You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by pe...@vfemail.net on 2007/08/19 05:24:44 UTC
How do I temporarily disable SpamAssassin?
I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The machine is receiving 200,000 e-mail messages per day, courtesy of Rumpelstiltskin attacks from thousands of different IP addresses each day, and SpamAssassin appears to be overwhelmed. I have about 50,000 e-mail messages in my qmail queue and the queue is growing by more than 1,000 e-mail messages per hour.
I want to temporarily disable SpamAssassin to free up enough resources to let the mail queue clear. How do I do that?
If anyone knows how to temporarily disable ClamAV too, I'd be ecstatic to learn how to do that too.
I've read Life with qmail and the SpamAssassin documentation at http://spamassassin.apache.org/ but I'm not connecting the dots. Unfortunately, I didn't set up this machine and I don't have a good grasp of qmail, SpamAssassin and ClamAV.
Thanks in advance for any guidance and all practical suggestions you can offer.
Re: How do I temporarily disable SpamAssassin?
Posted by brian <2a...@sympatico.ca>.
peter@vfemail.net wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV.
>
> I want to temporarily disable SpamAssassin to free up enough
> resources to let the mail queue clear. How do I do that?
>
Further to the other comments, this page might be helpful:
qmail + spamassassin + clamav quick reference
http://www.rauros.net/projects/qmail/
good luck!
RE: How do I temporarily disable SpamAssassin?
Posted by Robert - elists <li...@abbacomm.net>.
>
> I've read Life with qmail and the SpamAssassin documentation at
> http://spamassassin.apache.org/ but I'm not connecting the dots.
> Unfortunately, I didn't set up this machine and I don't have a good grasp
> of qmail, SpamAssassin and ClamAV.
>
> Thanks in advance for any guidance and all practical suggestions you can
> offer.
>
The other possibility I forgot to mention is simscan, and ummm you would
have to look that one up...
http://www.google.com/search?hl=en&q=disable+clamav+and+spamassassin+simscan
- rh
Re: How do I temporarily disable SpamAssassin?
Posted by Phil Barnett <ph...@philb.us>.
On Saturday 18 August 2007, peter@vfemail.net wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
> machine is receiving 200,000 e-mail messages per day, courtesy of
> Rumpelstiltskin attacks from thousands of different IP addresses each day,
> and SpamAssassin appears to be overwhelmed. I have about 50,000 e-mail
> messages in my qmail queue and the queue is growing by more than 1,000
> e-mail messages per hour.
>
> I want to temporarily disable SpamAssassin to free up enough resources to
> let the mail queue clear. How do I do that?
>
> If anyone knows how to temporarily disable ClamAV too, I'd be ecstatic to
> learn how to do that too.
>
> I've read Life with qmail and the SpamAssassin documentation at
> http://spamassassin.apache.org/ but I'm not connecting the dots.
> Unfortunately, I didn't set up this machine and I don't have a good grasp
> of qmail, SpamAssassin and ClamAV.
>
> Thanks in advance for any guidance and all practical suggestions you can
> offer.
I can direct you to a person who probably knows qmail as well as any person on
the planet, John Simpson. He doesn't run SA, but he really knows qmail inside
and out, so any questions to him about qmail are well directed.
You can view his website here and probably find a link to his email addy if
you can read and interpret whats in that box in the 'Other useful pages'
section...
http://www.jms1.net/
--
Phil Barnett
AI4OF
SKCC #600
Re: How do I temporarily disable SpamAssassin?
Posted by Matt Kettler <mk...@verizon.net>.
peter@vfemail.net wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The machine is receiving 200,000 e-mail messages per day, courtesy of Rumpelstiltskin attacks from thousands of different IP addresses each day, and SpamAssassin appears to be overwhelmed. I have about 50,000 e-mail messages in my qmail queue and the queue is growing by more than 1,000 e-mail messages per hour.
>
> I want to temporarily disable SpamAssassin to free up enough resources to let the mail queue clear. How do I do that?
>
> If anyone knows how to temporarily disable ClamAV too, I'd be ecstatic to learn how to do that too.
>
> I've read Life with qmail and the SpamAssassin documentation at http://spamassassin.apache.org/ but I'm not connecting the dots. Unfortunately, I didn't set up this machine and I don't have a good grasp of qmail, SpamAssassin and ClamAV.
>
> Thanks in advance for any guidance and all practical suggestions you can offer.
>
First: I know very little about qmail setups. I find qmail very
difficult to keep track of due to the large number of third party
patches that "everyone" seems to use.
Well, the exact method of disabling spamassasin is going to depend on
exactly how SA was "connected" to qmail in the first place..
>From what I recall, some folks directly add it to the qmail-queue
process (using a patch to cause this to happen in the first place). You
might want to look at your QMAILQUEUE environment variable, and see what
it points to. Check to see if that's pointing to spamassassin, spamc, or
some script that calls one or the other. From there, modifying that
script, or re-pointing it to one that doesn't call SA, should disable SA.
After you get your queue cleared, your first priority should be fixing
your qmail to not blindly accept all messages and validate recipients at
the time of the SMTP RCPT TO: command like a sane MTA.
Blind accepting is going to cause you permanent problems due to the
common nature of Rumpelstiltskin attacks. Also, all the misdirected
bounces your server generates as a result are likely to get you
blacklisted in spamcop.
Again, I'm no qmail expert, but spamcop does have some advice pointing
to patches that try to fix qmail's default "accept everything and sort
it out after it's been queued" behavior.
http://spamcop.net/fom-serve/cache/329.html
Yes, the really simple accept-everything approach is part of why DJB can
claim qmail is hard to exploit for code execution. If there's very
little code involved in the SMTP connection handling, there's less code
to try to exploit. Unfortunately, this design also makes it really easy
to abuse to DoS the qmail server or abuse it to perform mail-bounce
attacks on everyone else. Such attacks are really common as an accident
of modern spamming practices, so patching qmail so it no longer does
this is critical to making your mailserver survive.
>
>
>
RE: How do I temporarily disable SpamAssassin?
Posted by Robert - elists <li...@abbacomm.net>.
>
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
> machine is receiving 200,000 e-mail messages per day, courtesy of
> Rumpelstiltskin attacks from thousands of different IP addresses each day,
> and SpamAssassin appears to be overwhelmed. I have about 50,000 e-mail
> messages in my qmail queue and the queue is growing by more than 1,000 e-
> mail messages per hour.
>
> I want to temporarily disable SpamAssassin to free up enough resources to
> let the mail queue clear. How do I do that?
>
> If anyone knows how to temporarily disable ClamAV too, I'd be ecstatic to
> learn how to do that too.
>
> I've read Life with qmail and the SpamAssassin documentation at
> http://spamassassin.apache.org/ but I'm not connecting the dots.
> Unfortunately, I didn't set up this machine and I don't have a good grasp
> of qmail, SpamAssassin and ClamAV.
>
> Thanks in advance for any guidance and all practical suggestions you can
> offer.
>
I haven't checked my personal notes in full (needing coffee first), yet...
If the machine is using qmail-scanner-queue.pl, then you would backup that
file, and then you would edit that file to tell it not to scan for viruses
and to not use spamassassin.
Then you would save that file
Then you would call aka run that file in such a way as to reset it so to
speak...
Meaning it has to be called as the right user
I would be more exact, yet I do not currently have it implemented on a BSD
system although it should be the same on just about any system
http://www.itslot.com/how_to_disable_enable_sa_clam_av_or_both_in_qmail_scan
ner
or
http://www.google.com/search?hl=en&q=how+to+disable+clamav+and+spamassassin+
in+qmail-scanner-queue.pl
You should be able to google the rest of the info from here.
As far as validrcptto, this is the best site and patch set I have ever found
for qmail if you want to learn and know what you are doing
http://qmail.jms1.net/
there is a validrcptto patch by jms1 among many other things.
- rh
RE: How do I temporarily disable SpamAssassin?
Posted by Robert - elists <li...@abbacomm.net>.
>
>
> Bingo! SpamAssassin and ClamAV are supposedly stopped.
>
Right, problem is, there is code or a codeset on your machine that requires
they be present and activated or your server will barf on incoming messages.
I sent a coupla posts last night to direct you towards looking for a file
called qmail-scanner-queue.pl and/or simscan etc to find out what you have
then then what needs to be done to disable the "calling" of clamav and sa
You can leave the clamav and sa running and just disable the necessary code
that calls them and be much better off and not fry your mail system
- rh
Re: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
Bingo! SpamAssassin and ClamAV are supposedly stopped.
------
At 09:05 PM 8/19/2007, Dave Pooser wrote:
>> [peter@erebus /usr/local/etc/rc.d]$ sa-spamd.sh stop
>> bash: sa-spamd.sh: command not found
>> [peter@erebus /usr/local/etc/rc.d]$ clamav-clamd.sh stop
>> bash: clamav-clamd.sh: command not found
>> [peter@erebus /usr/local/etc/rc.d]$
>>
>> How is it possible that the commands aren't found? They're right there in the
>> directory?
