Re: [qmailtoaster] Uptick in spam / sa-learn

[Eric Broch]

Hi Steve,

Look at the line in '/var/qmail/supervise/smtp/run' where tcpserver 
initiates the rules of the compiled database (cdb),


'/usr/bin/tcpserver -v -R -H -l $HOSTNAME-x $TCP_CDB-c "$MAXSMTPD"'

specifically,

$TCP_CDB

which translates to,

'/etc/tcprules.d/tcp.smtp.cdb'

which you edit as...

'/etc/tcprules.d/tcp.smtp'.

Dump this file,

# cat /etc/tcprules.d/tcp.smtp

and you should see an entry of the following form (where the QMAILQUEUE 
variable is set to simscan):


QMAILQUEUE="/var/qmail/bin/simscan".

then

# cat /var/qmail/control/simcontrol

and you should see the following lines which indicate that simscan calls 
clamav and spamd:


:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif

Eric




On 2/6/2017 9:47 PM, Steve Linberg wrote:

Hi Eric.

I checked my /var/qmail/supervise/smtp/run and this is what it 
contains. No mention of clamav / spamassassin / simscan:


#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec/usr/bin/softlimit -m 12800 \
  /usr/bin/tcpserver -v -R -H -l $HOSTNAME-x $TCP_CDB-c "$MAXSMTPD"\
 -u "$QMAILDUID"-g "$NOFILESGID"0 smtp \
  $SPAMDYKE--config-file $SPAMDYKE_CONF\
  $SMTPD$VCHKPW/bin/true 2>&1

I haven’t modified it from the stock install.

I don’t have any .qmail-default file anywhere that mentions dspam, but 
the process is running, and when I change /etc/spamassassin/local.cf 
and systemctl restart dspam, it reacts to the changes.


However, right now I”m in a quasi-panic because at some point after 
running sa-learn against 1500+ spams and 2000+ hams, I started having 
massive deliverability problems with almost email being rejected with 
the USER_IN_BLACKLIST tag applied, even when I removed the (relatively 
few) blacklist_from lines in my local.cf and restarted everything, 
even rebooted. There was no explicit blacklist set anywhere, and for 
the life of me I have no idea why that tag is being applied. There’s 
no way that I can find so far to get spamassassin to show the 
blacklist, or indicate where it can be found. The only way I’ve been 
able to restore deliverability so far is to set the score for 
USER_IN_BLACKLIST to 0 in local.cf.


Ack?

- Steve


On Jan 30, 2017, at 11:59 AM, Eric Broch > wrote:


Steve,

I think you mean simscan.

Basically, the email flow is as follows for QMT (look in 
'/var/qmail/supervise/smtp/run'):


1) softlimit

2) tcpserver (utilizes the config file /etc/tcprules.d/tcp.smtp where 
QMAILQUEUE is configured as simscan)


3) simscan (utilizes /var/qmail/control/simcontrol where clamav and 
spamassassin are invoked)


4) clamav & spamassassin

5) spamdyke

6) qmail-smtpd ...


Dspam on the other hand is called later during delivery. I use it in 
.qmail-default.






On 1/30/2017 9:09 AM, Steve Linberg wrote:
Thanks Eric. It’s very likely that I”m confused about this - I am 
using dspam. My understanding is that dspam is the daemon that 
launches SpamAssassin and connects it to qmail, but I admit I’m 
fuzzy on the details. The soup of spam-related things I know I am 
running are:


SpamAssassin: evaluate individual messages and decide whether 
something is spam or not
pyzor: additional information used by SpamAssassin to decide if 
something is spammy or not

dspam: daemon wrapper around SpamAssassin
spamdyke: erm…. something else that connects to SpamAssassin somehow

But again, I’m not completely clear on how it all fits together, and 
it’s entirely possible I’ve got something miswired? On my older 
setup before your modernization of it, spamc was a part of the 
process, but that seems to be removed now?


Whenever I make changes to /etc/spamassassin/local.cf, I activate 
them with “systemctl restart spamd”. I don’t restart qmail.


Any dope-slaps would be most welcome :)

- Steve


On Jan 30, 2017, at 10:59 AM, Eric Broch > wrote:


Steve,

You might try Dspam. I still use it on my home server with a couple 
domains. If you need any help let me know.


