You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "George R. Kasica" <ge...@netwrx1.com> on 2006/01/07 05:10:13 UTC
Exim 4.60 and Spamassassin 3.0.4 time out problems
Hello:
Just upgraded to 4.60 here with Spamassassin 3.0.4 and all seems to
work OK with the exception that I'm not seeing time out errors in the
spam scanning....I didn't see that (at least in logs) with exim 3.36
and SA 3.0.4. I haven't changed configurations on SA at all and Exim
is also the same except for the necessary changes in the conf file to
go from 3x to 4x. Mail is delivering properly, but I'm missing alot of
spam checks I think.
Any suggestions on fixing this problem??
2006-01-06 15:47:24 1EuzOl-0000ab-QJ spam acl condition: error reading
from spamd socket: Connection timed out
2006-01-06 15:47:24 1EuzOl-0000ab-QJ H=mx1.wildfour.com
[209.190.13.93] I=[192.168.1.1]:25 Warning: ACL "warn" statement
skipped: condition test deferred
2006-01-06 15:47:24 1EuzOl-0000ab-QJ <=
1000-14794488-1-92-22-829mpxas@wildfour.com H=mx1.wildfour.com
[209.190.13.93] I=[192.168.1.1]:25 P=esmtp S=4941
2006-01-06 15:47:24 1EuzOl-0000ab-QJ => danab <DA...@WEBKATZ.COM>
R=procmail T=procmail
2006-01-06 15:47:24 1EuzOl-0000ab-QJ Completed
Command lines are as follows:
/usr/local/bin/spamd --local -u spamd -m 15 --max-conn-per-child=50 &
/usr/local/exim/sbin/exim -bd
I can provide config files if needed.
Thanks,
George
===[George R. Kasica]=== +1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186
Exim 4.60 and Spamassassin 3.1 and sophie ACL help needed
Posted by "George R. Kasica" <ge...@netwrx1.com>.
I could use some help with the proper ACLs for the above items....I
have some given to me but I'm not sure they are correct or functioning
at all in terms of Virus checking. Here is my setup
Exim 4.60
Spamassassin 3.1
Sophie 3.05
Sophos (Latest rev - yes, licensed and running fine with Exim 3.36)
All have been built correctly (they run at least :))
I've supplied my exim.conf, and both sophie confs here as well.
Can someone take a look and let me know what I'm missing as I'm having
two largeish problems:
1) spamd is timing out ALOT (almost every message) so we're doing
little or no spam filtering) Here are logs snippets from both Exim
3.36 and 4.6 running SA 3.1
When I run exim 3.36 and SA 3.1:
Jan 7 17:19:13 eagle spamd[3111]: spamd: connection from localhost
[127.0.0.1] at port 46278
Jan 7 17:19:13 eagle spamd[3111]: spamd: processing message
<00...@pc> for mail:561
Jan 7 17:19:16 eagle spamd[3112]: spamd: connection from localhost
[127.0.0.1] at port 46279
Jan 7 17:19:17 eagle spamd[3112]: spamd: processing message
<96...@68.248.203.41> for mail:561
Jan 7 17:20:02 eagle spamd[4566]: spamd: identified spam (12.6/5.0)
for mail:561 in 108.3 seconds, 2889 bytes.
Jan 7 17:20:02 eagle spamd[4566]: spamd: result: Y 12 -
ADVANCE_FEE_1,ADVANCE_FEE_2,BAYES_00,DATE_IN_FUTURE_06_12,DCC_CHECK,FAKE_HELO_MAIL_COM,FORGED_MUA_OUTLOOK,RCVD_NUMERIC_HELO,SUBJ_ALL_CAPS,TO_CC_NONE,URG_BIZ
scantime=108.3,size=2889,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=46267,mid=<ch...@navaho.onspeed.com>,bayes=0.00148341614097802,autolearn=no
When I run 4.60 exim and SA 3.1:
2006-01-07 00:00:19 1Ev75l-0002qs-UL spam acl condition: error reading
from spam
d socket: Connection timed out
2006-01-07 00:00:19 1Ev75l-0002qs-UL H=(211.220.37.149)
[211.220.37.149] I=[192.
