Page 2 of 4
Posted: Fri Apr 18, 2008 11:00 am
by modom46
Thanks!
I checked my logs yesterday and the most time it was taking to process an email was about 10-12 seconds and these were just a few. Most were 0.0etc... so I left the default for my $spamc_binary='/usr/bin/spamc';
I changed a couple of settings in /etc/qmail-scanner.ini file like setting SA_DELETE from 3 to 2.
I always run qmail-scanner-reconfigure.
I did not have any spam this morning.
I had "bayes_auto_learn 1" and "use_bayes 1" commented out in my local.cf file and was wondering if it should be set like this or uncomment the use_bayes 1 also since I saw some errors about it in my logs?
#add for bayes nodbs present, cannot tie DB R/0 error
bayes_path /etc/mail/spamassassin/bayes/bayes
bayes_file_mode 0666
bayes_auto_expire 1
bayes_auto_learn 1
#use_bayes 1
Posted: Mon Apr 21, 2008 10:38 am
by modom46
well today was a different story ...
over 200 spam so far.
Code: Select all
From: zbvperil@stephendavid.com
Subject: Feel more excitement
Date: April 21, 2008 9:11:57 AM CDT
To: info@designhosting.biz
Return-Path: <zbvperil@stephendavid.com>
Delivered-To: 1-info@designhosting.biz
Received: (qmail 29414 invoked by uid 10063); 21 Apr 2008 09:11:15 -0400
Received: from 200.105.22.81 by godslove.designhosting.biz (envelope-from <zbvperil@stephendavid.com>, uid 2020) with qmail-scanner-2.02st (spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:0(200.105.22.81):SA:0(?/?):. Processed in 30.044413 secs); 21 Apr 2008 13:11:15 -0000
Received: from unknown (HELO 200.105.22.81) (200.105.22.81) by dh-usa.net with SMTP; 21 Apr 2008 09:10:45 -0400
X-Spam-Status: No, hits=? required=?
Received-Spf: error (dh-usa.net: error in processing during lookup of stephendavid.com: DNS problem)
Message-Id: <001501c8a38f$c01bb030$00e669ac@GRUAS>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_01C8A38F.C01BB030"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2962
X-Mimeole: Produced By Microsoft MimeOLE V6.00.3790.2962
spamassassin and clamd is running and was running as of that header message above.
spamassassin --lint -D > output.txt 2>&1 shows these not installed but they have never been installed:
Code: Select all
[22125] dbg: diag: module not installed: Mail::SPF ('require' failed)
[22125] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[22125] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
[22125] dbg: diag: module not installed: Mail::DomainKeys ('require' failed)
[22125] dbg: diag: module not installed: Mail::DKIM ('require' failed)
My local.cf file looks like this:
Code: Select all
required_score 4
#add for bayes nodbs present, cannot tie DB R/0 error
bayes_path /etc/mail/spamassassin/bayes/bayes
bayes_file_mode 0666
bayes_auto_expire 1
bayes_auto_learn 1
use_bayes 1
#add for question is DNS available?
dns_available yes
#adding config options for razor2 and dcc that was enabled in v310.pre
use_dcc 1
dcc_home /var/dcc
dcc_timeout 10
dcc_path /usr/bin/dccproc
add_header all DCC _DCCB_: _DCCR_
use_pyzor 1
pyzor_timeout 10
pyzor_options --homedir /etc/mail/spamassassin/pyzor/
add_header all Pyzor _PYZOR_
use_razor2 1
razor_timeout 10
razor_config /etc/mail/spamassassin/razor/razor-agent.conf
Can someone help please? I'm at a loss as to what to do now.
Thank you.
Posted: Mon Apr 21, 2008 10:41 am
by scott
Clear:RC:0(200.105.22.81):SA:0(?/?):. Processed in 30.044413 secs); 21 Apr 2008 13:11:15 -0000
Took over 30 seconds to process. Thats what is happening. You should both increase the time and look into improving the performance of SA (check resolv.conf)
Posted: Mon Apr 21, 2008 10:48 am
by modom46
My resolv.conf says:
nameserver 127.0.0.1
nameserver 63.247.80.42
nameserver 63.247.80.43
domain godslove.designhosting.biz
nameserver 209.51.128.19
nameserver 63.247.77.198
These last two are the server company's IP's that my server is with.
