Too messages in Hold folder when spamassassin is activated in MailScanner

UxBoD uxbod at splatnix.net
Tue Nov 27 21:01:26 GMT 2007 

So when disabling RBLs the problem disappears.  Thats a start! If your bandwidth is saturated then lookups are taking a long time.  Is your Internet connection being over utilised ? Sorry not at machine to check the RBLs you are using.

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
From: "Israel Garcia" <igalvarez at gmail.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Tuesday, November 27, 2007 8:37:53 PM (GMT) Europe/London
Subject: Re: Too messages in Hold folder when spamassassin is activated in MailScanner


On Nov 27, 2007 1:11 PM, UxBoD < uxbod at splatnix.net > wrote: 



Well ASN is hashed out in your v320 pre file but is still active in the v310 file. 
What does it means? 



We process over 100k messages a day on a 256k line so no real worries there. You say a high percentage of your traffic is SMTPr ba, how are you identifying that ? 

I can see the traffic in my WAN network using a cisco router/netflow collector. 


Are you performing any sort of packet shaping or QoS then ? 
No 


It does sound to me like DNS timeouts when performing lookups, as others have also said. 
Well, I use a only caching dns (caching-nameserver-7.3-3) 


If you set the list of RBLs to check to blank in MailScanner.conf does the problem disappear ? 
Do you mean thie line: 
Spam List = #ORDB-RBL SBL+XBL spamcop.net NJABL SORBS # 

When the problem disappear is when I set: 
Use Spamassassin = no 
and restart mailscanner... 

thanks in advance 
Israel 




Regards, 

--[ UxBoD ]-- 
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" 
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B 
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B 
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net 


----- Original Message ----- 
From: "Israel Garcia" < igalvarez at gmail.com > 
To: "MailScanner discussion" < mailscanner at lists.mailscanner.info > 
Sent: Tuesday, November 27, 2007 4:50:20 PM (GMT) Europe/London 
Subject: Re: Too messages in Hold folder when spamassassin is activated in MailScanner 


On Nov 25, 2007 3:56 PM, Glenn Steen < glenn.steen at gmail.com > wrote: 






On 25/11/2007, Israel Garcia < igalvarez at gmail.com > wrote: 
> On Nov 25, 2007 2:46 PM, Glenn Steen < glenn.steen at gmail.com > wrote: 
> 
> > 
> > 
> > 
> > On 25/11/2007, Israel Garcia < igalvarez at gmail.com > wrote: 
> > > Hi all, I'm running MailScanner-4.65-3.1(with DCC, razor2, pyzor) on a 
> > > CentOS4.5 Linux server. I installed too the package 
> > > install-Clam-0.91.2-SA-3.2.3.tar.gz in order to 
> activate spamassassin 
> > > with mailscanner. I ran spamassassin -D --lint and there's no problem 
> > > in my configuration files. I also see in maillog file the spamassassin 
> > > doing its work with spam: 
> > > 
> > > Nov 25 04:54:51 hostname MailScanner[20611]: Message B25732B1DB.A9A63 
> > > from MailScanner warning: numerical links are often malicious: MailScanner warning: numerical links are often malicious: 75.93.188.141 ( jerrimy at donin.com ) to mydomain.com is spam, 



> > > SBL+XBL, spamcop.net , SpamAssassin (not cached, score=30.984, required 
> > > 6, DCC_CHECK 1.37, FH_HELO_EQ_D_D_D_D 0.50, FS_REPLICA 1.18, 
> > > HELO_DYNAMIC_IPADDR2 4.39, HTML_MESSAGE 0.00, RATWARE_MS_HASH 2.78, 
> > > RATWARE_OUTLOOK_NONAME 0.00, RCVD_IN_BL_SPAMCOP_NET 2.19, RCVD_IN_XBL 
> > > 2.90, RDNS_DYNAMIC 0.10 , SARE_SPEC_REPLICA_OBFU 1.81, 
> > > SARE_SPEC_ROLEX_NOV5A 1.06, TVD_RCVD_IP 1.62, URIBL_AB_SURBL 1.61, 
> > > URIBL_BLACK 1.96, URIBL_JP_SURBL 2.86, URIBL_OB_SURBL 2.13, 
> > > URIBL_SC_SURBL 2.52) 
> > > 
> > > Everything is fine BUT, when I run "qshape hold" I see the HOLD folder 
> > > is FULL of messages waiting to be processed, I mean thousands of mails 
> > > waiting and there is a long delay in delivering. 
> > > My link to internet is not full, I mean I see the normal traffic. 
> > > 
> > > So, when I turn off spamassassin in MailScanner.conf there's almost no 
> > > messages in HOLD foder. 
> > > 
> > > My questions are: 
> > > 
> > > 1. How can I speed the spamassassin process in my server? 
> > Use a caching only DNS, limit what you check (RBLs etc).... There are 
> > some things to do:-) 
> > 
> > 
> 
> I have in this server a caching only DNS... 
> > 
> > 
> > > 2. Do I have to use all the plugins (DCC, razor2, pyzor, spamcop, and 
> > > others that comes activated by default when I install spamassassin 
> > > package)? 
> > No. But they all contribute something:-). WRT Pyzor, make sure you use 
> > the "alternative" server, the official one will likely just time out. 
> > What modules do you load? 
> 
> I use DCC, razor2, pyzor and all the stuff from /etc/mail/spamassassin 
> config files: 
> 
> -rw-r--r-- 1 root root 1089 Jun 2 13:40 init.pre 
> lrwxrwxrwx 1 root root 41 Jun 2 21:43 local.cf -> 
> /etc/MailScanner/spam.assassin.prefs.conf 
You shouldn't have local.cf as a link to spam.assassin.prefs.conf... . 
That was more a thing some did before the advent of the mailscanner.cf 
link. 
local.cf is a perfect place to have local rescoring etc ... Like 
setting dead RBLs to score 0 (thus preventing a timeout problem), or 
RBLs that might be ... problematic (like if you get firewalled by 
spamhaus... Check recent threads on the list for a simple test to see 
if you've been FW'd by them). 