168.1.1]:25 Warning: ACL "warn" statement skipped: condition test
deferred
2006-01-07 00:00:19 1Ev75l-0002qs-UL <= wejuvavqpz@yahoo.com
H=(211.220.37.149)
[211.220.37.149] I=[192.168.1.1]:25 P=smtp S=2987
id=DGSEIFRDTQMSETNJUGQFY@yahoo
.com
2006-01-07 00:00:19 1Ev75l-0002qs-UL => georgek <ge...@netwrx1.com>
R=procmail
T=procmail
2006-01-07 00:00:19 1Ev75l-0002qs-UL Completed
2) There is NO sopie activity of any sort in the logs beyond startup
and shutdown I'm thinking there should be something...:
Jan 7 14:31:22 eagle sophie[30783]: /usr/local/bin/sophie Placed in
the background [PID: 30784]
Jan 7 14:31:22 eagle sophie[30785]: NOTICE : Setting
configuration options - please wait...
Jan 7 14:31:22 eagle sophie[30785]: NOTICE : Configuration
options set
Jan 7 14:31:30 eagle sophie[30785]: Sophos engine : Sophos engine
version 2.32
Jan 7 14:31:30 eagle sophie[30785]: Sophie IDE : Sophos IDE
version 4.01 (detects 117045 viruses)
Jan 7 14:31:30 eagle sophie[30785]: SAVI config :
/etc/sophie.savi
Jan 7 14:31:30 eagle sophie[30785]: Max processes : 20
Jan 7 14:31:30 eagle sophie[30785]: Socket path :
/var/run/sophie
Jan 7 14:31:30 eagle sophie[30785]: Umask : 7
Jan 7 14:31:30 eagle sophie[30785]: PID file :
/var/run/sophie.pid
Jan 7 14:31:30 eagle sophie[30785]: Timeout : 300 seconds
Jan 7 14:31:30 eagle sophie[30785]: Running as user : mail
Jan 7 14:31:30 eagle sophie[30785]: Socket group : mail
Jan 7 14:31:30 eagle sophie[30785]: Logname : sophie
Jan 7 14:31:30 eagle sophie[30785]: Log facility : 16 (mail)
Jan 7 14:31:30 eagle sophie[30785]: Log priority : 5 (notice)
Jan 7 14:31:30 eagle sophie[30785]: Error strings? : yes
Jan 7 14:31:30 eagle sophie[30785]: Timestamps? : no
Jan 7 14:31:30 eagle sophie[30785]: Show virus name? : yes
Jan 7 14:31:30 eagle sophie[30785]: Callbacks? : yes
Jan 7 14:31:30 eagle sophie[30785]: limit_classif : 10
Jan 7 14:31:30 eagle sophie[30785]: limit_nextfile : 10000
Jan 7 14:31:30 eagle sophie[30785]: limit_decompr : 1000
Jan 7 14:31:30 eagle sophie[30785]: socket_check : yes
Jan 7 14:31:30 eagle sophie[30785]: Port : 4009
Jan 7 14:31:30 eagle sophie[30785]: Temporary dir : /tmp
Jan 7 14:31:30 eagle sophie[30785]: Sophie version : 3.05
Thank you very much in advance,
Re: [exim] Exim 4.60 and Spamassassin 3.0.4 time out problems
Posted by "George R. Kasica" <ge...@netwrx1.com>.
FYI That should have said NOW seeing timeouts.....if I wasn't seeing
them I wouldn't have a problem :)
That's what I get for working late.
George
>On Fri, 06 Jan 2006 22:10:13 -0600, you wrote:
>Hello:
>
>Just upgraded to 4.60 here with Spamassassin 3.0.4 and all seems to
>work OK with the exception that I'm not seeing time out errors in the
>spam scanning....I didn't see that (at least in logs) with exim 3.36
>and SA 3.0.4. I haven't changed configurations on SA at all and Exim
>is also the same except for the necessary changes in the conf file to
>go from 3x to 4x. Mail is delivering properly, but I'm missing alot of
>spam checks I think.
>
>Any suggestions on fixing this problem??
>
>2006-01-06 15:47:24 1EuzOl-0000ab-QJ spam acl condition: error reading
>from spamd socket: Connection timed out
>2006-01-06 15:47:24 1EuzOl-0000ab-QJ H=mx1.wildfour.com
>[209.190.13.93] I=[192.168.1.1]:25 Warning: ACL "warn" statement
>skipped: condition test deferred
>2006-01-06 15:47:24 1EuzOl-0000ab-QJ <=
>1000-14794488-1-92-22-829mpxas@wildfour.com H=mx1.wildfour.com
>[209.190.13.93] I=[192.168.1.1]:25 P=esmtp S=4941
>2006-01-06 15:47:24 1EuzOl-0000ab-QJ => danab <DA...@WEBKATZ.COM>
>R=procmail T=procmail
>2006-01-06 15:47:24 1EuzOl-0000ab-QJ Completed
>
>Command lines are as follows:
>
>/usr/local/bin/spamd --local -u spamd -m 15 --max-conn-per-child=50 &
>
>/usr/local/exim/sbin/exim -bd
>
>I can provide config files if needed.
