The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache SpamAssassin problem (not receiving mail)

Discussion in 'EasyApache' started by aingaranweb, Dec 26, 2005.

  1. aingaranweb

    aingaranweb Well-Known Member

    Joined:
    Mar 23, 2003
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Toronto, Ontario
    Hi,

    I'm getting the following error and various other errors while trying to send email to this particular server.

    A lot of emails are just disappearining. No bounceback messages or anything

    Dec 24 23:03:05 10 imapd[5087]: Logout user=??? domain=??? host=localhost [127.0.0.1]
    Dec 24 22:03:05 10 cpanelpop[5099]: Connection from host=127.0.0.1 to ip=127.0.0.1
    Dec 24 22:03:05 10 cpanelpop[5099]: Session Closed host=127.0.0.1 ip=216.239.73.187 user=root realuser= totalxfer=55
    Dec 24 22:03:05 10 spamd[4340]: spamd: connection from localhost [127.0.0.1] at port 32913
    Dec 24 22:03:05 10 spamd[4340]: spamd: setuid to root succeeded
    Dec 24 22:03:05 10 spamd[4340]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody at /usr/bin/spamd line 1150, <GEN9> line 4.
    Dec 24 22:03:05 10 spamd[4340]: spamd: processing message <GTUBE1.1010101@example.net> for root:99
    Dec 24 22:03:05 10 spamd[4340]: mkdir /root/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin.pm line 1467
    Dec 24 22:03:05 10 spamd[4340]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.dfw002.8inet.com.4340 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Dec 24 22:03:05 10 spamd[4340]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.dfw002.8inet.com.4340 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Dec 24 22:03:05 10 spamd[4340]: Can't call method "finish" on an undefined value at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Plugin/AWL.pm line 397, <GEN9> line 30.
    Dec 24 22:03:05 10 spamd[4340]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes.
    Dec 24 22:03:05 10 spamd[4340]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS scantime=0.0,size=834,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=32913,mid=<GTUBE1.1010101@example.net>,autolearn=no
    Dec 24 22:03:05 10 spamd[4315]: prefork: child states: II
    Dec 24 22:03:22 10 spamd[4340]: spamd: connection from localhost [127.0.0.1] at port 32915
    Dec 24 22:03:22 10 spamd[4340]: spamd: setuid to infopol succeeded
    Dec 24 22:03:23 10 spamd[4340]: spamd: processing message (unknown) for infopol:32024
    Dec 24 22:03:23 10 spamd[4340]: Can't locate Mail/SPF/Query.pm in @INC (@INC contains: ../lib /usr/lib/perl5/site_perl/5.8.7/i686-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/5.8.7/i686-linux /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl) at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Plugin/SPF.pm line 272, <GEN10> line 40.
    Dec 24 22:03:23 10 spamd[4340]: spamd: identified spam (12.7/5.0) for infopol:32024 in 1.3 seconds, 4500 bytes.
    Dec 24 22:03:23 10 spamd[4340]: spamd: result: Y 12 - BAYES_50,HTML_30_40,HTML_MESSAGE,HTML_TITLE_UNTITLED,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SBL,URIBL_JP_SURBL,URIBL_OB_ SURBL scantime=1.3,size=4500,user=infopol,uid=32024,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=32915,mid=(unknown),bayes=0.500185842748688,aut olearn=no
    Dec 24 22:03:23 10 spamd[4315]: prefork: child states: II
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    perl /scripts/perlinstaller --force Mail::SPF::Query
     
  3. aingaranweb

    aingaranweb Well-Known Member

    Joined:
    Mar 23, 2003
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Toronto, Ontario
    no success.
     
  4. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    rm -Rfv /root/.spamassassin

    and after that if that does not cure reinstall SA
     
  5. carock

    carock Well-Known Member

    Joined:
    Sep 25, 2002
    Messages:
    232
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    St. Charles, MO
    The SpamAssassin version 3.10 is still beta, and I don't know why anyone would use it for production/stable systems. Unfortunately, cPanel has installed this version for us for some reason.

    Here's a link to the bug at SpamAssassin, and calling it a duplicate of another bug.

    http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4659

    If you look through this system, you'll see there is a LOT of active fixing going on for this version of SpamAssassin, and it's very clear that it shouldn't be put on production servers.

    (at least to me anyway)

    Chuck
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Erm, no.

    Spamassassin v3.10 was release on 2005-09-14 it is certainly not beta.

    cPanel also has no control over the version installed, that's controlled entirely by cpan.org where perl module updates come from (SpamAssassin is, essentially, a perl module).
     
  7. icoso

    icoso Member

    Joined:
    Jul 23, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indy
    Chirpy,

    What do know about Exim and/or Spam assassin causing major load problems on VPS'? I've been having major problems the last several weeks on my VPS at two different hosts. I have had to disable both ClamAV and SpamAssassin to eliminate overload and failures.

    Any insight is helpful.
     
  8. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    SA has allways been a resource hog
    the best thing do do is to tweek exim conf with custom Acls and get rid of as much garbage as posible before it hits the server (reject it at the MTA )

    and installing spamdconf in cpanel module might help ( but i have never used it so I cant comment on it)
     
  9. icoso

    icoso Member

    Joined:
    Jul 23, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indy
    dalem,

    Some example of custom ACls would be helpful. I installed spamdconf a few days ago but it didn't help.