Eric


On 1/30/2017 8:39 AM, Steve Linberg wrote:
Thanks for the suggestions, everyone. This is a small-scale system 
that’s mostly for personal use, so unfortunately it doesn’t 
warrant the expense of a standalone appliance for spam, so I’m 
pretty much limited to what I can roll up on the box itself. I’ve 
used SA+qmail in various permutations for about 15 years, and for 
the most part it’s worked reliably and well, but every once in a 
while spammers change tactics and figure out a way through and 
there’s an upsurge for a bit.


I’ll give sa-learn a shot and see if it improves anything.

Cheers,

Steve

--
Steve Linberg, Chief Goblin
Silicon Goblin Technologies
http://silicongoblin.com 

Re: [qmailtoaster] Uptick in spam / sa-learn

[Steve Linberg]

Hi Eric.

I checked my /var/qmail/supervise/smtp/run and this is what it contains. No 
mention of clamav / spamassassin / simscan:

#!/bin/sh   

  
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 12800 \
 /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
 -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
 $SPAMDYKE --config-file $SPAMDYKE_CONF \
 $SMTPD $VCHKPW /bin/true 2>&1

I haven’t modified it from the stock install.

I don’t have any .qmail-default file anywhere that mentions dspam, but the 
process is running, and when I change /etc/spamassassin/local.cf and systemctl 
restart dspam, it reacts to the changes. 

However, right now I”m in a quasi-panic because at some point after running 
sa-learn against 1500+ spams and 2000+ hams, I started having massive 
deliverability problems with almost email being rejected with the 
USER_IN_BLACKLIST tag applied, even when I removed the (relatively few) 
blacklist_from lines in my local.cf and restarted everything, even rebooted. 
There was no explicit blacklist set anywhere, and for the life of me I have no 
idea why that tag is being applied. There’s no way that I can find so far to 
get spamassassin to show the blacklist, or indicate where it can be found. The 
only way I’ve been able to restore deliverability so far is to set the score 
for USER_IN_BLACKLIST to 0 in local.cf.

Ack?

- Steve


> On Jan 30, 2017, at 11:59 AM, Eric Broch  wrote:
> 
> Steve,
> 
> I think you mean simscan.
> 
> Basically, the email flow is as follows for QMT (look in 
> '/var/qmail/supervise/smtp/run'):
> 1) softlimit
> 
> 2) tcpserver (utilizes the config file /etc/tcprules.d/tcp.smtp where 
> QMAILQUEUE is configured as simscan)
> 3) simscan (utilizes /var/qmail/control/simcontrol where clamav and 
> spamassassin are invoked) 
> 4) clamav & spamassassin
> 
> 5) spamdyke
> 
> 6) qmail-smtpd ...
> 
> 
> Dspam on the other hand is called later during delivery. I use it in 
> .qmail-default.
> 
> 
> 
> 
> 
> On 1/30/2017 9:09 AM, Steve Linberg wrote:
>> Thanks Eric. It’s very likely that I”m confused about this - I am using 
>> dspam. My understanding is that dspam is the daemon that launches 
>> SpamAssassin and connects it to qmail, but I admit I’m fuzzy on the details. 
>> The soup of spam-related things I know I am running are:
>> 
>> SpamAssassin: evaluate individual messages and decide whether something is 
>> spam or not
>> pyzor: additional information used by SpamAssassin to decide if something is 
>> spammy or not
>> dspam: daemon wrapper around SpamAssassin
>> spamdyke: erm…. something else that connects to SpamAssassin somehow
>> 
>> But again, I’m not completely clear on how it all fits together, and it’s 
>> entirely possible I’ve got something miswired? On my older setup before your 
>> modernization of it, spamc was a part of the process, but that seems to be 
>> removed now?
>> 
>> Whenever I make changes to /etc/spamassassin/local.cf, I activate them with 
>> “systemctl restart spamd”. I don’t restart qmail.
>> 
>> Any dope-slaps would be most welcome :)
>> 
>> - Steve
>> 
>> 
>>> On Jan 30, 2017, at 10:59 AM, Eric Broch >> > wrote:
>>> 
>>> Steve,
>>> 
>>> You might try Dspam. I still use it on my home server with a couple 
>>> domains. If you need any help let me know.
>>> 
>>> Eric
>>> 
>>> On 1/30/2017 8:39 AM, Steve Linberg wrote:
 Thanks for the suggestions, everyone. This is a small-scale system that’s 
 mostly for personal use, so unfortunately it doesn’t warrant the expense 
 of a standalone appliance for spam, so I’m pretty much limited to what I 
 can roll up on the box itself. I’ve used SA+qmail in various permutations 
 for about 15 years, and for the most part it’s worked reliably and well, 
 but every once in a while spammers change tactics and figure out a way 
 through and there’s an upsurge for a bit.
 
