Weird Problem with MailScanner

Damian Rivas damian at cht.com.ar
Mon Oct 22 13:48:12 IST 2007 

Ok, here we go again. How was your weekend people?

Ugo, here is the output you asked for:

vmstat 5 10:

procs -----------memory---------- ---swap-- -----io---- --system--
----cpu----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 0  0 105712  46416  14388  53324    5    3     1     8   13    11 21  1
78  0
 0  0 105712  46264  14392  53324    0    0     0    10  111   171  0  0
99  0
 0  0 105712  46196  14408  53324    0    0     0    24  108   170  0  1
99  0
 0  0 105712  46128  14448  53324    0    0     0    39  112   179  0  0
100  0
 0  0 105712  46132  14456  53324    0    0     0    54  124   174  0  0
100  0
 1  0 105712  44988  14496  53424    0    0    21    89  123   176  8  4
88  0
 0  0 105712  45464  14512  53548    0    0    24    28  110   162  8  3
89  0
 0  0 105712  45264  14628  53612    0    0    22   138  138   208  9  4
87  0
 0  0 105712  46036  14668  53596    0    0     0    61  114   179  0  0
100  0
 2  0 105712  46028  14676  53596    0    0     0     4  105   166  0  0
100  0

I'm also attaching a bit of the output of a tail -f /var/log/maillog for
you to see, there's too much spam and false addresses which slowing down
MS a lot. There are still about 28k messages!(on Friday there were
45k!!!!).

UxBoD, you told me to run the init.d script to stop the MS, the problem
is Slackware uses the traditional BSD Init, so I went to the 'rc.d'
directory but couldn't found, or couldn't figure out were the script for
stoping MS is, sorry for my ignorance again.

As always thank you people for your valuable help.

Regards.-


-----Mensaje original-----
De: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Ugo
Bellavance
Enviado el: domingo, 21 de octubre de 2007 11:17
Para: mailscanner at lists.mailscanner.info
Asunto: Re: Weird Problem with MailScanner


Damian Rivas wrote:
> 1) There are 3 MS childs running

That is way too much. Your system is probably swapping like crazy.  Set 
it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service 
MailScanner restart' (assuming redhat/centos)

Can you send us the output of :

'vmstat 5 10' (will take 50 seconds to execute)

Did you check if memory was available for this system?  If it is and if 
it is not too expensive, I'll add at least another 128 (more if you
can).

