RE: Spamassassin+amavis
maybe if you block messages with no rdns record? if its from infected pc's there shouldnt be a record? From: Luis Croker [mailto:[EMAIL PROTECTED] Sent: Thu 10/23/2008 19:56 To: users@spamassassin.apache.org Subject: Spamassassin+amavis Hi... I have a mail server with FreeBSD 7.0, postfix+amavis-new+spamassassin. We are an ISP and I need to filter the spam that our susbribers are sending to internet, the PCs have some malware or are botnets. These PCs generates a lot of spam each day. The server filters a los of Spam but some times the queue is so crowded. I have to questions... Do you have any recomendation to improve the performance on the server ?? How can I catch more spam than the seerver is filtering ? The server blocks many messages but another spam messages goes to internet cause the score does not reach the parameters to be blocked. thanks a lot. Regards.
Re: Spamassassin+amavis
On Fri, October 24, 2008 01:56, Luis Croker wrote: > How can I catch more spam than the seerver is filtering ? The server > blocks many messages but another spam messages goes to internet cause > the score does not reach the parameters to be blocked. go the smtp auth route, when spam comes in from a smtp auth user you know with ueer to remove smtp auth from, i bet thay will wonder why cant i send mail anymore and figure out there computer is in botnet -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Spamassassin+amavis
I suggest you setup smtp authentication. I setup this kind of smtp and it seems viruses cannot authenticate by themselves. Nelson Serafica http://nelsontux.blogspot.com - Original Message From: Jean-Paul Natola <[EMAIL PROTECTED]> To: [EMAIL PROTECTED]; users@spamassassin.apache.org Sent: Friday, October 24, 2008 8:05:45 AM Subject: RE: Spamassassin+amavis maybe if you block messages with no rdns record? if its from infected pc's there shouldnt be a record? From: Luis Croker [mailto:[EMAIL PROTECTED] Sent: Thu 10/23/2008 19:56 To: users@spamassassin.apache.org Subject: Spamassassin+amavis Hi... I have a mail server with FreeBSD 7.0, postfix+amavis-new+spamassassin. We are an ISP and I need to filter the spam that our susbribers are sending to internet, the PCs have some malware or are botnets. These PCs generates a lot of spam each day. The server filters a los of Spam but some times the queue is so crowded. I have to questions... Do you have any recomendation to improve the performance on the server ?? How can I catch more spam than the seerver is filtering ? The server blocks many messages but another spam messages goes to internet cause the score does not reach the parameters to be blocked. thanks a lot. Regards. New Email addresses available on Yahoo! Get the Email name you've always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/ph/
Re: Spamassassin+amavis
At 16:56 23-10-2008, Luis Croker wrote: I have a mail server with FreeBSD 7.0, postfix+amavis-new+spamassassin. We are an ISP and I need to filter the spam that our susbribers are sending to internet, the PCs have some malware or are botnets. These PCs generates a lot of spam each day. The server filters a los of Spam but some times the queue is so crowded. I have to questions... Do you have any recomendation to improve the performance on the server ?? http://wiki.apache.org/spamassassin/FasterPerformance How can I catch more spam than the seerver is filtering ? The server blocks many messages but another spam messages goes to internet cause the score does not reach the parameters to be blocked. If you are running an old version of SpamAssassin, update it. Run sa-update to keep the rules updated. Analyze SMTP traffic to detect any signs of abuse and quarantine these hosts. You may have to reach out to the customers and help them clean infected hosts. Use the feedback from your abuse department. You can also get feedback from anti-abuse groups and subscribe to feedback loops. Identify the spam messages not reaching the threshold and add rules to catch them. Regards, -sm
Re: Spamassassin+amavis
Luis Croker a écrit : > > Hi... > > I have a mail server with FreeBSD 7.0, > postfix+amavis-new+spamassassin. We are an ISP and I need to filter the > spam that our susbribers are sending to internet, the PCs have some > malware or are botnets. These PCs generates a lot of spam each day. > > The server filters a los of Spam but some times the queue is so > crowded. I have to questions... > Do you have any recomendation to improve the performance on the server ?? > > How can I catch more spam than the seerver is filtering ? The server > blocks many messages but another spam messages goes to internet cause > the score does not reach the parameters to be blocked. > by default, amavisd-new won't add SA headers if the mail is not destined to a "local" domain. you may need to tweak this. filtering outbound mail is a bit harder (exceptionally at an ISP). note that you should not use the PBL (or any "dul" like DNSBL). consider using policyd (www.policyd.org), it has a rate limiting functionality. use Version 1 which has been used in ISP environment (single threaded C daemon). (of course, don't use greylisting. greylisting is for MTAs, not for MUAs). For questions about this, use the postfix users list. Also, as others said, start migrating to submission: port 587 with SASL authentication. Even if this won't block "motivated" malware authors, it adds a barrier and is currently the recommended approach. and while you are in, see if you can also move to TLS (STARTTLS on 587 for standard compliant MUAs, and the old 465 for others).
Re: Spamassassin+amavis
I have updated the SARE rules... how often should I update them ? Daily ? On Thu, 2008-10-23 at 23:19 -0700, SM wrote: > At 16:56 23-10-2008, Luis Croker wrote: > > I have a mail server with FreeBSD 7.0, > > postfix+amavis-new+spamassassin. We are an ISP and I need to > > filter the spam that our susbribers are sending to internet, the > > PCs have some malware or are botnets. These PCs generates a lot of > > spam each day. > > > > The server filters a los of Spam but some times the queue is so > > crowded. I have to questions... > >Do you have any recomendation to improve the performance on the server ?? > > http://wiki.apache.org/spamassassin/FasterPerformance > > >How can I catch more spam than the seerver is filtering ? The server > >blocks many messages but another spam messages goes to internet > >cause the score does not reach the parameters to be blocked. > > If you are running an old version of SpamAssassin, update it. Run > sa-update to keep the rules updated. > > Analyze SMTP traffic to detect any signs of abuse and quarantine > these hosts. You may have to reach out to the customers and help > them clean infected hosts. Use the feedback from your abuse > department. You can also get feedback from anti-abuse groups and > subscribe to feedback loops. Identify the spam messages not reaching > the threshold and add rules to catch them. > > Regards, > -sm > > Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
Re: Spamassassin+amavis
Luis Croker a écrit : > >I have updated the SARE rules... how often should I update them ? Daily ? > no. they don't change often. (I don't update them anymore, so I don't know when they were last updated...). JM_SOUGHT rules get updated often.
