Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th December 2010, 06:04
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
Question The Perfect SpamSnake - Ubuntu Jeos - High memory usage and slow response

Again thank you for the help in my previous post.

I have the server running now but I am seeing a lot of these

"Report: Denial of Service attack in message!"

I believe it is the slow processing that is holding it up. I am getting more ram for the server but do you have any other suggestions? Changing the clamav installation or something?

Cheers
Reply With Quote
Sponsored Links
  #2  
Old 14th December 2010, 13:53
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Hey,

Please give me a brief description of your setup eg. ram/hdd partition/size.

Also, please post a sample of your mail.log
__________________
Home of the SpamSnake

Last edited by Rocky; 14th December 2010 at 13:58.
Reply With Quote
  #3  
Old 14th December 2010, 17:29
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Thank you for the quick response. It a 3ghz xeon with 1gig of ram. And old dell 850. I may have to beef it up. Though it should be up for the task i think something else is the issue. I get no spam scores and it's waiting on something. When i run the lint test i only see this.

Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <META HTTP-EQUIV="Expires" CONTENT="-1"> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <TITLE></TITLE> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": </HEAD> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": <BODY><P></BODY> Dec 14 11:27:35.088 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_html_x30.cf": </HTML> Dec 14 11:27:35.089 [29737] warn: config: failed to parse line, skipping, in "/etc/spamassassin/70_sare_oem.cf": <!DOCTYPE html PUBLIC "-
Reply With Quote
  #4  
Old 14th December 2010, 17:52
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Do:
tail -f /var/log/mail.log

Copy and paste the output here.
__________________
Home of the SpamSnake
Reply With Quote
  #5  
Old 14th December 2010, 21:23
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
Smile

Dec 13 13:48:32 belatrix postfix/cleanup[3341]: 1FD1744037E: message-id=<20101213184827.1FD1744037E@belatrix.mycompany. on.ca>
Dec 13 13:48:36 belatrix postfix/smtpd[3212]: disconnect from localhost[127.0.0.1]
Dec 13 13:48:40 belatrix MailScanner[2081]: New Batch: Found 2 messages waiting
Dec 13 13:48:40 belatrix MailScanner[2081]: New Batch: Scanning 1 messages, 1031 bytes
Dec 13 13:48:52 belatrix MailScanner[2080]: SpamAssassin timed out and was killed, failure 1 of 10
Dec 13 13:49:08 belatrix MailScanner[2081]: Virus and Content Scanning: Starting
Dec 13 13:49:11 belatrix MailScanner[2081]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2081
Dec 13 13:49:48 belatrix MailScanner[2080]: Requeue: 90AE3440377.A6B88 to 618BD440384
Dec 13 13:49:48 belatrix MailScanner[2080]: Uninfected: Delivered 1 messages
Dec 13 13:49:48 belatrix postfix/qmgr[2220]: 618BD440384: from=<myremote@gmail.com>, size=389, nrcpt=1 (queue active)
Dec 13 13:49:49 belatrix MailScanner[2080]: Deleted 1 messages from processing-database
Dec 13 13:49:51 belatrix MailScanner[2080]: Logging message 90AE3440377.A6B88 to Baruwa SQL
Dec 13 13:49:52 belatrix postfix/pipe[3380]: 618BD440384: to=<scott.thecooladmin@mycompany.on.ca>, relay=dfilt, delay=267, delays=263/2.7/0/1.6, dsn=2.0.0, status=sent (delivered via dfilt service)
Dec 13 13:49:52 belatrix postfix/qmgr[2220]: 618BD440384: removed

