Test Mail

2017-07-17 Thread Vikram Goyal 
test delivery.

kindly ignore.

thanks

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Robert Kudyba 

> On Jul 17, 2017, at 11:01 AM, Tom Hendrikx  wrote:
> 
> On 17-07-17 16:39, Robert Kudyba wrote:
>> 
>>> On Jul 17, 2017, at 10:28 AM, Tom Hendrikx >> > wrote:
>>> 
>>> On 17-07-17 16:00, Robert Kudyba wrote:
 
> On Jul 17, 2017, at 9:39 AM, Antony Stone
>  
> > wrote:
> 
> On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote:
> 
>>> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas
>>> mailto:uh...@fantomas.sk>
>>> >
> wrote:
 Robert Kudyba mailto:rkud...@fordham.edu>
 > wrote:
> Over the past few days sending mail via SquirrelMail has become
> glacial. The load on the server is under 1. I've restarted the SA,
> sendmail and dovecot processes several times. Here are some logs
> I can
> provide any settings if desired.
>>> 
>>> tried to run a message through "spamassassin -D" ?
>>> that should give you debug/timing info.
>> 
>> OK here is the pastebin of spamassassin -D < gtube.txt:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_iZtm2hhy&d=DwIFAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=wV3-oZ_3m8NtSuw_6UTtdU1WptL8Pl1vNOok-EXrcZo&s=802-414zeT59KVCIFVa_uxfSq0XezT7e4OVZibWbIwc&e=
>> 
> 
> 
> Jul 16 09:01:42.796 [29903] dbg: dns: entering helper-app run mode
> Jul 16 09:01:47.806 [29903] dbg: dns: leaving helper-app run mode
> Jul 16 09:01:47.806 [29903] dbg: razor2: razor2 check timed out after 5
> seconds
 
 OK so I ran: /var/spool/amavisd/.razor
 
 ls -l /var/spool/amavisd/.razor
 total 100
 -rw-r- 1 amavis amavis 72420 Dec 22  2014 razor-agent.log
 -rw-r- 1 amavis amavis   998 Jul 17 09:49
 server.c301.cloudmark.com.conf
 -rw-r- 1 amavis amavis   998 Jul 17 09:46
 server.c302.cloudmark.com.conf
 -rw-r- 1 amavis amavis   995 Dec 20  2014
 server.c303.cloudmark.com.conf
 -rw-r- 1 amavis amavis57 Jul 17 09:49 servers.catalogue.lst
 -rw-r- 1 amavis amavis30 May 23  2013 servers.discovery.lst
 -rw-r- 1 amavis amavis76 Jul 17 09:49 servers.nomination.lst
 
 New pastebin:
 https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_9RWEYuSt&d=DwIC-g&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=QspHQBi1X_n1ZQylsERsyborPsWRSy3cHQlXJ8FUf7c&s=DZ63JGDSr9nTI6HaajZtLRvUf0ao4tBA4dKtq_77Xlg&e=
 
 
 Still taking 15 seconds.
 
 Jul 17 09:55:28 storm spamd[28111]: spamd: clean message (-103.4/5.0)
 for spamd:1001 in 15.0 seconds, 1843 bytes.
 Jul 17 09:55:28 storm spamd[28111]: spamd: result: . -103 -
 ALL_TRUSTED,BAYES_00,FROM_IS_TO,USER_IN_WHITELIST
 scantime=15.0,size=1843,user=spamd,uid=1001,required_score=5.0,rhost=localhost,raddr=::1,rport=53074,mid=<32889a456ed9c9911ff0034513796858.squirrel@ourdomain>,bayes=0.00,autolearn=no
 autolearn_force=no
 Jul 17 09:55:28 storm spamd[28041]: prefork: child states: II
 
>>> 
>>> The error is still the same. Do you even have access to those cloudmark
>>> razor servers? Does razor work outside of spamassassin/amavisd?
>> 
>> Is that supposed to be a paid service? This test seems successful. 
>> 
>> razor-check -d <   /usr/share/doc/spamassassin/sample-spam.txt
>> Razor-Log: Computed razorhome from env: /root/.razor
>> Razor-Log: Found razorhome: /root/.razor
>> Razor-Log: read_file: 15 items read from /root/.razor/razor-agent.conf
> 
> Note that the paths are different when you run this as root. Does it
> also work when you run it as user amavisd? And don't bother posting the
> full log unless you're unsure about the actual outcome. You can read
> them yourself.