Re: Spamassassin+amavis
On Fri, 24 Oct 2008, Luis Croker wrote: I have updated the SARE rules... how often should I update them ? Daily ? SARE development has frozen while Real Life intrudes. The ninjas have said they will announce any updates on the list, when and if they occur, and will announce if regular maintenance resumes. Grab what's on the website once, and watch the SA list. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Health Care _is_ a right - the government has no business keeping you from getting it. But forcing somebody else to pay for your health care at gunpoint (i.e. through taxation) is _not_ a right. --- 11 days until the Presidential Election
Re: Spamassassin+amavis
At 10:12 24-10-2008, Luis Croker wrote: I have updated the SARE rules... how often should I update them ? Daily ? It's been a while since the SARE rules have been updated. Checking for updates daily would only generate useless traffic. It's better to get the updates provided by the SpamAssassin project ( http://wiki.apache.org/spamassassin/RuleUpdates ). The "sought" rules ( http://wiki.apache.org/spamassassin/SoughtRules ) are quite effective in catching "fresh" spam messages. Regards, -sm
Re: Spamassassin+amavis
Hi.. thanks all for the answers.. I have enabled the most high debug level and I have figured out some rules that I modified and put the scro directly in local.cf and now Im filtering very well the mails... So, now I have another issue... My performance is not good. Some times I have a lot of petitions and the mails goes to the mail queue and the delivery rate is slow... How can I get a better delivery rate ? is there a variable for the active mail queue or somethig like that ? Thans.. regards. On Fri, 2008-10-24 at 10:21 -0700, John Hardin wrote: > On Fri, 24 Oct 2008, Luis Croker wrote: > > > I have updated the SARE rules... how often should I update them ? > > Daily ? > > SARE development has frozen while Real Life intrudes. The ninjas have said > they will announce any updates on the list, when and if they occur, and > will announce if regular maintenance resumes. > > Grab what's on the website once, and watch the SA list. > Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
Re: Spamassassin+amavis
On Fri, 24 Oct 2008, Luis Croker wrote: So, now I have another issue... My performance is not good. Some times I have a lot of petitions and the mails goes to the mail queue and the delivery rate is slow... http://wiki.apache.org/spamassassin/FasterPerformance -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- 11 days until the Presidential Election
Re: Spamassassin+amavis
Hi all... I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance and I did some chages to try to get performance. This changes are: -I installed a DNS server locally, in the same server. -I turned off DCC, Razor and Pyzor. -I set the bayes use to 0. Im calling amavis from postfix in main.cf : content_filter=smtp-amavis:[127.0.0.1]:10024 My master.cf: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd . . . smtp-amavis unix - - n - 100 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 and I have the same number of procs for amavisd: $max_servers = 100; I dont know if I have something wrong in my conf files or I m missing some confs. the system continues slow... yesterday I was doing some tests... I sente 500 mail from my PC to the server just working with postfix (no amavis) and the mails are delivery inmediatly, but when I enable the amavisd, the mails keep in the queue for a while and slowly starts the delivery which use somethig like 3 minutes. I feel that amavis works very well filtering... right now my unique problem is the performance and the efficient processing of the mail queue. Any ideas or advices ? Thank you very much. On Fri, 2008-10-24 at 18:59 -0500, Luis Croker wrote: > > Hi.. thanks all for the answers.. I have enabled the most high > debug level and I have figured out some rules that I modified and put > the scro directly in local.cf and now Im filtering very well the > mails... > > So, now I have another issue... My performance is not good. Some > times I have a lot of petitions and the mails goes to the mail queue > and the delivery rate is slow... > > How can I get a better delivery rate ? is there a variable for > the active mail queue or somethig like that ? > > Thans.. regards. > > > On Fri, 2008-10-24 at 10:21 -0700, John Hardin wrote: > > > On Fri, 24 Oct 2008, Luis Croker wrote: > > > > > I have updated the SARE rules... how often should I update them ? > > > Daily ? > > > > SARE development has frozen while Real Life intrudes. The ninjas have said > > they will announce any updates on the list, when and if they occur, and > > will announce if regular maintenance resumes. > > > > Grab what's on the website once, and watch the SA list. > >
Re: Spamassassin+amavis
On Tue, 28 Oct 2008, Luis Croker wrote: I continue with slow delivery in my mail server. Like I told you, the filters are working well, but the mail queue some times is big and slow. I have read http://wiki.apache.org/spamassassin/FasterPerformance Have you checked to see whether your computer is simply overloaded? How much memory is installed? Are you hitting swap? How many spamd child processes are running? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 3 days until Halloween
Re: Spamassassin+amavis
I have 4 CPUS and 4 Gigs of RAM. The server have just the mail applications and is doing nothing else the CPUs are 100% available. About the spamd childs... The amavis-new calls the utilities of spamassassin but i think it doesnt need the spamd deamon running... just use it to get the score and reinject the mail to postfix again. Is that correct ? On Tue, 2008-10-28 at 08:50 -0700, John Hardin wrote: > On Tue, 28 Oct 2008, Luis Croker wrote: > > >I continue with slow delivery in my mail server. Like I told you, the > > filters are working well, but the mail queue some times is big and slow. > > > >I have read http://wiki.apache.org/spamassassin/FasterPerformance > > Have you checked to see whether your computer is simply overloaded? How > much memory is installed? Are you hitting swap? How many spamd child > processes are running? > Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
RE: Spamassassin+amavis
Luis Croker wrote: > Hi all... > > I continue with slow delivery in my mail server. Like I told you, > the filters are working well, but the mail queue some times is big > and slow. > > I have read http://wiki.apache.org/spamassassin/FasterPerformance > and I did some chages to try to get performance. This changes are: > > -I installed a DNS server locally, in the same server. > -I turned off DCC, Razor and Pyzor. > -I set the bayes use to 0. > and I have the same number of procs for amavisd: > $max_servers = 100; 100 amavisd processes??? That looks like your problem. How much memory do you have? Assuming that each process needs 50M (conservative), this would be 5GB of ram just for amavisd. This doesn't count your mail server, antivirus, dns, etc. Lower the number of amavisd processes so that the system doesn't go into swap. Swap is the #1 killer of SA performance. Also, if you are calling SA through amavisd, make sure you don't have spamd running. Amavisd runs SA internally and doesn't need spamd. -- Bowie
Re: Spamassassin+amavis
On Tue, 2008-10-28 at 09:34 -0600, Luis Croker wrote: > > Hi all... > > . > smtp-amavis unix - - n - 100 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > > and I have the same number of procs for amavisd: > $max_servers = 100; Wow, 100 procs! How many terabytes of ram do you have? You probably want to reduce that number until you stop swapping... -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
RE: Spamassassin+amavis
Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... Regards. On Tue, 2008-10-28 at 11:01 -0500, Bowie Bailey wrote: > Luis Croker wrote: > > Hi all... > > > > I continue with slow delivery in my mail server. Like I told you, > > the filters are working well, but the mail queue some times is big > > and slow. > > > > I have read http://wiki.apache.org/spamassassin/FasterPerformance > > and I did some chages to try to get performance. This changes are: > > > > -I installed a DNS server locally, in the same server. > > -I turned off DCC, Razor and Pyzor. > > -I set the bayes use to 0. > > > and I have the same number of procs for amavisd: > > $max_servers = 100; > > 100 amavisd processes??? That looks like your problem. How much > memory do you have? Assuming that each process needs 50M > (conservative), this would be 5GB of ram just for amavisd. This doesn't > count your mail server, antivirus, dns, etc. > > Lower the number of amavisd processes so that the system doesn't go into > swap. Swap is the #1 killer of SA performance. Also, if you are > calling SA through amavisd, make sure you don't have spamd running. > Amavisd runs SA internally and doesn't need spamd. > Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
RE: Spamassassin+amavis
Luis Croker wrote: > > On Tue, 2008-10-28 at 11:01 -0500, Bowie Bailey wrote: > > > > Luis Croker wrote: > > > > > > Hi all... > > > > > > I continue with slow delivery in my mail server. Like I told > > > you, the filters are working well, but the mail queue some times is > > > big and slow. > > > > > > I have read > > > http://wiki.apache.org/spamassassin/FasterPerformance and I did > > > some chages to try to get performance. This changes are: > > > > > > -I installed a DNS server locally, in the same server. > > > -I turned off DCC, Razor and Pyzor. > > > -I set the bayes use to 0. > > > > > and I have the same number of procs for amavisd: > > > $max_servers = 100; > > > > 100 amavisd processes??? That looks like your problem. How much > > memory do you have? Assuming that each process needs 50M > > (conservative), this would be 5GB of ram just for amavisd. This > > doesn't > > count your mail server, antivirus, dns, etc. > > > > Lower the number of amavisd processes so that the system doesn't go > > into > > swap. Swap is the #1 killer of SA performance. Also, if you are > > calling SA through amavisd, make sure you don't have spamd running. > > Amavisd runs SA internally and doesn't need spamd. > >Hi... I have done tests with 10 processes, 30, 50, 100 and the > results are the same... I have 4 Gb RAM and spamd is not running... I can't imagine you being able to run 100 amavisd processes without going into swap with only 4GB of RAM. My server uses over 90MB per amavisd process. How big is each amavisd process on your server? Make absolutely sure that your system is not using ANY swap while trying to deliver mail. Once you have done that, then you can look at other issues. I think amavisd can output timing information for debug purposes. Try enabling that and see if it gives you any ideas where the slowdown is happening. -- Bowie
Re: Spamassassin+amavis
On 28.10.08 10:04, Luis Croker wrote: >Hi... I have done tests with 10 processes, 30, 50, 100 and the > results are the same... I have 4 Gb RAM and spamd is not running... lower it back to 10 or so, unless you receive that much of mail. > > Luis Croker wrote: > > > Hi all... > > > > > > I continue with slow delivery in my mail server. Like I told you, > > > the filters are working well, but the mail queue some times is big > > > and slow. > > > > > > I have read http://wiki.apache.org/spamassassin/FasterPerformance > > > and I did some chages to try to get performance. This changes are: > > > > > > -I installed a DNS server locally, in the same server. > > > -I turned off DCC, Razor and Pyzor. > > > -I set the bayes use to 0. In such case the problem won't be in spamassassin. Aren't you using redhat? There was some bugreprt about perl in redhat causing slow processing.. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?
Re: Spamassassin+amavis
Hi guys.. I have read all your mails and I have decreased the number of procs to 10. the performance is better but continues slow. The server is not using swap and I have no spamd running, this is called from amavisd. How many procs is the recommended for this server with 4 Gb RAM and a lot of traffic ? On Tue, 2008-10-28 at 17:55 +0100, Matus UHLAR - fantomas wrote: > On 28.10.08 10:04, Luis Croker wrote: > >Hi... I have done tests with 10 processes, 30, 50, 100 and the > > results are the same... I have 4 Gb RAM and spamd is not running... > > lower it back to 10 or so, unless you receive that much of mail. > > > > Luis Croker wrote: > > > > Hi all... > > > > > > > > I continue with slow delivery in my mail server. Like I told you, > > > > the filters are working well, but the mail queue some times is big > > > > and slow. > > > > > > > > I have read http://wiki.apache.org/spamassassin/FasterPerformance > > > > and I did some chages to try to get performance. This changes are: > > > > > > > > -I installed a DNS server locally, in the same server. > > > > -I turned off DCC, Razor and Pyzor. > > > > -I set the bayes use to 0. > > In such case the problem won't be in spamassassin. > > Aren't you using redhat? There was some bugreprt about perl in redhat > causing slow processing.. >
Re: Spamassassin+amavis
