I've tried a bunch of different ideas but I'm not having any success trying to make the graylist filter produce "size_XXXX" files. spamdyke should ignore the "size" parameter when the sender address is given.
If this is happening as frequently as your logs show, could you enable full logging (with "full-log-dir") and capture one of these message deliveries? (You can send the log file to me privately if you don't want the data on the list.) I'd love to find a way to reproduce this problem and fix it. -- Sam Clippinger Erald Troja wrote: > Sam, > > ever since that incident, the only ERRORs > that we're getting are the "File exists" with > some sporadic "Is a directory" ERRORs > > We've so far been unable to duplicate the "Not a directory" ERRORs > yet we are still able to find files starting with 'size' keyword inside > the graylist directory. > > Today we found one more such file namely 'size_1003' onto one of our the > graylist directories. The entry in the maillog is as shown > > Sep 30 08:09:18 mail01 spamdyke[2584]: DENIED_GRAYLISTED from: size=1003 > to: [EMAIL PROTECTED] origin_ip: 98.135.205.165 origin_rdns: > h165.205.135.98.ip.windstream.net auth: (unknown) > > > I don't have a way to find the headers, or know what was retried > to be delivered as all we have in the log files are entries such as > > /var/log/maillog.1.bz2:Sep 30 04:20:51 mail01 spamdyke[23810]: > DENIED_GRAYLISTED from: size=483 > /var/log/maillog.1.bz2:Sep 30 04:27:53 mail01 spamdyke[18932]: > DENIED_GRAYLISTED from: size=382 > /var/log/maillog.1.bz2:Sep 30 04:32:53 mail01 spamdyke[27422]: > DENIED_GRAYLISTED from: size=469 > /var/log/maillog.1.bz2:Sep 30 04:33:33 mail01 spamdyke[28849]: > DENIED_GRAYLISTED from: size=454 > /var/log/maillog.1.bz2:Sep 30 04:54:09 mail01 spamdyke[3211]: > DENIED_GRAYLISTED from: size=534 > /var/log/maillog.1.bz2:Sep 30 05:06:50 mail01 spamdyke[25643]: > DENIED_GRAYLISTED from: size=978 > /var/log/maillog.1.bz2:Sep 30 07:57:23 mail01 spamdyke[10831]: > DENIED_GRAYLISTED from: size=974 > /var/log/maillog.1.bz2:Sep 30 08:08:29 mail01 spamdyke[1073]: > DENIED_GRAYLISTED from: size=593 > /var/log/maillog.1.bz2:Sep 30 08:09:18 mail01 spamdyke[2584]: > DENIED_GRAYLISTED from: size=1003 > /var/log/maillog.1.bz2:Sep 30 08:14:35 mail01 spamdyke[12471]: > DENIED_GRAYLISTED from: size=511 > /var/log/maillog.1.bz2:Sep 30 08:56:35 mail01 spamdyke[27126]: > DENIED_GRAYLISTED from: size=517 > /var/log/maillog.1.bz2:Sep 30 09:30:36 mail01 spamdyke[29039]: > DENIED_GRAYLISTED from: size=479 > > We tried a recursive search for each IP which has a 'size=' from > entry, and found none to be retried again, making it such impossible > to find out full headers. > > Note, that from the above occurrences where the from address shows as > 'size=' only the very above log entry had indeed a file called 'size_1003' > > I am note sure if they are related. > > > > > > ------------------------ > Erald Troja > > > Sam Clippinger wrote: > >> If you could search for the first entries showing "DENIED_GRAYLISTED" >> for the recipient address that is having problems >> ([EMAIL PROTECTED]), they should show what the sender's address >> was. That address may have been parsed incorrectly, so knowing what >> value spamdyke produced would be valuable. If you have the real >> messages that were finally delivered after the graylist filter >> passed/failed, it would be handy to compare the correct address to >> spamdyke's interpretation. >> >> -- Sam Clippinger >> >> Erald Troja wrote: >> >>> Sam, >>> >>> We keep for two weeks and we might still have the logs. >>> >>> What exactly would you like me to revert to you with? >>> >>> Thanks. >>> ------------------------- >>> Erald Troja >>> [EMAIL PROTECTED] >>> 646.528.6671 >>> >>> -----Original Message----- >>> From: Sam Clippinger <[EMAIL PROTECTED]> >>> >>> Date: Sat, 27 Sep 2008 21:56:46 >>> To: spamdyke users<[email protected]> >>> Subject: Re: [spamdyke-users] Errors in my log files regarding >>> directory/file