You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by The Doctor <do...@doctor.nl2k.ab.ca> on 2019/03/31 18:23:24 UTC
Overwhelmed or crashing spamd
Hello .
How can I diagnose an overwhelm or crashing spams?
In my mail logs, I see
2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output
2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA
2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!
Re: Overwhelmed or crashing spamd
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 31 Mar 2019, at 21:11, The Doctor wrote:
> From spamd.log
>
> Sun Mar 31 19:08:08 2019 [29825] dbg: plugin:
> Mail::SpamAssassin::Plugin::Bayes=HASH(0x80574c410) implements
> 'spamd_child_init', priority 0
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: Privilege de-escalation
> from user 0 and groups 0 0 0 5 20 117 920
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setgid ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: get_user_groups: uid is 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: group assignment ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setuid ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: uid assignment ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: real user is 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff user is 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] real groups are 58
> 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff groups are 58
> 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: prefork: sysread(8) not ready,
> wait max 300.0 secs
>
> HUH?
Looks like a normal spamd child prefork. The child PID is 29825.
The last line is saying that the child can't read anything (yet) from
its file descriptor #8, which should be a socket with the parent spamd
process on the other end. That's entirely normal because this is a
prefork for which there is no message immediately available for
scanning.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
Re: Overwhelmed or crashing spamd
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Sun, Mar 31, 2019 at 12:28:45PM -0600, The Doctor wrote:
> On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote:
> >
> >
> > Am 31.03.19 um 20:23 schrieb The Doctor:
> > > Hello .
> > >
> > > How can I diagnose an overwhelm or crashing spams?
> > >
> > > In my mail logs, I see
> > >
> > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output
> > >
> > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA
> > >
> > > 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT
> >
> > only god knows wihtout any useful information about your setup
> >
> > * which MTA
>
> Exim 4.92
>
> > * which spamassasin version
>
> Most current version.
>
> > * how did you clue SA into your MTA
>
> # For spam scanning, there is a similar option that defines the interface to
> # SpamAssassin. You do not need to set this if you are using the default, which
> # is shown in this commented example. As for virus scanning, you must also
> # modify the acl_check_data access control list to enable spam scanning.
>
> spamd_address = 204.209.81.1 783
>
From spamd.log
Sun Mar 31 19:08:08 2019 [29825] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x80574c410) implements 'spamd_child_init', priority 0
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: Privilege de-escalation from user 0 and groups 0 0 0 5 20 117 920
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setgid ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: get_user_groups: uid is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: group assignment ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setuid ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: uid assignment ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: real user is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff user is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] real groups are 58 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff groups are 58 58
Sun Mar 31 19:08:08 2019 [29825] dbg: prefork: sysread(8) not ready, wait max 300.0 secs
HUH?
> --
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
> Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!
Re: Overwhelmed or crashing spamd
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote:
>
>
> Am 31.03.19 um 20:23 schrieb The Doctor:
> > Hello .
> >
> > How can I diagnose an overwhelm or crashing spams?
> >
> > In my mail logs, I see
> >
> > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output
> >
> > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA
> >
> > 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT
>
> only god knows wihtout any useful information about your setup
>
> * which MTA
Exim 4.92
> * which spamassasin version
Most current version.
> * how did you clue SA into your MTA
# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.
spamd_address = 204.209.81.1 783
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!