----- Original Message -----
From: "Matt Kettler" <[EMAIL PROTECTED]>
K Anand wrote:
Hi all,
I am running SA 3.1.1.
Warning: if you use the -v and -P options to spamd, your version is
vulnerable to a remote code exploit. This is not a typical setup, but
you should be aware of it.
No, I'm not runnning -v or -P options. Thanx for the tip.
I have seen that sometimes spamd processes using up a lot of CPU. The
cpu load goes up very high to ~ 10. I have checked that RAM is not the
problem since free shows that memory is still free. I have 1 GB RAM.
Another thing is that my AWL file is around 85 MB. I did a du -k and
it shows 65036. My bayes_seen file is around 25 MB. I have set
auto_expire to 1. There's also a sa-learn --sync thats running hourly.
My line is a 64k leased line. I also see that my smtpd connections are
also maxing out to 100. Generally this happens when a mailing list
starts bombarding my server with mails. These are legit mails as a lot
of my users have subscribed to this list.
Any suggestions would be welcome.
The AWL file won't auto-expire, so you'll need to use the
check_whitelist script from the tools directory of the tarball to clean
it. It's just a script, and some terse docs are at the top of the file
if you open it in an editor.
I was reading the forums and I saw that this scrit won't actually lower the
file size. Another script was suggested to compact the db.
As for the load.. do you have a local caching DNS server? or is you SA
box having to always go out over the 64k line to resolve DNS? If it is,
install a simple cache on your SA box and change the resolv.conf to use
127.0.0.1 as a DNS server. This should help considerably with latency,
which might help a bit with the load.
I'm not running a local caching DNS server ..But I'm using a DNS server
which is on the same LAN as my mail server. So I don't think thats the
problem.
Also, with that much mail coming in at the same time, there could be
contention for bayes locks. You might try adding
"bayes_learn_to_journal 1" to your local.cf, and see if that helps. This
will cause learning to be done into a "journal" file which periodically
gets merged into the main bayes DB. This causes the live bayes to be
delayed in update until the next sync (once a day or every 100k of bayes
data by default), but you can force-sync any manual training runs by
running sa-learn --sync afterwards.
I don't have "bayes_learn_to_journal 1" in my local.cf. But I see
bayes_journal file in the bayes directory. So it must be default behaviour.
As I had written , I do sa-learn --sync every hour .
need some more ideas.
Thanx .