I went ahead and changed /var/qmail/bin/qmail-scanner-queue.pl to:
my $spamc_binary='/usr/bin/spamc' -t 30";
and ran /usr/bin/qmail-scanner-reconfigure
Posted: Mon Apr 21, 2008 11:33 am
by modom46
I just got 4 of these after the changes:
Code: Select all
From: BobFlaherty@otcinfonews.net
Subject: Flaherty's Research Pick GNBT up 13% thursday
Date: April 21, 2008 10:15:51 AM CDT
To: hosting@designhosting.biz
Return-Path: <bobflaherty@otcinfonews.net>
Delivered-To: 1-hosting@designhosting.biz
Received: (qmail 9155 invoked by uid 10063); 21 Apr 2008 10:16:09 -0400
Received: from hp-156-102-227-66-ft.e-media-concepts.com by godslove.designhosting.biz (envelope-from <bobflaherty@otcinfonews.net>, uid 2020) with qmail-scanner-2.02st (spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:0(66.227.102.156):SA:0(?/?):. Processed in 30.474539 secs); 21 Apr 2008 14:16:09 -0000
Received: from hp-156-102-227-66-ft.e-media-concepts.com (HELO otcinfonews.net) (66.227.102.156) by mail.dh-usa.net with SMTP; 21 Apr 2008 10:15:38 -0400
X-Spam-Status: No, hits=? required=?
Each time I set the $spamc_binary and run the reconfigure it reverts back to:
my $spamc_binary='/usr/bin/spamc';
What am I doing wrong???
Posted: Mon Apr 21, 2008 11:51 am
by modom46
Ok I found the timeout here and it was set to 30 so I changed it to 60.
#/usr/share/qmail-scanner/configure
and ran the configure and now I wait to see ...
I don't know if there is anything wrong with the /etc/resolv.conf file.
Thanks for your help!
Posted: Mon Apr 21, 2008 1:32 pm
by modom46
I am seeing these listings in my maillog:
Apr 21 12:22:09 godslove X-Qmail-Scanner-2.02st: [godslove.designhosting.biz12087949177918243] cannot create /var/spool/qscan/quarantine//var/spool/qscan/quarantine/spam - No such file or directory
These directories are there owned by:
drwxr-xr-x 5 qscand qscand 4096 Mar 26 16:56 spam
drwxr-xr-x 5 qscand qscand 4096 Mar 26 16:56 quarantine
Why do I get those "cannot create" errors?
Thanks!
Posted: Mon Apr 21, 2008 5:59 pm
by modom46
Hi,
To remove:
/var/spool/qscan/quarantine//var/spool/qscan/quarantine/spam - No such file or directory
I found another one of the posts here to set the SPAMDIR to /spam which I did and error went away.
Also, in /etc/qmail-scanner.ini I set the -L option for:
SPAMDOPTIONS="-d -c -m5 -H -L"
Now, the time it takes to process a spam email is under a second to a little over 1 second. Seems to work good. If there is anything wrong with this please let me know.
Thanks!
Posted: Tue Apr 22, 2008 9:05 am
by scott
-L will lower the accuracy of spamassassin considerably. It disables all the network checks (RBL's, pyzor, dcc, razor, URIRBL's, etc).
Posted: Tue Apr 22, 2008 10:38 am
by modom46
I understood that it keeps from doing a reverse dns lookup each time thus lowering the processing time.
I have removed it.
I changed the resolv.conf to:
domain designhosting.biz
nameserver 127.0.0.1
nameserver 63.247.80.42 (nameserver for designhosting.biz)
nameserver 209.51.128.19 (nameserver for server company)
nameserver 63.247.77.198 (nameserver for server company)
Just checked the log and now am back from 5-17 seconds or higher to process spam and got this spam email just now for over 30 sec processing:
Code: Select all
Received: from dsl88-226-24893.ttnet.net.tr by godslove.designhosting.biz (envelope-from <fegeorge@ukpoets.net>, uid 2020) with qmail-scanner-2.02st (spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:0(88.226.97.61):SA:0(?/?):. Processed in 30.088955 secs); 22 Apr 2008 13:45:09 -0000
Received: from dsl88-226-24893.ttnet.net.tr (88.226.97.61) by designhosting.biz with SMTP; 22 Apr 2008 09:44:38 -0400
X-Spam-Status: No, hits=? required=?