I have put the log level to 4 in amavisd.conf and this is one operation... Everything is Ok in times... until SA is called and the delay goes to 6 seconds... actually at the end of the log amavisd displays a timing statistics and SA check spent 97% of the time... Regards. Oct 28 11:50:36 mailgw postfix/smtpd[37332]: connect from unknown[x.x.x.x] Oct 28 11:50:36 mailgw postfix/smtpd[37332]: 33D7835301B: client=unknown[x.x.x.x] Oct 28 11:50:36 mailgw postfix/cleanup[37702]: 33D7835301B: message-id=<[EMAIL PROTECTED]> Oct 28 11:50:36 mailgw postfix/smtpd[37332]: disconnect from unknown[x.x.x.x] Oct 28 11:50:36 mailgw postfix/qmgr[37034]: 33D7835301B: from=<[EMAIL PROTECTED]>, size=3899, nrcpt=1 (queue active) Oct 28 11:50:36 mailgw amavis[37687]: loaded base policy bank Oct 28 11:50:36 mailgw amavis[37687]: lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1 Oct 28 11:50:36 mailgw amavis[37687]: process_request: fileno sock=12, STDIN=0, STDOUT=1 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) SMTP< EHLO mailgw Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-[127.0.0.1] Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-VRFY Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-PIPELINING Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-SIZE Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-ENHANCEDSTATUSCODES Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-8BITMIME Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250-DSN Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP< XFORWARD NAME=[UNAVAILABLE] ADDR=200.52.193.35 PORT=1392\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250 2.5.0 Ok XFORWARD Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP< XFORWARD PROTO=ESMTP HELO=PC761620635160 SOURCE=REMOTE\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250 2.5.0 Ok XFORWARD Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP< MAIL FROM:<[EMAIL PROTECTED]> SIZE=3899\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) check_mail_begin_task: task_count=1 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) TempDir::prepare: creating directory /var/amavis/tmp/amavis-20081028T115036-37687 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) TempDir::prepare_file: creating file /var/amavis/tmp/amavis-20081028T115036-37687/email.txt Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup_ip_acl (mynetworks): key="x.x.x.x", no match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (debug_sender) => undef, "[EMAIL PROTECTED]" does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250 2.1.0 Sender <[EMAIL PROTECTED]> OK Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP< RCPT TO:<[EMAIL PROTECTED]> ORCPT=rfc822;[EMAIL PROTECTED] Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 250 2.1.5 Recipient <[EMAIL PROTECTED]> OK Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP< DATA\r\n Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP::10024 /var/amavis/tmp/amavis-20081028T115036-37687: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> SIZE=3899 Received: from mailgw ([127.0.0.1]) by localhost (mailgw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <[EMAIL PROTECTED]>; Tue, 28 Oct 2008 11:50:36 -0600 (CST) Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP> 354 End data with . Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) ESMTP< . Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) body type (ESMTP BODY): unlabeled, good (h=0, b=0) Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) body hash: b4993223230999e78d98b7d15853f9d8 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Original mail size: 3899; quota set to: 1949500 bytes Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Checking: mACNRl7gTIjB [200.52.193.35] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) 2822.From: <[EMAIL PROTECTED]> Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (snp1) => undef, "[EMAIL PROTECTED]" does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (snp2) => undef, "[EMAIL PROTECTED]" does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (local_domains) => true, "[EMAIL PROTECTED]" matches, result="OK", matching_key="megacable.com.mx" Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (bypass_banned_checks) => undef, "[EMAIL PROTECTED]" does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) lookup (bypass_spam_checks) => undef, "[EMAIL PROTECTED]" does not match Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Extracting mime components Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Issued a new file name: p001 Oct 28 11:50:36 mailgw amavis[37687]: (37687-01) Charging 3232 byte
Re: Spamassassin+amavis
Matus UHLAR - fantomas wrote: Aren't you using redhat? There was some bugreprt about perl in redhat causing slow processing.. I believe that issue was fixed with the update of perl last month.
Re: Spamassassin+amavis
Luis Croker wrote: Hi... I have done tests with 10 processes, 30, 50, 100 and the results are the same... I have 4 Gb RAM and spamd is not running... Regards. You also need to make sure the maxproc column of the feed to amavisd in /etc/postfix/master.cf matches whatever you've set the $max_servers setting to in /etc/amavisd.conf (ie, they should be the same). I note you said this was the case in a previous mail. For a server with 4 processors (or cores) and 4GB of ram I normally start at 4 processes and work up if needed. It seems like a logical place to start with 1 process per cpu. If you take a look at: ps aux | grep amavisd and see how much *time* each child process has run for. On my server I see that mostly the first 2 child processes are used, the 3rd occasionally and that the 4th child process has barely been used much indicating that 3 child processes is probably enough (for me). If you see near equal usage across all 4 child processes then you would probably benefit from more processes to the point where your hardware can adequately cope with the additional load. If you don't have enough processes to cope with the flow of mail then the MTA (postfix) will just queue the mail before handing it off to amavisd once a process becomes available.
Re: Spamassassin+amavis
On 10/28/08, Ned Slider <[EMAIL PROTECTED]> wrote: > Luis Croker wrote: > > Hi... I have done tests with 10 processes, 30, 50, 100 and the > > results are the same... I have 4 Gb RAM and spamd is not running... > > Regards. > > > You also need to make sure the maxproc column of the feed to amavisd in > /etc/postfix/master.cf matches whatever you've set the $max_servers setting > to in /etc/amavisd.conf (ie, they should be the same). I note you said this > was the case in a previous mail. > >From what I understand from: http://marc.info/?l=postfix-users&m=120612390511480 Only 20 maxproc will be used, even if you specify higher in the smtp-amavis transport in master.cf. If you need more than 20, better to leave at the default (-) and set: smtp-amavis_destination_concurrency_limit = N in main.cf For your setup, I would try between 20 and 30 for the value of N (along with $max_servers) 6 seconds seems somewhat typical. Mostly due to network tests. Some RBLs are no longer and you could turn the non functional RBL rules off by setting to 0. I'm not sure which ones though. Maybe someone else knows. -- Gary V