>
>Thanks,
>
>George
>===[George R. Kasica]=== +1 262 677 0766
>President +1 206 374 6482 FAX
>Netwrx Consulting Inc. Jackson, WI USA
>http://www.netwrx1.com
>georgek@netwrx1.com
>ICQ #12862186
Re: Syslog setting help needed
Posted by "George R. Kasica" <ge...@netwrx1.com>.
FYI, This doesn't happen with SA 3.0.4
George
>On Mon, 09 Jan 2006 06:33:00 -0600, you wrote:
>>On Sun, 08 Jan 2006 21:10:48 -0500, you wrote:
>
>>At 02:45 PM 1/8/2006, George R. Kasica wrote:
>>>I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
>>>alot of logging to my screen rather than into log files on the server
>>>from either spamd or exim (I'm thinking spamd) and I'm wondering how I
>>>can configure either of them or syslog.conf to not have this happen
>>>but go to files as before. Nothing has changed here in syslog.conf so
>>>I'm a little stumped.
>>
>>Can you show us the command line for spamd.. the syslogd.conf really won't
>>help debug this. If it's going to the screen, it's not going to syslog, and
>>I'd wonder why.
>
>Here you go:
>
>/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &
>
>>>Syslog.conf is below:
>>>
>><snip>
>>
>>
>>>spamd.* /var/log/exim/mail
>>>mail.* /var/log/exim/mail
>>>info.* /var/log/exim/mail
>>
>>
>>Does your syslogd actually accept that, or is the spamd line merely ignored
>>by your syslogd?
>Sorry, bad copy (old attempt) it is:
>
># Log all the mail messages in 1 place.
>mail.* /var/log/exim/mail
>
>>(AFAIK there's no such log facility as "spamd", and adding one would
>>require hacking your c libraries and syslogd. Spamd should be using the
>>facility "mail".)
>See above, I was just grabbing straws.
>
>George
Re: Syslog setting help needed
Posted by "George R. Kasica" <ge...@netwrx1.com>.
>On Mon, 09 Jan 2006 09:36:04 -0500, you wrote:
>At 07:33 AM 1/9/2006, George R. Kasica wrote:
>
>>Here you go:
>>
>>/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &
>
>
>Ditch the &, and add a -d instead.
>
>spamd will start logging to syslog if you tell it to daemonize, instead of
>starting it in console mode and forcing it to the background with &.
>
>
>
OK. Will try that one. Will move 3.1 back into production here, but
I'm still left with a problem there at this time of MANY timeouts as
shown below:
2006-01-07 00:00:19 1Ev75l-0002qs-UL spam acl condition: error reading
from spam
d socket: Connection timed out
2006-01-07 00:00:19 1Ev75l-0002qs-UL H=(211.220.37.149)
[211.220.37.149] I=[192.
168.1.1]:25 Warning: ACL "warn" statement skipped: condition test
deferred
2006-01-07 00:00:19 1Ev75l-0002qs-UL <= wejuvavqpz@yahoo.com
H=(211.220.37.149)
[211.220.37.149] I=[192.168.1.1]:25 P=smtp S=2987
id=DGSEIFRDTQMSETNJUGQFY@yahoo
.com
2006-01-07 00:00:19 1Ev75l-0002qs-UL => georgek <ge...@netwrx1.com>
R=procmail
T=procmail
2006-01-07 00:00:19 1Ev75l-0002qs-UL Completed
George
===[George R. Kasica]=== +1 262 677 0766
President +1 206 374 6482 FAX
Netwrx Consulting Inc. Jackson, WI USA
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186
Re: Syslog setting help needed
Posted by Matt Kettler <mk...@comcast.net>.
At 07:33 AM 1/9/2006, George R. Kasica wrote:
>Here you go:
>
>/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &
Ditch the &, and add a -d instead.
spamd will start logging to syslog if you tell it to daemonize, instead of
starting it in console mode and forcing it to the background with &.
Re: Syslog setting help needed
Posted by "George R. Kasica" <ge...@netwrx1.com>.
