Thanks for the help! On Fri, May 07, 2004 at 03:20:09PM +0200, Daniel Hartmeier wrote: > > Which version of spamd is that, exactly? Can you check the $OpenBSD$ tag > at the top of spamd.c?
/* $OpenBSD: spamd.c,v 1.64 2004/03/17 14:42:20 beck Exp $ */ I'll grab 1.66 and see how it goes. > Make sure you have syslogd.conf set up correctly, so it does store > LOG_INFO (and LOG_DEBUG, if you want that). !spamd daemon.err;daemon.warn;daemon.info /var/log/spamd debug.log gets what I'd expect, but the spamd log never gets anything but connect/disconnect messages. And of course, both die... > > The second issue is that all logging dies, usually in under 10 minutes: > > I've never seen that, are you sure syslog is not receiving anything from > spamd (like spamd's syslog handle becomes somehow invalid) as compared > to syslogd stopping logging them (or, simply, newsyslogd rotating the > file, and your viewer not re-opening the file ;) This one's getting stranger still. After mucho troubleshooting yesterday, I say with quite a lot of confidence that the logging always stops on 10 minute boundaries. 18:00, or 18:10, or 18:20, etc, but not on EVERY 10 minute boundary. I got it to run for 45 minutes a few times. But when it died, it was at a time ending in 0 (minutes that is). Stopping spamd and restarting will always get the logging going again. Stopping syslogd and restarting has no effect. I'm positive it's not just a new file. :-) First thing I checked. For whatever reason, the syslog handle appears to be going bad. > > (GREY) 213.201.23.96: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> > > > > Any concern here? I assume it's a harmless notice from the greylisting > > code, but just verifying. :-) > > It's harmless, maybe it should be suppressed if greylisting is not used, > as it has little meaning in that case. It might be useful to look at if > you consider enabling greylisting, but you can just ignore them. It does get quite verbose though! Nearly a hundred per second sometimes. While hunting around the source code for logging problems, I cleaned out the greylisting pieces. :-) 23843 added to <spamd> in the last 24 hrs. Weee... (I clear out addresses older than 24 hrs just to be safe.) jon ps- Unrelated, but interesting tidbit... while there is a wide variance in connect times for clients (from 2 seconds to 600 or more), ~ 90% of them are 52-4 seconds. Changing the delay to 3 seconds per char didn't change it-- the mode remained 52-54 seconds. _I_ thought it was interesting anyway. :-) The spambots hitting me are possibly the same client? And aware of tarpits?
