Re: Numerous problems with SA under Raspbian jessie & Ubuntu 15.10

Sun, 20 Dec 2015 05:41:18 -0800 

On 20.12.2015 15.08, Reindl Harald wrote:



Am 20.12.2015 um 14:00 schrieb Jari Fredriksson:

Now trying to get to the actual problem:

All my SA daemons get jammed by every client being reserved and taking
loooong time so that they will time out and nothing gets filtered and no
SA stuff show up in the mail headers.

Seems NOT to be dns (Net::DNS.pm 0.83)


is there high CPU load?

reduce the number of parallel scans by limit the number of parallel
connections from outside

or try to get rid of most zombies by using something like postscreen
with RBL scoring in front which should kill at least 90% of all zombies
before they ever touch the contentfilter



Scans just take  lots of time even in a Core i7 12 Gb RAM machine.


Dec 20 15:38:40.122 [32616] dbg: dns: attempt 1/3, trying connect/sendto 
to [192.168.1.122]:53
Dec 20 15:38:40 whirlwind spamd[32616]: dns: bgsend, DNS servers: 
[192.168.1.122]:53, [192.168.1.120]:53, [192.168.1.121]:53
Dec 20 15:38:40 whirlwind spamd[32616]: dns: attempt 1/3, trying 
connect/sendto to [192.168.1.122]:53
Dec 20 15:38:40.122 [32616] dbg: dns: providing a callback for id: 
7965/IN/TXT/cust-spf.exacttarget.com
Dec 20 15:38:40 whirlwind spamd[32616]: dns: providing a callback for 
id: 7965/IN/TXT/cust-spf.exacttarget.com
Dec 20 15:38:40.138 [32616] dbg: dns: dns reply to 
57100/IN/A/70.203.232.68.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32616]: dns: dns reply to 
57100/IN/A/70.203.232.68.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.141 [32616] dbg: dns: dns reply to 
18282/IN/A/70.203.232.68.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32616]: dns: dns reply to 
18282/IN/A/70.203.232.68.sbl.spamhaus.org: NXDOMAIN

Dec 20 15:38:40.267 [32616] dbg: dns: dns reply 7965 is OK, 1 answer records

Dec 20 15:38:40 whirlwind spamd[32616]: dns: dns reply 7965 is OK, 1 
answer records
Dec 20 15:38:40.331 [32615] dbg: dns: dns reply to 
24245/IN/A/127.80.71.54.dnsbl.sorbs.net: NXDOMAIN

Dec 20 15:38:40.332 [32615] dbg: dns: harvest_dnsbl_queries - check_tick

Dec 20 15:38:40 whirlwind spamd[32615]: dns: dns reply to 
24245/IN/A/127.80.71.54.dnsbl.sorbs.net: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32615]: dns: harvest_dnsbl_queries - 
check_tick

Dec 20 15:38:40.333 [32615] dbg: dns: dns reply 2786 is OK, 1 answer records

Dec 20 15:38:40 whirlwind spamd[32615]: dns: dns reply 2786 is OK, 1 
answer records
Dec 20 15:38:40.334 [32615] dbg: dns: hit 
<dns:185.69.108.84.dnsbl.sorbs.net> 127.0.0.10
Dec 20 15:38:40 whirlwind spamd[32615]: dns: hit 
<dns:185.69.108.84.dnsbl.sorbs.net> 127.0.0.10

Dec 20 15:38:40.429 [32616] dbg: dns: harvested completed queries
Dec 20 15:38:40 whirlwind spamd[32616]: dns: harvested completed queries

