Re: HELP!! spamasssin killing my server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [sent only to the original poster by accident - reply-to considered needs brain ;) ] | [skipped the debug output] A couple of notes: 1) This advice: | Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not | configured; it is recommended that you configure trusted_networks manually should not be ignored. Setting trusted_networks would slightly reduce the number of DNS lookups and can avoid all sorts of funny error situations. 2) The WHOIS_* rules have proven pretty ineffective in my setup, and I have disabled them without negative impact on overall filtering effectiveness. 3) Do you reject connections at the MTA level with a selection of blacklists (eg sbl/xbl/pbl/zen.spamhaus.org) and/or other means? This should greatly reduce the workload on SpamAssassin. 4) How big are the bayes and AWL files? How do you do maintenance on them? - -- Matthias -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (Darwin) iD8DBQFIT3nHxbHw2nyi/okRAvuhAJsFvBgEFy5/fPgr6bSIcw0MqugHmwCgmJ4A BNzCcdP24ZkcFMtvsjGwcoo= =0K7b -END PGP SIGNATURE-
RE: HELP!! spamasssin killing my server
Matthias Leisi wrote: A couple of notes: 1) This advice: Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually should not be ignored. Setting trusted_networks would slightly reduce the number of DNS lookups and can avoid all sorts of funny error situations. Agreed. trusted_networks is a key setting for quite a few of the network based tests. If you don't set it manually, SA takes a guess at it and can get it wrong (especially if your server is behind a NAT firewall). 3) Do you reject connections at the MTA level with a selection of blacklists (eg sbl/xbl/pbl/zen.spamhaus.org) and/or other means? This should greatly reduce the workload on SpamAssassin. You should definitely consider this if you don't have it in place already. I recommend zen.spamhaus.org. This one blacklist gets rid of most of my spam and I haven't found a false hit yet. I had a similar situation to you. There was too much garbage coming in and the server couldn't keep up with spam and virus scans for all of it. I solved the problem by adding the zen blacklist. -- Bowie
Re: HELP!! spamasssin killing my server
On 11.06.08 09:07, Matthias Leisi wrote: [sent only to the original poster by accident - reply-to considered needs brain ;) ] your MUA needs brain, pardon, List-Reply function... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson.
Re: HELP!! spamasssin killing my server
Julian, Your first problem to clear up is this line: Tue Jun 10 14:55:23 2008 [71985] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use It seems like your server is trying run spamd multiple times instead of forking. Try shutting down your email software, then spamd and killoff any spamd occurances left over. Then redo your testing. = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 5448 My Blog: http://mail.cnc.bc.ca/blogs/gagel My File share: http://mail.cnc.bc.ca/users/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://gateway.cnc.bc.ca ---
RE: HELP!! spamasssin killing my server
-Original Message- From: doktour1 [mailto:[EMAIL PROTECTED] Sent: Wednesday, 11 June 2008 08:02 a.m. To: users@spamassassin.apache.org Subject: HELP!! spamasssin killing my server If I disable spamassassin in my procmail file. The server load goes down to 85 or less processes in a matter of mintues, but then tons of spam get through to my users. I am running freebsd 5.1 using sendmail and procmail running spamc (spamd loading at startup). The only thing that keeps the server from crashing is to throttle sendmail at 50 connections. But this is unworkable because it delays deliver of mail for several hours. PLEASE HELP IF YOU CAN, ANY ADVICE WOULD HELP SAVE MY SANITY --AS MY HAIR IS ALREADY GONE! Below is the spamd debug log, followed by all of the configuration files for spamassassin. Thank you! Here is a spamd debug log. SNIP --- I saw the message from Kevin, not only do you have fix the INET socket problem but there are other config issues too. Tue Jun 10 14:55:37 2008 [72096] dbg: spf: cannot load Mail::SPF module or create Mail::SPF::Server object: Can't locate Mail/SPF.pm in @INC (@INC contains: ...SNIP The problem above could be caused by a Perl upgrade, or Perl CPAN module installation, or outright hasn't worked since you set things up. Interestingly it falls back on a legacy module that works. But it is interesting, because what caused this could have caused other problems too. Tue Jun 10 14:55:40 2008 [72216] dbg: config: read_scoreonly_config: cannot open /usr/home/orkids/.spamassassin/user_prefs: No such file or directory Hmmm. Tue Jun 10 14:55:40 2008 [72218] dbg: config: read_scoreonly_config: cannot open /home/britt/.spamassassin/user_prefs: No such file or directory Hmmm. Tue Jun 10 14:55:40 2008 [72216] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually Do what it says ^ I suggest you : - make sure your Black/Block Lists are working, test them manually if you have to. Make sure they don't take too much time to look up, if they do disable for now until you've got performance back. - Check for any Perl upgrade that may have happened recently and assess if you need to go back a version. - Check for any Perl Modules that might have been installed lately - this might seem silly but it could save SA. I have a file that Spamassassin doesn't require, that is a perl module. If it is copied into SA's search path, my scan times go from 7 seconds to 60 seconds plus. So Beware Be Warned. - Verify that DCC is working OK, do this manually. - Do you use CPAN ? Have you used it recently? I had to hose my SA install thanks to a few modules being installed via CPAN. This was on Debian however, and if you don't apt-get these things, you can expect these problems. So there's a bit of work to tidy up, but the main one is the one Kevin was talking about with the Could not create INET socket. Make sure you've set a good allowable amount of child processes. I use 10 on an HP DL380 2x3Ghz 2Gb RAM with no worries. HTH Cheers, Mike