Page 3 of 4
Posted: Tue Apr 22, 2008 6:06 pm
by modom46
The three nameserver listings in the resolv.conf file all say the same thing when running nslookup bogus.spam-free-zone.com IP:
Non-authoritative answer:
Name: bogus.spam-free-zone.com
Address: 64.187.125.2
with the same IP address.
The resolv.conf has only these now:
nameserver 127.0.0.1
nameserver 209.51.128.19
nameserver 63.247.77.198
I set the timeout for 90 seconds and now get another spam email a little over 90 seconds that came through.
Code: Select all
Received: from mail.bluestonerealty.com by godslove.designhosting.biz (envelope-from <ceodometer@thetech.org>, uid 2020) with qmail-scanner-2.02st (spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:0(216.195.196.242):SA:0(?/?):. Processed in 90.049246 secs); 22 Apr 2008 20:23:01 -0000
Received: from mail.bluestonerealty.com (HELO sales2) (216.195.196.242) by dh-usa.net with SMTP; 22 Apr 2008 16:21:31 -0400
Received: from mail pickup service by boost.org with Microsoft SMTPSVC; Tue, 22 Apr 2008 17:19:47 +0500
X-Spam-Status: No, hits=? required=?
I'm totally lost.
Posted: Tue Apr 22, 2008 7:01 pm
by scott
Thats a really long processing time, is your system under a lot of load or something?
Posted: Tue Apr 22, 2008 7:36 pm
by modom46
It's been running above 1. when all these problems started happening.
It has never been this high and I have a better server than a year ago.
top - 18:34:56 up 3:31, 1 user, load average: 1.23, 1.49, 1.40
Tasks: 160 total, 3 running, 157 sleeping, 0 stopped, 0 zombie
Cpu(s): 30.5%us, 6.0%sy, 0.0%ni, 53.2%id, 9.5%wa, 0.2%hi, 0.7%si, 0.0%st
Mem: 1002764k total, 974100k used, 28664k free, 78196k buffers
Swap: 4192944k total, 2180k used, 4190764k free, 326520k cached
Lots of spam taking 65% and downward for the cpu.
Do you think I should uninstall and reinstall all the spam programs?
Posted: Wed Apr 23, 2008 8:43 am
by modom46
This morning I uninstalled spam assassin, clamd, razor, dcc, pyzor and qmail-scanner and my loads went down.
I reinstalled just spamassassin, clamd, and qmail-scanner and now my loads shot up again over 2 but are coming down now. I realize the load will go up a little but it was over 2.00 before uninstalling. I have left off dcc, pyzor, and razor and will monitor this since this is not the busiest part of the day and had more spam at night in the early hours than during the day. Still seems a little high compared to the traffic and spam are very high for the cpu use.
Is there anything else I can do to further reduce the load?
Thanks!
Posted: Wed Apr 23, 2008 10:10 am
by scott
Nah a load of 1 or 2 is nothing. Its probably the network checks, are any of the services blocking queries from your system?
Posted: Wed Apr 23, 2008 10:41 am
by modom46
Now it's spiking to over 3 and running over 2.5 mostly.
This has really never run this high before when the rest, dcc, razor, and pyzor were installed also.
Posted: Wed Apr 23, 2008 11:00 am
by scott
Thats not high, 300 is high
Posted: Wed Apr 23, 2008 11:02 am
by modom46
LOL 300 and my server would blow!
The problem is still there.
Just got a spam:
Code: Select all
Received: from ppp-58-9-55-51.revip2.asianet.co.th by godslove.designhosting.biz (envelope-from <support@comerica.com>, uid 2020) with qmail-scanner-2.02st (spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:0(58.9.55.51):SA:0(?/?):. Processed in 30.070588 secs); 23 Apr 2008 13:48:34 -0000
Received: from ppp-58-9-55-51.revip2.asianet.co.th (58.9.55.51) by mail.dh-usa.net with SMTP; 23 Apr 2008 09:48:03 -0400
X-Spam-Status: No, hits=? required=?
It shouldn't take 30 seconds to scan an email with only spamassassin, clamd, and qmail-scanner installed should it?
