HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   The Perfect SpamSnake - Ubuntu Jeos - High memory usage and slow response (http://www.howtoforge.com/forums/showthread.php?t=50504)

macross 14th December 2010 06:04

The Perfect SpamSnake - Ubuntu Jeos - High memory usage and slow response
 
Again thank you for the help in my previous post.

I have the server running now but I am seeing a lot of these

"Report: Denial of Service attack in message!"

I believe it is the slow processing that is holding it up. I am getting more ram for the server but do you have any other suggestions? Changing the clamav installation or something?

Cheers

Rocky 14th December 2010 13:53

Hey,

Please give me a brief description of your setup eg. ram/hdd partition/size.

Also, please post a sample of your mail.log

macross 14th December 2010 17:29

Thank you for the quick response. It a 3ghz xeon with 1gig of ram. And old dell 850. I may have to beef it up. Though it should be up for the task i think something else is the issue. I get no spam scores and it's waiting on something. When i run the lint test i only see this.

Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <META HTTP-EQUIV="Expires" CONTENT="-1"> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <TITLE></TITLE> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": </HEAD> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <BODY><P></BODY> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": </HTML> Dec 14 11:27:35.089 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_oem.cf": <!DOCTYPE html PUBLIC "-

Rocky 14th December 2010 17:52

Do:
tail -f /var/log/mail.log

Copy and paste the output here.

macross 14th December 2010 21:23

Dec 13 13:48:32 belatrix postfix/cleanup[3341]: 1FD1744037E: message-id=<20101213184827.1FD1744037E@belatrix.mycompany. on.ca>
Dec 13 13:48:36 belatrix postfix/smtpd[3212]: disconnect from localhost[127.0.0.1]
Dec 13 13:48:40 belatrix MailScanner[2081]: New Batch: Found 2 messages waiting
Dec 13 13:48:40 belatrix MailScanner[2081]: New Batch: Scanning 1 messages, 1031 bytes
Dec 13 13:48:52 belatrix MailScanner[2080]: SpamAssassin timed out and was killed, failure 1 of 10
Dec 13 13:49:08 belatrix MailScanner[2081]: Virus and Content Scanning: Starting
Dec 13 13:49:11 belatrix MailScanner[2081]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2081
Dec 13 13:49:48 belatrix MailScanner[2080]: Requeue: 90AE3440377.A6B88 to 618BD440384
Dec 13 13:49:48 belatrix MailScanner[2080]: Uninfected: Delivered 1 messages
Dec 13 13:49:48 belatrix postfix/qmgr[2220]: 618BD440384: from=<myremote@gmail.com>, size=389, nrcpt=1 (queue active)
Dec 13 13:49:49 belatrix MailScanner[2080]: Deleted 1 messages from processing-database
Dec 13 13:49:51 belatrix MailScanner[2080]: Logging message 90AE3440377.A6B88 to Baruwa SQL
Dec 13 13:49:52 belatrix postfix/pipe[3380]: 618BD440384: to=<scott.thecooladmin@mycompany.on.ca>, relay=dfilt, delay=267, delays=263/2.7/0/1.6, dsn=2.0.0, status=sent (delivered via dfilt service)
Dec 13 13:49:52 belatrix postfix/qmgr[2220]: 618BD440384: removed