>: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds. See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<nhmysteryshopper111@yahoo.com> to=<chris.accountingdude@mycompany.on.ca> proto=ESMTP helo=<cognos.symbio-group.com>
Dec 13 23:37:16 belatrix postfix/smtpd[18769]: disconnect from unknown[210.73.43.86]
Dec 13 23:38:25 belatrix postfix/smtpd[18777]: connect from fs4.int.mycompany.on.ca[10.9.1.6]
Dec 13 23:38:25 belatrix postfix/smtpd[18777]: A83C7440393: client=fs4.int.mycompany.on.ca[10.9.1.6]
Dec 13 23:38:25 belatrix postfix/cleanup[18778]: A83C7440393: hold: header Received: from remote.int.mycompany.on.ca (fs4.int.mycompany.on.ca [10.9.1.6])??by belatrix.mycompany.on.ca (Postfix) with ESMTPS id A83C7440393??for <tscooladmin@gmail.com>; Mon, 13 Dec 2010 23:38:25 -0500 (EST) from fs4.int.mycompany.on.ca[10.9.1.6]; from=<Scott.cooladmin@mycompany.on.ca> to=<tscooladmin@gmail.com> proto=ESMTP helo=<remote.int.mycompany.on.ca>
Dec 13 23:38:25 belatrix postfix/cleanup[18778]: A83C7440393: message-id=<9F7CFA807DCE324890E0BFAA32EC25E50EFC9E1E8A@FS4 .int.mycompany.on.ca>
Dec 13 23:38:25 belatrix postfix/smtpd[18777]: disconnect from fs4.int.mycompany.on.ca[10.9.1.6]
Dec 13 23:38:30 belatrix postfix/smtpd[18769]: connect from unknown[210.73.43.86]
Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: : SPF none (No applicable sender policy available): Envelope-from: nhmysteryshopper111@yahoo.com
Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: handler sender_policy_framework: is decisive.
Dec 13 23:38:33 belatrix postfix/policy-spf[18775]: : Policy action=PREPEND Received-SPF: none (yahoo.com: No applicable sender policy available) receiver=belatrix.mycompany.on.ca; identity=mailfrom; envelope-from="nhmysteryshopper111@yahoo.com"; helo=cognos.symbio-group.com; client-ip=210.73.43.86
Dec 13 23:38:33 belatrix postfix/smtpd[18769]: NOQUEUE: reject: RCPT from unknown[210.73.43.86]: 450 4.7.1 <tamara.stoll@mycompany.on.ca>: Recipient address rejected: Greylisted by greyfix 0.3.9, try again in 60 seconds. See http://www.kim-minh.com/pub/greyfix/ for more information.; from=<nhmysteryshopper111@yahoo.com> to=<tamara.stoll@mycompany.on.ca> proto=ESMTP helo=<cognos.symbio-group.com>
Dec 13 23:38:39 belatrix postfix/smtpd[18769]: disconnect from unknown[210.73.43.86]
Dec 13 23:38:43 belatrix MailScanner[11235]: New Batch: Scanning 1 messages, 1885 bytes
Dec 13 23:39:01 belatrix MailScanner[11235]: Virus and Content Scanning: Starting
Dec 13 23:39:10 belatrix postfix/smtpd[18777]: connect from snt0-omc4-s13.snt0.hotmail.com[65.55.90.216]
Dec 13 23:39:18 belatrix postfix/policy-spf[18794]: : SPF pass (Mechanism 'include:spf-a.hotmail.com' matched): Envelope-from: sadeghi.j@hotmail.com
Reply With Quote
  #6  
Old 14th December 2010, 23:35
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
Default

with regards to the clam error. I had amavis installed and the proc was running as that user not clamav. I removed amavis and set clamav conf to the proper user and the error has gone. so i think it's working though i get a freshclam error.

a few bugs no worries i have the time to sort them out. I like the implementation and baruwa very much so i am willing to sort them out.

I used to be a qmailrocks fan for years but it wasn't updated for a long time. Now i'm running exchange servers so this is just perfect and gives me piece of mind that linux is in front
Reply With Quote
  #7  
Old 15th December 2010, 03:19
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Hey,

Yes, it's great to have some flavor of linux in the mix, preferably infront of MS..lol

So are the issue gone? It looks like the user setting for clamd was causing the errors and delays. Since you changed it to the correct setting, have you have any problems or are mails being delivered normally?

Yes, Baruwa is something to talk about. It'll get better with time and I'm looking forward to it.

Rocky
__________________
Home of the SpamSnake
Reply With Quote
  #8  
Old 15th December 2010, 04:09
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
Smile

Things are looking pretty good. Spam is being scored and it's delivering mail. I am using it as the inbound/outbound server in front of my exchange server.

The cpu usage is nil now and running very well. I have those errors during the lint not sure what that's about.

Is there is list of things to check or a verify script to ensure all my settings are correct. I think my clamav setup is dicey.
Reply With Quote
  #9  
Old 15th December 2010, 04:19
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
Default

also what would you recommend for backup? settings/db/etc..
Reply With Quote
  #10  
Old 15th December 2010, 13:41
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
 
Default

Check your logs nginx, uwsgi and mail.log. If everything looks legit there, then you're good to go.

For Clamd, you should just remove and purge it and reinstall it using the guide.

This is by far the best setup I've come up with. Everything is running really smooth and fast.

You can start by backing up baruwa's db, mailscanner.conf, baruwa.conf and baruwa.ini. If the system crashes, you'll be able to import those files back into a build for a quick restore. Otherwise, if you're running a vm, you can just export the whole vm as a backup. Therefore, you'll be able to restore it in working order, with all the settings already applied.

Rocky
__________________
Home of the SpamSnake
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 13:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.