Date: Fri, 27 Oct 2006 16:29:55 +0200 From: peter@bgnett.no (Peter N. M. Hansteen) To: "Michael W. Lucas" <mwlucas@blackhelicopters.org> Cc: questions@freebsd.org Subject: Re: pfspamd greylisting stuttering at everything Message-ID: <87ejstomqk.fsf@thingy.datadok.no> In-Reply-To: <20061026160201.GA4801@bewilderbeast.blackhelicopters.org> (Michael W. Lucas's message of "Thu, 26 Oct 2006 12:02:01 -0400") References: <87ods3wo27.fsf@amidala.kakemonster.bsdly.net> <20061026160201.GA4801@bewilderbeast.blackhelicopters.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Michael W. Lucas" <mwlucas@blackhelicopters.org> writes: > Before starting pfspamd today, I checked my spamdb. spamdb listed 12 > entries. After 3 hours, spamdb listed the same 12 entries. spamdb not getting updated like that sounds *wrong*. It almost sounds like spamdb isn't actually getting called (or perhaps core dumps at startup) or possibly a file permissions problem is preventing it from updating, ie does the _spamd user have write permission to /var/db/spamdb? What you are seeing is really, really strange at any rate. > My spamd logs to /var/log/spam, which has many interesting entries in it: > > Oct 26 11:18:31 bewilderbeast spamd[731]: (GREY) 216.136.204.119: <owner-doc-committers@FreeBSD.org> -> <mwlucas@blackhelicopters.org> > Oct 26 11:18:40 bewilderbeast spamd[731]: 204.127.192.84: connected (12/1) > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: From: Leila Wood <uzzfnh@fantasy-heaven.de> > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: To: mwlucas@blackhelicopters.org > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Subject: caustic assent > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: This is a multi-part message in MIME format. > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: --------------060605040706020008040508 > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Type: text/html; charset=ISO-8859-1 > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Transfer-Encoding: 7bit > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <html> > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <head> > Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> > Oct 26 11:19:13 bewilderbeast spamd[731]: 204.152.190.11: disconnected after 390 seconds. > Oct 26 11:19:15 bewilderbeast spamd[731]: 12.130.136.42: disconnected after 390 seconds. > Oct 26 11:19:34 bewilderbeast spamd[731]: 89.110.7.178: disconnected after 390 seconds. > Oct 26 11:19:48 bewilderbeast spamd[731]: 200.52.66.237: connected (10/1) This sequence looks pretty normal to me. Here, you should have found a 'GREY' entry for 216.136.204.199 in your spamd database immediately afterwards. If you find out why that isn't happening, you've solved the problem, I think. > I'm running spamd as below: > > pfspamd_flags="-v -G7:4:864 -r451" Not related to the main problem, but I think you could probably get away with a 2 or even 1 minute passtime without ill effects. > All of spamd could use some documentation, but that'll happen. ;-) Well, fwiw it's one of the things I will be writing about in the near future. Good luck, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87ejstomqk.fsf>