    Thanks,
    Icoso
     
  10. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Just a couple of rbls you can add to your exim conf 3rd window advanced editor

    deny message = rejected because $sender_host_address is \
    is blacklisted at $dnslist_domain\n\
    $dnslist_text
    dnslists = spamhaus.relays.osirusoft.com=127.0.0.6: \
    sbl.spamhaus.org=127.0.0.2: \
    relays.ordb.org


    you can add the cbl , spamcop, xbl.spamhaus.org and trhere are many more how aggressive you want to be is up to you
    I dont use the other three i listed because they block to much legit mail

    Jonathan's anti dictionary attack
    mta surbl block ( blocks a ton of spam before it hits the server there is a howto somewhere around here)
    clamav if your having virus troubles I would not recomend mailscanner on a VPS as it can consume alot of resources as well

    my exim conf is extreamly customized to suit me. To much info to post here
     
  11. icoso

    icoso Member

    Joined:
    Jul 23, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indy
    Dalem,


    I added exactly what you said. BUt you mentioned the 3rd window advanced editor. THis window already ahs a bunch of code in it. But it has a blnk window directly above it and below it. Should I add it in the window above or below or in the same window as the rest of the code at the top or bottom?

    Also, I typed it in exactly as you had it:
    deny message = rejected because $sender_host_address is \
    is blacklisted at $dnslist_domain\n\
    $dnslist_text
    dnslists = spamhaus.relays.osirusoft.com=127.0.0.6: \
    sbl.spamhaus.org=127.0.0.2: \
    relays.ordb.org

    How would I add Spamcop to this list?

    Thanks
    Icoso
     
  12. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    In case this is useful to anyone, here's how to add spam blacklists to your Exim mail server. This will block many spammers at the SMTP level, which avoids using server resources to process them further. It could however block some legitimate e-mail so if you have clients you may want to ensure that's what they all want. The two blacklists below are however not overly aggressive as some are (i.e. Spamcop/SPEWS).

    1. Go to WHM and select Exim Configuration Editor
    2. Click on Switch to Advanced Mode
    3. Find where there are 3 entry boxes in a row, go into the middle one that already has text in it
    4. Right after the statement "accept hosts = :", add the following:

    drop dnslists = sbl-xbl.spamhaus.org : \
    list.dsbl.org

    message = REJECTED - Host $sender_host_address is listed in $dnslist_domain=$dnslist_value - $dnslist_text
    log_message = match $dnslist_domain

    5. Click Save

    6. Send a test mail (from your server's SMTP) to nelson-sbl-test@crynwr.com and wait for it to send test results.

    7. Monitor /var/log/exim_rejectlog to see whats actually being rejected.

    Here's a much more aggressive list I use personally as I don't resell. Before using, I'd recommend you research what each one does, and monitor your logs periodically to ensure they are still working.

    drop dnslists = sbl-xbl.spamhaus.org : \
    list.dsbl.org : \
    web.dnsbl.sorbs.net : \
    misc.dnsbl.sorbs.net : \
    http.dnsbl.sorbs.net : \
    smtp.dnsbl.sorbs.net : \
    korea.services.net : \
    dul.dnsbl.sorbs.net

    message = REJECTED - Host $sender_host_address is listed in $dnslist_domain=$dnslist_value - $dnslist_text
    log_message = match $dnslist_domain

    [Edited to update last section with different SBL list]
     
  13. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    thanks!

    forlinuxsupport,

    Thanks for writing this up. I did what you said and it seems to be working. I now see the "match <list>" in the reject_log along with the other reject messages.

    This is particularly useful to me because I have one account on one of my servers that gets a TON of spam and their account alone often causes spamassassin to restart or cranks the load up too high. I'm still trying to figure out other options, including just upgrading the server. But I think this will help. The less spamassassin has to process the better.

    Some follow-up questions, if you don't mind:

    Why do you have multiple sorbs lists? Are they for different things?
    Are there good places to research the lists (other than the lists pages themselves)? I.e. some independent reviews.

    And last, I'd welcome any other recommendations for reducing spam load on the server. My clients like spamassassin so I'd like to keep that around, but tips like the one on this thread are great!

    Thanks!

    -Danimal :cool:
     
  14. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I would assume to target more spam ?

    Also I think the more lists you check the harder spamassassin will work = higher load.

    Just use the "sbl-xbl.spamhaus.org" one, I think it is the best one... please correct me if im wrong.
     
  15. Fernis

    Fernis Well-Known Member

    Joined:
    Oct 28, 2006
    Messages:
    192
    Likes Received:
    1
    Trophy Points:
    18
    How would Spamcop be added to this list?

     
  16. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    change these to look like this

    drop dnslists = sbl-xbl.spamhaus.org : \
    list.dsbl.org : \
    bl.spamcop.net
     
  17. Fernis

    Fernis Well-Known Member

    Joined:
    Oct 28, 2006
    Messages:
    192
    Likes Received:
    1
    Trophy Points:
    18
    Ahh I see. That was simple enough. Thanks for the reply!
     
Loading...

Share This Page