Sorry about that now I ran the spamassassin -D along with the snip from the 
mail logs to compare. Well over 15 seconds still. The pastebin link is 
https://pastebin.com/QErFZZfa still seeing dbg: razor2: razor2 check timed out 
after 5 seconds. This time I made sure to get the permissions for razor and 
path correct:
ls -l /home/spamd/.razor/
total 101440
lrwxrwxrwx 1 spamd spamd19 Jul 17 16:29 identity -> identity-ruB7GdYfW1
-rw--- 1 spamd spamd90 Jul 17 16:29 identity-ruB7GdYfW1
-rw-rw-r-- 1 spamd spamd   706 Jul 17 16:29 razor-agent.conf
-rw-r--r-- 1 spamd spamd 103770988 Jul 17 16:48 razor-agent.log
-rw-r--r-- 1 spamd spamd   998 Jul 17 16:34 server.c301.cloudmark.com.conf
-rw-r--r-- 1 spamd spamd   998 Jul 17 16:29 server.c302.cloudmark.com.conf
-rw-r--r-- 1 spamd spamd   998 Jul 17 16:29 server.c303.cloudmark.com.conf
-rw-rw-r-- 1 spamd spamd   899 Jul 17 16:29 server.n004.cloudmark.com.conf
-rw-r--r-- 1 spamd spamd57 Jul 17 16:30 servers.catal

Re: "bout u" campaign

2017-07-17 Thread Kevin Golding 

On Mon, 17 Jul 2017 18:38:24 +0100, David Jones  wrote:

It would be nice if there was a local tool that could be part of the SA  
project that would extend the masscheck processing and help build  
content and meta rules.


As John's already mentioned, there is a surprising array of tools already  
included:


https://svn.apache.org/repos/asf/spamassassin/trunk/masses/rule-dev/

It's less amount creating and more about refining.

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread RW 
On Mon, 17 Jul 2017 11:33:42 -0400
Robert Kudyba wrote:


> > try running 
> > 
> >  spamassassin -D razor2
> > <  /usr/share/doc/spamassassin/sample-spam.txt
> > 
> > as the user amavis.  
> 
> su - -s /bin/bash amavis -c "spamassassin -D razor2
> <  /usr/share/doc/spamassassin/sample-spam.txt" 
...
> Jul 17 11:32:20.042829 check[7631]: [ 5] Connecting to
> discovery.razor.cloudmark.com ... Jul 17 11:32:25.050 [7631] dbg:
> razor2: razor2 check timed out after 5 seconds

I tried playing around with this and I did get a couple timeouts on
this server, but it's rarely attempted it on checks, I think it's
governed by a timer.

You don't have a razor-agent.conf file in the .razor directory which
is a bit strange since it gets created by default. If you haven't
already tried this I'd move the existing .razor directory, and recreate
it by running  

 razor-admin -create 

as the amavis user.

Re: "bout u" campaign

2017-07-17 Thread David Jones 

On 07/17/2017 12:03 PM, Jesse Norell wrote:

This description:

On Thu, 2017-07-13 at 15:07 +0100, Martin Gregorie wrote:

I'm continuing to get good results from a multi-level approach:

I use two or more subrules with low scores (0.01 or so) that are
combined by an AND relation in a meta-rule that triggers a suitably
spammy score when all subrules get hits.