>
>Root typically uses a fixed PATH that doesn't include the current directory
>(for security reasons). Try giving it an explicit path:
>./clamav-clamd.sh stop
>
>or
>
>/usr/local/etc/rc.d/clamav-clamd.sh stop
>
>and that should work.
>--
>Dave Pooser
>Cat-Herder-in-Chief, Pooserville.com
>"You're useless when you're high on catnip, you know that?"
RE: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
Thanks again to everybody who responded, and steered me in the right direction.
I'm very close to getting John Simpson's validrcptto qmail patch described at http://qmail.jms1.net/patches/validrcptto.cdb.shtml in place on the mailhub machine to prevent passing Rumpelstiltskin problem e-mail messages to the machine on which physical mailboxes and e-mail aliases are located.
------
At 10:23 AM 8/20/2007, Gary V wrote:
>>http://marc.info/?l=qmail&m=118749326201041
>>
>>I feel for Peter, it appears the qmail list is not much help either.
>
>But I do see as things develop that there is hope.
>
>Gary V
>
>_________________________________________________________________
>See what youre getting into
before you go there http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507
>
>
RE: How do I temporarily disable SpamAssassin?
Posted by Gary V <mr...@hotmail.com>.
>http://marc.info/?l=qmail&m=118749326201041
>
>I feel for Peter, it appears the qmail list is not much help either.
But I do see as things develop that there is hope.
Gary V
_________________________________________________________________
See what youre getting into
before you go there
http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_preview_0507
RE: How do I temporarily disable SpamAssassin?
Posted by Gary V <mr...@hotmail.com>.
>At 01:05 AM 8/20/2007, Robert - elists wrote:
> >> >
> >>
> >> It's not a solution. It's an attempt to get the toilet unplugged while
>the
> >> plumber is on the way. The change should be reverted one the system is
> >> properly configured. The main problem is all we really know is that the
> >> MTA
> >> is qmail.
> >>
> >
> >Gary,
> >
> >Ummmm it doesn't unplug the toilet... you gave bad and incorrect advice
>and
> >will cause more problems and increased frustration.
> >
> >Your opinion on the MTA doesn't matter...
> >
> >It's like telling someone to put sugar in the gas tank to fix a flat tire
> >and then tell them that their choice of ride is the real issue.
> >
> > - rh
>
>Personally, I've appreciated everybody's input as I continue to climb the
>learning curve.
>
>
Peter, hopefully you got my correction.
command_args="-d --local -r ${pidfile}"
Robert,
I'm not complaining about qmail - except that it appears there is little
expertise in configuring such a relay server to reject mail to invalid
users. The items building in the queue are going to come from several
sources. Reading Peter's post on the qmail list, he says it takes hours for
mail to get delivered to the next hop server. This indicates to me the
possibility that some of the messages in the queue are deferred due to spamd
not responding (due to heavy load). My suggestion attempts to make spamd
more responsive so mail in this category can flow to mailboxes. It will
increase processor load due to decreased latency (no dns checks mean shorter
scan times) but generally in my experience this improves traffic flow. If
traffic flow improves it may mean the server will accept even more trash -
so I'm with you on this, but I think it's a better solution than skipping SA
alltogether (which we are not sure how to do - due to the fact that we don't
really know how SA is integrated into this setup - this is what I was
referring to when I said "all we really know is").
http://marc.info/?l=qmail&m=118749326201041
I feel for Peter, it appears the qmail list is not much help either. I can
say that if this was a Postfix machine it would not be difficult to explain
how to configure a relay server to reject mail to invalid users.
Gary V
_________________________________________________________________
Puzzles, trivia teasers, word scrambles and more. Play for your chance to
win! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink
RE: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
At 01:05 AM 8/20/2007, Robert - elists wrote:
>> >
>>
>> It's not a solution. It's an attempt to get the toilet unplugged while the
>> plumber is on the way. The change should be reverted one the system is
>> properly configured. The main problem is all we really know is that the
>> MTA
>> is qmail.
>>
>
>Gary,
>
>Ummmm it doesn't unplug the toilet... you gave bad and incorrect advice and
>will cause more problems and increased frustration.
>
>Your opinion on the MTA doesn't matter...
>
>It's like telling someone to put sugar in the gas tank to fix a flat tire
>and then tell them that their choice of ride is the real issue.
>
> - rh
Personally, I've appreciated everybody's input as I continue to climb the learning curve.