Re: Spamassassin+amavis
Gary V wrote: 6 seconds seems somewhat typical. Mostly due to network tests. Some RBLs are no longer and you could turn the non functional RBL rules off by setting to 0. I'm not sure which ones though. Maybe someone else knows. From my own stats of hits against DNSBLs and URIBLs for the last ~1000 spam (these results are typical for me): ## DNSBL Statistics ## 1223 RCVD_IN_ZEN (Spamhaus PBL, SBL or XBL) 1067 RCVD_IN_UCE_COMBINED (UCEPROTECT level 1, 2 or 3) 1052 RCVD_IN_PBL 900 RCVD_IN_UCEPROTECT3 834 RCVD_IN_UCEPROTECT2 678 RCVD_IN_SBLXBL 427 RCVD_IN_UCEPROTECT1 163 RCVD_IN_PSBL 105 RCVD_IN_BL_SPAMCOP_NET 15 RCVD_IN_SORBS_WEB 14 RCVD_IN_NJABL_PROXY 1 RCVD_IN_SORBS_DUL 1329 Total Spam ## URIBL Statistics ## 1060 URIBL_BLACK 829 URIBL_JP_SURBL 695 URIBL_OB_SURBL 611 URIBL_SC_SURBL 444 URIBL_SBLXBL 440 URIBL_WS_SURBL 427 URIBL_AB_SURBL 163 URIBL_RHS_DOB 42 URIBL_PH_SURBL 1329 Total Spam Spamhaus Zen is highly effective for me and hits on >90% of spam when used as -lastexternal, and is the only DNSRBL I'd trust to use at the smtp level. I've also added custom rules for UCE Protect levels 1-3 and PSBL blacklists. I wouldn't use either at the smtp level as they do generate the occasional FP, but UCE Protect is useful in a scoring environment such as SA. For me NJABL, SORBS and pretty much anything else are a waste of space relative to the effectiveness of Spamhaus. If you can implement Spamhaus Zen at the smtp level then blocking ~90% of spam before it ever reaches SA is hugely beneficial to system load and the rest could probably be dropped from SA with minimal impact. I also find the URIBLs to be very effective, especially URIBL_BLACK. Between Bayes and my top DNSRBLs and URIBLs, nothing gets through - everything else is just bumping the score further past the spam threshold. I'd recommend taking a look at your own stats to see which are effective for you and maybe drop those that are ineffective or, better still, look at ways to pre-filter spam at the smtp level before it ever reaches amavisd/SA so as to reduce the load (for example, http://wiki.centos.org/HowTos/postfix_restrictions). A good setup like this can easily block the vast majority of spam at the smtp level meaning that your server/SA now primarily only has to deal with the ham and an insignificantly small proportion of spam. BTW, checking my logs I note typical delays of 4-6secs on a 3.0GHz quad core server with 4GB RAM running 4 amavisd child processes that handles a very light load. -Ned
Re: Spamassassin+amavis
How can I tunr off the Network tests (RBLs) ??? Just to probe if it can make the delivery faster. On Wed, 2008-10-29 at 04:05 +, Ned Slider wrote: > Gary V wrote: > > > > 6 seconds seems somewhat typical. Mostly due to network tests. Some > > RBLs are no longer and you could turn the non functional RBL rules off > > by setting to 0. I'm not sure which ones though. Maybe someone else > > knows. > > > > From my own stats of hits against DNSBLs and URIBLs for the last ~1000 > spam (these results are typical for me): > > ## DNSBL Statistics ## > 1223 RCVD_IN_ZEN (Spamhaus PBL, SBL or XBL) > 1067 RCVD_IN_UCE_COMBINED (UCEPROTECT level 1, 2 or 3) > 1052 RCVD_IN_PBL > 900 RCVD_IN_UCEPROTECT3 > 834 RCVD_IN_UCEPROTECT2 > 678 RCVD_IN_SBLXBL > 427 RCVD_IN_UCEPROTECT1 > 163 RCVD_IN_PSBL > 105 RCVD_IN_BL_SPAMCOP_NET > 15 RCVD_IN_SORBS_WEB > 14 RCVD_IN_NJABL_PROXY >1 RCVD_IN_SORBS_DUL > 1329 Total Spam > > ## URIBL Statistics ## > 1060 URIBL_BLACK > 829 URIBL_JP_SURBL > 695 URIBL_OB_SURBL > 611 URIBL_SC_SURBL > 444 URIBL_SBLXBL > 440 URIBL_WS_SURBL > 427 URIBL_AB_SURBL > 163 URIBL_RHS_DOB > 42 URIBL_PH_SURBL > 1329 Total Spam > > Spamhaus Zen is highly effective for me and hits on >90% of spam when > used as -lastexternal, and is the only DNSRBL I'd trust to use at the > smtp level. I've also added custom rules for UCE Protect levels 1-3 and > PSBL blacklists. I wouldn't use either at the smtp level as they do > generate the occasional FP, but UCE Protect is useful in a scoring > environment such as SA. For me NJABL, SORBS and pretty much anything > else are a waste of space relative to the effectiveness of Spamhaus. If > you can implement Spamhaus Zen at the smtp level then blocking ~90% of > spam before it ever reaches SA is hugely beneficial to system load and > the rest could probably be dropped from SA with minimal impact. > > I also find the URIBLs to be very effective, especially URIBL_BLACK. > Between Bayes and my top DNSRBLs and URIBLs, nothing gets through - > everything else is just bumping the score further past the spam threshold. > > I'd recommend taking a look at your own stats to see which are effective > for you and maybe drop those that are ineffective or, better still, look > at ways to pre-filter spam at the smtp level before it ever reaches > amavisd/SA so as to reduce the load (for example, > http://wiki.centos.org/HowTos/postfix_restrictions). A good setup like > this can easily block the vast majority of spam at the smtp level > meaning that your server/SA now primarily only has to deal with the ham > and an insignificantly small proportion of spam. > > BTW, checking my logs I note typical delays of 4-6secs on a 3.0GHz quad > core server with 4GB RAM running 4 amavisd child processes that handles > a very light load. > > -Ned > Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B signature.asc Description: This is a digitally signed message part
Re: Spamassassin+amavis
Luis Croker wrote: How can I tunr off the Network tests (RBLs) ??? Just to probe if it can make the delivery faster. In /etc/amavisd.conf, find the following line: $sa_local_tests_only = 0;# only tests which do not require internet access? and change the setting to = 1 then restart amavisd
Re: Spamassassin+amavis