The subrules are typically automatically assembled lists of words or
phrases - automatically assembled because that makes maintenance
vastly
easier. The list contents are typically words and phrases found in
spam, e.g. one list might be selling phrases such as "get you rocks
off
with" that are unlikely to appear in personal or legit commercial mail
and another might be names or slang terms for less common
pharmaceuticals.



and what David Jones has been describing in this thread of identifying
specific combinations of rules (his based on reputation vs. content)
both remind me of the description of Marc Perkel's "evolution filter",
which from memory identified sets of rules which are very indicative of
ham/spam.   Both David and Martin are reporting good success, as did
Marc - maybe worth looking into implementing in spamassassin?

Does masscheck automate meta rule creation? (ie. not just generate
scores)  Not the full "evolution filter" idea which would have to run on
the endpoint, but that would benefit everyone via rule updates.




I have been working on rebuilding the SA project's server the past four 
months.  The first priority was getting the spamassassin.org hidden DNS 
master active again.  This was pretty easy.  The second priority was the 
masscheck processing which turned out to be pretty time intensive and 
still could have an open issue so SA updates are currently on hold.


From what I can tell, the masscheck is only meant to dynamically update 
the rule scores in 72_scores.cf (manual scores are in 50_scores.cf) and 
help validate new rules added by the SA developers.  I doesn't create 
new rules.  It's not able to create new rules based on content since the 
masscheck processing is run locally by easy user.  The email content is 
not uploaded to the SA server.  Only a special log file showing all of 
the rule hits each message hit for ham and spam is sent to the SA server.


It would be nice if there was a local tool that could be part of the SA 
project that would extend the masscheck processing and help build 
content and meta rules.  This would create more interest in masschecking 
and get more people involved.  (I use my masscheck ham/spam to also 
train my Bayes DB or else it may not have been helpful enough for me to 
set it up and understand the value of it.)  I suspect the advanced users 
of SA like Kevin's KAM.cf rules and a few others on this list have 
something like this they are using to build custom rules in an automated 
way.  Thankfully Kevin publishes his KAM.cf and allows public downloading.


I know that Kevin has a desire to be able to speed up rule development 
and SA updates (could take up to ~40 hours today if it weren't currently 
on hold) to react faster to new spam but it will never be fast enough to 
react to zero-hour spam like other technologies.  The best thing you can 
do is selective greylisting, rate limiting, DCC, Razor, Pyzor, and hope 
the RBLs catch up quickly.  I also have a local ruleset that I add 
zero-hour spam to shortcircuit as spam based on content which does a 
pretty good job at most new spam and phishing but some still get through 
now and then from compromised accounts.


--
David Jones

Re: "bout u" campaign

2017-07-17 Thread John Hardin 

On Mon, 17 Jul 2017, Jesse Norell wrote:


Does masscheck automate meta rule creation? (ie. not just generate
scores)  Not the full "evolution filter" idea which would have to run on
the endpoint, but that would benefit everyone via rule updates.


No, it does not.

There were a couple of rule generation experiments (the Sought and 
Sought-Fraud rulesets) but they fell by the wayside. The code is there if 
someone would like to start generating rulesets, and some of the corpus 
contributors might be willing to provide classified corpora (I still have 
a separate maintained 419 spams folder even though sought-fraud went 
dark).



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Back in 1969 the technology to fake a Moon landing didn't exist,
  but the technology to actually land there did.
  Today, it is the opposite.   -- unknown
---
 3 days until the 48th anniversary of Apollo 11 landing on the Moon

Re: "bout u" campaign

2017-07-17 Thread Jesse Norell 
This description:

On Thu, 2017-07-13 at 15:07 +0100, Martin Gregorie wrote:
> I'm continuing to get good results from a multi-level approach:
> 
> I use two or more subrules with low scores (0.01 or so) that are
> combined by an AND relation in a meta-rule that triggers a suitably
> spammy score when all subrules get hits. 
> 
> The subrules are typically automatically assembled lists of words or
> phrases - automatically assembled because that makes maintenance
> vastly
> easier. The list contents are typically words and phrases found in
> spam, e.g. one list might be selling phrases such as "get you rocks
> off
> with" that are unlikely to appear in personal or legit commercial mail
> and another might be names or slang terms for less common
> pharmaceuticals. 


and what David Jones has been describing in this thread of identifying
specific combinations of rules (his based on reputation vs. content)
both remind me of the description of Marc Perkel's "evolution filter",
which from memory identified sets of rules which are very indicative of
ham/spam.   Both David and Martin are reporting good success, as did
Marc - maybe worth looking into implementing in spamassassin?

