Help! Spamassassin and clamscan are going crazy!

Discussion in 'General' started by spuppy, Sep 17, 2007.

  1. spuppy

    spuppy New Member

    I noticed that my server load was at 11.xx, so I ran top to see what was causing it...

    Spamassassin and clamscan are running 5-10 processes, each taking 25-30% CPU!

    I did some searching on the forum, and people talked about clamd, clamav, clamassassin.. it is all so confusing to me. I don't think switching is the solution here, there is obviously simply something broken here. I am only running about 10 sites, and they don't get THAT much spam.

    Please help, thanks :)

    I disabled antivirus on all of the email accounts, so clamscan is no longer causing a problem. However, spamassassin is still there, and even though I stopped the service (spamassassin stop), it is still running several of them, each using 20-30% CPU! I stopped postfix, and it's OK now. But obviously postfix needs to be running ;)
     
    Last edited: Sep 17, 2007
  2. spuppy

    spuppy New Member

    Holy ****

    I just checked the inboxes of my email accounts.. I think this MIGHT be related.

    In each email account, there are about 5000 of these emails:

    Code:
    This is the mail system at host thorzor.hcwnetwork.com.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to <postmaster>
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                       The mail system
    
    <[email protected]>: mail for
        localhost.localdomain.hcwnetwork.com loops back to myself
    Included are two attachments:

    Delivery report.dat

    Code:
    Reporting-MTA: dns; thorzor.hcwnetwork.com
    X-Postfix-Queue-ID: D192E31881D9
    X-Postfix-Sender: rfc822; [email protected]
    Arrival-Date: Sun, 16 Sep 2007 12:56:58 -0700 (PDT)
    
    Final-Recipient: rfc822; [email protected]
    Original-Recipient: rfc822;[email protected]
    Action: failed
    Status: 5.4.6
    Diagnostic-Code: X-Postfix; mail for localhost.localdomain.hcwnetwork.com loops
        back to myself
    
    And one called Mailsize_web7_username.eml:

    Code:
    Received: from thorzor.hcwnetwork.com (localhost.localdomain [127.0.0.1])
    	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    	(No client certificate requested)
    	by thorzor.hcwnetwork.com (Postfix) with ESMTP id D192E31881D9
    	for <[email protected]>; Sun, 16 Sep 2007 12:56:58 -0700 (PDT)
    Received: (from [email protected])
    	by thorzor.hcwnetwork.com (8.13.8/8.13.8/Submit) id l8GJuw36002051
    	for [email protected]; Sun, 16 Sep 2007 12:56:58 -0700
    Date: Sun, 16 Sep 2007 12:56:58 -0700
    From: admin <[email protected]>
    Message-Id: <[email protected]>
    X-Loop: [email protected]
    Subject: Mailsize: web7_admin
    To: undisclosed-recipients:;
    
    2900
     
    Last edited: Sep 17, 2007
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Add the line:

    localhost.localdomain.hcwnetwork.com

    at the end of the file:

    /etc/postfix/local-host-names

    and restart postfix.

    By the way, this has been explained around hundred times here in the forum, so please search the forum first before you post a question :)
     
  4. spuppy

    spuppy New Member

    Trust me, I have done plenty of searches. I did not come across this solution.

    Now is there an easy way to clear out all these emails from all the accounts? I have about 10 email accounts, and each has about 9000 copies of this email...

    EDIT: There was a file called local-host-names~. I guess it backed itself up. I'm sure this must be related to the same problems I was having with my /etc/group file disappearing.

    Thanks!
     
    Last edited: Sep 17, 2007
  5. spuppy

    spuppy New Member

    OK so the error of 3000 emails being created every hour has been fixed. However, Spamassassin is still using WAY too many resources.. I believe something is still broken. Any ideas?
     
  6. spuppy

    spuppy New Member

    UPDATE: Actually, the problem is still occuring. Thousands of these emails are being created. Help Please!!!
     
  7. spuppy

    spuppy New Member

    Last update before I go to bed: I moved the line

    localhost.localdomain.hcwnetwork.com

    to the top of that file, instead of the bottom. That appears to have worked, as spamassassin is no longer running at 100% full time, and it is no longer making thousands upon thousands of duplicate emails.

    Not sure how it would make a difference, but there you go :)

    If someone can suggest how I can delete all of the emails without having to download them, please let me know!

    Thanks :)
     
  8. catdude

    catdude ISPConfig Developer ISPConfig Developer

    Moving it to the top of the file instead of the bottom shouldn't necessarily make a difference in operation. It will, however have one very important effect: the next time you make a change to any customer config with ISPConfig, the local-host-names file will get recreated without that entry in it.

    If you look at that file, near the bottom is a line reading:
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####

    Changes you make to the file (that is, lines that you add to the file) below this line will be propagated to the new file when it gets rebuilt. Any manual changes that you make to the file above that line will be lost.

    In any case, the "mail loops back" error is generally caused by not having your local host name in the local-host-names file.
     
  9. catdude

    catdude ISPConfig Developer ISPConfig Developer

    If the 10 mailboxes in question have nothing but the error messages in them, you can just delete the entire contents of the appropriate Maildirs.

    Assuming for a moment that all of the mailboxes are within the same domain, you could try something like this to kill off only those messages containing the phrase "loops back":

    cd /var/www/www.<the domain name>/user
    for file in `find . -exec grep "loops back" {} \; -print`
    do
    echo Killing off $file
    rm $file
    done

    NOTE: This script is not tested! Use at your own risk! Be sure to test/analyze before running.
     
  10. spuppy

    spuppy New Member

    When I added it to the bottom line, it did not work... So it appears I don't have a choice in the matter.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    It must work when you put it at the bottom. I'am setting up ISPConfig systems daily and it always works for me by putting the line at the end of the file. Maybe you had a typo. Adding it at the beginning of the file is not a solution as catdude pointed out.
     

Share This Page