Ugo

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
Oct 22 09:33:46 ns4 MailScanner[16303]: Message l9ECuov7009970 from 201.50.112.7
4 (jramos4 at edd.ca.gov) to ci-educ.com.ar is
Oct 22 09:33:52 ns4 MailScanner[16303]: RBL checks: l9ECv6Bn009990 found in SBL+
XBL
Oct 22 09:33:58 ns4 sendmail[16856]: l9JNcvwm006808: to=<jraqn at hq.com>, delay=2+
12:53:15, xdelay=00:03:12, mailer=esmtp, pri=68884917, relay=hq.com. [213.86.173
.130], dsn=4.0.0, stat=Deferred: Connection timed out with hq.com.
Oct 22 09:34:10 ns4 MailScanner[16635]: Message l9MCUCev016920 from 82.45.97.114
 (madhu at telia.com) to cht.com.ar is spam, SBL+XBL, SpamAssassin (no almacenado,
puntaje=14.681, requerido 6, BAYES_00 -2.60, EXTRA_MPART_TYPE 1.09, HELO_DYNAMIC
_HCC 4.10, HELO_DYNAMIC_IPADDR2 3.82, HTML_IMAGE_ONLY_12 1.87, HTML_MESSAGE 0.00
, MSGID_DOLLARS 1.72, RATWARE_MS_HASH 1.91, RATWARE_OUTLOOK_NONAME 2.78)
Oct 22 09:34:18 ns4 sendmail[16829]: l9IJTeW5018662: to=<cain at mountainzone.com>,
 delay=3+17:04:04, xdelay=00:03:17, mailer=esmtp, pri=93363511, relay=mountainzo
ne.com. [216.162.212.71], dsn=4.0.0, stat=Deferred: Connection timed out with mo
untainzone.com.
Oct 22 09:34:26 ns4 MailScanner[16303]: Message l9ECv6Bn009990 from 89.31.89.73
(jraines at pfeiffer.edu) to ci-educ.com.ar is
Oct 22 09:34:27 ns4 MailScanner[16303]: RBL checks: l9ECvHqO010002 found in SBL+
XBL
Oct 22 09:34:38 ns4 sendmail[16739]: l9IJrsdf018978: to=<jrandallzzqn at kaplancoll
ege.com>, delay=3+16:39:10, xdelay=00:03:12, mailer=esmtp, pri=106055240, relay=
kaplancollege.com. [72.166.181.37], dsn=4.0.0, stat=Deferred: Connection timed o
ut with kaplancollege.com.
Oct 22 09:34:38 ns4 sendmail[16937]: l9L03WVm023964: to=<jqueline at psi.org.kh>, d
elay=1+12:30:35, xdelay=00:03:10, mailer=esmtp, pri=37384958, relay=mail.psi.org
.kh. [203.189.130.189], dsn=4.0.0, stat=Deferred: Connection timed out with mail
.psi.org.kh.
Oct 22 09:34:40 ns4 sendmail[16930]: l9KNsHVk023852: to=<jqueline at psi.org.kh>, d
elay=1+12:39:30, xdelay=00:03:11, mailer=esmtp, pri=40625012, relay=mail.psi.org
.kh. [203.189.130.189], dsn=4.0.0, stat=Deferred: Connection timed out with mail
.psi.org.kh.
Oct 22 09:34:51 ns4 sendmail[16739]: l9IKUjqg019409: to=<jramire65 at characterlink
.net>, delay=3+16:01:56, xdelay=00:00:02, mailer=esmtp, pri=143135197, relay=clm
ail.afo.net. [72.215.140.74], dsn=4.0.0, stat=Deferred: Connection refused by cl
mail.afo.net.
Oct 22 09:35:01 ns4 MailScanner[16303]: Message l9ECvHqO010002 from 89.31.89.73
(jraines at pfeiffer.edu) to ci-educ.com.ar is
Oct 22 09:35:02 ns4 MailScanner[16303]: RBL checks: l9ECvAi0009993 found in SBL+
XBL
Oct 22 09:35:31 ns4 MailScanner[16635]: RBL checks: l9ECv1Ar009981 found in SBL+XBL
Oct 22 09:35:36 ns4 MailScanner[16303]: Message l9ECvAi0009993 from 89.31.89.73 (jraines at pfeiffer.edu) to ci-educ.com.ar is
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Checks: Found 5 spam messages
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9MCQOWv016884 actions are deliver,header
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9MCQG6c016878 actions are deliver,header
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9ECu2ST009931 actions are deliver,header
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9ECu53F009934 actions are deliver,header
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9MCN30Q016843 actions are deliver,header
Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Checks completed at 102 bytes per second
Oct 22 09:35:49 ns4 MailScanner[16478]: Virus and Content Scanning: Starting
Oct 22 09:35:50 ns4 MailScanner[16478]: Virus Scanning completed at 58111 bytes per second
Oct 22 09:35:58 ns4 sm-mta-queuein[16988]: l9MCZikR016988: from=<quentin at mobility.com>, size=4132, class=0, nrcpts=1, msgid=<000d01c814a8$04911d19$07ac0fa8 at stuynhil>, proto=ESMTP, daemon=MTA, relay=pool-72-94-52-3.phlapa.fios.verizon.net [72.94.52.3]
Oct 22 09:35:58 ns4 sm-mta-queuein[16988]: l9MCZikR016988: to=<hervatin at aaovyt.com.ar>, delay=00:00:00, mailer=esmtp, pri=34132, stat=queued
Oct 22 09:36:05 ns4 MailScanner[16635]: Message l9ECv1Ar009981 from 89.31.89.73 (jraines at pfeiffer.edu) to ci-educ.com.ar is
Oct 22 09:36:21 ns4 MailScanner[16478]: Uninfected: Delivered 10 messages
Oct 22 09:36:21 ns4 MailScanner[16478]: Virus Processing completed at 127202 bytes per second
Oct 22 09:36:21 ns4 MailScanner[16478]: Batch completed at 95 bytes per second (40214 / 423)
Oct 22 09:36:21 ns4 MailScanner[16478]: Batch (10 messages) processed in 423.15 seconds
Oct 22 09:36:21 ns4 sendmail[16909]: l9KMiBFJ023013: to=<jrandallbrwi at pacpipe.com>, delay=1+13:51:36, xdelay=00:03:22, mailer=esmtp, pri=41074801, relay=pacpipe.com. [4.18.42.162], dsn=4.0.0, stat=Deferred: Connection timed out with pacpipe.com.
Oct 22 09:36:22 ns4 sendmail[16909]: l9JNcvwm006808: to=<jraqn at hq.com>, delay=2+12:55:39, xdelay=00:00:00, mailer=esmtp, pri=68974917, relay=hq.com., dsn=4.0.0, stat=Deferred: Connection timed out with hq.com.
Oct 22 09:36:22 ns4 MailScanner[16303]: RBL checks: l9ECv6Nl009991 found in SBL+XBL
Oct 22 09:36:23 ns4 MailScanner[16478]: New Batch: Found 28981 messages waiting
Oct 22 09:36:23 ns4 MailScanner[16478]: New Batch: Scanning 10 messages, 38569 bytes
Oct 22 09:36:23 ns4 MailScanner[16478]: Spam Checks: Starting
Oct 22 09:36:36 ns4 sendmail[16999]: l9ECu0SN009932: to=<014068407807.463607070680 at ci-educ.com.ar>, delay=7+23:40:20, xdelay=00:00:10, mailer=esmtp, pri=123067, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <06bb01c80e62$6aed7570$510398f6 at Lucinda> Queued mail for delivery)
Oct 22 09:36:38 ns4 sendmail[16999]: l9ECu53F009934: to=<phan at ci-educ.com.ar>, delay=7+23:40:29, xdelay=00:00:00, mailer=esmtp, pri=123163, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <133301c80e62$678bacd0$0a0003dd at Tamara> Queued mail for delivery)
Oct 22 09:36:38 ns4 sendmail[16999]: l9ECu4BV009935: to=<014050342960.513915737364 at ci-educ.com.ar>, delay=7+23:40:31, xdelay=00:00:00, mailer=esmtp, pri=123227, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <069501c80e62$65b195a0$510398f6 at Lucinda> Queued mail for delivery)
Oct 22 09:36:39 ns4 sendmail[16999]: l9ECu5lO009936: to=<adil at ci-educ.com.ar>, delay=7+23:40:32, xdelay=00:00:00, mailer=esmtp, pri=123298, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <00d401c80e62$6432e4e0$b4136d59 at Roland> Queued mail for delivery)
Oct 22 09:36:40 ns4 sendmail[16849]: l9KH5LHB019103: to=<jrandallzzqn at kaplancollege.com>, delay=1+19:30:47, xdelay=00:03:12, mailer=esmtp, pri=45484849, relay=kaplancollege.com. [72.166.181.37], dsn=4.0.0, stat=Deferred: Connection timed out with kaplancollege.com.

More information about the MailScanner mailing list