RE: How do I temporarily disable SpamAssassin?
Posted by Robert - elists <li...@abbacomm.net>.
> >
>
> It's not a solution. It's an attempt to get the toilet unplugged while the
> plumber is on the way. The change should be reverted one the system is
> properly configured. The main problem is all we really know is that the
> MTA
> is qmail.
>
Gary,
Ummmm it doesn't unplug the toilet... you gave bad and incorrect advice and
will cause more problems and increased frustration.
Your opinion on the MTA doesn't matter...
It's like telling someone to put sugar in the gas tank to fix a flat tire
and then tell them that their choice of ride is the real issue.
- rh
RE: How do I temporarily disable SpamAssassin?
Posted by Gary V <mr...@hotmail.com>.
> > I would think stopping these may prevent any mail from passing through
> > your
> > system. If you can't figure out how to reconfigure qmail to stop sending
> > mail to spamd then you might consider adding the --local argument to the
> > spamd daemon. This would make spamd run considerably faster (but it
>would
> > not detect spam as well as before). Maybe if SA ran faster mail would
> > start
> > to flow. This means you would have to be skilled enough to figure out
> > where
> > to place this in /usr/local/etc/rc.d/sa-spamd.sh. Then you would restart
> > spam via that initscript. If you like, post that script so someone can
> > offer
> > instructions.
> >
> > Gary V
> >
>
>this is the wrong direction for his solution
>
> - rh
>
It's not a solution. It's an attempt to get the toilet unplugged while the
plumber is on the way. The change should be reverted one the system is
properly configured. The main problem is all we really know is that the MTA
is qmail.
Gary V
_________________________________________________________________
More photos, more messages, more storageget 2GB with Windows Live Hotmail.
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_2G_0507
RE: How do I temporarily disable SpamAssassin?
Posted by Robert - elists <li...@abbacomm.net>.
> >
>
> I would think stopping these may prevent any mail from passing through
> your
> system. If you can't figure out how to reconfigure qmail to stop sending
> mail to spamd then you might consider adding the --local argument to the
> spamd daemon. This would make spamd run considerably faster (but it would
> not detect spam as well as before). Maybe if SA ran faster mail would
> start
> to flow. This means you would have to be skilled enough to figure out
> where
> to place this in /usr/local/etc/rc.d/sa-spamd.sh. Then you would restart
> spam via that initscript. If you like, post that script so someone can
> offer
> instructions.
>
> Gary V
>
this is the wrong direction for his solution
- rh
Re: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
At 11:08 PM 8/19/2007, Gary V wrote:
>>Worried that I might be preventing all mail from passing through the system, I rebooted the server after disabling SpamAssassin and ClamAV, so they're running again. My remote mail queue is continuing to grow -- there are now 79,110 messages in the remote queue. ps -ax | grep -c qmail-remote reports that there are 87 processes pumping out e-mail responses to people around the globe who probably don't exist that purportedly sent e-mail messages to non-existent e-mail addresses at this domain. I apologize to everyone for my unintentional contributions to the global Spam problem.
>>
>>Here's my /usr/local/etc/rc.d/sa-spamd.sh script:
>>
>>#!/bin/sh
>>#
>># $FreeBSD: ports/mail/p5-Mail-SpamAssassin/files/spamd.sh,v 1.13 2006/02/09 07:38:20 sem Exp $
>>#
>>
>># PROVIDE: spamd
>># REQUIRE: LOGIN
>># BEFORE: mail
>># KEYWORD: shutdown
>>
>>#
>># Add the following lines to /etc/rc.conf to enable spamd:
>>#
>>#spamd_enable="YES"
>>#
>># See spamd(8) for flags
>>#
>>
>>. /etc/rc.subr
>>
>>name=spamd
>>rcvar=`set_rcvar`
>>
>>load_rc_config $name
>>
>># Set defaults
>>: ${spamd_enable:="NO"}
>>: ${spamd_flags="-c "}
>>
>>pidfile=${spamd_pidfile:-"/var/run/spamd/spamd.pid"}
>>command=/usr/local/bin/spamd
>>command_args="-d -r ${pidfile}"
>>required_dirs=/usr/local/share/spamassassin
>>
>>stop_postcmd=stop_postcmd
>>
>>stop_postcmd()
>>{
>> rm -f $pidfile
>>}
>>
>>run_rc_command "$1"
>>
>>-------
>
>So,
>command_args="-d -r ${pidfile}"
>would be
>command_args="-d -r --local ${pidfile}"
>
>/usr/local/etc/rc.d/sa-spamd.sh stop
>/usr/local/etc/rc.d/sa-spamd.sh start
>
>My guess is (could be wrong), you are not rejecting mail addressed to invalid users. Can't help with that however as I am not familiar with qmail.
