Hi Bob, Am 2008-09-20 18:22:25, schrieb Bob Proulx: > I don't really know and hopefully others will have better > suggestions. But the first thing I would try is to run spamassassin > in local mode. > > Options: > -L, --local Local tests only (no online tests)
I am using this since I have re-installed my Intranet Server 4 month ago.
> Since you are running it offline I am guessing that SA is trying to do
> network lookups and this is taking the extra time.
I have filtered in the last 4 month over 800.000 messages and it was
working perfectly without and flaws and had stoped form one minute to
another.
Since I am Off-Line, I had NO update for the system since 4 month, which
mean, absolutely nothing has changed.
> Why did this start? I will make a second guess that something on your
> laptop is different in the networking system. The first file I would
> check would be /etc/resolv.conf to see if dns name lookup is different
> than you expect when offline. DNS lookups are "blocking" calls and
> can cause processes to wait during lookup. Double check everything
> and make sure that dns lookups fail quickly when offline.
Spamassassin is on <samba3.private.tamay-dogan.net> and my Laptop is on
<tp570.private.tamay-dogan.net>, Which mean, I download the messages in
a Internet Cafe onto my Laptop sorted hourly and if I a connect my Lapto
@home, the folders where transfered automaticaly to my <samba3> where a
script starts, reading one message after one and pass it to procmail
which do the filtering (including "spamc").
This setup is working since over 8 years...
But when spamassassin has stoped, I had over 30.000 messages in the
queue and it stoped after 12.000 or such...
I should nore, that I use a global lock file for procmail, which mean,
it will handel only one file at once and there can ba no problem several
spamc requests screw up spamassassin...
> I actually do my own spamassassin online before getting to the laptop
> where I read mail offline. The online tests and DNSBLs are much more
> effective than the offline tests. I fear that offline spam testing
I was from 2008-09-01 to 2008-09-18 not in Strasbourg and goten 78.000
messages in the mailboxes... whit a small TP570 is is not possibel to
do and spamassassin stuff...
Only fetchmail and procmail (which sort the messages into hourly folders)
where I get arround 3200 messages per hour.
If I would install spamassassin on my TP570, I would get less then 1000
per hour.
> isn't good enough. If you can get the spamassassin part running
> online before getting to your laptop I am sure you will have a
> superior result.
Since online checks are to slow, I like to see a solution for very
reliable RBL checks and such.
I have a procmail recupe which catch the first and second IP from the
received header, reverse it and make DNS lookups like:
----[ '/usr/share/tdtools-procmail/FLT_spamhaus' ]----------------------
<snip>
:0
* ? test -f "`which host`"
{
SUB1=`formail -zxSubject:`
DATE1=`date +"%d/%m/%Y %T"`
########## first IP ##########
:0 H
* Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
RECEIVIP=${MATCH}
:0
* ! RECEIVIP ?? 127.0.0.1
{
:0
* RECEIVIP ?? ()\/[0-9]+
{
QUAD1=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.\/[0-9]+
{
QUAD2=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
QUAD3=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{
RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
}
}
}
################ sbl-xbl.spamhaus.org ##############################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.zen.spamhaus.org 2>&1 | grep -v
'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{ IP=`echo $RECEIVIP >>$HOME/log/spamhaus/\`date +%Y-%m\`.log`
:0fhw
| formail -i "Subject: ***zen.spamhaus.org*** $SUB1" -i
"X-TDSpamHaus: $RECEIVIP"
:0
* ^Subject:.*(\*\*\*zen.spamhaus.org\*\*\*)
${TDTP_SPAM_PREFIX}${MSG_DATE}${SPAMTAG}.FLT_spamhaus.zen_spamhaus_org/
}
################ list.dsbl.org #####################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{ IP=`echo $RECEIVIP >>$HOME/log/spamhaus/\`date +%Y-%m\`.log`
:0fhw
| formail -i "Subject: ***list.dsbl.org*** $SUB1" -i
"X-TDSpamHaus: $RECEIVIP"
:0
* ^Subject:.*(\*\*\*list.dsbl.org\*\*\*)
${TDTP_SPAM_PREFIX}${MSG_DATE}${SPAMTAG}.FLT_spamhaus.list_dsbl_org/
}
}
}
}
########## second IP ##########
:0 H
* Received:
from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
RECEIVIP2=${MATCH}
:0
* ! RECEIVIP2 ?? 127.0.0.1
{
:0
* RECEIVIP2 ?? ()\/[0-9]+
{
QUAD1=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.\/[0-9]+
{
QUAD2=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
QUAD3=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{
RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
}
}
}
################ sbl-xbl.spamhaus.org ##############################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.zen.spamhaus.org 2>&1 | grep -v
'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{ IP=`echo $RECEIVIP >>$HOME/log/spamhaus/\`date +%Y-%m\`.log`
:0fhw
| formail -i "Subject: ***zen.spamhaus.org*** $SUB1" -i
"X-TDSpamHaus: $RECEIVIP2"
:0
* ^Subject:.*(\*\*\*zen.spamhaus.org\*\*\*)
${TDTP_SPAM_PREFIX}${MSG_DATE}${SPAMTAG}.FLT_spamhaus.zen_spamhaus_org/
}
################ list.dsbl.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v
'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{ IP=`echo $RECEIVIP >>$HOME/log/spamhaus/\`date +%Y-%m\`.log`
:0fhw
| formail -i "Subject: ***list.dsbl.org*** $SUB1" -i
"X-TDSpamHaus: $RECEIVIP2"
:0
* ^Subject:.*(\*\*\*list.dsbl.org\*\*\*)
${TDTP_SPAM_PREFIX}${MSG_DATE}${SPAMTAG}.FLT_spamhaus.list_dsbl_org/
}
}
}
}
}
:0E
{ LOG="${SHOW_FILTER}executable \"host\" not found.${NL}" }
------------------------------------------------------------------------
but unfortunately the two/four lookups with
host ${RECEIVIP2REV}.zen.spamhaus.org
host ${RECEIVIP2REV}.list.dsbl.org
are very slow...
My idea was already if I do not direct filtering, I could catch the IPs,
put it into a cache file, sort and unify it and use an independant
process which fetch the status and write out a file, which I can easyly
import into my own DNS server (bind9) @home and then do the final
filtering
On my <samba3> I have with the Quad-Xeon enough resources to install
some instances of bind9 as VHosts which could be setup as
<zen.spamhaus.org> and <list.dsbl.org> which then would be deactivated
if <samba3> get an internet connection...
Question: Is it possibel to get (FTP) the lists from the two servers for
private non-public use? If yes, how big are they?
Since I am only 2-3 times per week On-Line, it would be nice
if I could fetch the whole list. (I asume this takes less
resources as making several 1000 lookups on the DNS)
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
