[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spamd issues

Thanks for the help!
On Fri, May 07, 2004 at 03:20:09PM +0200, Daniel Hartmeier wrote:
> Which version of spamd is that, exactly? Can you check the $OpenBSD$ tag
> at the top of spamd.c?
   /* $OpenBSD: spamd.c,v 1.64 2004/03/17 14:42:20 beck Exp $ */
I'll grab 1.66 and see how it goes.
> Make sure you have syslogd.conf set up correctly, so it does store
> LOG_INFO (and LOG_DEBUG, if you want that).
   daemon.err;daemon.warn;daemon.info              /var/log/spamd
debug.log gets what I'd expect, but the spamd log never gets anything
but connect/disconnect messages. And of course, both die...
> > The second issue is that all logging dies, usually in under 10 minutes:
> I've never seen that, are you sure syslog is not receiving anything from
> spamd (like spamd's syslog handle becomes somehow invalid) as compared
> to syslogd stopping logging them (or, simply, newsyslogd rotating the
> file, and your viewer not re-opening the file ;)
This one's getting stranger still. After mucho troubleshooting
yesterday, I say with quite a lot of confidence that the logging always
stops on 10 minute boundaries. 18:00, or 18:10, or 18:20, etc, but not
on EVERY 10 minute boundary. I got it to run for 45 minutes a few times.
But when it died, it was at a time ending in 0 (minutes that is).
Stopping spamd and restarting will always get the logging going again.
Stopping syslogd and restarting has no effect. I'm positive it's not
just a new file. :-) First thing I checked. For whatever reason, the
syslog handle appears to be going bad.
> >   (GREY) <[email protected]> -> <[email protected]>
> > 
> > Any concern here? I assume it's a harmless notice from the greylisting
> > code, but just verifying. :-)
> It's harmless, maybe it should be suppressed if greylisting is not used,
> as it has little meaning in that case. It might be useful to look at if
> you consider enabling greylisting, but you can just ignore them.
It does get quite verbose though! Nearly a hundred per second sometimes.
While hunting around the source code for logging problems, I cleaned out
the greylisting pieces. :-)
23843 added to <spamd> in the last 24 hrs. Weee...  (I clear out
addresses older than 24 hrs just to be safe.)
Unrelated, but interesting tidbit... while there is a wide variance in
connect times for clients (from 2 seconds to 600 or more), ~ 90% of them
are 52-4 seconds. Changing the delay to 3 seconds per char didn't change
it-- the mode remained 52-54 seconds. _I_ thought it was interesting
anyway. :-) The spambots hitting me are possibly the same client? And
aware of tarpits?