You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Marco Herrn <ml...@mherrn.de> on 2005/06/20 18:17:25 UTC

Listening on local interface

Hi, 

I am using spamd and told it to listen only on the local interface:

herrn@pendragon:~$ ps aux|grep spamd
root      1764  0.0  3.0 34456 30672 ?       SNs  Jun01   0:00 /usr/bin/perl -T
-w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --syslog=/var/log/spamd.log -q --debug --listen-ip=127.0.0.1 -d --pidfile=/var/run/spamd.pid

A look on netstat shows, that this is indeed correct:

tcp        0      0 127.0.0.1:783           0.0.0.0:* LISTEN     1764/perl


But when spamc spawns some children when actually scanning a message those listen on the whole internet:

tcp        0      0 localhost:spamd         *:*                     LISTEN     1764/perl           
tcp        0      0 localhost:spamd         localhost:42346         CLOSE_WAIT 10608/spamd child   
tcp        0      0 localhost:42346         localhost:spamd         FIN_WAIT2  10689/spamc         
tcp        0      0 localhost:42336         localhost:spamd         TIME_WAIT  -                   
tcp        0      0 localhost:42341         localhost:spamd         TIME_WAIT  -                   
udp      368      0 *:34591                 *:*                                10608/spamd child   
udp      368      0 *:34592                 *:*                                10608/spamd child   
udp      368      0 *:34593                 *:*                                10608/spamd child   
udp      368      0 *:34594                 *:*                                10608/spamd child   
udp      368      0 *:34595                 *:*                                10608/spamd child   
udp      368      0 *:34596                 *:*                                10608/spamd child   
udp      368      0 *:34597                 *:*                                10608/spamd child   
udp      368      0 *:34598                 *:*                                10608/spamd child   
udp      368      0 *:34599                 *:*                                10608/spamd child   
udp      368      0 *:34600                 *:*                                10608/spamd child   
udp      368      0 *:34601                 *:*                                10608/spamd child   
udp      368      0 *:34602                 *:*                                10608/spamd child   
udp      368      0 *:34603                 *:*                                10608/spamd child   
udp      368      0 *:34604                 *:*                                10608/spamd child   

What does that mean? All udp connections listen on the whole internet. Is this a bug? Have I configured spamd incorrectly? 

Any hints are appreciated.

Regards
Marco

Re: Listening on local interface

Posted by Marco Herrn <ml...@mherrn.de>.

On Mon, 20 Jun 2005 14:00:16 -0400
Theo Van Dinter <fe...@apache.org> wrote:

> On Mon, Jun 20, 2005 at 06:17:25PM +0200, Marco Herrn wrote:
> > udp      368      0 *:34602                 *:*                                10608/spamd child   
> > udp      368      0 *:34603                 *:*                                10608/spamd child   
> > udp      368      0 *:34604                 *:*                                10608/spamd child   
> > 
> > What does that mean? All udp connections listen on the whole internet. Is this a bug? Have I configured spamd incorrectly? 
> 
> Those look like DNS queries waiting for a response.  Should be fine, they're
> short-lived.

Ok, so they need to listen on all interfaces? Or is there a way to restrict this (if this makes sense)?

Re: Listening on local interface

Posted by Theo Van Dinter <fe...@apache.org>.

On Mon, Jun 20, 2005 at 06:17:25PM +0200, Marco Herrn wrote:
> udp      368      0 *:34602                 *:*                                10608/spamd child   
> udp      368      0 *:34603                 *:*                                10608/spamd child   
> udp      368      0 *:34604                 *:*                                10608/spamd child   
> 
> What does that mean? All udp connections listen on the whole internet. Is this a bug? Have I configured spamd incorrectly? 

Those look like DNS queries waiting for a response.  Should be fine, they're
short-lived.

-- 
Randomly Generated Tagline:
"I can please only one person per day.
  Today is not your day.
  Tomorrow isn't looking good either."
         - Dave Morse (DNRC Motto suggestion)

Re: Listening on local interface

Posted by Marco Herrn <ml...@mherrn.de>.

Hi,

Matt Kettler <mk...@evi-inc.com> wrote:
> Marco Herrn wrote:
> > What does that mean? All udp connections listen on the whole internet. Is this a bug? Have I configured spamd incorrectly? 
> > 
> 
> What plugins are you using? Any chance you've got a SA plugin that does it's own
> UDP based communications?

What do you mean by plugins? I do not use (knowingly) any plugins.

Re: Listening on local interface

Posted by Matt Kettler <mk...@evi-inc.com>.

Marco Herrn wrote:
> Hi, 
> 
> I am using spamd and told it to listen only on the local interface:
> 
> herrn@pendragon:~$ ps aux|grep spamd
> root      1764  0.0  3.0 34456 30672 ?       SNs  Jun01   0:00 /usr/bin/perl -T
> -w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --syslog=/var/log/spamd.log -q --debug --listen-ip=127.0.0.1 -d --pidfile=/var/run/spamd.pid
> 
> A look on netstat shows, that this is indeed correct:
> 
> tcp        0      0 127.0.0.1:783           0.0.0.0:* LISTEN     1764/perl
> 

> udp      368      0 *:34604                 *:*                                10608/spamd child   
> 
> What does that mean? All udp connections listen on the whole internet. Is this a bug? Have I configured spamd incorrectly? 
> 

What plugins are you using? Any chance you've got a SA plugin that does it's own
UDP based communications?