What else can I do?
Thanks![/code]
Posted: Tue Apr 22, 2008 10:47 am
by breun
If 127.0.0.1 works I'd just remove the other ones. 5-17 seconds seems alright to me. You probably had a bad/slow nameserver in there. You can test a nameserver by executing something like this:
Code: Select all
# dig @<nameserver-ip-address> <some-hostname>
Posted: Tue Apr 22, 2008 4:05 pm
by modom46
Hi,
I set the timeout up to 60 seconds plus altering the resolv.conf file and just now got this spam which took over 60 seconds to process.
Code: Select all
Received: from 88.254.232.9 by godslove.designhosting.biz (envelope-from <kvaapm@pacbell.net>, uid 2020) with qmail-scanner-2.02st (spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:0(88.254.232.9):SA:0(?/?):. Processed in 60.423401 secs); 22 Apr 2008 18:59:05 -0000
Received: from unknown (HELO 88.254.232.9) (88.254.232.9) by mail.designhosting.biz with SMTP; 22 Apr 2008 14:57:58 -0400
X-Spam-Status: No, hits=? required=?
Anything else I can do?
Here's the message in the maillog.
Code: Select all
Apr 22 14:59:05 godslove qmail: 1208890745.396109 new msg 38634958
Apr 22 14:59:05 godslove qmail: 1208890745.396190 info msg 38634958: bytes 3081 from <kvaapm@pacbell.net> qp 15005 uid 10063
Apr 22 14:59:05 godslove qmail: 1208890745.401737 starting delivery 490: msg 38634958 to local 1-address_change@designhosting.biz
Apr 22 14:59:05 godslove qmail: 1208890745.401852 status: local 2/10 remote 1/20
Apr 22 14:59:05 godslove qmail-local-handlers[15008]: Handlers Filter before-local for qmail started ...
Apr 22 14:59:05 godslove qmail-scanner[13358]: Clear:RC:0(88.254.232.9):SA:0(?/?): 60.42093 2699 kvaapm@pacbell.net address_change@designhosting.biz super_offer!!! <
000801c8a4b3$04da405a$d0de9384@fsnom> orig-godslove.designhosting.biz120889067879113358:2699 1208890684.13535-0.godslove.designhosting.biz:559 1208890684.13535-1.godslove.designhosting.biz:1043
Apr 22 14:59:05 godslove qmail-local-handlers[15008]: from=kvaapm@pacbell.net
Apr 22 14:59:05 godslove qmail-local-handlers[15008]: to=address_change@designhosting.biz
Apr 22 14:59:05 godslove qmail-queue-handlers[15015]: Handlers Filter before-queue for qmail started ...
Apr 22 14:59:05 godslove qmail-queue-handlers[15026]: Handlers Filter before-queue for qmail started ...
Just got 6 more spam emails that took over 60 seconds to process. Seems like whatever setting you set for the timeout it goes over it just enough to get through.
Posted: Tue Apr 22, 2008 4:30 pm
by breun
Sounds like a problem with your nameserver setup. Are you sure they all allow for recursing?
Posted: Tue Apr 22, 2008 4:33 pm
by modom46
I ran this and it seems my server is recursive...thought that was good but apparently not according to this article.
http://archive.cert.uni-stuttgart.de/bu ... 00164.html
Code: Select all
[root@godslove etc]# nslookup bogus.spam-free-zone.com 216.180.242.170
Server: 216.180.242.170
Address: 216.180.242.170#53
Non-authoritative answer:
Name: bogus.spam-free-zone.com
Address: 64.187.125.2
In plesk dns I have:
Allow recursion = localnets
Should this be changed?
Posted: Tue Apr 22, 2008 4:55 pm
by breun
localhost is the most secure setting if you don't have any other servers that use your server in their resolv.conf. But I was talking about the nameservers that you have listed in your server's resolv.conf: do they all allow for recursion? If they can resolve your domain (which they can because they're the nameservers for your domain), but won't resolve arbitrary domains for you (through recursion) then you better not list them in your resolv.conf.