On Mon, 3 Apr 2006, Matt Kettler wrote:
Dave Stern wrote:
I'm trying to get SA working by remote connections and don't see it
consistantly working.
Users kick off SA in their .procmailrc on our mail server which can't
handle
a more recent version of SA so we only have v2.64 installed locally.
(Don't
ask)
What I'd like to do is have a call in their .procmailrc something like
this
:0fw: $HOME/spamassassin.lock
| /opt/spamassassin/bin/spamc -d spamcheck.fqdn -t 10
I have spamcheck.fqdn as a SRV record something like this:
spamcheck IN SRV 1 1 783 samachine.fqdn.
IN SRV 2 1 783 mailmachine.fqdn.
ie connect to port 783 on samachine and if it's not available, connect to
same port on mailmachine and timeout within 10 seconds if neither works
Try this with multiple A records or CNAME records for the same name
instead of using SRV records.
(who on earth still uses SRV records for anything?)
Actually, I'm told it's used a lot for windoze services (active dir?)
Spamc will automatically resolve down to A records and if it has
multiple IPs, it try them in-order.
From the spamc manpage:
**-d* /host[,host2]/*
In TCP/IP mode, connect to spamd server on given host (default:
localhost). Several hosts can be specified if separated by commas.
If /host/ resolves to multiple addresses, then spamc will fail-over
to the other addresses, if the first one cannot be connected to. It
will first try all addresses of one host before it tries the next
one in the list.
I used SRV records rather than two ARECs or CNAMES because I didn't want
roundrobin behavior (ie I want ALL requests to always go to the first host
unless it's unavailable and only then failover to the second host. Thus
the equally weighted SRV rec.) My experience has been that even two Arecs
was doing roundrobin (even more interesting, the mailhost is running a caching
nameserver so I wouldn't expect it to roundrobin at all).
As to the format spamc -d 1.2.3.4,10 2.3.4.5,10
That was from a google search. I believe that allows you to specify timeouts
per host rather than a more universal "-t".
In any case, anything beyond a single host would either not fail to the
second host (regardless of the syntax I used, ie I tried what you mentioned)
or I would not see *any* spamassassin headers at all despite the procmail
logs saying it ran spamc.
perhaps the timeout is too quick as I see no spamassassin headers in mail
going thru even tho procmail logfiles say it executed the spamc line.
I also tried variations on
| /opt/spamassassin/bin/spamc -d 127.0.0.1,10 -d 128.8.120.159,10 -t 10
Erm.. what's the ,10 for in those -d fields? The normal format would be:
-d 127.0.0.1,128.8.120.159
(This also should do what you want)
Has anyone done spam checking to multiple machines with some type of
failover?
Many have, and the docs even say how. Many folks use this same and add
on the -H switch, which causes spamc to randomize what host it connects
to from the list, often used for crude but effective load balancing.
http://spamassassin.apache.org/full/3.1.x/dist/doc/spamc.html
=-=-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=
David Stern University of Maryland
Institute for Advanced Computer Studies