Right. I'm certain I'm not rejecting mail addressed to invalid users. I will turn to the qmail list for further guidance. Thanks.
>Gary V
>
>_________________________________________________________________
>Messenger Café open for fun 24/7. Hot games, cool activities served daily. Visit now. http://cafemessenger.com?ocid=TXT_TAGHM_AugHMtagline
>
>
Re: How do I temporarily disable SpamAssassin?
Posted by Gary V <mr...@hotmail.com>.
>So,
>command_args="-d -r ${pidfile}"
>would be
>command_args="-d -r --local ${pidfile}"
>
Sorry, should be:
command_args="-d --local -r ${pidfile}"
_________________________________________________________________
Find a local pizza place, movie theater, and more
.then map the best route!
http://maps.live.com/default.aspx?v=2&ss=yp.bars~yp.pizza~yp.movie%20theater&cp=42.358996~-71.056691&style=r&lvl=13&tilt=-90&dir=0&alt=-1000&scene=950607&encType=1&FORM=MGAC01
Re: How do I temporarily disable SpamAssassin?
Posted by Gary V <mr...@hotmail.com>.
>Worried that I might be preventing all mail from passing through the
>system, I rebooted the server after disabling SpamAssassin and ClamAV, so
>they're running again. My remote mail queue is continuing to grow -- there
>are now 79,110 messages in the remote queue. ps -ax | grep -c qmail-remote
>reports that there are 87 processes pumping out e-mail responses to people
>around the globe who probably don't exist that purportedly sent e-mail
>messages to non-existent e-mail addresses at this domain. I apologize to
>everyone for my unintentional contributions to the global Spam problem.
>
>Here's my /usr/local/etc/rc.d/sa-spamd.sh script:
>
>#!/bin/sh
>#
># $FreeBSD: ports/mail/p5-Mail-SpamAssassin/files/spamd.sh,v 1.13
>2006/02/09 07:38:20 sem Exp $
>#
>
># PROVIDE: spamd
># REQUIRE: LOGIN
># BEFORE: mail
># KEYWORD: shutdown
>
>#
># Add the following lines to /etc/rc.conf to enable spamd:
>#
>#spamd_enable="YES"
>#
># See spamd(8) for flags
>#
>
>. /etc/rc.subr
>
>name=spamd
>rcvar=`set_rcvar`
>
>load_rc_config $name
>
># Set defaults
>: ${spamd_enable:="NO"}
>: ${spamd_flags="-c "}
>
>pidfile=${spamd_pidfile:-"/var/run/spamd/spamd.pid"}
>command=/usr/local/bin/spamd
>command_args="-d -r ${pidfile}"
>required_dirs=/usr/local/share/spamassassin
>
>stop_postcmd=stop_postcmd
>
>stop_postcmd()
>{
> rm -f $pidfile
>}
>
>run_rc_command "$1"
>
>-------
So,
command_args="-d -r ${pidfile}"
would be
command_args="-d -r --local ${pidfile}"
/usr/local/etc/rc.d/sa-spamd.sh stop
/usr/local/etc/rc.d/sa-spamd.sh start
My guess is (could be wrong), you are not rejecting mail addressed to
invalid users. Can't help with that however as I am not familiar with qmail.
Gary V
_________________________________________________________________
Messenger Café open for fun 24/7. Hot games, cool activities served daily.
Visit now. http://cafemessenger.com?ocid=TXT_TAGHM_AugHMtagline
Re: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
Worried that I might be preventing all mail from passing through the system, I rebooted the server after disabling SpamAssassin and ClamAV, so they're running again. My remote mail queue is continuing to grow -- there are now 79,110 messages in the remote queue. ps -ax | grep -c qmail-remote reports that there are 87 processes pumping out e-mail responses to people around the globe who probably don't exist that purportedly sent e-mail messages to non-existent e-mail addresses at this domain. I apologize to everyone for my unintentional contributions to the global Spam problem.
Here's my /usr/local/etc/rc.d/sa-spamd.sh script:
#!/bin/sh
#
# $FreeBSD: ports/mail/p5-Mail-SpamAssassin/files/spamd.sh,v 1.13 2006/02/09 07:38:20 sem Exp $
#
# PROVIDE: spamd
# REQUIRE: LOGIN
# BEFORE: mail
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable spamd:
#
#spamd_enable="YES"
#
# See spamd(8) for flags
#
. /etc/rc.subr
name=spamd
rcvar=`set_rcvar`
load_rc_config $name
# Set defaults
: ${spamd_enable:="NO"}
: ${spamd_flags="-c "}
pidfile=${spamd_pidfile:-"/var/run/spamd/spamd.pid"}
command=/usr/local/bin/spamd
command_args="-d -r ${pidfile}"
required_dirs=/usr/local/share/spamassassin
stop_postcmd=stop_postcmd
stop_postcmd()
{
rm -f $pidfile
}
run_rc_command "$1"
-------
At 10:16 PM 8/19/2007, Gary V wrote:
>>After stopping SpamAssassin messages like these are appearing in /var/log/maillog:
>>
>>Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
>>Aug 19 21:23:20 erebus spamc[20853]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused
>>Aug 19 21:23:20 erebus spamc[20879]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
>>Aug 19 21:23:20 erebus spamc[20887]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
>>Aug 19 21:23:20 erebus spamc[20821]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
>>
>>Is this a problem or can I ignore them?
>
>I would think stopping these may prevent any mail from passing through your system. If you can't figure out how to reconfigure qmail to stop sending mail to spamd then you might consider adding the --local argument to the spamd daemon. This would make spamd run considerably faster (but it would not detect spam as well as before). Maybe if SA ran faster mail would start to flow. This means you would have to be skilled enough to figure out where to place this in /usr/local/etc/rc.d/sa-spamd.sh. Then you would restart spam via that initscript. If you like, post that script so someone can offer instructions.
>
>Gary V
>
>_________________________________________________________________
>Puzzles, trivia teasers, word scrambles and more. Play for your chance to win! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink
>
>
Re: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
Darn. Okay. Thanks.
-----
At 09:39 PM 8/19/2007, Dave Pooser wrote:
>> After stopping SpamAssassin messages like these are appearing in
>> /var/log/maillog:
>>
>> Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
>> failed, retrying (#3 of 3): Connection refused
>
>So something is calling spamc, which is trying to connect to spamd and
>failing (not too surprising, since you just killed spamc). Unfortunately,
>what this mystery process is and how it's responding to failure are both
>questions outside the scope of a SpamAssassin list; it's probably a qmail
>thing, but since I've been fortunate enough never to deal with qmail I'm no
>help to you here.
>--
>Dave Pooser
>Cat-Herder-in-Chief, Pooserville.com
>"Jon, the CIA's credibility has never been lower. Crazy people no longer
>believe the CIA is implanting a chip in their heads to listen to their
>dreams. They just don't think they can pull it off. It's a sad day for
>America when even our paranoid schizophrenics realize they don't need to
>wear the aluminum foil hats anymore." -- Ed Helms, "The Daily Show"
Re: How do I temporarily disable SpamAssassin?
Posted by SM <sm...@resistor.net>.
At 18:26 19-08-2007, peter@vfemail.net wrote:
>After stopping SpamAssassin messages like these are appearing in
>/var/log/maillog:
>
>Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at
>127.0.0.1 failed, retrying (#3 of 3): Connection refused
Your question was about how to disable SpamAssassin and ClamAV. You
have to find out how they are being called. Stopping the daemons is
not the answer.
I don't have the answer to your initial question as I don't know how
SpamAssassin and ClamAV are being called in your mail setup. See the
thread for suggestions about how they might be called in a Qmail setup.
Regards,
-sm
Re: How do I temporarily disable SpamAssassin?
Posted by Dave Pooser <da...@pooserville.com>.
> After stopping SpamAssassin messages like these are appearing in
> /var/log/maillog:
>
> Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
> failed, retrying (#3 of 3): Connection refused
So something is calling spamc, which is trying to connect to spamd and
failing (not too surprising, since you just killed spamc). Unfortunately,
what this mystery process is and how it's responding to failure are both
questions outside the scope of a SpamAssassin list; it's probably a qmail
thing, but since I've been fortunate enough never to deal with qmail I'm no
help to you here.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"Jon, the CIA's credibility has never been lower. Crazy people no longer
believe the CIA is implanting a chip in their heads to listen to their
dreams. They just don't think they can pull it off. It's a sad day for
America when even our paranoid schizophrenics realize they don't need to
wear the aluminum foil hats anymore." -- Ed Helms, "The Daily Show"
Re: How do I temporarily disable SpamAssassin?
Posted by Gary V <mr...@hotmail.com>.