Glenn, sorry my delay in answers you but I was busy with this server... I dont really get what you mean by local.cf file.. should I delete the local.cf link? 




> lrwxrwxrwx 1 root root 41 Nov 24 11:00 mailscanner.cf -> 
> /etc/MailScanner/spam.assassin.prefs.conf 
> drwxr-xr-x 3 root root 4096 Nov 24 15:43 old 
> drwxr-xr-x 2 root root 4096 Nov 25 05:05 RulesDuJour 
> drwx------ 2 root root 4096 Nov 25 05:08 sa-update-keys 
> -rw-r--r-- 1 root root 2439 Jun 2 14:03 v310.pre 
> -rw-r--r-- 1 root root 922 Jun 2 13:39 v312.pre 
> -rw-r--r-- 1 root root 2299 Jun 2 13:40 v320.pre 

I was more thinking along the lines of what loadmodule statements that 
you have active:-). Check that ASN isn't loaded... for example:-). 
If you like, paste result of 
# grep -i loadplug /etc/mail/spamassassin/*.pre 
Here you go: 

[root at domain.com:/etc/yum.repos.d]$ grep -i loadplug /etc/mail/spamassassin/*.pre 
/etc/mail/spamassassin/init.pre:# loadplugin Mail::SpamAssassin::Plugin::RelayCountry 
/etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::URIDNSBL 
/etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::Hashcash 
/etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::SPF 
/etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::RelayCountry 
/etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::Razor2 
/etc/mail/spamassassin/init.pre:loadplugin Mail::SpamAssassin::Plugin::ASN 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::DCC 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::Pyzor 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::Razor2 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::SpamCop 
/etc/mail/spamassassin/v310.pre:#loadplugin Mail::SpamAssassin::Plugin::AntiVirus 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::AWL 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold 
/etc/mail/spamassassin/v310.pre:#loadplugin Mail::SpamAssassin::Plugin::TextCat 
/etc/mail/spamassassin/v310.pre:#loadplugin Mail::SpamAssassin::Plugin::AccessDB 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject 
/etc/mail/spamassassin/v310.pre:#loadplugin Mail::SpamAssassin::Plugin::DomainKeys 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::MIMEHeader 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::ReplaceTags 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::RelayCountry 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::SPF 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::URIDNSBL 
/etc/mail/spamassassin/v310.pre:loadplugin Mail::SpamAssassin::Plugin::ASN 
/etc/mail/spamassassin/v312.pre:#loadplugin Mail::SpamAssassin::Plugin::DKIM 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::Check 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::URIDetail 
/etc/mail/spamassassin/v320.pre:# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::Bayes 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::BodyEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::DNSEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::HTMLEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::HeaderEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::MIMEEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::RelayEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::URIEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::WLBLEval 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::VBounce 
/etc/mail/spamassassin/v320.pre:# loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody 
/etc/mail/spamassassin/v320.pre:# loadplugin Mail::SpamAssassin::Plugin::ASN 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::ImageInfo 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::RelayCountry 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::SPF 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::URIDNSBL 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::Razor2 
/etc/mail/spamassassin/v320.pre:loadplugin Mail::SpamAssassin::Plugin::ASN 





(snip) 

> I'm running to read them NOW! :-) 
Good. The message never received is the least loading...:-). 



So, I have to tell you I'm having the same problem with a lot of messages in HOLD folder when I check mails with spamassassin.. I also note this things: 

1. My link to Internet is FULL and high % is SMTP. 
2. I see a laod average high load average: 9.92, 8.29, 7.21 (I have a compaq proliant with two CPUs and 2GB RAM) 
3. I am processing almost 40000 email daily.is it high for this server with 256Kbps Frame relay connection? 

thanks in advance 
regards 
Israel 




> 
> > 
> > 
> > 
> > > 4. Does anybody knows some perfect setup (best perfomance) to install 
> > > mailscanner with spamssassin? some link? some tutorial? 
> > Perfect is too much to aim for;-). I usually try for functional:-):-) 
> 
> :-) :-) .. thanks a lot Glenn 
:-) 

Cheers 
-- 



-- Glenn 
email: glenn < dot > steen < at > gmail < dot > com 
work: glenn < dot > steen < at > ap1 < dot > se 
-- 
MailScanner mailing list 
mailscanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 



-- 
Regards; 
Israel Garcia 
-- 
This message has been scanned for viruses and 
dangerous content by MailScanner , and is 
believed to be clean. 
-- 

MailScanner mailing list 
mailscanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

-- 



MailScanner mailing list 
mailscanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 



-- 
Regards; 
Israel Garcia 
-- 
This message has been scanned for viruses and 
dangerous content by MailScanner , and is 
believed to be clean. 
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list