You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by The Doctor <do...@doctor.nl2k.ab.ca> on 2019/03/31 18:23:24 UTC

Overwhelmed or crashing spamd

Hello .

How can I diagnose an overwhelm or crashing spams?

In my mail logs, I see

2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output

2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA

2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

Re: Overwhelmed or crashing spamd

Posted by Bill Cole <sa...@billmail.scconsult.com>.

On 31 Mar 2019, at 21:11, The Doctor wrote:

> From spamd.log
>
> Sun Mar 31 19:08:08 2019 [29825] dbg: plugin: 
> Mail::SpamAssassin::Plugin::Bayes=HASH(0x80574c410) implements 
> 'spamd_child_init', priority 0
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: Privilege de-escalation 
> from user 0 and groups 0 0 0 5 20 117 920
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setgid ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: get_user_groups: uid is 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: group assignment ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setuid ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: uid assignment ERRNO is
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: real user is 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff user is 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] real groups are 58 
> 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff groups are 58 
> 58
> Sun Mar 31 19:08:08 2019 [29825] dbg: prefork: sysread(8) not ready, 
> wait max 300.0 secs
>
> HUH?

Looks like a normal spamd child prefork. The child PID is 29825.

The last line is saying that the child can't read anything (yet) from 
its file descriptor #8, which should be a socket with the parent spamd 
process on the other end. That's entirely normal because this is a 
prefork for which there is no message immediately available for 
scanning.

-- 
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

Re: Overwhelmed or crashing spamd

Posted by The Doctor <do...@doctor.nl2k.ab.ca>.

On Sun, Mar 31, 2019 at 12:28:45PM -0600, The Doctor wrote:
> On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote:
> > 
> > 
> > Am 31.03.19 um 20:23 schrieb The Doctor:
> > > Hello .
> > > 
> > > How can I diagnose an overwhelm or crashing spams?
> > > 
> > > In my mail logs, I see
> > > 
> > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output
> > > 
> > > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA
> > > 
> > > 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT
> > 
> > only god knows wihtout any useful information about your setup
> > 
> > * which MTA
> 
> Exim 4.92
> 
> > * which spamassasin version
> 
> Most current version.
> 
> > * how did you clue SA into your MTA
> 
> # For spam scanning, there is a similar option that defines the interface to
> # SpamAssassin. You do not need to set this if you are using the default, which
> # is shown in this commented example. As for virus scanning, you must also
> # modify the acl_check_data access control list to enable spam scanning.
> 
> spamd_address = 204.209.81.1 783
>

From spamd.log

Sun Mar 31 19:08:08 2019 [29825] dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x80574c410) implements 'spamd_child_init', priority 0
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: Privilege de-escalation from user 0 and groups 0 0 0 5 20 117 920
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setgid ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: get_user_groups: uid is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: group assignment ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: setuid ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: uid assignment ERRNO is
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: real user is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff user is 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] real groups are 58 58
Sun Mar 31 19:08:08 2019 [29825] dbg: spamd: [...] eff groups are 58 58
Sun Mar 31 19:08:08 2019 [29825] dbg: prefork: sysread(8) not ready, wait max 300.0 secs

HUH?

> -- 
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
> Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!

Re: Overwhelmed or crashing spamd

Posted by The Doctor <do...@doctor.nl2k.ab.ca>.

On Sun, Mar 31, 2019 at 08:25:58PM +0200, Reindl Harald wrote:
> 
> 
> Am 31.03.19 um 20:23 schrieb The Doctor:
> > Hello .
> > 
> > How can I diagnose an overwhelm or crashing spams?
> > 
> > In my mail logs, I see
> > 
> > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er spam acl condition: cannot parse spamd [204.209.81.1]:783 output
> > 
> > 2019-03-31 10:05:32.099 [7917] 1hAcxf-00023h-Er H=mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="doctor.nl2k.ab.ca" F=<@gmail.com> temporarily rejected after DATA
> > 
> > 2019-03-31 10:05:32.163 [7917] SMTP connection from mail-yw1-f68.google.com [209.85.161.68]:33747 I=[204.209.81.1]:25 closed by QUIT
> 
> only god knows wihtout any useful information about your setup
> 
> * which MTA

Exim 4.92

> * which spamassasin version

Most current version.

> * how did you clue SA into your MTA

# For spam scanning, there is a similar option that defines the interface to
# SpamAssassin. You do not need to set this if you are using the default, which
# is shown in this commented example. As for virus scanning, you must also
# modify the acl_check_data access control list to enable spam scanning.

spamd_address = 204.209.81.1 783

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Alberta on 16 April 2019, do not vote UCP, FCP nor NDP!