Spam assasin a zahlcení systému

Vladislav Večerek vlada na nemrum.cz
Pondělí Březen 15 08:08:15 CET 2004 

Zdravim, tak sem tu opjet s tématem antispamu...

Rozjel sem spamassasina, 
nastaveni /etc/procmailrc

:0fw
| /usr/bin/spamassassin

:0:
* ^X-Spam-Flag: YES
! spam na nemrum.cz


problem je ale ten že to šíleně zpomaluje servr mam tu PIII 550MHz s 256M RAM 60GHDD a po spuštení tohohle antispamu se totalne zahltil po jednom dnu servr ze z toho skolaboval i postfix (ranos em to cely restartoval a nahrnulo se XX zprav které byly kdesi zaseklý)

takhle vypadá část maillogu při zaplím spamassasinu

Mar 15 07:08:09 matej postfix/cleanup[2512]: E14123E018C: message-id=<c2uskk$im$1 na sea.gmane.org>
Mar 15 07:08:09 matej postfix/cleanup[2511]: E26B23E018D: message-id=<200403131152.i2DBqb0a026844 na mioko.mobil.cz>
Mar 15 07:08:09 matej postfix/nqmgr[2435]: 43BB93E0134: from=<hotesc0rtgrrl na yahoo.com>, size=1179, nrcpt=1 (queue active)
Mar 15 07:08:09 matej postfix/smtpd[2507]: disconnect from localhost[127.0.0.1]
Mar 15 07:08:09 matej postfix/smtpd[2591]: connect from localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2491]: 145B83E0067: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2470]: 6EF8A3E017A: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2472]: 7DA253E017C: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2469]: 7DB533E017D: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2475]: 801253E018E: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2600]: 828263E018F: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2480]: 84F2D3E0190: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2488]: 876373E0191: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2492]: A23D93E0192: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2495]: A72093E0193: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2479]: B0E6B3E0194: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2500]: B35643E0195: client=localhost[127.0.0.1]
Mar 15 07:08:10 matej postfix/smtpd[2552]: B835F3E0196: client=localhost[127.0.0.1]
Mar 15 07:08:11 matej postfix/local[2610]: E69443E00F7: to=<laborator na nemrum.cz>, relay=local, delay=102, status=sent ("|/usr
/bin/procmail")
Mar 15 07:08:11 matej postfix/cleanup[2562]: 217AB3E00F8: message-id=<1079179429.19734.27.camel na prog-11.hk.tmapy.cz>
Mar 15 07:08:12 matej postfix/smtpd[2489]: disconnect from localhost[127.0.0.1]
Mar 15 07:08:12 matej postfix/smtpd[2592]: connect from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/nqmgr[2435]: 543543E00FB: from=<email na idnes.cz>, size=11263, nrcpt=1 (queue active)
Mar 15 07:08:13 matej postfix/smtpd[2553]: disconnect from localhost[127.0.0.1]
Mar 15 07:08:13 matej procmail[2743]: Error while writing to "/var/log/procmail.log"
Mar 15 07:08:13 matej postfix/smtpd[2591]: 2206E3E0022: client=localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2472]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/cleanup[2494]: 145B83E0067: message-id=<20040315060813.145B83E0067 na matej.nemrum.cz>
Mar 15 07:08:13 matej postfix/cleanup[2533]: 6EF8A3E017A: message-id=<200403131227.i2DCRMBr011178 na mioko.mobil.cz>
Mar 15 07:08:13 matej postfix/smtpd[2469]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2596]: connect from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2598]: connect from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2595]: connect from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2475]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2594]: connect from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2600]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:08:13 matej postfix/smtpd[2599]: connect from localhost[127.0.0.1]
Mar 15 07:08:14 matej postfix/smtpd[2481]: 14AE63E00F4: client=localhost[127.0.0.1]
Mar 15 07:08:14 matej postfix/smtpd[2482]: 14C023E0197: client=localhost[127.0.0.1]
Mar 15 07:08:14 matej postfix/smtpd[2483]: 14CCC3E0198: client=localhost[127.0.0.1]

a takhle kdyz jsem to vypnul.. loguje toho tam celkem dost ani nevim proč. po tejdnu ma tento soubor cca 250M a to mi prijde na servr max 2000 mailu za tejden