>: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds. See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<nhmysteryshopper111@yahoo.com> to=<chris.accountingdude@mycompany.on.ca> proto=ESMTP helo=<cognos.symbio-group.com>
Dec 13 23:37:16 belatrix postfix/smtpd[18769]: disconnect from unknown[210.73.43.86]
Dec 13 23:38:25 belatrix postfix/smtpd[18777]: connect from fs4.int.mycompany.on.ca[10.9.1.6]
Dec 13 23:38:25 belatrix postfix/smtpd[18777]: A83C7440393: client=fs4.int.mycompany.on.ca[10.9.1.6]
Dec 13 23:38:25 belatrix postfix/cleanup[18778]: A83C7440393: hold: header Received: from remote.int.mycompany.on.ca (fs4.int.mycompany.on.ca [10.9.1.6])??by belatrix.mycompany.on.ca (Postfix) with ESMTPS id A83C7440393??for <tscooladmin@gmail.com>; Mon, 13 Dec 2010 23:38:25 -0500 (EST) from fs4.int.mycompany.on.ca[10.9.1.6]; from=<Scott.cooladmin@mycompany.on.ca> to=<tscooladmin@gmail.com> proto=ESMTP helo=<remote.int.mycompany.on.ca>
Dec 13 23:38:25 belatrix postfix/cleanup[18778]: A83C7440393: message-id=<9F7CFA807DCE324890E0BFAA32EC25E50EFC9E1E8A@FS4 .int.mycompany.on.ca>
Dec 13 23:38:25 belatrix postfix/smtpd[18777]: disconnect from fs4.int.mycompany.on.ca[10.9.1.6]
Dec 13 23:38:30 belatrix postfix/smtpd[18769]: connect from unknown[210.73.43.86]
Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: : SPF none (No applicable sender policy available): Envelope-from: nhmysteryshopper111@yahoo.com
Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: handler sender_policy_framework: is decisive.
Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: : Policy action=PREPEND Received-SPF: none (yahoo.com: No applicable sender policy available) receiver=belatrix.mycompany.on.ca; identity=mailfrom; envelope-from="nhmysteryshopper111@yahoo.com"; helo=cognos.symbio-group.com; client-ip=210.73.43.86
Dec 13 23:38:33 belatrix postfix/smtpd[18769]: NOQUEUE: reject: RCPT from unknown[210.73.43.86]: 450 4.7.1 <tamara.stoll@mycompany.on.ca>: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds. See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<nhmysteryshopper111@yahoo.com> to=<tamara.stoll@mycompany.on.ca> proto=ESMTP helo=<cognos.symbio-group.com>
Dec 13 23:38:39 belatrix postfix/smtpd[18769]: disconnect from unknown[210.73.43.86]
Dec 13 23:38:43 belatrix MailScanner[11235]: New Batch: Scanning 1 messages, 1885 bytes
Dec 13 23:39:01 belatrix MailScanner[11235]: Virus and Content Scanning: Starting
Dec 13 23:39:10 belatrix postfix/smtpd[18777]: connect from snt0-omc4-s13.snt0.hotmail.com[65.55.90.216]
Dec 13 23:39:18 belatrix postfix/policy-spf[18794]: : SPF pass (Mechanism 'include:spf-a.hotmail.com' matched): Envelope-from: sadeghi.j@hotmail.com

macross 14th December 2010 23:35

with regards to the clam error. I had amavis installed and the proc was running as that user not clamav. I removed amavis and set clamav conf to the proper user and the error has gone. so i think it's working though i get a freshclam error.

a few bugs no worries i have the time to sort them out. I like the implementation and baruwa very much so i am willing to sort them out.

I used to be a qmailrocks fan for years but it wasn't updated for a long time. Now i'm running exchange servers so this is just perfect and gives me piece of mind that linux is in front ;)

Rocky 15th December 2010 03:19

Hey,

Yes, it's great to have some flavor of linux in the mix, preferably infront of MS..lol

So are the issue gone? It looks like the user setting for clamd was causing the errors and delays. Since you changed it to the correct setting, have you have any problems or are mails being delivered normally?

Yes, Baruwa is something to talk about. It'll get better with time and I'm looking forward to it.

Rocky

macross 15th December 2010 04:09

Things are looking pretty good. Spam is being scored and it's delivering mail. I am using it as the inbound/outbound server in front of my exchange server.

The cpu usage is nil now and running very well. I have those errors during the lint not sure what that's about.

Is there is list of things to check or a verify script to ensure all my settings are correct. I think my clamav setup is dicey.

macross 15th December 2010 04:19

also what would you recommend for backup? settings/db/etc..

Rocky 15th December 2010 13:41

Check your logs nginx, uwsgi and mail.log. If everything looks legit there, then you're good to go.

For Clamd, you should just remove and purge it and reinstall it using the guide.

This is by far the best setup I've come up with. Everything is running really smooth and fast.

You can start by backing up baruwa's db, mailscanner.conf, baruwa.conf and baruwa.ini. If the system crashes, you'll be able to import those files back into a build for a quick restore. Otherwise, if you're running a vm, you can just export the whole vm as a backup. Therefore, you'll be able to restore it in working order, with all the settings already applied.

Rocky


All times are GMT +2. The time now is 04:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.