>On Sun, 08 Jan 2006 21:10:48 -0500, you wrote:
>At 02:45 PM 1/8/2006, George R. Kasica wrote:
>>I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
>>alot of logging to my screen rather than into log files on the server
>>from either spamd or exim (I'm thinking spamd) and I'm wondering how I
>>can configure either of them or syslog.conf to not have this happen
>>but go to files as before. Nothing has changed here in syslog.conf so
>>I'm a little stumped.
>
>Can you show us the command line for spamd.. the syslogd.conf really won't
>help debug this. If it's going to the screen, it's not going to syslog, and
>I'd wonder why.
Here you go:
/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &
>>Syslog.conf is below:
>>
><snip>
>
>
>>spamd.* /var/log/exim/mail
>>mail.* /var/log/exim/mail
>>info.* /var/log/exim/mail
>
>
>Does your syslogd actually accept that, or is the spamd line merely ignored
>by your syslogd?
Sorry, bad copy (old attempt) it is:
# Log all the mail messages in 1 place.
mail.* /var/log/exim/mail
>(AFAIK there's no such log facility as "spamd", and adding one would
>require hacking your c libraries and syslogd. Spamd should be using the
>facility "mail".)
See above, I was just grabbing straws.
George
Re: Syslog setting help needed
Posted by Matt Kettler <mk...@comcast.net>.
At 02:45 PM 1/8/2006, George R. Kasica wrote:
>I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
>alot of logging to my screen rather than into log files on the server
>from either spamd or exim (I'm thinking spamd) and I'm wondering how I
>can configure either of them or syslog.conf to not have this happen
>but go to files as before. Nothing has changed here in syslog.conf so
>I'm a little stumped.
Can you show us the command line for spamd.. the syslogd.conf really won't
help debug this. If it's going to the screen, it's not going to syslog, and
I'd wonder why.
>Syslog.conf is below:
>
<snip>
>spamd.* /var/log/exim/mail
>mail.* /var/log/exim/mail
>info.* /var/log/exim/mail
Does your syslogd actually accept that, or is the spamd line merely ignored
by your syslogd?
(AFAIK there's no such log facility as "spamd", and adding one would
require hacking your c libraries and syslogd. Spamd should be using the
facility "mail".)
Syslog setting help needed
Posted by "George R. Kasica" <ge...@netwrx1.com>.
I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
alot of logging to my screen rather than into log files on the server
from either spamd or exim (I'm thinking spamd) and I'm wondering how I
can configure either of them or syslog.conf to not have this happen
but go to files as before. Nothing has changed here in syslog.conf so
I'm a little stumped.
Example:
[12441] error: __alarm__
[11265] info: prefork: child states: IBII
[11265] info: spamd: handled cleanup of child pid 12441 due to SIGCHLD
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] info: prefork: child states: IBIS
[11430] error: __alarm__
[11430] error: __alarm__
[11365] info: spamd: connection from localhost [127.0.0.1] at port
39080
[11365] info: spamd: processing message
<11...@yahoogroups.com> for mail:561
[11265] info: prefork: child states: BII
[11430] info: spamd: connection from localhost [127.0.0.1] at port
39082
[11430] info: spamd: processing message <57...@msn.com> for
mail:561
[12231] info: spamd: connection from localhost [127.0.0.1] at port
39083
[12231] info: spamd: processing message
<40...@dawgteam.com> for mail:561
[11365] info: spamd: clean message (0.0/5.0) for mail:561 in 74.5
seconds, 7080 bytes.
[11365] info: spamd: result: . 0 -
scantime=74.5,size=7080,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=39080,mid=<11...@yahoogroups.com>,autolearn=disabled
[11365] error: __alarm__
[11365] error: __alarm__
Syslog.conf is below:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log everything (except mail and news) of level info or higher.
# Hmm--also don't log private authentication messages here!
*.info -/var/log/messages
*.warn -/var/log/messages
# Log debugging too
#*.debug;news,mail,authpriv,auth.none -/var/log/debug
# The authpriv file has restricted access.
authpriv.*;auth.* /var/log/secure
# true, 'auth' in the two previous rules is deprecated,
# but nonetheless still in use...
# Log all the mail messages in one place.
spamd.* /var/log/exim/mail
mail.* /var/log/exim/mail
info.* /var/log/exim/mail
# Save uucp and news errors of level err and higher
# in a special file.
uucp,news.err /var/log/spooler
# Everybody gets emergency messages, plus log them on
# another machine.
*.emerg *
#*.emerg @loghost