Dec 20 15:38:40.711 [32597] dbg: dns: dns reply to 
48073/IN/A/252.6.236.130.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
48073/IN/A/252.6.236.130.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.712 [32597] dbg: dns: dns reply to 
6661/IN/A/252.6.236.130.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
6661/IN/A/252.6.236.130.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.712 [32597] dbg: dns: dns reply to 
42072/IN/A/2.125.36.192.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
42072/IN/A/2.125.36.192.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.713 [32597] dbg: dns: dns reply to 
60885/IN/A/244.6.236.130.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
60885/IN/A/244.6.236.130.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.713 [32597] dbg: dns: dns reply to 
46881/IN/A/2.125.36.192.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
46881/IN/A/2.125.36.192.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.714 [32597] dbg: dns: dns reply to 
20308/IN/A/244.6.236.130.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
20308/IN/A/244.6.236.130.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.714 [32597] dbg: dns: dns reply to 
11664/IN/A/99.34.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
11664/IN/A/99.34.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.715 [32597] dbg: dns: dns reply to 
62846/IN/A/99.34.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
62846/IN/A/99.34.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.715 [32597] dbg: dns: dns reply to 
29177/IN/A/99.32.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
29177/IN/A/99.32.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.716 [32597] dbg: dns: dns reply to 
37619/IN/A/99.32.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
37619/IN/A/99.32.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.716 [32597] dbg: dns: dns reply to 
52131/IN/A/99.38.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
52131/IN/A/99.38.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.717 [32597] dbg: dns: dns reply to 
25467/IN/A/99.36.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
25467/IN/A/99.36.239.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.717 [32597] dbg: dns: dns reply to 
31506/IN/A/99.36.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
31506/IN/A/99.36.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.718 [32597] dbg: dns: dns reply to 
9452/IN/A/99.38.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
9452/IN/A/99.38.239.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.718 [32597] dbg: dns: dns reply to 
11812/IN/A/4.135.252.150.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
11812/IN/A/4.135.252.150.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.719 [32597] dbg: dns: dns reply to 
32452/IN/A/4.135.252.150.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
32452/IN/A/4.135.252.150.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.719 [32597] dbg: dns: dns reply to 
37655/IN/A/50.255.109.208.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
37655/IN/A/50.255.109.208.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.720 [32597] dbg: dns: dns reply to 
13801/IN/A/106.128.252.150.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
13801/IN/A/106.128.252.150.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.720 [32597] dbg: dns: dns reply to 
35885/IN/A/50.255.109.208.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
35885/IN/A/50.255.109.208.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.721 [32597] dbg: dns: dns reply to 
53838/IN/A/106.128.252.150.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
53838/IN/A/106.128.252.150.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.721 [32597] dbg: dns: dns reply to 
14274/IN/A/50.185.69.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
14274/IN/A/50.185.69.216.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.722 [32597] dbg: dns: dns reply to 
32922/IN/A/50.185.69.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
32922/IN/A/50.185.69.216.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.722 [32597] dbg: dns: dns reply to 
28315/IN/A/56.183.86.80.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
28315/IN/A/56.183.86.80.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.723 [32597] dbg: dns: dns reply to 
3126/IN/A/7.43.29.46.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
3126/IN/A/7.43.29.46.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.723 [32597] dbg: dns: dns reply to 
40465/IN/A/57.182.38.199.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
40465/IN/A/57.182.38.199.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.724 [32597] dbg: dns: dns reply to 
9856/IN/A/57.182.38.199.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
9856/IN/A/57.182.38.199.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.724 [32597] dbg: dns: dns reply to 
56294/IN/A/7.43.29.46.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
56294/IN/A/7.43.29.46.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.725 [32597] dbg: dns: dns reply to 
60596/IN/A/57.183.86.80.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
60596/IN/A/57.183.86.80.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.725 [32597] dbg: dns: dns reply to 
61952/IN/A/119.15.158.207.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
61952/IN/A/119.15.158.207.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.726 [32597] dbg: dns: dns reply to 
42216/IN/A/19.230.185.199.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
42216/IN/A/19.230.185.199.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.726 [32597] dbg: dns: dns reply to 
53922/IN/A/119.15.158.207.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
53922/IN/A/119.15.158.207.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.727 [32597] dbg: dns: dns reply to 
18538/IN/A/199.65.244.207.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
18538/IN/A/199.65.244.207.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.727 [32597] dbg: dns: dns reply to 
19611/IN/A/199.65.244.207.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
19611/IN/A/199.65.244.207.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.728 [32597] dbg: dns: dns reply to 
42265/IN/A/57.183.86.80.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
42265/IN/A/57.183.86.80.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.728 [32597] dbg: dns: dns reply to 
34685/IN/A/19.230.185.199.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
34685/IN/A/19.230.185.199.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.729 [32597] dbg: dns: dns reply to 
14031/IN/A/18.230.185.199.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
14031/IN/A/18.230.185.199.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.729 [32597] dbg: dns: dns reply to 
26916/IN/A/18.230.185.199.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
26916/IN/A/18.230.185.199.sbl.spamhaus.org: NXDOMAIN
Dec 20 15:38:40.730 [32597] dbg: dns: dns reply to 
6752/IN/A/56.183.86.80.zen.spamhaus.org: NXDOMAIN
Dec 20 15:38:40 whirlwind spamd[32597]: dns: dns reply to 
6752/IN/A/56.183.86.80.zen.spamhaus.org: NXDOMAIN