>After stopping SpamAssassin messages like these are appearing in
>/var/log/maillog:
>
>Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1
>failed, retrying (#3 of 3): Connection refused
>Aug 19 21:23:20 erebus spamc[20853]: connect(AF_INET) to spamd at 127.0.0.1
>failed, retrying (#2 of 3): Connection refused
>Aug 19 21:23:20 erebus spamc[20879]: connect(AF_INET) to spamd at 127.0.0.1
>failed, retrying (#1 of 3): Connection refused
>Aug 19 21:23:20 erebus spamc[20887]: connect(AF_INET) to spamd at 127.0.0.1
>failed, retrying (#1 of 3): Connection refused
>Aug 19 21:23:20 erebus spamc[20821]: connect(AF_INET) to spamd at 127.0.0.1
>failed, retrying (#3 of 3): Connection refused
>
>Is this a problem or can I ignore them?
>
I would think stopping these may prevent any mail from passing through your
system. If you can't figure out how to reconfigure qmail to stop sending
mail to spamd then you might consider adding the --local argument to the
spamd daemon. This would make spamd run considerably faster (but it would
not detect spam as well as before). Maybe if SA ran faster mail would start
to flow. This means you would have to be skilled enough to figure out where
to place this in /usr/local/etc/rc.d/sa-spamd.sh. Then you would restart
spam via that initscript. If you like, post that script so someone can offer
instructions.
Gary V
_________________________________________________________________
Puzzles, trivia teasers, word scrambles and more. Play for your chance to
win! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink
Re: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
After stopping SpamAssassin messages like these are appearing in /var/log/maillog:
Aug 19 21:23:19 erebus spamc[20803]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Aug 19 21:23:20 erebus spamc[20853]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Aug 19 21:23:20 erebus spamc[20879]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Aug 19 21:23:20 erebus spamc[20887]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Aug 19 21:23:20 erebus spamc[20821]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Is this a problem or can I ignore them?
------
At 09:22 PM 8/19/2007, peter@vfemail.net wrote:
>Bingo! SpamAssassin and ClamAV are supposedly stopped.
>
>------
>
>At 09:05 PM 8/19/2007, Dave Pooser wrote:
>>> [peter@erebus /usr/local/etc/rc.d]$ sa-spamd.sh stop
>>> bash: sa-spamd.sh: command not found
>>> [peter@erebus /usr/local/etc/rc.d]$ clamav-clamd.sh stop
>>> bash: clamav-clamd.sh: command not found
>>> [peter@erebus /usr/local/etc/rc.d]$
>>>
>>> How is it possible that the commands aren't found? They're right there in the
>>> directory?
>>
>>Root typically uses a fixed PATH that doesn't include the current directory
>>(for security reasons). Try giving it an explicit path:
>>./clamav-clamd.sh stop
>>
>>or
>>
>>/usr/local/etc/rc.d/clamav-clamd.sh stop
>>
>>and that should work.
>>--
>>Dave Pooser
>>Cat-Herder-in-Chief, Pooserville.com
>>"You're useless when you're high on catnip, you know that?"
Re: How do I temporarily disable SpamAssassin?
Posted by Dave Pooser <da...@pooserville.com>.
> [peter@erebus /usr/local/etc/rc.d]$ sa-spamd.sh stop
> bash: sa-spamd.sh: command not found
> [peter@erebus /usr/local/etc/rc.d]$ clamav-clamd.sh stop
> bash: clamav-clamd.sh: command not found
> [peter@erebus /usr/local/etc/rc.d]$
>
> How is it possible that the commands aren't found? They're right there in the
> directory?
Root typically uses a fixed PATH that doesn't include the current directory
(for security reasons). Try giving it an explicit path:
./clamav-clamd.sh stop
or
/usr/local/etc/rc.d/clamav-clamd.sh stop
and that should work.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"You're useless when you're high on catnip, you know that?"
Re: How do I temporarily disable SpamAssassin?
Posted by pe...@vfemail.net.
Thanks, John, but now I'm totally baffled and suspicious that something's really screwed up. What do you make of this transcript:
[peter@erebus /usr/home/peter]$ cd /usr/local/etc/rc.d/
[peter@erebus /usr/local/etc/rc.d]$ ls -la
total 26
drwxr-xr-x 2 root wheel 512 Apr 5 2006 .
drwxr-xr-x 8 root wheel 1024 May 23 2006 ..