 I’ll give sa-learn a shot and see if it improves anything.
 
 Cheers,
 
 Steve
 
 -- 
 Steve Linberg, Chief Goblin
 Silicon Goblin Technologies
 http://silicongoblin.com 
 Be kind.  Remember, everyone you meet is fighting a hard battle.
 
>>> 
>>> -- 
>>> Eric Broch, IMSO, DAM, NGOO, DITH, URTS
>>> White Horse Technical Consulting (WHTC)
>>> 406.214.6802
>> 
>> -- 
>> Steve Linberg, Chief Goblin
>> Silicon Goblin Technologies
>> http://silicongoblin.com 
>> Be kind.  Remember, everyone yo

Re: [qmailtoaster] CentOS 7 QMT Install - http://www.qmailtoaster.com/

[Eric Broch]

Yours is the better answer than mine. 1 CPU on Proxmox (FAILED), 
multiple CPU's (OK).


Thanks, Richard!

On 2/6/2017 10:39 AM, Richard Baxant wrote:
I also tested the behavior by changing the number of CPU available to 
the VM.


1 CPU = systemd service:   irqbalance:   [ FAILED  ]

2+ CPU = systemd service: irqbalance:   [ OK  ]

Thanks for verifying this Eric. Problem solved!

On Mon, Feb 6, 2017 at 12:07 PM, Eric Broch > wrote:


Just tested Proxmox (KVM virtualization) and CentOS 7 (KVM
virtualization)

systemd service:   irqbalance:   [ OK  ]

This is why I hadn't seen the irqbalance failure.

Citrix Xen, Virtual Box:

systemd service:   irqbalance:   [ FAILED  ]


On 2/1/2017 6:58 AM, Eric Broch wrote:


Although, I don't think I've ever had it fail on VM's


On 2/1/2017 6:39 AM, Eric Broch wrote:


No


On 2/1/2017 5:51 AM, Richard Baxant wrote:

Working now with the following issue:

systemd service: irqbalance: [ FAILED]

I have read that this happens if running installs on VM. There
won't be a heavy load on this server so do I really need to be
concerned about this failing?

TIA

Richard

On Sun, Jan 29, 2017 at 5:53 PM, Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

I just downloaded from the link. Is this a problem with
your DNS?

What are your DNS servers?

# cat /etc/resolv.conf


On 1/29/2017 3:00 PM, Richard Baxant wrote:

Getting error on Step #2

  2) # curl 
-Ohttps://raw.githubusercontent.com/qmtoaster/scripts/master/qt_prep.sh

% Total % Received % Xferd Average Speed Time Time Time
Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0
0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve
host: raw.githubusercontent.com
; Unknown error
Is this github repo down permenantly?
TIA
Richard


-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS

White Horse Technical Consulting (WHTC)
406.214.6802 

-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS

White Horse Technical Consulting (WHTC)
406.214.6802 
-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS

White Horse Technical Consulting (WHTC)
406.214.6802 
-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS

White Horse Technical Consulting (WHTC)
406.214.6802 


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802

Re: [qmailtoaster] CentOS 7 QMT Install - http://www.qmailtoaster.com/

[Richard Baxant]

I also tested the behavior by changing the number of CPU available to the
VM.

1 CPU =  systemd service:   irqbalance:   [  FAILED  ]

2+ CPU = systemd service:   irqbalance:   [  OK  ]

Thanks for verifying this Eric. Problem solved!


