Strange things started yesterday w/ hotmail and exim with SA via exiscan.
my spamd seems as if it's being started by the spamd user, but then it
looks like its being called by root..
May 6 06:57:14 arsenic spamd[16374]: server started on UNIX domain
socket /var/run/spamd (running version 3.0.2)
May 6 06:57:14 arsenic spamd[16374]: server successfully spawned child
process, pid 16391
May 6 06:57:22 arsenic spamd[16391]: got connection over /var/run/spamd
May 6 06:57:22 arsenic spamd[16391]: checking message
<1058.684400098@???> for spamd:873.
May 6 06:57:24 arsenic spamd[16391]: identified spam (19.4/6.5) for
spamd:873 in 2.3 seconds, 5993 bytes.
May 6 06:57:39 arsenic spamd[16391]: got connection over /var/run/spamd
May 6 06:57:39 arsenic spamd[16391]: checking message
<Kodakgallery_com.6k4dv8ztm.hz@???> for spamd:0.
May 6 06:57:42 arsenic spamd[16391]: clean message (3.2/6.5) for
spamd:0 in 3.5 seconds, 36733 bytes.
And hotmail has been sending some *massive* dsn messages, which seem to
take forever.
May 6 06:58:13 arsenic spamd[16391]: checking message
<LEGMPL35E00011ec7@???> for spamd:0.
May 6 06:58:31 arsenic spamd[16391]: clean message (6.4/6.5) for
spamd:0 in 17.9 seconds, 174976 bytes.
May 6 09:56:48 arsenic spamd[70256]: checking message
<WEsBk31TZ0001de85@???> for spamd:0.
May 6 09:57:10 arsenic spamd[70257]: identified spam (6.9/6.5) for
spamd:0 in 26.7 seconds, 92394 bytes.
Even tried moving back to a tcp socket.. just to see if it would make a
difference..
May 6 09:57:56 arsenic spamd[70256]: connection from localhost
[127.0.0.1] at port 53958
May 6 09:57:56 arsenic spamd[70256]: checking message
<yorAxCT9E0001d573@???> for spamd:0.
May 6 09:57:57 arsenic spamd[70257]: clean message (0.2/6.5) for
spamd:0 in 2.8 seconds, 3011 bytes.
May 6 09:58:20 arsenic spamd[70257]: connection from localhost
[127.0.0.1] at port 52023
May 6 09:58:20 arsenic spamd[70257]: checking message for spamd:0.
May 6 09:58:24 arsenic spamd[70256]: clean message (4.3/6.5) for
spamd:0 in 28.7 seconds, 95051 bytes.
This is the relevant portion of my data acl:
accept
condition = ${if >={$message_size}{96k}{1}{0}}
drop message = ** Attention **\n \
This message has been rejected!\n \
This message has a SPAM score of: $spam_score points.\n \
Please call xxx.yyy.zzzz if you feel this message is in
error.\n \
[$sender_address from $sender_host_address ->
$local_part@$domain at $tod_bsdinbox]
spam = spamd
condition = ${if >{$spam_score_int}{100}{1}{0}}
log_message = [SA Reject] $spam_score
warn message = X-New-Subject: [SPAM] $h_subject:
spam = spamd
log_message = [SPAM] $spam_score
warn message = X-Spam-Info: Spam detection software,
warn message = X-Spam-Info: Has scanned this message. If this is
believed to be spam
warn message = X-Spam-Info: A tag has been added to the subject for
you own filtering purposes.
warn message = X-Spam-Info: Please call us at: (xxx) yyy.zzz if you
have any questions.
warn message = X-Spam-Score: $spam_score ($spam_bar)
warn message = X-Spam-Report: $spam_report
accept
I did lower the message_size check from 200k to 96k just to see if it
would make a difference. It just seems that hotmail messages are
killing the SA on the box.
As is clamd.
last pid: 73401; load averages: 3.21, 3.12, 2.87
up
23+10:55:13 10:03:19
96 processes: 5 running, 91 sleeping
CPU states: 96.5% user, 0.0% nice, 3.1% system, 0.4% interrupt, 0.0%
idle
Mem: 218M Active, 328M Inact, 153M Wired, 18M Cache, 86M Buf, 32M Free
Swap: 1024M Total, 20K Used, 1024M Free
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND
34170 clamav 130 0 22400K 21280K RUN 0 134:16 42.97% 42.97% clamd
70257 root 129 0 72076K 64572K CPU1 1 1:40 28.86% 28.86%
perl5.8.6
70256 root 129 0 71768K 65612K RUN 0 2:26 25.73% 25.73%
perl5.8.6
34162 root -8 0 1168K 448K piperd 0 13:19 13.04% 13.04%
readproctitle
This is a FreeBSD 5.3 system w/ a p4 HT 2.4Ghz, w/ 768M of ram.
the box has been in use for over a year and has been working close to
flawlessness for that time.
exim -bV
Exim version 4.50 #1 (FreeBSD 5.3) built 21-Mar-2005 20:42:28
Copyright (c) University of Cambridge 2004
Probably Berkeley DB version 1.8x (native mode)
Support for: iconv() OpenSSL Content_Scanning Old_Demime Experimental_SPF
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
mysql
Authenticators:
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: pipe smtp
Fixed never_users: 0
Configuration file is /usr/local/etc/exim/configure
SA 3.0.2 with spamass-rules-20050401
and clamav 0.84.
I thank you for your time and appreciate anything that someone might
have to offer.