Does masscheck automate meta rule creation? (ie. not just generate
scores)  Not the full "evolution filter" idea which would have to run on
the endpoint, but that would benefit everyone via rule updates.


-- 
Jesse Norell
Kentec Communications, Inc.
970-522-8107  -  www.kci.net

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Tom Hendrikx 
On 17-07-17 16:39, Robert Kudyba wrote:
> 
>> On Jul 17, 2017, at 10:28 AM, Tom Hendrikx > > wrote:
>>
>> On 17-07-17 16:00, Robert Kudyba wrote:
>>>
 On Jul 17, 2017, at 9:39 AM, Antony Stone
 >>> 
 > wrote:

 On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote:

>> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas
>> mailto:uh...@fantomas.sk>
>> >
 wrote:
>>> Robert Kudyba mailto:rkud...@fordham.edu>
>>> > wrote:
 Over the past few days sending mail via SquirrelMail has become
 glacial. The load on the server is under 1. I've restarted the SA,
 sendmail and dovecot processes several times. Here are some logs
 I can
 provide any settings if desired.
>>
>> tried to run a message through "spamassassin -D" ?
>> that should give you debug/timing info.
>
> OK here is the pastebin of spamassassin -D < gtube.txt:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_iZtm2hhy&d=DwIFAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=wV3-oZ_3m8NtSuw_6UTtdU1WptL8Pl1vNOok-EXrcZo&s=802-414zeT59KVCIFVa_uxfSq0XezT7e4OVZibWbIwc&e=
>


 Jul 16 09:01:42.796 [29903] dbg: dns: entering helper-app run mode
 Jul 16 09:01:47.806 [29903] dbg: dns: leaving helper-app run mode
 Jul 16 09:01:47.806 [29903] dbg: razor2: razor2 check timed out after 5
 seconds
>>>
>>> OK so I ran: /var/spool/amavisd/.razor
>>>
>>> ls -l /var/spool/amavisd/.razor
>>> total 100
>>> -rw-r- 1 amavis amavis 72420 Dec 22  2014 razor-agent.log
>>> -rw-r- 1 amavis amavis   998 Jul 17 09:49
>>> server.c301.cloudmark.com.conf
>>> -rw-r- 1 amavis amavis   998 Jul 17 09:46
>>> server.c302.cloudmark.com.conf
>>> -rw-r- 1 amavis amavis   995 Dec 20  2014
>>> server.c303.cloudmark.com.conf
>>> -rw-r- 1 amavis amavis57 Jul 17 09:49 servers.catalogue.lst
>>> -rw-r- 1 amavis amavis30 May 23  2013 servers.discovery.lst
>>> -rw-r- 1 amavis amavis76 Jul 17 09:49 servers.nomination.lst
>>>
>>> New pastebin:
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_9RWEYuSt&d=DwIC-g&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=QspHQBi1X_n1ZQylsERsyborPsWRSy3cHQlXJ8FUf7c&s=DZ63JGDSr9nTI6HaajZtLRvUf0ao4tBA4dKtq_77Xlg&e=
>>>
>>>
>>> Still taking 15 seconds.
>>>
>>> Jul 17 09:55:28 storm spamd[28111]: spamd: clean message (-103.4/5.0)
>>> for spamd:1001 in 15.0 seconds, 1843 bytes.
>>> Jul 17 09:55:28 storm spamd[28111]: spamd: result: . -103 -
>>> ALL_TRUSTED,BAYES_00,FROM_IS_TO,USER_IN_WHITELIST
>>> scantime=15.0,size=1843,user=spamd,uid=1001,required_score=5.0,rhost=localhost,raddr=::1,rport=53074,mid=<32889a456ed9c9911ff0034513796858.squirrel@ourdomain>,bayes=0.00,autolearn=no
>>> autolearn_force=no
>>> Jul 17 09:55:28 storm spamd[28041]: prefork: child states: II
>>>
>>
>> The error is still the same. Do you even have access to those cloudmark
>> razor servers? Does razor work outside of spamassassin/amavisd?
> 
> Is that supposed to be a paid service? This test seems successful. 
> 
> razor-check -d <   /usr/share/doc/spamassassin/sample-spam.txt
>  Razor-Log: Computed razorhome from env: /root/.razor
>  Razor-Log: Found razorhome: /root/.razor
>  Razor-Log: read_file: 15 items read from /root/.razor/razor-agent.conf

