTED] H=mx1.wildfour.com [209.190.13.93] I=[192.168.1.1]:25 P=esmtp S=4941 2006-01-06 15:47:24 1EuzOl-ab-QJ = danab [EMAIL PROTECTED] R=procmail T=procmail 2006-01-06 15:47:24 1EuzOl-ab-QJ Completed Command lines are as follows: /usr/local/bin/spamd --local -u spamd -m 15 --max-conn-per-child=50 /usr/local/exim/sbin/exim -bd I can provide config files if needed. Thanks, George ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
Problem installing SA 3.1
Trying to upgrade to 3.1 here and have all the modules installed with the exception of the Mail::DomainKeys modules. I've tried the install from CPAN as well as from the tar.gz with the similar results of: [EMAIL PROTECTED] Mail-DomainKeys-0.23]# perl Makefile.PL You appear to be directly connected to the Internet. I have some tests that try to query live nameservers. Do you want to enable these tests? [y] Checking if your kit is complete... Looks good Warning: prerequisite Crypt::OpenSSL::RSA 0 not found. Writing Makefile for Mail::DomainKeys I've gone back and tried then to install manually the two needed modules: Crypt-OpenSSL-RSA-0.22 Crypt-OpenSSL-Random-0.03 and both give te following errors: Checking if your kit is complete... Looks good Note (probably harmless): No library found for -lssl Note (probably harmless): No library found for -lcrypto but niether compiles: [Crypt-OpenSSL-Random-0.03]# make cp Random.pm blib/lib/Crypt/OpenSSL/Random.pm AutoSplitting blib/lib/Crypt/OpenSSL/Random.pm (blib/lib/auto/Crypt/OpenSSL/Random) /usr/bin/perl5.8.0 /usr/local/lib/perl5/5.8.0/ExtUtils/xsubpp -typemap /usr/local/lib/perl5/5.8.0/ExtUtils/typemap Random.xs Random.xsc mv Random.xsc Random.c Please specify prototyping behavior for Random.xs (see perlxs manual) cc -c -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -DVERSION=\0.03\ -DXS_VERSION=\0.03\ -fpic -I/usr/local/lib/perl5/5.8.0/i686-linux/CORE Random.c Random.xs:5: openssl/rand.h: No such file or directory make: *** [Random.o] Error 1 [Crypt-OpenSSL-RSA-0.22]# make cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm (blib/lib/auto/Crypt/OpenSSL/RSA) /usr/bin/perl5.8.0 /usr/local/lib/perl5/5.8.0/ExtUtils/xsubpp -typemap /usr/local/lib/perl5/5.8.0/ExtUtils/typemap -typemap typemap RSA.xs RSA.xsc mv RSA.xsc RSA.c cc -c -I/usr/kerberos/include -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -DVERSION=\0.22\ -DXS_VERSION=\0.22\ -fpic -I/usr/local/lib/perl5/5.8.0/i686-linux/CORE -DPERL5 RSA.c RSA.xs:5: openssl/ssl.h: No such file or directory RSA.xs:6: openssl/bn.h: No such file or directory make: *** [RSA.o] Error 1 Now I've got the openssl-0.9.8 installed with no errors but it doesn't appear that either of these modules are seeing the files needed to compile. I'm not a C or Perl programmer so at this point I'm stuck as to how to fix this. E-Mails to the module authors has gone unanswered since 9/15 so hopefully someone here can help me out. Thanks, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186