Luis: 2008/10/29 Luis Croker <[EMAIL PROTECTED]>: > > How can I tunr off the Network tests (RBLs) ??? Just to probe if it can > make the delivery faster. Just to check, you know you should run a RBL check in Postfix BEFORE it accepts te message, do you? This reduces dramatically the number of messages your server has to scan. And improves the performance a lot. Personally, I run Zen, from SpamHaus: reject_rbl_client zen.spamhaus.org Try this, so you server doesn't get overloaded with obvious spammy connections form spambots. > > > > > On Wed, 2008-10-29 at 04:05 +, Ned Slider wrote: > > Gary V wrote: >> >> 6 seconds seems somewhat typical. Mostly due to network tests. Some >> RBLs are no longer and you could turn the non functional RBL rules off >> by setting to 0. I'm not sure which ones though. Maybe someone else >> knows. >> > > From my own stats of hits against DNSBLs and URIBLs for the last ~1000 > spam (these results are typical for me): > > ## DNSBL Statistics ## > 1223 RCVD_IN_ZEN (Spamhaus PBL, SBL or XBL) > 1067 RCVD_IN_UCE_COMBINED (UCEPROTECT level 1, 2 or 3) > 1052 RCVD_IN_PBL > 900 RCVD_IN_UCEPROTECT3 > 834 RCVD_IN_UCEPROTECT2 > 678 RCVD_IN_SBLXBL > 427 RCVD_IN_UCEPROTECT1 > 163 RCVD_IN_PSBL > 105 RCVD_IN_BL_SPAMCOP_NET > 15 RCVD_IN_SORBS_WEB > 14 RCVD_IN_NJABL_PROXY >1 RCVD_IN_SORBS_DUL > 1329 Total Spam > > ## URIBL Statistics ## > 1060 URIBL_BLACK > 829 URIBL_JP_SURBL > 695 URIBL_OB_SURBL > 611 URIBL_SC_SURBL > 444 URIBL_SBLXBL > 440 URIBL_WS_SURBL > 427 URIBL_AB_SURBL > 163 URIBL_RHS_DOB > 42 URIBL_PH_SURBL > 1329 Total Spam > > Spamhaus Zen is highly effective for me and hits on >90% of spam when > used as -lastexternal, and is the only DNSRBL I'd trust to use at the > smtp level. I've also added custom rules for UCE Protect levels 1-3 and > PSBL blacklists. I wouldn't use either at the smtp level as they do > generate the occasional FP, but UCE Protect is useful in a scoring > environment such as SA. For me NJABL, SORBS and pretty much anything > else are a waste of space relative to the effectiveness of Spamhaus. If > you can implement Spamhaus Zen at the smtp level then blocking ~90% of > spam before it ever reaches SA is hugely beneficial to system load and > the rest could probably be dropped from SA with minimal impact. > > I also find the URIBLs to be very effective, especially URIBL_BLACK. > Between Bayes and my top DNSRBLs and URIBLs, nothing gets through - > everything else is just bumping the score further past the spam threshold. > > I'd recommend taking a look at your own stats to see which are effective > for you and maybe drop those that are ineffective or, better still, look > at ways to pre-filter spam at the smtp level before it ever reaches > amavisd/SA so as to reduce the load (for example, > http://wiki.centos.org/HowTos/postfix_restrictions). A good setup like > this can easily block the vast majority of spam at the smtp level > meaning that your server/SA now primarily only has to deal with the ham > and an insignificantly small proportion of spam. > > BTW, checking my logs I note typical delays of 4-6secs on a 3.0GHz quad > core server with 4GB RAM running 4 amavisd child processes that handles > a very light load. > > -Ned > > > Luis Croker > SCSA - SCNA > Administrador de Sistemas > Megacable Comunicaciones > GPG Key1024D/48C1764B > Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B Best luck, Luis -- _ GNU/GPL: "May The Source Be With You... Linux Registered User #448382. _
Re: Spamassassin+amavis
At 05:51 30-10-2008, Luis Hernán Otegui wrote: Just to check, you know you should run a RBL check in Postfix BEFORE it accepts te message, do you? This reduces dramatically the number of messages your server has to scan. And improves the performance a lot. You should not run RBL checks on outbound mail where the customer is relaying through your mail server. Regards, -sm
Re: Spamassassin+amavis
Hi all... I was doing some tests with all the recommendations you sent me... and I can make to work the server correctly... I was filtering spam with no problems and my performances troubles dissapeard... I just configured 5 procs for amavis and postfix content filter and I turn off the network tests... the server can filter a lot of spam and delivery quickly... but now appears another problem :( Until today morning... I was filtering and deliverying fine, but suddenly I received these messages and the delivery is sooo slow and the mail queue just is growing and growing Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: mail for [127.0.0.1]:10024 is using up 4001 of 4004 active queue entries Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: you may need to reduce smtp-amavis connect and helo timeouts Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: so that Postfix quickly skips unavailable hosts Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: you may need to increase the main.cf minimal_backoff_time and maximal_backoff_time Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: so that Postfix wastes less time on undeliverable mail Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: you may need to increase the master.cf smtp-amavis process limit Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: please avoid flushing the whole queue when you have Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: lots of deferred mail, that is bad for performance Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: to turn off these warnings specify: qmgr_clog_warn_time = 0 I have researched and I have founded to increase the minimal_backoff_time and another parameters but nothing works... Anybody have resolved someday this problem ? thanks... Regards. :( On Wed, 2008-10-29 at 14:59 +, Ned Slider wrote: > Luis Croker wrote: > > How can I tunr off the Network tests (RBLs) ??? Just to probe if it > > can make the delivery faster. > > > > In /etc/amavisd.conf, find the following line: > > $sa_local_tests_only = 0;# only tests which do not require internet > access? > > and change the setting to = 1 > > then restart amavisd > >
Re: Spamassassin+amavis
Luis, > I was doing some tests with all the recommendations you sent me... > and I can make to work the server correctly... I was filtering spam with > no problems and my performances troubles dissapeard... > > I just configured 5 procs for amavis and postfix content filter and > I turn off the network tests... the server can filter a lot of spam and > delivery quickly... but now appears another problem :( With your 4 CPU 4 GB mem box you should be able to run more than 4 amavisd(+SA) processes. As a rule of a thumb, I'd say your box should not have trouble running 20..30 processes. > Until today morning... I was filtering and deliverying fine, but > suddenly I received these messages and the delivery is sooo slow and > the mail queue just is growing and growing > > Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: mail for > [127.0.0.1]:10024 is using up 4001 of 4004 active queue entries This is just a consequence of your amavisd+SpamAssassin not being able to keep up with the incoming mail flow. No fine tuning on the Postfix side will be able to compensate for the fact that your mail inflow rate is larger than the mail processing throughput of SpamAssassin filtering. What is your message rate on a normal day? Is the current mail flow significantly larger? Perhaps you are under a bounce storm, which can easily increase the mail flow rate by an order of magnitude. Examine what kind of messages are most typical in your mail queue (mailq, postcat), try to determine if these are just normal spam flow, or bounces, or something else (e.g. mailer abused as an open relay, perhaps by one of your client PCs which might have been zombiized). What is the