The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssasin : problems with some emails...

Discussion in 'E-mail Discussions' started by dexus, Jun 9, 2008.

  1. dexus

    dexus Well-Known Member

    Joined:
    Jan 14, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I noticed that SpamAssasin after last cPanel Release upgrade have problems with some emails... When SpamAssasin can't parse some email following error is loged in exim_paniclog and exim_mainlog...

    Code:
    2008-06-08 16:32:08 1K5Lwd-0001Vn-A8 spam acl condition: cannot parse spamd output
    
    For example this email can not be properly parsed...

    Code:
    Subject: MSG ID:62304 Make her wet
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
     boundary="0E7BEC25F499B23"
    X-Spam-Status: No, score=
    X-Spam-Score: 
    X-Spam-Bar: 
    X-Spam-Flag: NO
    
    --0E7BEC25F499B23
    Content-Type: text/plain;
     charset=iso-8859-1
    Content-Transfer-Encoding: quoted-printable
    
    There’s nothing more impressive than a man with confidence. =
    Confidence with the Ladies and inner confidence comes with impressive =
    physical attributes.
    Here is the solution to pleasuring the ladies and upsizing your manhood:
    MAXGAIN+ , The world’s breakthrough Mens Formula
    - Manufactured in FDA approved laboratories
    - Proven, MASSIVE gains of more than three inches
       - Increase the duration of your erection
    - No more becoming flaccid during intercourse
    - Double your volume of ejaculate
    Available for a very limited period only – grasp the chance to =
    become a real Man today.
    Visit www.xxxxxxxx
         
    --0E7BEC25F499B23
    Content-Type: text/html;
     charset=iso-8859-1
    Content-Transfer-Encoding: quoted-printable
    
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML><HEAD>
    <META http-equiv=3DContent-Type content=3D"text/html; =
    charset=3Diso-8859-1">
    <STYLE></STYLE>
    </HEAD>
    <BODY>
    <html>
    <p>There’s nothing more impressive than a man with confidence. =
    Confidence with the Ladies and inner confidence comes with impressive =
    physical attributes.</p>
    
    <p>Here is the solution to pleasuring the ladies and upsizing your =
    manhood:</p>
    
    <p>MAXGAIN+ , The world’s breakthrough Mens Formula</p>
    
    <p>- Manufactured in FDA approved laboratories</p>
    <p>- Proven, MASSIVE gains of more than three inches</p>  =20
    <p>- Increase the duration of your erection</p>
    <p>- No more becoming flaccid during intercourse</p>
    <p>- Double your volume of ejaculate</p>
    
    <p>Available for a very limited period only – grasp the chance to =
    become a real Man today.</p>
    
    <p>Visit <a href=3D"http://xxxxxxxx">www.xxxxxxxx</a></p>     =20
    </html></BODY></HTML>
    --0E7BEC25F499B23--
    
     
  2. blaster701

    blaster701 Member

    Joined:
    Mar 16, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    same here

    I cannot figure out what's wrong in spamd conf, sockets or perl module Mail::SpamAssassin, but "spam acl error" occurs at least once per hour, letting obvious spam mails to go through filter with No-Score.

    spamd -D --lint gave no errors, maybe acl is malformed, so those particular mails break the process.

    At the same time of error SpamAssassin writes a file in /tmp, which is new for us.

    If anyone can bring light here it will be very appreciated.

    Thanks in advance for your time,

    BTW
    Perl Version is 5.8.8, SpamAssassin 3.2.4, Mail::SpamAssassin 3.002004 (holdback)
     
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I see the same messages. I don't consider it real ipmortant (for me) - Over the past five days I've seen that exactly five times (at various times on various days) and we have hundreds of thousands of messages go through over the course of that time. So it's pretty rare.

    Unfortunately I don't have the source messages to check them out at this time.

    Mike
     
  4. blaster701

    blaster701 Member

    Joined:
    Mar 16, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    our problem was quickly solved by cpanel support tech staff. SpamAssassin was not configurated properly at

    Code:
    /etc/cpspamd.conf
    As occasionally mail load processing was high, spamd childs refused to work, giving that "acl spam condition" error.
    Try to increase connections per child and/or number of childs accordingly to your server performance (check SpamAssassin documentation)
     
  5. Babysittah

    Babysittah Registered

    Joined:
    Dec 2, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I'm sure it was not properly created, I have noticed it too.
     
  6. rclemings

    rclemings Member

    Joined:
    Nov 5, 2007
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    Was this problem (from 6/9/08) ever solved? I did a manual upgrade last night to cPanel 11.23.3-S25971 (stable). Ever since then, I've been getting these errors -- about one per minute at their peak.

    I've got spamd's maximum children set at 25 now, and maximum processes per child at 35, so I don't think that could be the problem.

