Ok,
I hope this is just some dumb simple thing, but I've noticed a horrible
slowdown with my mail server (Debian + qmail + QS + clamav + SA). I first
thought it was QS, then Clam, but it's actually SA. Messages are taking
anywhere from 50 to 300 seconds to scan on a Dual PIV 2.4 Xeon on a
not-too-heavy mail load (thank god).
Anyway, after digging down, QS reported that it took 50 seconds to scan a mail,
but watching the SA log in Debug mode said that the message took only 3-4
seconds to scan. So I took QS out of the picture and ran spamc from the
command line on the sample email in the distribution. Sure enough - spamd
scans in a few seconds, but spamc sits there waiting for something. No debug
option on spamc so I don't know what's happening.
Here are some specifics:
spamd running with:
spamd -d -D -q -x -L -u spamd
bayes, autowhitelist, etc turned off in config files.
logged in as a "normal" user:
date ; spamc -f -u "[EMAIL PROTECTED]" < sample-spam.txt ; date
When I run this I immediately see these results in my mail log:
Jun 17 12:11:02 fastconcepts spamd[7520]: logmsg: connection from localhost
[127.0.0.1] at port 52574
Jun 17 12:11:02 fastconcepts spamd[7520]: connection from localhost [127.0.0.1]
at port 52574
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: retrieving prefs for [EMAIL
PROTECTED] from SQL server
Jun 17 12:11:02 fastconcepts spamd[9785]: logmsg: processing message <[EMAIL
PROTECTED]> for [EMAIL PROTECTED]:1002.
Jun 17 12:11:02 fastconcepts spamd[9785]: processing message <[EMAIL
PROTECTED]> for [EMAIL PROTECTED]:1002.
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: running header regexp tests;
score so far=0
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: running body-text per-line
regexp tests; score so far=1.391
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: running raw-body-text per-line
regexp tests; score so far=1.391
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: running uri tests; score so
far=1.391
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: uri tests: Done uriRE
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: running full-text regexp
tests; score so far=1.391
Jun 17 12:11:02 fastconcepts spamd[9785]: debug: all '*From' addrs: [EMAIL
PROTECTED]
Jun 17 12:11:03 fastconcepts spamd[7520]: logmsg: connection from localhost
[127.0.0.1] at port 52576
Jun 17 12:11:03 fastconcepts spamd[7520]: connection from localhost [127.0.0.1]
at port 52576
Jun 17 12:11:03 fastconcepts spamd[9785]: debug: all '*To' addrs: [EMAIL
PROTECTED]
Jun 17 12:11:03 fastconcepts spamd[9797]: debug: retrieving prefs for [EMAIL
PROTECTED] from SQL server
Jun 17 12:11:03 fastconcepts spamd[9797]: logmsg: processing message <[EMAIL
PROTECTED]> for [EMAIL PROTECTED]:1002.
Jun 17 12:11:03 fastconcepts spamd[9797]: processing message <[EMAIL
PROTECTED]> for [EMAIL PROTECTED]:1002.
Jun 17 12:11:03 fastconcepts spamd[9797]: debug: received-header: parsed as [
ip=64.70.43.66 rdns=mx8.fyi-consumer.com helo=mx8.fyi-consumer.com
by=netbits.us ident= ]
Jun 17 12:11:03 fastconcepts spamd[9797]: debug: is DNS available? 0
Jun 17 12:11:03 fastconcepts spamd[9797]: debug: received-header: cannot use
DNS, do not trust any hosts from here on
Jun 17 12:11:03 fastconcepts spamd[9797]: debug: received-header: relay
64.70.43.66 trusted? no
Jun 17 12:11:04 fastconcepts spamd[9785]: debug: running meta tests; score so
far=1.391
Jun 17 12:11:04 fastconcepts spamd[9785]: debug: is spam? score=1002.491
required=5 tests=FVGT_m_MULTI_ODD2,GTUBE,L_T_COMBINED
Jun 17 12:11:04 fastconcepts spamd[9785]: logmsg: identified spam (1002.5/5.0)
for [EMAIL PROTECTED]:1002 in 2.0 seconds, 799 bytes.
Jun 17 12:11:04 fastconcepts spamd[9785]: identified spam (1002.5/5.0) for
[EMAIL PROTECTED]:1002 in 2.0 seconds, 799 bytes.
But the results of the spamc command take well over a minute:
/usr/local/source/mail/spam/Mail-SpamAssassin-2.63> date ; spamc -f -u "[EMAIL
PROTECTED]" < sample-spam.txt ; date
Thu Jun 17 12:11:02 CDT 2004
Subject: Test spam mail (GTUBE)
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <[EMAIL PROTECTED]>
To: Recipient <[EMAIL PROTECTED]>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
Thu Jun 17 12:21:05 CDT 2004
WFT? 10 MINUTES?!? Running local tests with no bayes/awl?
Any thoughts? Should I connect on a domain socket instead of using a TCP/IP
port? (spamc and spamd will always be local so probably yes) or is it something
else hosed?
Josh