message throughput though the filter - see what amavisd-agent has to report, the more interesting figures are for example: CacheAttempts 15216 3217/h 100.0 % (CacheAttempts) CacheHits1750370/h11.5 % (CacheAttempts) ... InMsgs 15216 3217/h 100.0 % (InMsgs) InMsgsBounce 4176883/h27.4 % (InMsgs) InMsgsBounceKilled 3904825/h93.5 % (InMsgsBounce) ... TimeElapsedDecoding ... TimeElapsedPenPals TimeElapsedReceiving TimeElapsedSending TimeElapsedSpamCheck TimeElapsedVirusCheck TimeElapsedTotal How does the display of amavisd-nanny look like? Are all processes about evenly busy? Are processing times significantly longer than a couple of seconds? Set $nanny_details_level=2; (in amavisd.conf) for more detailed timing breakdown by amavisd-nanny. Check timing log (at log level 2), you may want to (re)confirm that SpamAssassin is really taking most of the time, just in case. > -I turned off DCC, Razor and Pyzor. > -I set the bayes use to 0. These were pretty drastic measures, significantly affecting quality of SA results. Once you get over the current crisis, at least put back the DCC and Bayes on MySQL, which are relatively low resource consumers compared to regexp-based rules and to Pyzor (razor is somewhere inbetween). Mark
Re: Spamassassin+amavis
On Thu, 6 Nov 2008, Mark Martinec wrote: Luis, I was doing some tests with all the recommendations you sent me... and I can make to work the server correctly... I was filtering spam with no problems and my performances troubles dissapeard... I just configured 5 procs for amavis and postfix content filter and I turn off the network tests... the server can filter a lot of spam and delivery quickly... but now appears another problem :( With your 4 CPU 4 GB mem box you should be able to run more than 4 amavisd(+SA) processes. As a rule of a thumb, I'd say your box should not have trouble running 20..30 processes. I haven't ran amavisd-new on our servers yet. However, I do run SA directly out of Postfix on a server with 4x3.5Ghz dual core zeon processors with 12Gb of RAM. I haven't had any issues with the following startup params: --min-children=10 --max-children=40 --min-spare=10 --max-spare=20 and haven't ran into any issues for over a year now. This server handles an average over six million connections every 24 hours at present. I am getting ready to toss more RAM at the server as connections have increased.
Re: Spamassassin+amavis
Hi this mail ius just to say thanks all the people kindly sent me a mail trying to figure out the low performance in my server. Right now the server is working well and filtering like I wish. The changes I did were decrease the number of amavisd processes to 5, turned off DCC, the network tests and install the DNS service locallly. Thanks all. Regards. On Thu, 2008-11-06 at 01:07 +0100, Mark Martinec wrote: > Luis, > > > I was doing some tests with all the recommendations you sent me... > > and I can make to work the server correctly... I was filtering spam with > > no problems and my performances troubles dissapeard... > > > > I just configured 5 procs for amavis and postfix content filter and > > I turn off the network tests... the server can filter a lot of spam and > > delivery quickly... but now appears another problem :( > > With your 4 CPU 4 GB mem box you should be able to run more than 4 > amavisd(+SA) processes. As a rule of a thumb, I'd say your box should > not have trouble running 20..30 processes. > > > Until today morning... I was filtering and deliverying fine, but > > suddenly I received these messages and the delivery is sooo slow and > > the mail queue just is growing and growing > > > > Nov 5 12:51:23 mailgw postfix/qmgr[14251]: warning: mail for > > [127.0.0.1]:10024 is using up 4001 of 4004 active queue entries > > This is just a consequence of your amavisd+SpamAssassin not being able > to keep up with the incoming mail flow. No fine tuning on the Postfix > side will be able to compensate for the fact that your mail inflow rate > is larger than the mail processing throughput of SpamAssassin filtering. > > What is your message rate on a normal day? Is the current mail flow > significantly larger? Perhaps you are under a bounce storm, which can > easily increase the mail flow rate by an order of magnitude. Examine > what kind of messages are most typical in your mail queue (mailq, postcat), > try to determine if these are just normal spam flow, or bounces, or > something else (e.g. mailer abused as an open relay, perhaps by one of > your client PCs which might have been zombiized). > > What is the message throughput though the filter - see what amavisd-agent > has to report, the more interesting figures are for example: > > CacheAttempts 15216 3217/h 100.0 % (CacheAttempts) > CacheHits1750370/h11.5 % (CacheAttempts) > ... > InMsgs 15216 3217/h 100.0 % (InMsgs) > InMsgsBounce 4176883/h27.4 % (InMsgs) > InMsgsBounceKilled 3904825/h93.5 % (InMsgsBounce) > ... > TimeElapsedDecoding ... > TimeElapsedPenPals > TimeElapsedReceiving > TimeElapsedSending > TimeElapsedSpamCheck > TimeElapsedVirusCheck > TimeElapsedTotal > > How does the display of amavisd-nanny look like? Are all processes > about evenly busy? Are processing times significantly longer than a > couple of seconds? Set $nanny_details_level=2; (in amavisd.conf) for > more detailed timing breakdown by amavisd-nanny. > > Check timing log (at log level 2), you may want to (re)confirm that > SpamAssassin is really taking most of the time, just in case. > > > -I turned off DCC, Razor and Pyzor. > > -I set the bayes use to 0. > > These were pretty drastic measures, significantly affecting quality > of SA results. Once you get over the current crisis, at least put back > the DCC and Bayes on MySQL, which are relatively low resource consumers > compared to regexp-based rules and to Pyzor (razor is somewhere inbetween). > > Mark > > Luis Croker SCSA - SCNA Administrador de Sistemas Megacable Comunicaciones GPG Key1024D/48C1764B Key fingerprint = E8B6 E84F ECE4 661E 30C7 7208 042D BD09 48C1 764B
Re: Spamassassin+amavis
On Wed, 12 Nov 2008, Luis Croker wrote: turned off DCC, the network tests and install the DNS service locallly. Turning off the network tests will obscure any benefit from installing a local caching DNS server. Try turning the network tests on for a while and see whether your performance is still poor even with the local caching DNS server. (...don't forget to update your /etc/resolv.conf to point at the local DNS server so that you actually *use* it...) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control laws cannot reduce violent crime, because gun control laws focus obsessively on a tool a criminal might use to commit a crime rather than the criminal himself and his act of violence. ---
Re: Spamassassin + amavis-new + postfix -> how to learn?
