1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

SpamAssassin not scanning messages

Discussion in 'Plesk for Linux - 8.x and Older' started by suite224, Feb 15, 2007.

  1. suite224

    suite224 Guest

    Howdy folks, got an odd situation here. I'm not too well versed in this stuff, so please excuse the n00bness :)

    Our customers are getting absolutely bombarded with spam. I'm running 8.0.1 over FC4, and although SpamAssassin says it's running, it doesn't seem to be doing very much.

    /etc/rc.d/init.d/spamassassin status
    spamd (pid 4682 4681 4680 4679 4678 4672 4671 4670 4669 4668 4650 4640) is running...

    When tailing the maillog, I only see one or two messages being scanned per minute (on a machine that has 120 + domains all with spamassassin enabled).

    Even more odd, the domains that do seem to get a message scanned are only the first few domains in the alphabetical list. I don't know if that ties in anywhere but I thought it might be worth mentioning.

    Here's what I get when I look at ps:

    ps -ef | grep spamd
    popuser 4640 1 0 12:23 ? 00:00:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
    popuser 4650 1 0 12:23 ? 00:00:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_light.pid --socketpath=/tmp/spamd_light.sock --siteconfigpath=/dev/null
    popuser 4668 4640 0 12:23 ? 00:00:01 spamd child
    popuser 4669 4640 0 12:23 ? 00:00:00 spamd child
    popuser 4670 4640 0 12:23 ? 00:00:01 spamd child
    popuser 4671 4640 0 12:23 ? 00:00:00 spamd child
    popuser 4672 4640 0 12:23 ? 00:00:00 spamd child
    popuser 4678 4650 0 12:23 ? 00:00:00 spamd child
    popuser 4679 4650 0 12:23 ? 00:00:00 spamd child
    popuser 4680 4650 0 12:23 ? 00:00:00 spamd child
    popuser 4681 4650 0 12:23 ? 00:00:00 spamd child
    popuser 4682 4650 0 12:23 ? 00:00:00 spamd child
    root 9072 5890 0 12:28 pts/0 00:00:00 grep spamd

    Load average on the machine hovers around 0.20, plenty of memory free... any ideas?

    Conspiracy Theory:

    One thing I notice is the "--max-children 5"... could something be running that is spawning the maximum amount of allowed children of spamd, thereby tying the process up and not allowing it to scan legit mail?

    Any help would be appreciated! Thanks :)
  2. AbraCadaver

    AbraCadaver Guest

    I need an answer also. I have the same setup on a 1&1 root server (FC4 / Plesk 8.0.1). I have server wide enabled, hits=7 and tag the subject with *****SPAM*****.

    No mails are tagged. Also, I thought all emails whether suspected spam or not had some X-Spam headers added to the email? None of my received emails do, spam or otherwise.

    I have the following MAPS zones, everything else (other than stated above) is default:


  3. suite224

    suite224 Guest

    Watching the maillogs for a bit, I wanted to tail an account that I know gets bombarded with spam. What I'm seeing is a majority of the messages that spamd IS scanning for this user are being given negative values, and these are messages that are obvious spam.

    tail -f maillog | grep spamd | grep <username>

    Feb 21 09:53:56 spamd[6099]: clean message (-0.5/2.0) for <username@domain.tld>:110 in 0.2 seconds, 5308 bytes.

    Can anyone give me insight as to why spamassassin is giving these message negative values and therefore letting them pass through as clean messages?

  4. AbraCadaver

    AbraCadaver Guest

  5. suite224

    suite224 Guest

    so if you tail -f /usr/local/psa/var/log/maillog, you never see spamd scanning ANY messages?

    Everything you've explained in your other post sounds like my exact issue, except for the fact that spamd is never scanning anything. I'm at least getting an occasional scan.
  6. AbraCadaver

    AbraCadaver Guest

    Looks like we're on our own :-(

    spamd is not scanning. spamd never appears in maillog, however, I mistyped it once and greped for 'spam'. What I got was many matching lines like this:

    qmail: 1172060580.890814 delivery 115: success: /bin/sh:_/usr/local/psa/bin/psa-spamc:_cannot_execute_binary_file/did_1+0+2/

    /usr/local/psa/bin/psa-spamc does exist, but guess what, it's empty!

  7. AbraCadaver

    AbraCadaver Guest

    OK, so now I know what I get from this company. If you don't spend above and beyond for support, you get SH*T, even on the public forums.

  8. blank_page

    blank_page Regular Pleskian

    Dec 17, 2006
    Likes Received:

    In order for spam assassin to work you need both spamassassin and psa-spamassassin to run.

    Check if both are running.
    Startup scripts are in /etc/init.d/

    You can also check the .qmail files whitin the maildir .
    There should be some form of piping there .
    If there is none run mchk -v

    If all these are at place it should work.

    If it still doesn not work. You should force reinstall both of them.
    In some case this does not work -> then uninstall the packages (all training will be lost) and install it again.
    These would be steps that I would follow to fix.

    To torubleshoot and fix it would be required to see some logs.
    To see exactly what happands there.

    You should not be angry at swsoft just take it as a challange. You will feel better if you fix it. ;-)
  9. AbraCadaver

    AbraCadaver Guest

    Thanks. Yes, they are both running. As for logs and info, I have a related post with much info: http://forum.swsoft.com/showthread.php?s=&threadid=41204

    This is a fresh install of Plesk and so I guess I just expected that it would work!?!? I would feel better if someone from swsoft at least made an effort to help.