Posted: Wed Apr 23, 2008 3:56 pm
by scott
Not unless something was slowing it down, no.
Posted: Wed Apr 23, 2008 4:23 pm
by modom46
Do you know where I could look?
Funny thing about this is that most of the other spam is marked within reason and these several that are getting through are over 30 seconds. I cannot find the link to why the majority today are marked within reason and some are over 30 seconds.
I will know more in the morning as I usually get the most spam that have been coming in lately at this time.
Posted: Wed Apr 23, 2008 4:57 pm
by scott
Check your logs, or use a sniffer. Test out rbl's, pyzor, dcc, and razor manually, etc.
Posted: Wed Apr 23, 2008 10:34 pm
by modom46
I checked my mail logs and apache logs but didn't see anything unusual.
I do not have pyzor, dcc, or razor installed at this time. That's why I thought 30 seconds to process was unusual for some emails.
Posted: Thu Apr 24, 2008 12:47 am
by modom46
From the maillog when spamd stopped and a few spam were delivered. Where would I look for this problem?
Code: Select all
Apr 23 22:34:55 godslove qmail-remote-handlers[7824]: to=corena_herniter@hotmail.com
Apr 23 22:34:55 godslove spamc[7832]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Apr 23 22:34:55 godslove qmail: 1209004495.919457 delivery 157: success: 65.54.245.40_accepted_message./Remote_host_said:_250_<BAY0-MC12-F17oi2Cq10098c92b@bay0-mc12-f17.bay0.hotmail.com>_Queued_mail_for_delivery/
Apr 23 22:34:55 godslove qmail: 1209004495.919674 status: local 0/10 remote 0/20
Apr 23 22:34:55 godslove qmail: 1209004495.919781 end msg 38635192
Apr 23 22:34:56 godslove spamc[7832]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Apr 23 22:34:56 godslove spamc[7840]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Apr 23 22:34:57 godslove spamc[7832]: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Apr 23 22:34:57 godslove spamc[7840]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Apr 23 22:34:58 godslove spamc[7832]: connection attempt to spamd aborted after 3 retries
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: Handlers Filter before-queue for qmail started ...
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: from=wen-mei@barbarajordan.com
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: to=info@designhosting.biz
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: hook_dir = '/var/qmail//handlers/before-queue'
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: recipient[3] = 'info@designhosting.biz'
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: handlers dir = '/var/qmail//handlers/before-queue/recipient/info@designhosting.biz'
Apr 23 22:34:58 godslove qmail-queue-handlers[7843]: starter: submitter[7844] exited normally
Apr 23 22:35:00 godslove qmail-remote-handlers[7867]: from=wallacesomedaycaldwell@aaamath.com
Apr 23 22:35:00 godslove qmail-remote-handlers[7867]: to=fitness909@gmail.com
Apr 23 22:35:07 godslove relaylock: /var/qmail/bin/relaylock: mail from 194.30.0.31:55148 (smtp5.sarenet.es)
Apr 23 22:35:08 godslove spamc[7886]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Apr 23 22:35:09 godslove spamc[7886]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection refused
Apr 23 22:35:10 godslove spamc[7886]: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection refused
Apr 23 22:35:11 godslove spamc[7886]: connection attempt to spamd aborted after 3 retries
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: Handlers Filter before-queue for qmail started ...
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: from=
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: to=tanegral1976@LITTLE-CHAZ.COM
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: hook_dir = '/var/qmail//handlers/before-queue'
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: recipient[3] = 'tanegral1976@little-chaz.com'
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: handlers dir = '/var/qmail//handlers/before-queue/recipient/tanegral1976@little-chaz.com'
Apr 23 22:35:11 godslove qmail-queue-handlers[7889]: starter: submitter[7890] exited normally
Posted: Thu Apr 24, 2008 7:57 am
by scott
That means spamd isnt running
Posted: Thu Apr 24, 2008 10:52 am
by modom46
[root@godslove ~]# spamd -d
[423] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
[423] warn: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
[423] error: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Please tell me how to fix this?