Note that the paths are different when you run this as root. Does it
also work when you run it as user amavisd? And don't bother posting the
full log unless you're unsure about the actual outcome. You can read
them yourself.

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread RW 
On Mon, 17 Jul 2017 10:39:39 -0400
Robert Kudyba wrote:

> > On Jul 17, 2017, at 10:28 AM, Tom Hendrikx 
> > wrote:

> > The error is still the same. Do you even have access to those
> > cloudmark razor servers? Does razor work outside of
> > spamassassin/amavisd?  
> 
> Is that supposed to be a paid service? This test seems successful. 
> 
> razor-check -d <   /usr/share/doc/spamassassin/sample-spam.txt

try running 

  spamassassin -D razor2 <  /usr/share/doc/spamassassin/sample-spam.txt

as the user amavis.

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Robert Kudyba 

> On Jul 17, 2017, at 10:28 AM, Tom Hendrikx  wrote:
> 
> On 17-07-17 16:00, Robert Kudyba wrote:
>> 
>>> On Jul 17, 2017, at 9:39 AM, Antony Stone
>>> >> > wrote:
>>> 
>>> On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote:
>>> 
> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas
> mailto:uh...@fantomas.sk>>
>>> wrote:
>> Robert Kudyba mailto:rkud...@fordham.edu>> wrote:
>>> Over the past few days sending mail via SquirrelMail has become
>>> glacial. The load on the server is under 1. I've restarted the SA,
>>> sendmail and dovecot processes several times. Here are some logs I can
>>> provide any settings if desired.
> 
> tried to run a message through "spamassassin -D" ?
> that should give you debug/timing info.
 
 OK here is the pastebin of spamassassin -D < gtube.txt:
 https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_iZtm2hhy&d=DwIFAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=wV3-oZ_3m8NtSuw_6UTtdU1WptL8Pl1vNOok-EXrcZo&s=802-414zeT59KVCIFVa_uxfSq0XezT7e4OVZibWbIwc&e=
 
