Hi all,
I'm trying to understand why spamd isn't doing any verbose logging on my
mail server. Spamd is working fine, so this is more curiosity/learning
than anything else.
NOTE: I have replaced the standard syslog with socklog. I understand that
this may be a socklog problem and not a spamd problem, but socklog is
working fine with other processes logging to syslog (including chrooted
httpd error logs) so I thought I'd start here.
I use this in /etc/rc.conf.local:
spamd_flags="-v -p 8024 -G 25:4:864"
spamd_grey=YES
spamlogd_flags=""
and the correct parameters are being picked up by spamd:
[EMAIL PROTECTED]:/tmp $ ps -wwwaux | grep [s]pam
_spamd 18445 0.0 0.2 8720 548 ?? Is 11Mar06 22:08.83 spamd: (pf
<spamd-white> update) (spamd)
_spamd 290 0.0 1.9 9892 4888 ?? S 11Mar06 32:48.75
/usr/libexec/spamd -v -p 8024 -G 25:4:864 -g
_spamd 2714 0.0 0.2 8688 376 ?? I 11Mar06 1:43.45 spamd:
(/var/db/spamd update) (spamd)
root 19930 0.0 0.1 380 348 ?? Is 11Mar06 0:25.46
/usr/libexec/spamlogd
Some logging, and logging at the debug level, does occur.
2006-03-27 07:28:41.855565500 daemon.debug: spamd[18445]: whitelisting
209.59.202.133 in /var/db/spamd
I ran ktrace on spamd with the following:
sudo ktrace -id -p 290 -f /tmp/spamd.trace
and even caught a spammer in action ;-)
290 spamd EMUL "native"
290 spamd RET select 1
290 spamd CALL read(0x7,0x84e00000,0x4000)
290 spamd GIO fd 7 read 388 bytes
"spamd-greytrap;"Your address %A has mailed to spamtraps
here\\n";12.24.45.234/32;140.134.27.177/32;194.\
50.7.57/32;200.243.249.130/32;200.50.112.201/32;200.86.156.91/32;200.90.205.20/32;201.215.80.209/32;203\
.200.147.5/32;212.158.149.62/32;216.127.70.18/32;217.125.161.0/32;222.165.171.51/32;69.63.58.88/32;81.5\
7.208.215/32;82.194.48.154/32;82.224.12.56/32;82.67.89.103/32;84.227.237.99/32;
"
290 spamd RET read 388/0x184
290 spamd CALL gettimeofday(0xcfbe6d88,0)
290 spamd RET gettimeofday 0
290 spamd CALL select(0xb,0x80eb4080,0x80eb40e0,0,0)
290 spamd RET select 1
290 spamd CALL accept(0x3,0xcfbe6e14,0xcfbe6de0)
290 spamd RET accept 5
290 spamd CALL gettimeofday(0xcfbe6d58,0)
290 spamd RET gettimeofday 0
290 spamd CALL mmap(0,0x2000,0x3,0x1002,0xffffffff,0,0,0)
290 spamd RET mmap 2142023680/0x7facb000
290 spamd CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
290 spamd RET mmap -2040590336/0x865f1000
290 spamd CALL getpid()
290 spamd RET getpid 290/0x122
290 spamd CALL socket(0x1,0x2,0)
290 spamd RET socket 8
290 spamd CALL fcntl(0x8,0x2,0x1)
290 spamd RET fcntl 0
290 spamd CALL connect(0x8,0xcfbe6030,0x6a)
290 spamd NAMI "/dev/log"
290 spamd RET connect -1 errno 2 No such file or directory
290 spamd CALL close(0x8)
290 spamd RET close 0
290 spamd CALL sendto(0xffffffff,0xcfbe6530,0x2f,0,0,0)
290 spamd RET sendto -1 errno 9 Bad file descriptor
290 spamd CALL socket(0x1,0x2,0)
290 spamd RET socket 8
290 spamd CALL fcntl(0x8,0x2,0x1)
290 spamd RET fcntl 0
290 spamd CALL connect(0x8,0xcfbe6030,0x6a)
290 spamd NAMI "/dev/log"
290 spamd RET connect -1 errno 2 No such file or directory
290 spamd CALL close(0x8)
Yet, /dev/log certainly does exist:
ls -al /dev/log
srwxrwxrwx 1 root wheel 0 Mar 11 13:10 /dev/log
I've read the connect(2) man page (and again and again), but other than
the fact that connect is failing and returning -1 and errno, I'm stuck.
Any clues or pointers in how better to investigate would be greatly
appreciated.
Jeff
