You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "George R. Kasica" <ge...@netwrx1.com> on 2006/01/08 20:45:24 UTC

Syslog setting help needed

I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
alot of logging to my screen rather than into log files on the server
from either spamd or exim (I'm thinking spamd) and I'm wondering how I
can configure either of them or syslog.conf to not have this happen
but go to files as before. Nothing has changed here in syslog.conf so
I'm a little stumped.

Example:

[12441] error: __alarm__
[11265] info: prefork: child states: IBII
[11265] info: spamd: handled cleanup of child pid 12441 due to SIGCHLD
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] warn: Use of uninitialized value in numeric eq (==) at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/SpamdForkScaling.pm
line 598.
[11265] info: prefork: child states: IBIS
[11430] error: __alarm__
[11430] error: __alarm__
[11365] info: spamd: connection from localhost [127.0.0.1] at port
39080
[11365] info: spamd: processing message
<11...@yahoogroups.com> for mail:561
[11265] info: prefork: child states: BII
[11430] info: spamd: connection from localhost [127.0.0.1] at port
39082
[11430] info: spamd: processing message <57...@msn.com> for
mail:561
[12231] info: spamd: connection from localhost [127.0.0.1] at port
39083
[12231] info: spamd: processing message
<40...@dawgteam.com> for mail:561
[11365] info: spamd: clean message (0.0/5.0) for mail:561 in 74.5
seconds, 7080 bytes.
[11365] info: spamd: result: .  0 -
scantime=74.5,size=7080,user=mail,uid=561,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=39080,mid=<11...@yahoogroups.com>,autolearn=disabled
[11365] error: __alarm__
[11365] error: __alarm__

Syslog.conf is below:

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
 
# Log everything (except mail and news) of level info or higher.
# Hmm--also don't log private authentication messages here!
*.info -/var/log/messages
*.warn -/var/log/messages
 
# Log debugging too
#*.debug;news,mail,authpriv,auth.none -/var/log/debug
 
# The authpriv file has restricted access.
authpriv.*;auth.* /var/log/secure
# true, 'auth' in the two previous rules is deprecated,
# but nonetheless still in use...
 
# Log all the mail messages in one place.
spamd.* /var/log/exim/mail
mail.* /var/log/exim/mail
info.* /var/log/exim/mail
 
# Save uucp and news errors of level err and higher
# in a special file.
uucp,news.err /var/log/spooler
 
# Everybody gets emergency messages, plus log them on
# another machine.
*.emerg                                                 *
#*.emerg                                                @loghost

Re: Syslog setting help needed

Posted by "George R. Kasica" <ge...@netwrx1.com>.

FYI, This doesn't happen with SA 3.0.4

George


>On Mon, 09 Jan 2006 06:33:00 -0600, you wrote:

>>On Sun, 08 Jan 2006 21:10:48 -0500, you wrote:
>
>>At 02:45 PM 1/8/2006, George R. Kasica wrote:
>>>I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
>>>alot of logging to my screen rather than into log files on the server
>>>from either spamd or exim (I'm thinking spamd) and I'm wondering how I
>>>can configure either of them or syslog.conf to not have this happen
>>>but go to files as before. Nothing has changed here in syslog.conf so
>>>I'm a little stumped.
>>
>>Can you show us the command line for spamd.. the syslogd.conf really won't 
>>help debug this. If it's going to the screen, it's not going to syslog, and 
>>I'd wonder why.
>
>Here you go:
>
>/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &
>
>>>Syslog.conf is below:
>>>
>><snip>
>>
>>
>>>spamd.* /var/log/exim/mail
>>>mail.* /var/log/exim/mail
>>>info.* /var/log/exim/mail
>>
>>
>>Does your syslogd actually accept that, or is the spamd line merely ignored 
>>by your syslogd?
>Sorry, bad copy (old attempt) it is:
>
># Log all the mail messages in 1 place.
>mail.*         /var/log/exim/mail
>
>>(AFAIK there's no such log facility as "spamd", and adding one would 
>>require hacking your c libraries and syslogd. Spamd should be using the 
>>facility "mail".)
>See above, I was just grabbing straws.
>
>George

Re: Syslog setting help needed

Posted by "George R. Kasica" <ge...@netwrx1.com>.

