Quoting email builder <[EMAIL PROTECTED]>: > > >>> Some postings a while back led me to believe that I could specify > > >>> multiple hosts for the -d option of spamc. I understood that it > > >>> would operate basically on a fallback basis (not load balancing). > > >>> However, I can't seem to get spamc to use more than one of the -d > > >>> listings. I've tried: > > >>> > > >>>/usr/bin/spamc -d 123.45.67.8 -d 127.0.0.1 > > >>>/usr/bin/spamc -d 123.45.67.8 127.0.0.1 > > >>> > > >>> And switched the order around and fiddled with hostnames vs IP > > >>> addresses, but no dice. I understand the man page to say that it > > >>> will use fallback logic if the hostname resolves (via DNS query, > > >>> right?) to more than one host... so why can't I give it those hosts > > >>> directly? > > >> > > >> From http://spamassassin.apache.org/full/3.0.x/dist/doc/spamc.html > > >> > > >>"-d host > > >> In TCP/IP mode, connect to spamd server on given host (default: > > >>localhost). > > >> > > >> If host resolves to multiple addresses, then spamc will fail-over > > >>to the other addresses, if the first one cannot be connected to" > > >> > > >>You need to have a host that has multiple A records. > > >> > > >>spamd.domain.com A 123.123.123.123 > > >>spamd.domain.com A 123.123.123.124 > > >>spamd.domain.com A 123.123.123.125 > > >> > > >>/usr/bin/spamc -d spamd.domain.com > > >> > > >>If your DNS server sends the results back in a different order each time > > >>then it will not be a fallback but a round robin. You might be able to > > >>simply use /etc/host entries. I've never tried it as I use qmail which > > >>will not use the host file, so I always rely on DNS. Don't know if spamc > > >>will use the host file or not. > > > > > > Huh, I am not familiar with how to use /etc/hosts as a DNS source. Can > > you > > > clarify? > > > > I didn't mean use it as a dns source, but many programs can look first > > to your /etc/hosts file prior to doing a DNS lookup. I do not know if > > spamc will do that, I do not believe it does. > > > > > Mainly my question was if/how I could avoid making it a DNS query. I'd > > like > > > to simply hand spamc the two addresses that I want it to have manually, > > and I > > > do *NOT* want round-robin, I want failover.... > > > > I do not think you can do this. You can use a IP address with spamc to > > save a lookup. I use the following run script under demontools, > > > > #!/sbin/sh > > > > PATH=/usr/bin:/usr/local/bin > > > > exec /usr/local/bin/softlimit -a 128000000 \ > > /usr/local/bin/spamd -i 10.0.240.253 -p 1783 -A 10.0.240.0/24 \ > > -m 10 --max-conn-per-child=200 -u vpopmail -x -q -s stderr 2>&1 > > > > I do not believe you can have mulitple addresses behind the -i switch, > > at least the docs do not lead me to believe it is possible. Maybe > > someone else knows better. > > spamd is not a problem for me. I run spamd on two machines, one being my > main SA server, and one being a fallback just in case something goes awry > (something recently did). I'd really like to be able to tell spamc that it > can go to a 2nd IP address in case the first one fails, possibly by doing as > I wrote above: > > /usr/bin/spamc -d 123.45.67.8 -d 127.0.0.1 > > but it seems I can't do this unless I go the DNS route (which I don't know > how to do, since my main SA server must be routed to using an internal > network IP).
How I do it with 9 machines running spamd: I set up djbdns (non-BIND name server software) on a machine, dnscache on the public IP, tinydns (authoratative server) on 127.0.0.1 of the same machine, in the tinydns config I set up a fake domain name "my.spam" that resolves to a list of my spamd machines, dnscache can then be instructed to go to 127.0.0.1 instead of the rootname servers when looking up domains that end in ".spam" my spamc line is "spamc -d my.spam [etc]" you obviously need each spamc machine having /etc/resolv.conf pointing to your dns cache for this to work. all this is documented on http://cr.yp.to/ and the software is available there, I find it much easier to set up and understand than BIND but I don't want to get into a religious argument on DNS software as I am sure you can do such a thing in bind but I don't use bind. Running your own internal caches is a good idea anyway. cheers, brian