    It's got to be something that's changed between v11.18 and v11.23. But what?

    rac

     
  7. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Same problem here... :(
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
  9. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    i can't at the moment, i am not allowed to open access to 3rd parties unless its a catastrophic situation.

    is there something that can help me debug the problem by myself?
     
  10. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Anyone solved this problem please?
     
  11. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I must laugh at that. At the same time, I feel bad for you. I undestand things beyond your control because maybe you do not control the policy in your company. It's ashame though that they would state that things couldn't be opened up to the people who you pay to provide you with support. yikes.

    Of course I've been down similar roads before so I can sympathize with you.

    Mike
     
  12. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I don't see this happen very often, but I do see that it happened with an inbound message on a server I manage this morning. So I opened a ticket iwth Cpanel to see if they could take a look at it - just to help those of you out who can't open a ticket iwth Cpanel.

    Not sure what they will find out though.

    Info in exim_mainlog shows:
    2008-07-14 01:08:44 1KIGI4-00007j-M7 spam acl condition: cannot parse spamd output
    2008-07-14 01:08:44 1KIGI4-00007j-M7 H=nf-out-0910.google.com [64.233.182.189] Warning: ACL "warn" statement skipped: condition test deferred
    2008-07-14 01:08:44 1KIGI4-00007j-M7 H=nf-out-0910.google.com [64.233.182.189] Warning: "SpamAssassin as gemoon detected message as NOT spam ()"
    2008-07-14 01:08:49 1KIGI4-00007j-M7 <= some_email_address@gmail.com H=nf-out-0910.google.com [64.233.182.189] P=esmtp S=10910940 id=4548bc380807132207y647d7f79u385445c46e63147@mail.gmail.com T="some subject"
    2008-07-14 01:08:49 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1KIGI4-00007j-M7
    2008-07-14 01:08:50 1KIGI4-00007j-M7 => someuser <someaddress@somedomain.com> R=virtual_user T=virtual_userdelivery
    2008-07-14 01:08:50 1KIGI4-00007j-M7 Completed

    mike
     
  13. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    As you stated, its beyond my control :(

    So far, my tests show that with a recent spamassassin update, the return status from spamd is not recognized by Exim's ACL, thus the no score () in the error message.

    Probably the ACL is outdated and doesn't cover all the different return codes from spamd.
     
  14. rclemings

    rclemings Member

    Joined:
    Nov 5, 2007
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    It's been mostly resolved in my case. My ISP filed a ticket with CPanel and the result, after a few days of trying other things, was a perl reinstall, I am told.

    I'm still seeing an occasional spamd failure (one in the past 24 hours) but nothing like before, when it was several times per hour.
     
  15. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Then we have the same problem since these errors aren't very frequent here either.

    The problem is that /tmp is fill up with spamassassin temporary files and the logs are filling up by the end of the week.
     
  16. rclemings

    rclemings Member

    Joined:
    Nov 5, 2007
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    Well, you can always delete the tmp files periodically and take care of that problem. I'm surprised you're having problems with the logs if the failures are infrequent. I went back and checked, and at the peak I was getting one failure per minute, and the logs faithfully recorded every one without problems. Of course, I do enjoy seeing a nice zero-byte paniclog file as much as anybody.
     
  17. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    thats not a real solution, its obvious that Exim ACLs or Spamassassin have a bug that causes this, the cPanel developers should find and fix the problem.
     
  18. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Anyone managed to resolve this problem?
     
  19. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    I think i solved it, found the bug and fixed it. I'll wait for a day and if i don't find any more temp files from crashed spamd processes then i'll explain how i fixed it, otherwise... i messed up :D

    Still, things are looking good, haven't had a spamd process die in over 12 hours now...
     
  20. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Here is how to fix the problem:

    1) stop exim/clam/spamd, while we do our updates
    service exim stop

    2) clean temporary directories (very important step)
    rm -rf /home/.cpan/*
    rm -rf /home/.cpcpan/*
    rm -rf /var/lib/spamassassin/*
    rm -rf /tmp/.spamassassin*

    3) delete existing SA in order to force it to recompile
    rm -rf /usr/local/bin/spamassassin
    rm -rf /usr/bin/spamassassin

    4) re-do perl libs and recompile SA
    /scripts/installspam

    5) restart everything
    service exim start


    PS:
    the clue here is the path /var/lib/spamassassin/ which most people don't know it exists, and its why those with the bug can't get it fixed even if they reinstall SA, that directory must be deleted.

    PS2:
    edit your /etc/cpspamd.conf and make sure you have sensible values, like maxconnperchild should be at least 200 (i use 500 or 2000 depending on the server), max children to at least 3 (i use 5 or 10).

    PS3:
    now leave the system running for a while and check back on it by looking for the dump files under /tmp with: ls -la /tmp |grep -v sess

    PS4:
    use the above at your own risk, if it kills your dog, steals your bank accounts, i can't be held responsible :D
     
Loading...

Share This Page