>On Mon, 09 Jan 2006 09:36:04 -0500, you wrote:

>At 07:33 AM 1/9/2006, George R. Kasica wrote:
>
>>Here you go:
>>
>>/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &
>
>
>Ditch the &, and add a -d instead.
>
>spamd will start logging to syslog if you tell it to daemonize, instead of 
>starting it in console mode and forcing it to the background with &.
>
>
>
OK. Will try that one. Will move 3.1 back into production here, but
I'm still left with a problem there at this time of MANY timeouts as
shown below:

2006-01-07 00:00:19 1Ev75l-0002qs-UL spam acl condition: error reading
from spam
d socket: Connection timed out
2006-01-07 00:00:19 1Ev75l-0002qs-UL H=(211.220.37.149)
[211.220.37.149] I=[192.
168.1.1]:25 Warning: ACL "warn" statement skipped: condition test
deferred
2006-01-07 00:00:19 1Ev75l-0002qs-UL <= wejuvavqpz@yahoo.com
H=(211.220.37.149) 
[211.220.37.149] I=[192.168.1.1]:25 P=smtp S=2987
id=DGSEIFRDTQMSETNJUGQFY@yahoo
.com
2006-01-07 00:00:19 1Ev75l-0002qs-UL => georgek <ge...@netwrx1.com>
R=procmail
 T=procmail
2006-01-07 00:00:19 1Ev75l-0002qs-UL Completed

George
===[George R. Kasica]===        +1 262 677 0766
President                       +1 206 374 6482 FAX 
Netwrx Consulting Inc.          Jackson, WI USA 
http://www.netwrx1.com
georgek@netwrx1.com
ICQ #12862186

Re: Syslog setting help needed

Posted by Matt Kettler <mk...@comcast.net>.

At 07:33 AM 1/9/2006, George R. Kasica wrote:

>Here you go:
>
>/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &

Ditch the &, and add a -d instead.

spamd will start logging to syslog if you tell it to daemonize, instead of 
starting it in console mode and forcing it to the background with &.

Re: Syslog setting help needed

Posted by "George R. Kasica" <ge...@netwrx1.com>.

>On Sun, 08 Jan 2006 21:10:48 -0500, you wrote:

>At 02:45 PM 1/8/2006, George R. Kasica wrote:
>>I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
>>alot of logging to my screen rather than into log files on the server
>>from either spamd or exim (I'm thinking spamd) and I'm wondering how I
>>can configure either of them or syslog.conf to not have this happen
>>but go to files as before. Nothing has changed here in syslog.conf so
>>I'm a little stumped.
>
>Can you show us the command line for spamd.. the syslogd.conf really won't 
>help debug this. If it's going to the screen, it's not going to syslog, and 
>I'd wonder why.

Here you go:

/usr/local/bin/spamd --local -u spamd -m 5 --max-conn-per-child=50 &

>>Syslog.conf is below:
>>
><snip>
>
>
>>spamd.* /var/log/exim/mail
>>mail.* /var/log/exim/mail
>>info.* /var/log/exim/mail
>
>
>Does your syslogd actually accept that, or is the spamd line merely ignored 
>by your syslogd?
Sorry, bad copy (old attempt) it is:

# Log all the mail messages in 1 place.
mail.*         /var/log/exim/mail

>(AFAIK there's no such log facility as "spamd", and adding one would 
>require hacking your c libraries and syslogd. Spamd should be using the 
>facility "mail".)
See above, I was just grabbing straws.

George

Re: Syslog setting help needed

Posted by Matt Kettler <mk...@comcast.net>.

At 02:45 PM 1/8/2006, George R. Kasica wrote:
>I've noticed that since going to exim 4.60 and SA 3.1 that I'm getting
>alot of logging to my screen rather than into log files on the server
>from either spamd or exim (I'm thinking spamd) and I'm wondering how I
>can configure either of them or syslog.conf to not have this happen
>but go to files as before. Nothing has changed here in syslog.conf so
>I'm a little stumped.

Can you show us the command line for spamd.. the syslogd.conf really won't 
help debug this. If it's going to the screen, it's not going to syslog, and 
I'd wonder why.

>Syslog.conf is below:
>
<snip>

>spamd.* /var/log/exim/mail
>mail.* /var/log/exim/mail
>info.* /var/log/exim/mail

Does your syslogd actually accept that, or is the spamd line merely ignored 
by your syslogd?

(AFAIK there's no such log facility as "spamd", and adding one would 
require hacking your c libraries and syslogd. Spamd should be using the 
facility "mail".)