K Anand wrote: > Hi all, > > I am running SA 3.1.1. Warning: if you use the -v and -P options to spamd, your version is vulnerable to a remote code exploit. This is not a typical setup, but you should be aware of it.
http://wiki.apache.org/spamassassin/Security > I have seen that sometimes spamd processes using up a lot of CPU. The > cpu load goes up very high to ~ 10. I have checked that RAM is not the > problem since free shows that memory is still free. I have 1 GB RAM. > Another thing is that my AWL file is around 85 MB. I did a du -k and > it shows 65036. My bayes_seen file is around 25 MB. I have set > auto_expire to 1. There's also a sa-learn --sync thats running hourly. > > My line is a 64k leased line. I also see that my smtpd connections are > also maxing out to 100. Generally this happens when a mailing list > starts bombarding my server with mails. These are legit mails as a lot > of my users have subscribed to this list. > > > Any suggestions would be welcome. The AWL file won't auto-expire, so you'll need to use the check_whitelist script from the tools directory of the tarball to clean it. It's just a script, and some terse docs are at the top of the file if you open it in an editor. As for the load.. do you have a local caching DNS server? or is you SA box having to always go out over the 64k line to resolve DNS? If it is, install a simple cache on your SA box and change the resolv.conf to use 127.0.0.1 as a DNS server. This should help considerably with latency, which might help a bit with the load. Also, with that much mail coming in at the same time, there could be contention for bayes locks. You might try adding "bayes_learn_to_journal 1" to your local.cf, and see if that helps. This will cause learning to be done into a "journal" file which periodically gets merged into the main bayes DB. This causes the live bayes to be delayed in update until the next sync (once a day or every 100k of bayes data by default), but you can force-sync any manual training runs by running sa-learn --sync afterwards.