Mar 15 07:58:25 matej postfix/smtpd[8206]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8222]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8207]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8232]: 7B21C3E0067: message-id=<20040315065825.7B21C3E0067 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8190]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8328]: 7B2CC3E0068: message-id=<20040315065825.7B2CC3E0068 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8203]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8233]: 7D8CD3E0069: message-id=<20040315065825.7D8CD3E0069 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8229]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8274]: 7DA273E006A: message-id=<20040315065825.7DA273E006A na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8237]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8239]: 7DADE3E006B: message-id=<203543362896311706862087 na onbjm.uud>
Mar 15 07:58:25 matej postfix/smtpd[8253]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8214]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8234]: 7DB923E006C: message-id=<20040315065825.7DB923E006C na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8254]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8342]: 7DC4A3E00F4: message-id=<20040315065825.7DC4A3E00F4 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8206]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8263]: 7FDEF3E00F5: message-id=<20040315065825.7FDEF3E00F5 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8222]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8270]: 7FECC3E00F6: message-id=<20040315065825.7FECC3E00F6 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8253]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8327]: 850A13E00F7: message-id=<20040315065825.850A13E00F7 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8199]: D14243E0022: client=localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8242]: D157A3E0065: client=localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8199]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8199]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8264]: D14243E0022: message-id=<20040315065825.D14243E0022 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8256]: D2FAB3E0022: client=localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8252]: D30913E0067: client=localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8242]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8242]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8293]: D157A3E0065: message-id=<20040315065825.D157A3E0065 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8256]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8256]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8978]: D2FAB3E0022: message-id=<20040315065825.D2FAB3E0022 na matej.nemrum.cz>
Mar 15 07:58:25 matej postfix/smtpd[8252]: lost connection after DATA from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/smtpd[8252]: disconnect from localhost[127.0.0.1]
Mar 15 07:58:25 matej postfix/cleanup[8979]: D30913E0067: message-id=<299698662469365217245567 na cybwcdz.hu>
Mar 15 07:58:32 matej ipop3d[11270]: pop3 service init from 192.168.1.51

pro upresnění používam tu antivir VirusBuster který běží na protu 25 a postfix beží na 2525 a zpravy si mezi sebou predavaj.

tohle je výpis z top při spušteném spamassasinu

 07:38:13  up 32 min,  3 users,  load average: 4,34, 6,88, 5,44
203 processes: 197 sleeping, 6 running, 0 zombie, 0 stopped
CPU states:  93,4% user   4,1% system   0,0% nice   0,0% iowait   2,3% idle
Mem:   254236k av,  176640k used,   77596k free,       0k shrd,   12128k buff
                    117628k actv,   11672k in_d,    3652k in_c
Swap:  522104k av,  164024k used,  358080k free                   50992k cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
 6677 vlada     25   0 56388 8312   300 R    65,3  3,2   4:47   0 spamassassin
 7604 karbula   24   0 12064  11M  2000 R    28,8  4,7   0:01   0 spamassassin
 7198 root      16   0   912  912   544 R     0,9  0,3   0:03   0 top
 2927 squid     15   0 10980 6132   896 S     0,7  2,4   0:47   0 squid
 4065 root      15   0  9116 4616  1440 S     0,3  1,8   0:10   0 rhn-applet-gui


vym že je to obtižne odpovědet na dotaz tohoto typu, ale za pokus to stoji, mam tu RH9.0

a local.cf pro spamassiasina je nastaven takto

required_hits           4
rewrite_subject         1
report_safe             1
subject_tag             [SPAM]
use_bayes               1
auto_learn              1

Předem děkuji a spozdravem V.Večerek

Další informace o konferenci Linux