-r-xr-xr-x 1 root wheel 644 Mar 1 2006 apache.sh
-r-xr-xr-x 1 root wheel 676 Feb 28 2006 clamav-clamd.sh
-r-xr-xr-x 1 root wheel 711 Feb 28 2006 clamav-freshclam.sh
-r-xr-xr-x 1 root wheel 887 Mar 2 2006 mrtg_daemon.sh
-r-xr-xr-x 1 root wheel 1623 Mar 3 2006 pure-ftpd.sh
lrwxr-xr-x 1 root wheel 13 Mar 1 2006 qmail.sh -> /var/qmail/rc
-r-xr-xr-x 1 root wheel 669 Feb 28 2006 sa-spamd.sh
-r-xr-xr-x 1 root wheel 755 Feb 28 2006 snmpd.sh
-r-xr-xr-x 1 root wheel 816 Feb 28 2006 snmptrapd.sh
-r-xr-xr-x 1 root wheel 2240 Feb 27 2006 svscan.sh
-r-xr-xr-x 1 root wheel 511 Apr 5 2006 webmin.sh
[peter@erebus /usr/local/etc/rc.d]$ sa-spamd.sh stop
bash: sa-spamd.sh: command not found
[peter@erebus /usr/local/etc/rc.d]$ clamav-clamd.sh stop
bash: clamav-clamd.sh: command not found
[peter@erebus /usr/local/etc/rc.d]$
How is it possible that the commands aren't found? They're right there in the directory?
And, FYI, there are now 77,314 messages in the remote queue -- 25,000 more than were there yesterday.
------
At 07:37 PM 8/19/2007, John Thompson wrote:
>On 2007-08-19, peter@vfemail.net <pe...@vfemail.net> wrote:
>
>> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
>> machine is receiving 200,000 e-mail messages per day, courtesy of
>> Rumpelstiltskin attacks from thousands of different IP addresses each
>> day, and SpamAssassin appears to be overwhelmed. I have about 50,000
>> e-mail messages in my qmail queue and the queue is growing by more
>> than 1,000 e-mail messages per hour.
>>
>> I want to temporarily disable SpamAssassin to free up enough
>> resources to let the mail queue clear. How do I do that?
>
>#/usr/local/etc/rc.d/sa-spamd stop
>
>> If anyone knows how to temporarily disable ClamAV too, I'd be
>> ecstatic to learn how to do that too.
>
>Disable the daemon:
>#/usr/local/etc/rc.d/clamav-clamd stop
>
>Disable the sendmail milter:
>#/usr/local/etc/rc.d/clamav-milter stop
>
>You may want to configure your MTA to reject bogus messages during the
>SMTP negotiation to decrease the spamassassin load.
>
>--
>
>John (john@os2.dhs.org)
RE: How do I temporarily disable SpamAssassin?
Posted by Robert - elists <li...@abbacomm.net>.
>
> #/usr/local/etc/rc.d/sa-spamd stop
>
> > If anyone knows how to temporarily disable ClamAV too, I'd be
> > ecstatic to learn how to do that too.
>
> Disable the daemon:
> #/usr/local/etc/rc.d/clamav-clamd stop
>
> Disable the sendmail milter:
> #/usr/local/etc/rc.d/clamav-milter stop
>
> You may want to configure your MTA to reject bogus messages during the
> SMTP negotiation to decrease the spamassassin load.
>
> --
>
> John (john@os2.dhs.org)
Although this may be helpful information in general, this is probably not
the info you want to give someone admin'ing a qmail server without the other
proper info they need to make decisions and not really mess up the mail
subsystems
- rh
Re: How do I temporarily disable SpamAssassin?
Posted by John Thompson <jo...@vector.os2.dhs.org>.
On 2007-08-19, peter@vfemail.net <pe...@vfemail.net> wrote:
> I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The
> machine is receiving 200,000 e-mail messages per day, courtesy of
> Rumpelstiltskin attacks from thousands of different IP addresses each
> day, and SpamAssassin appears to be overwhelmed. I have about 50,000
> e-mail messages in my qmail queue and the queue is growing by more
> than 1,000 e-mail messages per hour.
>
> I want to temporarily disable SpamAssassin to free up enough
> resources to let the mail queue clear. How do I do that?
#/usr/local/etc/rc.d/sa-spamd stop
> If anyone knows how to temporarily disable ClamAV too, I'd be
> ecstatic to learn how to do that too.
Disable the daemon:
#/usr/local/etc/rc.d/clamav-clamd stop
Disable the sendmail milter:
#/usr/local/etc/rc.d/clamav-milter stop
You may want to configure your MTA to reject bogus messages during the
SMTP negotiation to decrease the spamassassin load.
--
John (john@os2.dhs.org)