creation >>> >>> >>> How long do you save log files? If you've only been running spamdyke >>> for a couple of weeks, could you search your logs to find the first >>> entries for these addresses that are causing problems now? I'm >>> particularly concerned about the "size_447" and "size_583" files -- they >>> could represent a problem with spamdyke's address parser. I'd really >>> like to figure out how the remote server sent a recipient address that >>> was so badly parsed. >>> >>> -- Sam Clippinger >>> >>> Erald Troja wrote: >>> >>> >>>> Sam, >>>> >>>> We're using http://www.spamdyke.org/releases/spamdyke-4.0.4.tgz >>>> >>>> We never tried Spamdyke before 2 weeks, so 4.0.4 is the sole >>>> version we've ever tried. >>>> >>>> Thanks. >>>> ------------------------ >>>> Erald Troja >>>> >>>> >>>> Sam Clippinger wrote: >>>> >>>> >>>> >>>>> What version of spamdyke are you running right now? Were these files >>>>> (that should be directories) created by an older version of spamdyke or >>>>> by the version you are now using? >>>>> >>>>> -- Sam Clippinger >>>>> >>>>> Erald Troja wrote: >>>>> >>>>> >>>>> >>>>>> Sam, >>>>>> >>>>>> thanks for the reply. I did run with config-test option and I'm seeing >>>>>> quite a few errors. >>>>>> >>>>>> Here's some facts. >>>>>> >>>>>> 1)/usr/local/bin/spamdyke is set with 755 perms and it's owned by >>>>>> root:root >>>>>> >>>>>> 2)/var/tmp/spamdyke.graylist.d/ is set with 755 and it's vpopmai:vchkpw >>>>>> ownership >>>>>> >>>>>> 3)any directory within /var/tmp/spamdyke.graylist.d/ is set with 700 and >>>>>> vpopmail:vchkpw >>>>>> >>>>>> 4)my calling line in qmail init script is >>>>>> tcpserver -v $RRDNSKEY -R -c $TCP_SERVERS $IPLIMIT >>>>>> $RELAYCHKARG -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 smtp $RBL $SPAMDYKE >>>>>> qmail-smtpd vchkpw t >>>>>> rue cmd5checkpw true 2>&1 | splogger smtpd & >>>>>> >>>>>> all in one line. >>>>>> >>>>>> As far as I can tell the permissions are set properly. >>>>>> >>>>>> Here's some more discoveries/facts >>>>>> >>>>>> Here's an entry onto the maillog files >>>>>> >>>>>> /var/log/maillog.1.bz2:Sep 25 16:11:02 mail01 spamdyke[18977]: ERROR: >>>>>> cannot write to graylist file >>>>>> /var/tmp/spamdyke.graylist.d/mydomainname.com/webmaster/barb.com/york: >>>>>> Not a directory >>>>>> >>>>>> /var/log/maillog.1.bz2:Sep 25 16:11:02 mail01 spamdyke[18977]: ALLOWED >>>>>> from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>>>>> 89.231.87.134 origin_rdns: host-89-231-87-134.opoczno.mm.pl auth: >>>>>> (unknown) >>>>>> >>>>>> >>>>>> Turns out >>>>>> /var/tmp/spamdyke.graylist.d/mydomainname.com/webmaster/barb.com >>>>>> >>>>>> is indeed created as a file, when in turn it should have been created >>>>>> as a directory. >>>>>> >>>>>> Also, i'm finding miscellaneous files such as size_447 or size_583 >>>>>> inside the /var/tmp/spamdyke.graylist.d/mydomainname.com/webmaster >>>>>> directory for one and others as well. >>>>>> >>>>>> >>>>>> Here's the headers from the spam message in FULL. >>>>>> ------------------------------------------------------ >>>>>> Return-Path: <[EMAIL PROTECTED]> >>>>>> Delivered-To: [EMAIL PROTECTED] >>>>>> Received: (qmail 19015 invoked by uid 399); 25 Sep 2008 16:11:02 -0400 >>>>>> X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on localhost >>>>>> X-Spam-Level: *** >>>>>> X-Spam-Status: No, score=3.4 required=4.0 tests=HELO_DYNAMIC_IPADDR >>>>>> autolearn=disabled version=3.1.4 >>>>>> X-Virus-Scan: Scanned by clamdmail 0.15 (no viruses); >>>>>> Thu, 25 Sep 2008 16:11:02 -0400 >>>>>> Received: from unknown (HELO host-89-231-87-134.opoczno.mm.pl) >>>>>> (89.231.87.134) >>>>>> by mail01.myserver.com with SMTP; 25 Sep 2008 16:11:02 -0400 >>>>>> Received-SPF: none (mail01.myserver.com: domain at barb.com does not >>>>>> designate permitted sender hosts) >>>>>> identity=mailfrom; client-ip=89.231.87.134; >>>>>> envelope-from=<[EMAIL PROTECTED]>; >>>>>> Message-ID: <[EMAIL PROTECTED]> >>>>>> From: =?koi8-r?B?7snLz8zByiD+xcLP1MHSxdc=?