[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spamd issues



On Thu, May 06, 2004 at 09:08:24AM -0700, TwinsPop wrote:
> Anyway, I'm running this on FreeBSD 5.2.1R, and everything works as
> documented[1], except for the logging. 2 issues: -v doesn't log anything
> extra to LOG_INFO. SMTP dialogue does go to LOG_DEBUG, tho only briefly.
Which version of spamd is that, exactly? Can you check the $OpenBSD$ tag
at the top of spamd.c?
In OpenBSD -current, -v sets verbose, which additionally enables the
following three kinds of messages:
  LOG_DEBUG (BLACK/GREY) addr: mail -> rcpt
  LOG_DEBUG addr: Body: line
  LOG_INFO  addr: From/To/Subject: line
The latter two only show up when the spammer is patient enough and sends
header/body lines (not if he drops the connection earlier).
Make sure you have syslogd.conf set up correctly, so it does store
LOG_INFO (and LOG_DEBUG, if you want that).
The log messages, levels and effect of -v have changed a lot. Maybe you
have an older spamd.c revision. If it's from the FreeBSD port, we could
submit an update for that.
> The second issue is that all logging dies, usually in under 10 minutes:
I've never seen that, are you sure syslog is not receiving anything from
spamd (like spamd's syslog handle becomes somehow invalid) as compared
to syslogd stopping logging them (or, simply, newsyslogd rotating the
file, and your viewer not re-opening the file ;)
> One other quickie: the output from using the -d flag for debugging often
> shows something like this even though I don't have greylisting active:
> 
>   (GREY) 213.201.23.96: <[email protected]> -> <[email protected]>
> 
> Any concern here? I assume it's a harmless notice from the greylisting
> code, but just verifying. :-)
It's harmless, maybe it should be suppressed if greylisting is not used,
as it has little meaning in that case. It might be useful to look at if
you consider enabling greylisting, but you can just ignore them.
Daniel