SpamAssassin not scanning messages

[suite224]

Howdy folks, got an odd situation here. I'm not too well versed in this stuff, so please excuse the n00bness

Our customers are getting absolutely bombarded with spam. I'm running 8.0.1 over FC4, and although SpamAssassin says it's running, it doesn't seem to be doing very much.

/etc/rc.d/init.d/spamassassin status
spamd (pid 4682 4681 4680 4679 4678 4672 4671 4670 4669 4668 4650 4640) is running...

When tailing the maillog, I only see one or two messages being scanned per minute (on a machine that has 120 + domains all with spamassassin enabled).

Even more odd, the domains that do seem to get a message scanned are only the first few domains in the alphabetical list. I don't know if that ties in anywhere but I thought it might be worth mentioning.

Here's what I get when I look at ps:


ps -ef | grep spamd
popuser 4640 1 0 12:23 ? 00:00:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
popuser 4650 1 0 12:23 ? 00:00:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_light.pid --socketpath=/tmp/spamd_light.sock --siteconfigpath=/dev/null
popuser 4668 4640 0 12:23 ? 00:00:01 spamd child
popuser 4669 4640 0 12:23 ? 00:00:00 spamd child
popuser 4670 4640 0 12:23 ? 00:00:01 spamd child
popuser 4671 4640 0 12:23 ? 00:00:00 spamd child
popuser 4672 4640 0 12:23 ? 00:00:00 spamd child
popuser 4678 4650 0 12:23 ? 00:00:00 spamd child
popuser 4679 4650 0 12:23 ? 00:00:00 spamd child
popuser 4680 4650 0 12:23 ? 00:00:00 spamd child
popuser 4681 4650 0 12:23 ? 00:00:00 spamd child
popuser 4682 4650 0 12:23 ? 00:00:00 spamd child
root 9072 5890 0 12:28 pts/0 00:00:00 grep spamd


Load average on the machine hovers around 0.20, plenty of memory free... any ideas?

Conspiracy Theory:

One thing I notice is the "--max-children 5"... could something be running that is spawning the maximum amount of allowed children of spamd, thereby tying the process up and not allowing it to scan legit mail?

Any help would be appreciated! Thanks

 

[AbraCadaver]

I need an answer also. I have the same setup on a 1&1 root server (FC4 / Plesk 8.0.1). I have server wide enabled, hits=7 and tag the subject with *****SPAM*****.

No mails are tagged. Also, I thought all emails whether suspected spam or not had some X-Spam headers added to the email? None of my received emails do, spam or otherwise.

I have the following MAPS zones, everything else (other than stated above) is default:

zen.spamhaus.org;bl.spamcop.net;problems.dnsbl.sorbs.net;multihop.dsbl.org;l2.spews.dnsbl.sorbs.net

Thanks!
-Shawn

 

[suite224]

Watching the maillogs for a bit, I wanted to tail an account that I know gets bombarded with spam. What I'm seeing is a majority of the messages that spamd IS scanning for this user are being given negative values, and these are messages that are obvious spam.

tail -f maillog | grep spamd | grep <username>

Feb 21 09:53:56 spamd[6099]: clean message (-0.5/2.0) for <[email protected]>:110 in 0.2 seconds, 5308 bytes.

Can anyone give me insight as to why spamassassin is giving these message negative values and therefore letting them pass through as clean messages?

Thanks!

 

[AbraCadaver]

Maybe us with issues can just reply to each other

I get nothing in my maillog for spamd (grep spamd maillog) even though by all indications it is running, see here: http://forum.swsoft.com/showthread.php?s=&threadid=41204

-Shawn

 

[suite224]

so if you tail -f /usr/local/psa/var/log/maillog, you never see spamd scanning ANY messages?

Everything you've explained in your other post sounds like my exact issue, except for the fact that spamd is never scanning anything. I'm at least getting an occasional scan.

 

[AbraCadaver]

Looks like we're on our own :-(

spamd is not scanning. spamd never appears in maillog, however, I mistyped it once and greped for 'spam'. What I got was many matching lines like this:

qmail: 1172060580.890814 delivery 115: success: /bin/sh:_/usr/local/psa/bin/psa-spamc:_cannot_execute_binary_file/did_1+0+2/

/usr/local/psa/bin/psa-spamc does exist, but guess what, it's empty!

-Shawn

 

[AbraCadaver]

OK, so now I know what I get from this company. If you don't spend above and beyond for support, you get SH*T, even on the public forums.

-Shawn

 

[blank_page]

Hello,

In order for spam assassin to work you need both spamassassin and psa-spamassassin to run.

Check if both are running.
Startup scripts are in /etc/init.d/

You can also check the .qmail files whitin the maildir .
There should be some form of piping there .
If there is none run mchk -v

If all these are at place it should work.


If it still doesn not work. You should force reinstall both of them.
In some case this does not work -> then uninstall the packages (all training will be lost) and install it again.
These would be steps that I would follow to fix.


To torubleshoot and fix it would be required to see some logs.
To see exactly what happands there.

You should not be angry at swsoft just take it as a challange. You will feel better if you fix it. ;-)

 

[AbraCadaver]

Thanks. Yes, they are both running. As for logs and info, I have a related post with much info: http://forum.swsoft.com/showthread.php?s=&threadid=41204

This is a fresh install of Plesk and so I guess I just expected that it would work!?!? I would feel better if someone from swsoft at least made an effort to help.

-Shawn