= <[EMAIL PROTECTED]> >>>>>> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> >>>>>> Subject: =?koi8-r?B?98HbwSDcxsbFy9TJ187B0SDSxcvMwc3BLg==?= >>>>>> Date: Thu, 25 Sep 2008 18:23:44 +0000 >>>>>> MIME-Version: 1.0 >>>>>> Content-Type: text/plain; >>>>>> charset="koi8-r" >>>>>> Content-Transfer-Encoding: 8bit >>>>>> X-Priority: 3 >>>>>> X-MSMail-Priority: Normal >>>>>> X-Mailer: Microsoft Outlook Express 6.00.2720.3000 >>>>>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 >>>>>> ----------------------------------------------------------------------------------- >>>>>> >>>>>> Can anyone point out where the permission issue might be? >>>>>> >>>>>> We're using ext3 file system with blocks=1k >>>>>> >>>>>> config-test shows many 'Not a directory' ERROR warnings. >>>>>> >>>>>> Please advise. >>>>>> >>>>>> >>>>>> ------------------------ >>>>>> Erald Troja >>>>>> >>>>>> >>>>>> Sam Clippinger wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Something is wrong with the permissions on your graylist folders. >>>>>>> spamdyke is not able to see that files exist or it's not able to tell >>>>>>> what type of files they are (i.e. directories or regular files). If >>>>>>> the >>>>>>> folder permissions look correct, it could be a filesystem problem -- >>>>>>> I've had to do some special coding for spamdyke on XFS filesystems in >>>>>>> the past. You may be able to get more information about what's >>>>>>> happening with spamdyke's "config-test" option. >>>>>>> >>>>>>> When the graylist filter encounters errors like this, spamdyke just >>>>>>> skips the graylist filter. The message is processed normally, just as >>>>>>> if the graylist filter was not enabled. You might receive more spam as >>>>>>> a result but you shouldn't lose any email. >>>>>>> >>>>>>> -- Sam Clippinger >>>>>>> >>>>>>> Erald Troja wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Greetings folks, >>>>>>>> >>>>>>>> fairly new to Spamdyke and we're running on a minimal >>>>>>>> configuration such as the one below >>>>>>>> >>>>>>>> log-level=info >>>>>>>> graylist-level=always-create-dir >>>>>>>> graylist-dir=/var/tmp/spamdyke.graylist.d >>>>>>>> graylist-exception-ip-file=/etc/spamdyke/whitelist.conf >>>>>>>> ##all will be graylisted for 15 minutes initial attempt >>>>>>>> graylist-min-secs=900 >>>>>>>> ##whoever passes graylisting can send for 24 hours >>>>>>>> graylist-max-secs=86400 >>>>>>>> reject-unresolvable-rdns=true >>>>>>>> reject-empty-rdns=true >>>>>>>> connection-timeout-secs=2400 >>>>>>>> idle-timeout-secs=240 >>>>>>>> >>>>>>>> >>>>>>>> OS is centos 4.6 final and we're utilizing Hsphere qmail binaries from >>>>>>>> Psoft. >>>>>>>> >>>>>>>> We're utilizing 1k blocks on /var/tmp to reduce directory size. >>>>>>>> >>>>>>>> We've noticed error such as the ones below on our maillog which is >>>>>>>> a concern. >>>>>>>> >>>>>>>> mail01 spamdyke[7232]: ERROR: unable to create directory >>>>>>>> /var/tmp/spamdyke.graylist.d/domain.com/user/fromdomain.com: File >>>>>>>> exists >>>>>>>> >>>>>>>> mail01 spamdyke[24535]: ERROR: cannot write to graylist file >>>>>>>> /var/tmp/spamdyke.graylist.d/domain.com/user/fromdomain.com/windsor: >>>>>>>> Not >>>>>>>> a directory >>>>>>>> >>>>>>>> I've replaced original domains hosted with us with domain.com and >>>>>>>> sending party domains with fromdomain.com >>>>>>>> >>>>>>>> There's plenty of disk space left on the /var/tmp partition. >>>>>>>> >>>>>>>> 1.Main question is, why might such be caused and how to avoid it? >>>>>>>> >>>>>>>> 2.Also what is defined in Spamdyke to happen to such email, is it >>>>>>>> lost, >>>>>>>> is it retried or? >>>>>>>> >>>>>>>> Thanks and blessings to all involved >>>>>>>> with Spamdyke >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> spamdyke-users mailing list >>>>>>> [email protected] >>>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> spamdyke-users mailing list >>>>>> [email protected] >>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
