The _none directories are caused by mail attempting to be delivered to addresses with an empty "From" field. You can see this in your log with something like:
Jul 28 12:47:06 limelight spamdyke[21357]: DENIED_GRAYLISTED from: (unknown) to: [EMAIL PROTECTED] origin_ip: 64.183.66.155 origin_rdns: tedperez.com auth: (unknown) In pre-version 4, this causes a file called "_none" to be created in the directory xzhgmf0lkb, which is a sub-directory of domain.net. In the new version 4, I believe, this process has changed, and it sounds like there's possibly a bug causing the continual sub-directory creation. Great timing to find it right as Sam leaves town, huh! :-) I haven't tried it, but maybe try blacklisting the address "_none" for that domain (All domains) and see if that blacklists the email, which is likely spam anyway, instead of graylisting it... Michael J. Colvin NorCal Internet Services www.norcalisp.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bob Alanis > Sent: Monday, July 28, 2008 1:25 PM > To: spamdyke users > Subject: Re: [spamdyke-users] super long "_none" directory > nesting on 4.0.1 > > Thanks again Nightduke, > > I'll give wipe a try for sure. > > As far as restarting Spamdyke, I'm not inclined to do so > since there is no reason to believe that it won't start this > whole nested _none thing all over again. I'm curious if this > is a bug in the software or if there is something in my > config or elsewhere I should change to avoid this. Remember, > these thousands of nested _none directories are popping up > for many sites, not just the one I included in the > recipient-blacklist-entry line. The only pattern I could see > is that the domains which got it the worst are the ones which > normally get the most spam (with lots of the spam having > nothing in the "from" field). > > ~ Bob Alanis > > > > nightduke wrote: > > Wipe seems to delete faster... > > http://sourceforge.net/project/showfiles.php?group_id=804 > > > > 2008/7/28 nightduke <[EMAIL PROTECTED]>: > > > >> Well stop the mail server... > >> > >> create a new graylist > >> add domains > >> rename old greylistold > >> create a cron job to remove greylistold this midnight i > will take hours... > >> Try secure delete seems to delete faster...support > recursive directorys... > >> > >> > http://pnboy.pinguix.com/my_packages/zenwalk/secure_delete/3.1/secure > >> _delete-3.1-i486-54.1.tgz > >> > >> Regards > >> > >> Nightduke > >> > >> > >> > >> 2008/7/28 Bob Alanis <[EMAIL PROTECTED]>: > >> > >>> Thanks Nightduke, > >>> > >>> I can certainly put that domain into a > recipient-blacklist-file. I > >>> don't think that will address the real issue of all those > nested directories. > >>> I've turned off Spamdyke for nwo and have been trying to delete > >>> those nested _none directories for a whole day. Running "rm -rf > >>> /var/qmail/spamdyke/greylist" for 12 hours still didn't > get rid of > >>> all of them. I've found one instance of over 3000 _none > directories > >>> nested inside each other, and there are likely several instances > >>> like that (and some with possibly more _none directories). This > >>> issue is happening for tons of domains, not just the one > I listed in the recipient-blacklist-entry line. > >>> > >>> Anyone have any ideas about the nested _none problem? > >>> > >>> ~ Bob Alanis > >>> > >>> > >>> nightduke wrote: > >>> > >>> Can you add the domains to a blacklisted file > >>> > >>> [EMAIL PROTECTED] > >>> > >>> Don't put the domain there, i think will be better to put the > >>> domains in a text file. > >>> > >>> I hope this helps. > >>> > >>> Regards > >>> > >>> Nightduke > >>> > >>> > >>> 2008/7/27 Bob Alanis <[EMAIL PROTECTED]>: > >>> > >>> > >>> Hello folks, > >>> > >>> I've been using Spamdyke for about a week now and I'm > loving it, but > >>> I'm running into some problems on our server. I'm > running Spamdyke > >>> 4.0.1 on a Plesk 8.2.0 server (which runs Fedora Core 4) and was > >>> able to install and get Spamdyke running just fine. The > problem is > >>> that our server is experiencing some super high loads and > they seem > >>> to be related to Spamdyke. More specifically it seems to > be related > >>> to the fact that in my greylisting folder > >>> (/var/qmail/spamdyke/greylist/) there are hundreds of > folders called > >>> "_none" all nested within eachother. Here's an example > of what I'm talking about (with our client's domain name removed)... > >>> > >>> > /var/qmail/spamdyke/greylist/DOMAINREMOVEDFORPRIVACY.COM/ceceliamora > >>> ledewitt/_none/_none/_none/_none/_none/_none/_none > >>> > >>> That's a very short example, there are tons of instances where > >>> /_none/_none/_none/_none/ goes on for over 1000 times > (highest I've > >>> found so far was 1,412 _none folders nested in a row). > >>> > >>> This was causing our nightly backup software to freak out > as it was > >>> having trouble copying such long directories. I managed > to get it > >>> to ignore my greylist directory during the nightly backups, but > >>> today we had a server crash (well, high load causing it to not > >>> respond). After the server rebooted, I noticed this when > I typed dmesg... > >>> > >>> spamdyke[5315]: segfault at 0000000000000000 rip 0000003517773e56 > >>> rsp > >>> 00007fff11129a28 error 4 > >>> spamdyke[9267]: segfault at ffffffff95c1e5e8 rip 00000035177740b2 > >>> rsp > >>> 00007fff95c1a518 error 4 > >>> > >>> My greylist directory has 479 domain names listed (we > don't actually > >>> have that many sites on our server, more like 300 plus > many domain > >>> aliases), and many of them have this _none/_none/_none problem. > >>> > >>> When I run a config test the only error I get is... > >>> > >>> ERROR: Missing qmail-smtpd command > >>> > >>> But this wasn't keeping spamdyke from working all week. > >>> > >>> My /etc/spamdyke.conf file is... > >>> > >>> -------------------- > >>> > >>> log-level=info > >>> tls-level=smtp > >>> tls-certificate-file=/var/qmail/control/servercert.pem > >>> smtp-auth-level=observe > >>> local-domains-file=/var/qmail/control/rcpthosts > >>> max-recipients=100 > >>> idle-timeout-secs=60 > >>> recipient-whitelist-file=/var/qmail/spamdyke/whitelist_recipient > >>> [EMAIL PROTECTED] > >>> graylist-level=always > >>> graylist-dir=/var/qmail/spamdyke/greylist > >>> graylist-exception-ip-file=/var/qmail/spamdyke/never_greylist > >>> graylist-min-secs=180 > >>> graylist-max-secs=604800 > >>> sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders > >>> recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients > >>> ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip > >>> sender-whitelist-file=/var/qmail/spamdyke/whitelist_sender > >>> ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip > >>> greeting-delay-secs=5 > >>> reject-empty-rdns > >>> dns-blacklist-entry=zen.spamhaus.org > >>> dns-blacklist-entry=dnsbl.ahbl.org > >>> dns-blacklist-entry=bl.spamcop.net > >>> reject-missing-sender-mx > >>> local-domains-file=/var/qmail/control/rcpthosts > >>> > >>> --------------------- > >>> > >>> The [EMAIL PROTECTED] line is due to a > >>> client being mailbombed at the moment. I've added their > domain to > >>> this line temporarily. > >>> > >>> Any suggestions? If there is any more info I can provide > I would be > >>> happy to. Is this normal spamdyke behavior? > >>> > >>> ~ Bob Alanis > >>> > >>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> [email protected] > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> [email protected] > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> [email protected] > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >>> > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
