On Mon, Mar 27, 2006 at 09:53:01AM -0700, Jeff Ross wrote: > Hi all, > > I'm trying to understand why spamd isn't doing any verbose logging on my > mail server. Spamd is working fine, so this is more curiosity/learning > than anything else. > > NOTE: I have replaced the standard syslog with socklog. I understand that > this may be a socklog problem and not a spamd problem, but socklog is > working fine with other processes logging to syslog (including chrooted > httpd error logs) so I thought I'd start here.
Do you have socklog logging from /var/empty/dev/log? spamd chroots to /var/empty. -Ray- > I use this in /etc/rc.conf.local: > > spamd_flags="-v -p 8024 -G 25:4:864" > spamd_grey=YES > spamlogd_flags="" > > and the correct parameters are being picked up by spamd: > > [EMAIL PROTECTED]:/tmp $ ps -wwwaux | grep [s]pam > _spamd 18445 0.0 0.2 8720 548 ?? Is 11Mar06 22:08.83 spamd: > (pf <spamd-white> update) (spamd) > _spamd 290 0.0 1.9 9892 4888 ?? S 11Mar06 32:48.75 > /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g > _spamd 2714 0.0 0.2 8688 376 ?? I 11Mar06 1:43.45 spamd: > (/var/db/spamd update) (spamd) > root 19930 0.0 0.1 380 348 ?? Is 11Mar06 0:25.46 > /usr/libexec/spamlogd > > Some logging, and logging at the debug level, does occur. > > 2006-03-27 07:28:41.855565500 daemon.debug: spamd[18445]: whitelisting > 209.59.202.133 in /var/db/spamd > > I ran ktrace on spamd with the following: > > sudo ktrace -id -p 290 -f /tmp/spamd.trace > > and even caught a spammer in action ;-) > > > 290 spamd EMUL "native" > 290 spamd RET select 1 > 290 spamd CALL read(0x7,0x84e00000,0x4000) > 290 spamd GIO fd 7 read 388 bytes > "spamd-greytrap;"Your address %A has mailed to spamtraps > here\\n";12.24.45.234/32;140.134.27.177/32;194.\ > > 50.7.57/32;200.243.249.130/32;200.50.112.201/32;200.86.156.91/32;200.90.205.20/32;201.215.80.209/32;203\ > > .200.147.5/32;212.158.149.62/32;216.127.70.18/32;217.125.161.0/32;222.165.171.51/32;69.63.58.88/32;81.5\ > > 7.208.215/32;82.194.48.154/32;82.224.12.56/32;82.67.89.103/32;84.227.237.99/32; > " > 290 spamd RET read 388/0x184 > 290 spamd CALL gettimeofday(0xcfbe6d88,0) > 290 spamd RET gettimeofday 0 > 290 spamd CALL select(0xb,0x80eb4080,0x80eb40e0,0,0) > 290 spamd RET select 1 > 290 spamd CALL accept(0x3,0xcfbe6e14,0xcfbe6de0) > 290 spamd RET accept 5 > 290 spamd CALL gettimeofday(0xcfbe6d58,0) > 290 spamd RET gettimeofday 0 > 290 spamd CALL mmap(0,0x2000,0x3,0x1002,0xffffffff,0,0,0) > 290 spamd RET mmap 2142023680/0x7facb000 > 290 spamd CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0) > 290 spamd RET mmap -2040590336/0x865f1000 > 290 spamd CALL getpid() > 290 spamd RET getpid 290/0x122 > 290 spamd CALL socket(0x1,0x2,0) > 290 spamd RET socket 8 > 290 spamd CALL fcntl(0x8,0x2,0x1) > 290 spamd RET fcntl 0 > 290 spamd CALL connect(0x8,0xcfbe6030,0x6a) > 290 spamd NAMI "/dev/log" > 290 spamd RET connect -1 errno 2 No such file or directory > 290 spamd CALL close(0x8) > 290 spamd RET close 0 > 290 spamd CALL sendto(0xffffffff,0xcfbe6530,0x2f,0,0,0) > 290 spamd RET sendto -1 errno 9 Bad file descriptor > 290 spamd CALL socket(0x1,0x2,0) > 290 spamd RET socket 8 > 290 spamd CALL fcntl(0x8,0x2,0x1) > 290 spamd RET fcntl 0 > 290 spamd CALL connect(0x8,0xcfbe6030,0x6a) > 290 spamd NAMI "/dev/log" > 290 spamd RET connect -1 errno 2 No such file or directory > 290 spamd CALL close(0x8) > > Yet, /dev/log certainly does exist: > > ls -al /dev/log > srwxrwxrwx 1 root wheel 0 Mar 11 13:10 /dev/log > > I've read the connect(2) man page (and again and again), but other than > the fact that connect is failing and returning -1 and errno, I'm stuck. > > Any clues or pointers in how better to investigate would be greatly > appreciated. > > Jeff