On Mon, Feb 6, 2017 at 12:07 PM, Eric Broch  wrote:

> Just tested Proxmox (KVM virtualization) and CentOS 7 (KVM virtualization)
>
> systemd service:   irqbalance:   [  OK  ]
>
> This is why I hadn't seen the irqbalance failure.
>
> Citrix Xen, Virtual Box:
>
> systemd service:   irqbalance:   [  FAILED  ]
>
> On 2/1/2017 6:58 AM, Eric Broch wrote:
>
> Although, I don't think I've ever had it fail on VM's
>
> On 2/1/2017 6:39 AM, Eric Broch wrote:
>
> No
>
> On 2/1/2017 5:51 AM, Richard Baxant wrote:
>
> Working now with the following issue:
>
> systemd service:   irqbalance:   [  FAILED  ]
>
>
> I have read that this happens if running installs on VM. There won't be a
> heavy load on this server so do I really need to be concerned about this
> failing?
>
> TIA
>
> Richard
>
> On Sun, Jan 29, 2017 at 5:53 PM, Eric Broch 
> wrote:
>
>> I just downloaded from the link. Is this a problem with your DNS?
>>
>> What are your DNS servers?
>>
>> # cat /etc/resolv.conf
>>
>> On 1/29/2017 3:00 PM, Richard Baxant wrote:
>>
>> Getting error on Step #2
>>
>>  2) # curl -O 
>> https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_prep.sh
>>
>>   % Total% Received % Xferd  Average Speed   TimeTime Time  
>> Current
>>  Dload  Upload   Total   SpentLeft  Speed
>>   0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 
>> 0curl: (6) Could not resolve host: raw.githubusercontent.com; Unknown error
>>
>> Is this github repo down permenantly?
>>
>> TIA
>>
>> Richard
>>
>> --
>> Eric Broch, IMSO, DAM, NGOO, DITH, URTS
>> White Horse Technical Consulting (WHTC)406.214.6802 <%28406%29%20214-6802>
>>
>> --
> Eric Broch, IMSO, DAM, NGOO, DITH, URTS
> White Horse Technical Consulting (WHTC)406.214.6802 <(406)%20214-6802>
>
> --
> Eric Broch, IMSO, DAM, NGOO, DITH, URTS
> White Horse Technical Consulting (WHTC)406.214.6802 <(406)%20214-6802>
>
> --
> Eric Broch, IMSO, DAM, NGOO, DITH, URTS
> White Horse Technical Consulting (WHTC)406.214.6802 <(406)%20214-6802>
>
>

Re: [qmailtoaster] CentOS 7 QMT Install - http://www.qmailtoaster.com/

[Eric Broch]

Just tested Proxmox (KVM virtualization) and CentOS 7 (KVM virtualization)

systemd service:   irqbalance:   [ OK  ]

This is why I hadn't seen the irqbalance failure.

Citrix Xen, Virtual Box:

systemd service:   irqbalance:   [ FAILED  ]


On 2/1/2017 6:58 AM, Eric Broch wrote:


Although, I don't think I've ever had it fail on VM's


On 2/1/2017 6:39 AM, Eric Broch wrote:


No


On 2/1/2017 5:51 AM, Richard Baxant wrote:

Working now with the following issue:

systemd service: irqbalance: [ FAILED]

I have read that this happens if running installs on VM. There won't 
be a heavy load on this server so do I really need to be concerned 
about this failing?


TIA

Richard

On Sun, Jan 29, 2017 at 5:53 PM, Eric Broch > wrote:


I just downloaded from the link. Is this a problem with your DNS?

What are your DNS servers?

# cat /etc/resolv.conf


On 1/29/2017 3:00 PM, Richard Baxant wrote:

Getting error on Step #2

  2) # curl 
-Ohttps://raw.githubusercontent.com/qmtoaster/scripts/master/qt_prep.sh

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:--
--:--:-- --:--:-- 0curl: (6) Could not resolve host:
raw.githubusercontent.com ;
Unknown error
Is this github repo down permenantly?
TIA
Richard


-- 
Eric Broch, IMSO, DAM, NGOO, DITH, URTS

White Horse Technical Consulting (WHTC)
406.214.6802 


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802

--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802

--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802