On Thu, 2008-02-07 at 14:57 -0800, fchan wrote:
> I'm getting spam scores (ie No, hits=? required=?) from certain types
> of spam messages. Most of them have phishing links but I have no
> problem with most messages with links. I'm using qmail with
> qmail-scanner-2.01st on RedHat Linux ES5.
> Wed, 06 Feb 2008 09:16:41 PST:18972: clamdscan: finished scan in 0.011407 secs
> Wed, 06 Feb 2008 09:17:26 PST:18972: SA: finished scan in 45.026522
> secs - hits=?/?
Does that mean qmail-scanner forced further processing due to the
timeout, without actually waiting for SA to finish? (Despite the success
suggesting phrase...)
> Wed, 06 Feb 2008 09:17:26 PST:18972: p_s: finished scan in 0.020737 secs
> Wed, 06 Feb 2008 09:17:26 PST:18972: ini_sc: finished scan of
> "/var/spool/qmailscan/tmp/s1.molsci.org120231820076418972"
>
> I have set timeout on qmailscanner for spamc to 45 seconds. Why are,
> what I guess, links causing this.
Are you positive this is related to links? SA queries URI blacklists.
Is it possible you have a DNS issue by any chance?
> Does spamassassin normally take
> this long to scan or should I set it longer? Am I missing some
> setting/plugin that is causing this?
No, generally, SA should have been done within that timeout. Depending
on the machine, network and stuff, the average scanning time mentioned
here is a few seconds only.
However, occasionally single messages taking up to 90 seconds or above
have been reported, too. IMHO, this is nothing to worry about, unless
your average is really high. In that case, you might have DNS issues. Or
feeding really large mail through SA. Or, etc.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