>>> 
>>> 
>>> Jul 16 09:01:42.796 [29903] dbg: dns: entering helper-app run mode
>>> Jul 16 09:01:47.806 [29903] dbg: dns: leaving helper-app run mode
>>> Jul 16 09:01:47.806 [29903] dbg: razor2: razor2 check timed out after 5
>>> seconds
>> 
>> OK so I ran: /var/spool/amavisd/.razor
>> 
>> ls -l /var/spool/amavisd/.razor
>> total 100
>> -rw-r- 1 amavis amavis 72420 Dec 22  2014 razor-agent.log
>> -rw-r- 1 amavis amavis   998 Jul 17 09:49 server.c301.cloudmark.com.conf
>> -rw-r- 1 amavis amavis   998 Jul 17 09:46 server.c302.cloudmark.com.conf
>> -rw-r- 1 amavis amavis   995 Dec 20  2014 server.c303.cloudmark.com.conf
>> -rw-r- 1 amavis amavis57 Jul 17 09:49 servers.catalogue.lst
>> -rw-r- 1 amavis amavis30 May 23  2013 servers.discovery.lst
>> -rw-r- 1 amavis amavis76 Jul 17 09:49 servers.nomination.lst
>> 
>> New pastebin: 
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_9RWEYuSt&d=DwIC-g&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=QspHQBi1X_n1ZQylsERsyborPsWRSy3cHQlXJ8FUf7c&s=DZ63JGDSr9nTI6HaajZtLRvUf0ao4tBA4dKtq_77Xlg&e=
>>  
>> 
>> Still taking 15 seconds.
>> 
>> Jul 17 09:55:28 storm spamd[28111]: spamd: clean message (-103.4/5.0)
>> for spamd:1001 in 15.0 seconds, 1843 bytes.
>> Jul 17 09:55:28 storm spamd[28111]: spamd: result: . -103 -
>> ALL_TRUSTED,BAYES_00,FROM_IS_TO,USER_IN_WHITELIST
>> scantime=15.0,size=1843,user=spamd,uid=1001,required_score=5.0,rhost=localhost,raddr=::1,rport=53074,mid=<32889a456ed9c9911ff0034513796858.squirrel@ourdomain>,bayes=0.00,autolearn=no
>> autolearn_force=no
>> Jul 17 09:55:28 storm spamd[28041]: prefork: child states: II
>> 
> 
> The error is still the same. Do you even have access to those cloudmark
> razor servers? Does razor work outside of spamassassin/amavisd?

Is that supposed to be a paid service? This test seems successful. 

razor-check -d <   /usr/share/doc/spamassassin/sample-spam.txt
 Razor-Log: Computed razorhome from env: /root/.razor
 Razor-Log: Found razorhome: /root/.razor
 Razor-Log: read_file: 15 items read from /root/.razor/razor-agent.conf
Jul 17 10:38:14.467263 check[20932]: [ 2] [bootup] Logging initiated 
LogDebugLevel=9 to stdout
Jul 17 10:38:14.467525 check[20932]: [ 5] computed razorhome=/root/.razor, 
conf=/root/.razor/razor-agent.conf, ident=/root/.razor/identity
Jul 17 10:38:14.467584 check[20932]: [ 2]  Razor-Agents v2.84 starting 
razor-check -d
Jul 17 10:38:14.467707 check[20932]: [ 8] reading straight RFC822 mail from 

Jul 17 10:38:14.467809 check[20932]: [ 6] read 1 mail
Jul 17 10:38:14.467905 check[20932]: [ 8] Client supported_engines: 4 8
Jul 17 10:38:14.468110 check[20932]: [ 8]  prep_mail done: mail 1 headers=293, 
mime0=616
Jul 17 10:38:14.468241 check[20932]: [ 6] skipping whitelist file (empty?): 
/root/.razor/razor-whitelist
Jul 17 10:38:14.468383 check[20932]: [ 5] read_file: 1 items read from 
/root/.razor/servers.discovery.lst
Jul 17 10:38:14.468528 check[20932]: [ 5] read_file: 0 items read from 
/root/.razor/servers.nomination.lst
Jul 17 10:38:14.468671 check[20932]: [ 5] read_file: 3 items read from 
/root/.razor/servers.catalogue.lst
Jul 17 10:38:14.468862 check[20932]: [ 9] Assigning defaults to 
c303.cloudmark.com
Jul 17 10:38:14.468957 check[20932]: [ 9] Assigning defaults to 
c301.cloudmark.com
Jul 17 10:38:14.469043 check[20932]: [ 9] Assigning defaults to 
c302.cloudmark.com
Jul 17 10:38:14.469567 check[20932]: [ 5] read_file: 32 items read from 
/root/.razor/server.c303.cloudmark.com.conf
Jul 17 10:38:14.469944 check[20932]: [ 5] read_file: 32 items read from 
/root/.razor/server.c303.cloudmark.com.conf
Jul 17 10:38:14.470333 check[20932]: [ 5] read_file: 32 items read from 
/root/.razor/server.c302.cloudmark.com.conf
Jul 17 10:38:14.470710 chec

