Ah, to follow up, before anyone asks: We are not using any network tests. Here's a list of the rules we're using:
black-white-list.cf <--- 282 hand-entered black and whitelist entries for our internal users 999_customer_whitelist.cf <--- 2159 whitelist entries, from our heaviest external correspondents 0bfu1.cf 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_genlsubj0.cf 70_sare_genlsubj1.cf 70_sare_genlsubj2.cf 70_sare_genlsubj3.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_spoof.cf 71_sare_redirect_pre3.0.0.cf 72_sare_bml_post25x.cf 88_FVGT_Bayes_Poison.cf 88_FVGT_body.cf 88_FVGT_headers.cf 88_FVGT_rawbody.cf 88_FVGT_subject.cf 88_FVGT_uri.cf 99_FVGT_DomainDigits.cf 99_FVGT_Tripwire.cf 99_FVGT_meta.cf 99_OBFU_drugs.cf 99_sare_fraud_post25x.cf antidrug.cf backhair.cf backup bigevil.cf chickenpox.cf coding_html.cf custom.cf detoken.cf evilnumbers.cf header_abuse.cf local.cf mr_wiggly.cf randomcurrent.cf ratware.cf useless.cf weeds2.cf | | |SpamAssassin 2.60, running on FreeBSD 4.8 with Postfix 2.0.6. | |Today as usual, I parsed yesterday's logs, and noticed 74 entries in my |/var/log/maillog.0.gz of the following form: | | May 18 21:16:49 zetmail2 postfix/pipe[79001]: B284D56FAE: |to=<[EMAIL PROTECTED]>, relay=filter, delay=3259, status=bounced |(Command time |limit exceeded: "/usr/local/anomy/filter.sh") | |They started at around 15:00, and went until the last one, which is the |entry above. I've seen nothing in today's logs about any bounces. | |The number of messages coming through the system was not |terribly different |from previous days, nor from today, and our load isn't what many people |would consider very large, with fewer than 4000 messages |coming in - our box |only does inbound mail. The box is a 600Mhz Celeron, with 512 |meg of RAM and |an IDE drive of sufficient size. | |Any thoughts on how to troubleshoot something like this? | |Kurt Buff |Sr. Network Administrator |Zetron, Inc. | | | |