znapper wrote: Big question is, how do I do this? The server is set up to relay all mail adressed to exhange-configured-domain.com and discard anything else. I've tried to add the spamtrap user and tried to send mail to this user, using the regular [EMAIL PROTECTED], only resulting in a error message from the exchange system, telling me there is no such user on that system. -Obviously (because the user only exist on the linux server and the mail was relayed from the filter to the exchange system). What I want, is for the users of the exchange system to be able to forward any spams not tagged as spam, towards the linux filter and to the accout "spamtrapper". The amavis-postfix-spamassassin server should then deliver LOCALLY for "spamtrapper" _and only that user_ so I can run some commands to teach the bayesian filter on the local mailbox of that user. You should NOT forward any mail from Exchange to some other recipient, since Exchange and Outlook will destroy a lot of the header information, what you should do is to set up a couple of Public folders on your Exchange server and call them for instance "SPAM" and "HAM" where your users should have write access to, so they can manually put SPAM and HAM in correct folder. When a user has moved the mail instead of forwarding, all header is as they where when received at the first time. Which could be essential for SA Then you should set up a IMAP user on your Exchange server which could access those Public folders only, there are a few already made scripts that will connect to your Exchange server (or whatever IMAP server you have), just make sure you know the absolute path to the Public folders when you're about to access them. Even further, make sure you understand the script that will help you download all SPAM's and HAM's The one I'm using is this one below http://gagravarr.org/code/imap-sa-learn.pl And I have it set up in CRON to run twice a day, I also remove all mail from SPAM & HAM folder after successfully downloaded and learned SA, just to make the public folders clean. or you might want to do some changes in the script and just move learned messages into some other public folder. /Micke How do I configure this sollution to deliver locally for one spesific user? (I really cannot find anything online about it) Tips and pointers appeciated, we are currently drowning in spam. (75 spams to my account during the weekend alone). Regards OH, Oslo Norway
Re: Spamassassin + amavis-new + postfix -> how to learn?
On Mon, 2006-10-09 at 14:07 +0200, Micke Andersson wrote: > znapper wrote: > > > > Big question is, how do I do this? The server is set up to relay all mail > > adressed to exhange-configured-domain.com and discard anything else. > > I've tried to add the spamtrap user and tried to send mail to this user, > > using the regular [EMAIL PROTECTED], only resulting > > in a error message from the exchange system, telling me there is no such > > user on that system. -Obviously (because the user only exist on the linux > > server and the mail was relayed from the filter to the exchange system). [cut] > > > You should NOT forward any mail from Exchange to some other recipient, > since Exchange and Outlook will destroy a lot of the header information, > what you should do is to set up a couple of Public folders on your > Exchange server and call them for instance "SPAM" and "HAM" where your > users should have write access to, so they can manually put SPAM and HAM > in correct folder. > When a user has moved the mail instead of forwarding, all header is as > they where when received at the first time. > Which could be essential for SA [cut] Also, search the archives for spamassassin exchange or just exchange. You'll find a lengthy discussion of different approaches and methods to grab the mail from the Exchange server (it can vary depending on which version of MS Exchange you're using). Seems like it was a few years ago now. -Bill
Re: Spamassassin + amavis-new + postfix -> how to learn?
Bill Randle wrote: > > On Mon, 2006-10-09 at 14:07 +0200, Micke Andersson wrote: >> znapper wrote: >> > >> > Big question is, how do I do this? > [cut] >> > >> You should NOT forward any mail from Exchange to some other recipient, >> since Exchange and Outlook will destroy a lot of the header information, >> what you should do is to set up a couple of Public folders on your >> Exchange server and call them for instance "SPAM" and "HAM" where your >> users should have write access to, so they can manually put SPAM and HAM >> in correct folder. > [cut] > > Also, search the archives for spamassassin exchange or just exchange. > You'll find a lengthy discussion of different approaches and methods > to grab the mail from the Exchange server (it can vary depending on > which version of MS Exchange you're using). Seems like it was a few > years ago now. > > -Bill > Ok, thank you for your input. I was not aware that you could read any information from public folders from a linux based system at all, but that was an eye opener indeed. Probably also makes the process a lot easier conserning keeping the messages intact for proper identification. I will look into it asap, the scripts will come in handy as our filter needs it desperately. Kind regards Ole-H -- View this message in context: http://www.nabble.com/Spamassassin-%2B-amavis-new-%2B-postfix--%3E-how-to-learn--tf2409443.html#a6719887 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spamassassin + amavis-new + postfix -> how to learn?
I will look into it asap, the scripts will come in handy as our filter needs it desperately. Kind regards Ole-H If you are only catching 10% of spam, fixing Bayes will help, but it is also very important to find out what else is wrong. Your Bayes may have become polluted with low scoring spam, but the questions is, why does spam score low in the first place? Do you see ALL_TRUSTED in headers of mail that does not origininate from your network? What version of SpamAssassin are you using? Are you using DCC, Pyzor and Razor2 and are they working (along with other network tests)? Are you using any SARE rulesets, FuzzyOcr or Imageinfo plugins? Are you using sa-update? What version of amavisd-new are you running? Does spam scanning get skipped due to timeouts or over sized messages? To answer your other question: in main.cf, you could set: mydestination = $myhostname, localhost.$mydomain, localhost Make sure myhostname is set correctly - host.example.com for example. This assumes no one is currently addressing mail to [EMAIL PROTECTED] You may not need the $myhostname entry at all, but include it when you test. assuming you have set: virtual_alias_maps = hash:/etc/postfix/virtual in your virtual alias file: [EMAIL PROTECTED] [EMAIL PROTECTED] This will rewrite the destination address and deliver it to the local mailbox. relay_domains must not include any of the entries in mydestination - typically you would have your domain name(s) listed. Don't forget to postmap the virtual file. It is not uncommon to add these entries to a relay server, but if you have, they must be commented out, removed or reconfigured: #local_recipient_maps = #local_transport = error:no local mail delivery http://www.postfix.org/STANDARD_CONFIGURATION_README.html Gary V _ Try the new Live Search today! http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&FORM=WLMTAG