Dear all,
Sorry for not lurking, but I've got a desparate problem.
System details:
- Mostly Debian Woody
- SA 2.63
- Exim 4.30 with exiscan-acl
- Perl 5.6.1
My config is essentially the one from
http://duncanthrax.net/exiscan-acl/exiscan-acl-examples.txt
It does rejection in SMTP dialogue and that kind of stuff.
Situation:
My mother sent a large picture last night to a friend of hers who has a
hotmail account. Bad idea, obviously it was too large, and so it is
bouncing.
The problem is that my box isn't dealing very well with the bounces, and
I don't understand why.
The bounce itself is around 1.5 MB, and when it comes in, spamd (yes,
spamd, I'm not running the spamassassin script), spamd swells up to a
300 MB process, which is really nasty, given that I only have 192 MB of
RAM on this box.... :-)
I thought spamd shouldn't be touching a message of that size at all...
Anyway, when I woke up this morning, my kernel had killed a lot of
different processes, because it had run out of memory.
So, I tried a few things to try to recover, for example rebuilding the
bayes DB, which is quite large. Finally, I found that
my /var/spool/exim4/scan directory held a number of large bounces to
scan. So, I killed them all with exim4 -Mrm
For a while, I thought that did the trick... However, it looks as if
Hotmail keeps sending me bounces...
The original message has the following status in my logs:
2004-03-06 18:38:21 1AzfiQ-0001CI-4n Completed
Now, when bounces come in, I see this in my logs:
2004-03-07 20:36:58 1B03yB-0003n4-Jt spam acl condition: cannot parse
spamd output
2004-03-07 20:36:58 1B03yB-0003n4-Jt H=mc12-s6.bay6.hotmail.com
(mc12-s6.hotmail.com) [65.54.165.205] Warning: ACL "warn" statement
skipped: condition test deferred:
These messages seem to pop up whenever this happens, but I have never
seen them elsewhere...
Is it something I've done that makes Hotmail continue to send bounces?
Is there something I can do to stop that? I don't see any outgoing
messages in my queue.
I don't think it is a problem with runaway processes, it is just a
single incoming message, and there is nothing to indicate that it is
chewing on many messages in parallell. I've got "-m 13", BTW.
If I have understood the config I have correctly, I do not have anything
in the exim config that sets a limit on the size of messages to be
scanned. I have thought that spamc would take care of that. But with
exiscan-acl, perhaps it has its own client? Could this be the problem?
How would I set up Exim with a limit on the message size to scan?
Or is it something else entirely?
I really love SA, about 90% of my spam is rejected at SMTP-time, I've
seen 0.01% false positives, and for some time, I had 0.1% spams finding
its way to my inbox, but it is up to about 1%, now, but I'm sure 2.70
will take it way down again! :-)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net webmaster@skepsis.no editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC
Sorry for not lurking, but I've got a desparate problem.
System details:
- Mostly Debian Woody
- SA 2.63
- Exim 4.30 with exiscan-acl
- Perl 5.6.1
My config is essentially the one from
http://duncanthrax.net/exiscan-acl/exiscan-acl-examples.txt
It does rejection in SMTP dialogue and that kind of stuff.
Situation:
My mother sent a large picture last night to a friend of hers who has a
hotmail account. Bad idea, obviously it was too large, and so it is
bouncing.
The problem is that my box isn't dealing very well with the bounces, and
I don't understand why.
The bounce itself is around 1.5 MB, and when it comes in, spamd (yes,
spamd, I'm not running the spamassassin script), spamd swells up to a
300 MB process, which is really nasty, given that I only have 192 MB of
RAM on this box.... :-)
I thought spamd shouldn't be touching a message of that size at all...
Anyway, when I woke up this morning, my kernel had killed a lot of
different processes, because it had run out of memory.
So, I tried a few things to try to recover, for example rebuilding the
bayes DB, which is quite large. Finally, I found that
my /var/spool/exim4/scan directory held a number of large bounces to
scan. So, I killed them all with exim4 -Mrm
For a while, I thought that did the trick... However, it looks as if
Hotmail keeps sending me bounces...
The original message has the following status in my logs:
2004-03-06 18:38:21 1AzfiQ-0001CI-4n Completed
Now, when bounces come in, I see this in my logs:
2004-03-07 20:36:58 1B03yB-0003n4-Jt spam acl condition: cannot parse
spamd output
2004-03-07 20:36:58 1B03yB-0003n4-Jt H=mc12-s6.bay6.hotmail.com
(mc12-s6.hotmail.com) [65.54.165.205] Warning: ACL "warn" statement
skipped: condition test deferred:
These messages seem to pop up whenever this happens, but I have never
seen them elsewhere...
Is it something I've done that makes Hotmail continue to send bounces?
Is there something I can do to stop that? I don't see any outgoing
messages in my queue.
I don't think it is a problem with runaway processes, it is just a
single incoming message, and there is nothing to indicate that it is
chewing on many messages in parallell. I've got "-m 13", BTW.
If I have understood the config I have correctly, I do not have anything
in the exim config that sets a limit on the size of messages to be
scanned. I have thought that spamc would take care of that. But with
exiscan-acl, perhaps it has its own client? Could this be the problem?
How would I set up Exim with a limit on the message size to scan?
Or is it something else entirely?
I really love SA, about 90% of my spam is rejected at SMTP-time, I've
seen 0.01% false positives, and for some time, I had 0.1% spams finding
its way to my inbox, but it is up to about 1%, now, but I'm sure 2.70
will take it way down again! :-)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net webmaster@skepsis.no editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC