Perfect spamsnake allows all emails through at 3am

Discussion in 'Server Operation' started by filfish, Nov 10, 2009.

  1. filfish

    filfish New Member


    I've been running the perfect spamsnake on Ubuntu server 8.04.2 for about 8 months, all in all it has been superb, but I do have two issues, though they may well be connected.

    Our spamsnake feeds into a secondary mail filter box which has pretty graphs etc and is then used as the fail-over for spamsnake.

    Ubuntu is set to run it's daily.crons at 3am every day, and at this time for around an hour sometimes a bit longer, our second mail filter reports a massive increase of mail from approximately 200 an hour to in excess of 2000 often in excess of 4000 emails per hour.

    The second issue is that approximately every 2 weeks (though it isn't exact) the system fails. all mail stops flowing through it, it is not accessible through the network via pings, ssh etc, open up the console and it is as if it is part way through a script but just hanging, the only option is to cold boot it as it becomes unresponsive to keyboard. This in itself causes problems as the mailscanner and gld_db databases both need repairing.

    Once the system is back upo there appears to be no mention of an issue in the logs, though I could be missing lots as I'm not all that savvy when it comes to the log files.

    Has anyone come across similar issues, and/or know where to look to resolve the problems?

    Many thanks

  2. Rocky

    Rocky Member

    They system failure is not normal and I've never had that problem. However, you have to fix one thing at a time. Verify that the cron jobs are good and reschedule them at different intervals. Then, monitor to see what happens.
  3. filfish

    filfish New Member

    Hi Rocky

    The dailys are all in /etc/cron.daily and I've started to remove them one at a time and run them from cr4on at a different time. I didn't think it was a normal thing as I'd not seen any posts similar to it.

    When the system hangs it's almost like a kernel panic, but i added kernel.panic = 10 to /etc/sysctl.conf but it still did the same.

    I'll try your method and take all the jobs in cron.daily out and put them on a schedule in cron separated by an hour to see if it sheds some light on which of the jobs is having issues.

  4. filfish

    filfish New Member


    I've found the issue with the 3am spikes, one of our dailys runs this line, I took it out last night and all was well.

    /usr/bin/mysql -ugld_user -pgld_password -e 'USE gld_db; DELETE FROM greylist WHERE n > 0;' &> /dev/null 2>&1

    I can't remember where I got it from, but our greylist table was growing to GBs in size and was not clearing at all. This was offered as a quick and dirty fix.

    Is there a better way of cleaning out the greylist table so i don't have these issues?

    One way I've thought about is to just delete everything from it on a daily bases, all our trusted and regular senders are in the whitelist table anyway.

    Ideas would be gratefully received



Share This Page