On a log level 4 I have after restart qmail-smtpd:
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: querying
230.185.105.81.in-addr.arpa with DNS server 87.249.7.170:53 (attempt 1)
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: received DNS packet:
251 bytes
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: received DNS
response: PTR
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: found
PTR record for 230.185.105.81.in-addr.arpa: cpc1-pete5-0-0-cus
t485.pete.cable.ntl.com
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: searching for domain
directory entry:
/var/qmail/control/gr/blacklist_rdns.d/com/n/ntl/cable/cpc1-pete5-0-0-cust485.pete.cable.ntl.com
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: searching for domain
directory entry:
/var/qmail/control/gr/blacklist_rdns.d/com/n/ntl/cable/pete.cable.ntl.com
Jan 26 14:05:16 localhost spamdyke[18241]: INFO: searching for domain
directory entry:
/var/qmail/control/gr/blacklist_rdns.d/com/n/ntl/cable.ntl.com
Jan 26 14:05:16 localhost spamdyke [18244]: INFO: querying
252.67.239.88.in-addr.arpa with DNS server
87.249.7.170:53 (attempt 1)
Jan 26 14:05:16 localhost spamdyke[18244]:
INFO: received DNS packet: 99 bytes
Jan 26 14:05:16 localhost spamdyke [18244]: INFO: received DNS
packet: 99 bytes
Jan 26 14:05:16 localhost spamdyke[18244]: INFO:
found no records for 252.67.239.88.in-addr.arpa
Jan 26 14:05:18 localhost spamdyke[18241]: DENIED_BLACKLIST_NAME from:
[EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip:
81.105.185.230 origin_rdns: cpc1-pete5-0-0-cust485.pete.cable.ntl.com
auth: (unknown)
Jan 26 14:05:19 localhost spamdyke[18243]: INFO:
querying 162.31.186.82.in-addr.arpa with DNS server 87.249.7.170:53
(attempt 1)
Jan 26 14:05:19 localhost spamdyke[18243]: INFO: received
DNS packet: 180 bytes
Jan 26 14:05:19 localhost spamdyke[18243]: INFO:
received DNS response: PTR
Jan 26 14:05:19 localhost spamdyke[18243]:INFO:
found PTR record for 162.31.186.82.in-addr.arpa:
host162-31-static.1 86-82-b.business.telecomitalia.it
Jan 26 14:05:20 localhost spamdyke[18243]: DENIED_IP_IN_CC_RDNS from:
[EMAIL PROTECTED] to: [EMAIL PROTECTED] or igin_ip: 82.186.31.162
origin_rdns: host162-31-static.186-82-b.business.telecomitalia.it auth:
(unknown)
Jan 26 14:05:22 localhost vpopmail[18248]: vchkpw-imaps:
(PLAIN) login success [EMAIL PROTECTED]:82.200.9.150
Jan 26 14:05:23 localhost spamdyke[18244]: DENIED_RDNS_MISSING from:
[EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip:
88.239.67.252 origin_rdns: (unknown) auth: (unknown)
I don't see any errors...
On Fri, 25 Jan 2008 17:56:48 -0600
Sam Clippinger <[EMAIL PROTECTED]> wrote:
> I'm not sure I understand the problem or the strace output. You're
> seeing a single spamdyke process remain running and never exit? I
> need more information before I can help. Are you using the latest
> version of spamdyke? How much CPU is it using? Are you seeing any
> errors in your log files? Can you send a full log of a message that
> causes this behavior? Can you send your spamdyke configuration file?
>
> -- Sam Clippinger
>
> N.Novozhilov wrote:
> >>From yesterday I discover very strange behavior of spamdyke, all
> >>time
> > before all was good:
> >
> > First running copy stay resident and listen network. Short log:
> >
> > host# strace -p 12787 -e trace=network
> > Process 12787 attached - interrupt to quit
> > accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be
> > restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> > accept(3, {sa_family=AF_INET, sin_port=htons(4430),
> > sin_addr=inet_addr ("88.229.222.135")}, [16]) = 0 accept(3,
> > {sa_family=AF_INET, sin_port=htons(3953), sin_addr=inet_addr
> > ("83.166.219.102")}, [16]) = 0
> >
> > accept(3, {sa_family=AF_INET, sin_port=htons(2396),
> > sin_addr=inet_addr ("189.0.199.23")}, [16]) = 0 accept(3,
> > {sa_family=AF_INET, sin_port=htons(13776), sin_addr=inet_addr
> > ("122.164.34.160")}, [16]) = 0
> >
> > accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be
> > restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be
> > restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be
> > restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, {sa_family=AF_INET, sin_port=htons(58206),
> > sin_addr=inet_addr ("123.248.102.135")}, [16]) = 0 accept(3,
> > 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, {sa_family=AF_INET, sin_port=htons(2693),
> > sin_addr=inet_addr ("85.104.38.223")}, [16]) = 0 accept(3,
> > 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, {sa_family=AF_INET, sin_port=htons(4269),
> > sin_addr=inet_addr ("83.166.219.102")}, [16]) = 0 accept(3,
> > {sa_family=AF_INET, sin_port=htons(2788), sin_addr=inet_addr
> > ("85.104.38.223")}, [16]) = 0 accept(3, 0xbfffc050,
> > [16]) = ? ERESTARTSYS (To be restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be
> > restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, {sa_family=AF_INET, sin_port=htons(2852),
> > sin_addr=inet_addr ("85.104.38.223")}, [16]) = 0 accept(3,
> > {sa_family=AF_INET, sin_port=htons(4547), sin_addr=inet_addr
> > ("83.166.219.102")}, [16]) = 0 accept(3, 0xbfffc050,
> > [16]) = ? ERESTARTSYS (To be restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> >
> > accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be
> > restarted)
> > --- SIGCHLD (Child exited) @ 0 (0) ---
> > accept(3, {sa_family=AF_INET, sin_port=htons(2894),
> > sin_addr=inet_addr ("85.104.38.223")}, [16]) = 0 accept(3,
> > {sa_family=AF_INET, sin_port=htons(1268), sin_addr=inet_addr
> > ("200.88.97.100")}, [16]) = 0 accept(3, {sa_family=AF_INET,
> > sin_port=htons(1269), sin_addr=inet_addr ("200.88.97.100")}, [16])
> > = 0
> >
> > and so on...
> >
> > What is it - some bug in configuration of qmail (I didn't change
> > anything in a work spamdyke conf) or new hacker attack?
> >
> > P.S. I'm sorry about previous mail - I didn't wait for full stop of
> > all smtp processes.
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Regards
> > Nicholas A. Novozhilov, NAN6-RIPE
> >
> > NTR Lab
> > System administrator
> > _______________________________________________
> > spamdyke-users mailing list
> > [email protected]
> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regards
Nicholas A. Novozhilov, NAN6-RIPE
NTR Lab
System administrator
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