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Tom Hendrikx 
On 17-07-17 16:00, Robert Kudyba wrote:
> 
>> On Jul 17, 2017, at 9:39 AM, Antony Stone
>> > > wrote:
>>
>> On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote:
>>
 On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas
 mailto:uh...@fantomas.sk>>
>> wrote:
> Robert Kudyba mailto:rkud...@fordham.edu>> wrote:
>> Over the past few days sending mail via SquirrelMail has become
>> glacial. The load on the server is under 1. I've restarted the SA,
>> sendmail and dovecot processes several times. Here are some logs I can
>> provide any settings if desired.

 tried to run a message through "spamassassin -D" ?
 that should give you debug/timing info.
>>>
>>> OK here is the pastebin of spamassassin -D < gtube.txt:
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_iZtm2hhy&d=DwIFAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=wV3-oZ_3m8NtSuw_6UTtdU1WptL8Pl1vNOok-EXrcZo&s=802-414zeT59KVCIFVa_uxfSq0XezT7e4OVZibWbIwc&e=
>>>
>>
>>
>> Jul 16 09:01:42.796 [29903] dbg: dns: entering helper-app run mode
>> Jul 16 09:01:47.806 [29903] dbg: dns: leaving helper-app run mode
>> Jul 16 09:01:47.806 [29903] dbg: razor2: razor2 check timed out after 5
>> seconds
> 
> OK so I ran: /var/spool/amavisd/.razor
> 
> ls -l /var/spool/amavisd/.razor
> total 100
> -rw-r- 1 amavis amavis 72420 Dec 22  2014 razor-agent.log
> -rw-r- 1 amavis amavis   998 Jul 17 09:49 server.c301.cloudmark.com.conf
> -rw-r- 1 amavis amavis   998 Jul 17 09:46 server.c302.cloudmark.com.conf
> -rw-r- 1 amavis amavis   995 Dec 20  2014 server.c303.cloudmark.com.conf
> -rw-r- 1 amavis amavis57 Jul 17 09:49 servers.catalogue.lst
> -rw-r- 1 amavis amavis30 May 23  2013 servers.discovery.lst
> -rw-r- 1 amavis amavis76 Jul 17 09:49 servers.nomination.lst
> 
> New pastebin: https://pastebin.com/9RWEYuSt
> 
> Still taking 15 seconds.
> 
> Jul 17 09:55:28 storm spamd[28111]: spamd: clean message (-103.4/5.0)
> for spamd:1001 in 15.0 seconds, 1843 bytes.
> Jul 17 09:55:28 storm spamd[28111]: spamd: result: . -103 -
> ALL_TRUSTED,BAYES_00,FROM_IS_TO,USER_IN_WHITELIST
> scantime=15.0,size=1843,user=spamd,uid=1001,required_score=5.0,rhost=localhost,raddr=::1,rport=53074,mid=<32889a456ed9c9911ff0034513796858.squirrel@ourdomain>,bayes=0.00,autolearn=no
> autolearn_force=no
> Jul 17 09:55:28 storm spamd[28041]: prefork: child states: II
> 

The error is still the same. Do you even have access to those cloudmark
razor servers? Does razor work outside of spamassassin/amavisd?