Dec 20 15:38:40.730 [32597] dbg: dns: harvested completed queries
Dec 20 15:38:40 whirlwind spamd[32597]: dns: harvested completed queries

Dec 20 15:38:40.801 [32616] dbg: dns: dns reply to 
56149/IN/A/35.83.245.198.dnsbl.sorbs.net: NXDOMAIN

Dec 20 15:38:40.801 [32616] dbg: dns: harvested completed queries

Dec 20 15:38:40 whirlwind spamd[32616]: dns: dns reply to 
56149/IN/A/35.83.245.198.dnsbl.sorbs.net: NXDOMAIN

Dec 20 15:38:40 whirlwind spamd[32616]: dns: harvested completed queries
Dec 20 15:38:40.806 [32597] dbg: dns: harvest_dnsbl_queries
Dec 20 15:38:40 whirlwind spamd[32597]: dns: harvest_dnsbl_queries
Dec 20 15:38:40.955 [32616] dbg: dns: harvest_dnsbl_queries
Dec 20 15:38:40 whirlwind spamd[32616]: dns: harvest_dnsbl_queries

Dec 20 15:38:40.966 [32616] info: spamd: clean message (2.6/5.0) for 
spam:121 in 128.9 seconds, 23681 bytes.
Dec 20 15:38:40.966 [32616] info: spamd: result: . 2 - 
BAYES_50,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_04,HTML_MESSAGE,KAM_LOTSOFHASH,RCVD_IN_DNSWL_NONE,SPF_FAIL,T_DKIM_INVALID,T_RP_MATCHES_RCVD 
scantime=128.9,size=23681,user=spam,uid=121,required_score=5.0,rhost=gamecock.fredriksson.dy.fi,raddr=192.168.1.123,rport=35492,mid=<5d422aaf-b1a7-4309-9328-bcd0f9715...@xtinp2mta4294.xt.local>,bayes=0.477071,autolearn=no 
autolearn_force=no
Dec 20 15:38:40 whirlwind spamd[32616]: spamd: clean message (2.6/5.0) 
for spam:121 in 128.9 seconds, 23681 bytes.
Dec 20 15:38:40 whirlwind spamd[32616]: spamd: result: . 2 - 
BAYES_50,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_04,HTML_MESSAGE,KAM_LOTSOFHASH,RCVD_IN_DNSWL_NONE,SPF_FAIL,T_DKIM_INVALID,T_RP_MATCHES_RCVD 
scantime=128.9,size=23681,user=spam,uid=121,required_score=5.0,rhost=gamecock.fredriksson.dy.fi,raddr=192.168.1.123,rport=35492,mid=<5d422aaf-b1a7-4309-9328-bcd0f9715...@xtinp2mta4294.xt.local>,bayes=0.477071,autolearn=no 
autolearn_force=no




--
jarif.bit






















					Reply via email to