Tom

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Robert Kudyba 

> On Jul 17, 2017, at 9:39 AM, Antony Stone 
>  wrote:
> 
> On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote:
> 
>>> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas  
> wrote:
 Robert Kudyba  wrote:
> Over the past few days sending mail via SquirrelMail has become
> glacial. The load on the server is under 1. I've restarted the SA,
> sendmail and dovecot processes several times. Here are some logs I can
> provide any settings if desired.
>>> 
>>> tried to run a message through "spamassassin -D" ?
>>> that should give you debug/timing info.
>> 
>> OK here is the pastebin of spamassassin -D < gtube.txt:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__pastebin.com_iZtm2hhy&d=DwIFAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=wV3-oZ_3m8NtSuw_6UTtdU1WptL8Pl1vNOok-EXrcZo&s=802-414zeT59KVCIFVa_uxfSq0XezT7e4OVZibWbIwc&e=
>>  
> 
> 
> Jul 16 09:01:42.796 [29903] dbg: dns: entering helper-app run mode
> Jul 16 09:01:47.806 [29903] dbg: dns: leaving helper-app run mode
> Jul 16 09:01:47.806 [29903] dbg: razor2: razor2 check timed out after 5 
> seconds

OK so I ran: /var/spool/amavisd/.razor

ls -l /var/spool/amavisd/.razor
total 100
-rw-r- 1 amavis amavis 72420 Dec 22  2014 razor-agent.log
-rw-r- 1 amavis amavis   998 Jul 17 09:49 server.c301.cloudmark.com.conf
-rw-r- 1 amavis amavis   998 Jul 17 09:46 server.c302.cloudmark.com.conf
-rw-r- 1 amavis amavis   995 Dec 20  2014 server.c303.cloudmark.com.conf
-rw-r- 1 amavis amavis57 Jul 17 09:49 servers.catalogue.lst
-rw-r- 1 amavis amavis30 May 23  2013 servers.discovery.lst
-rw-r- 1 amavis amavis76 Jul 17 09:49 servers.nomination.lst

New pastebin: https://pastebin.com/9RWEYuSt 

Still taking 15 seconds.

Jul 17 09:55:28 storm spamd[28111]: spamd: clean message (-103.4/5.0) for 
spamd:1001 in 15.0 seconds, 1843 bytes.
Jul 17 09:55:28 storm spamd[28111]: spamd: result: . -103 - 
ALL_TRUSTED,BAYES_00,FROM_IS_TO,USER_IN_WHITELIST 
scantime=15.0,size=1843,user=spamd,uid=1001,required_score=5.0,rhost=localhost,raddr=::1,rport=53074,mid=<32889a456ed9c9911ff0034513796858.squirrel@ourdomain>,bayes=0.00,autolearn=no
 autolearn_force=no
Jul 17 09:55:28 storm spamd[28041]: prefork: child states: II

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Antony Stone 
On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote:

> > On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas  
wrote:
> >> Robert Kudyba  wrote:
> >>> Over the past few days sending mail via SquirrelMail has become
> >>> glacial. The load on the server is under 1. I've restarted the SA,
> >>> sendmail and dovecot processes several times. Here are some logs I can
> >>> provide any settings if desired.
> > 
> > tried to run a message through "spamassassin -D" ?
> > that should give you debug/timing info.
> 
> OK here is the pastebin of spamassassin -D < gtube.txt:
> https://pastebin.com/iZtm2hhy


Jul 16 09:01:42.796 [29903] dbg: dns: entering helper-app run mode
Jul 16 09:01:47.806 [29903] dbg: dns: leaving helper-app run mode
Jul 16 09:01:47.806 [29903] dbg: razor2: razor2 check timed out after 5 
seconds


Antony.

-- 
René Descartes walks in to a bar.
The barman asks him "Do you want a drink?"
Descartes says "I think not," and disappears.

   Please reply to the list;
 please *don't* CC me.

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

2017-07-17 Thread Robert Kudyba 

> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas  wrote:
> 
>> Robert Kudyba  wrote:
>>> Over the past few days sending mail via SquirrelMail has become glacial. 
>>> The load on the server is under 1. I've restarted the SA, sendmail and 
>>> dovecot processes several times. Here are
>>> some logs I can provide any settings if desired.
> 
> tried to run a message through "spamassassin -D" ?
> that should give you debug/timing info.

OK here is the pastebin of spamassassin -D < gtube.txt: 
https://pastebin.com/iZtm2hhy