From owner-freebsd-questions@FreeBSD.ORG  Fri Oct 27 14:37:24 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3B15916A417
	for <questions@freebsd.org>; Fri, 27 Oct 2006 14:37:24 +0000 (UTC)
	(envelope-from peter@bgnett.no)
Received: from skapet.datadok.no (skapet.datadok.no [194.54.107.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 97B6A43D70
	for <questions@freebsd.org>; Fri, 27 Oct 2006 14:37:17 +0000 (GMT)
	(envelope-from peter@bgnett.no)
Received: from thingy.datadok.no
	([194.54.103.97] helo=thingy.datadok.no.bsdly.net ident=peter)
	by skapet.datadok.no with esmtp (Exim 4.60)
	(envelope-from <peter@bgnett.no>)
	id 1GdSpf-0000cw-DE; Fri, 27 Oct 2006 16:37:15 +0200
To: "Michael W. Lucas" <mwlucas@blackhelicopters.org>
References: <87ods3wo27.fsf@amidala.kakemonster.bsdly.net>
	<20061026160201.GA4801@bewilderbeast.blackhelicopters.org>
From: peter@bgnett.no (Peter N. M. Hansteen)
Date: Fri, 27 Oct 2006 16:29:55 +0200
In-Reply-To: <20061026160201.GA4801@bewilderbeast.blackhelicopters.org>
	(Michael W. Lucas's message of "Thu, 26 Oct 2006 12:02:01 -0400")
Message-ID: <87ejstomqk.fsf@thingy.datadok.no>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: questions@freebsd.org
Subject: Re: pfspamd greylisting stuttering at everything
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2006 14:37:24 -0000

"Michael W. Lucas" <mwlucas@blackhelicopters.org> writes:

> Before starting pfspamd today, I checked my spamdb.  spamdb listed 12
> entries.  After 3 hours, spamdb listed the same 12 entries.  

spamdb not getting updated like that sounds *wrong*.  

It almost sounds like spamdb isn't actually getting called (or perhaps
core dumps at startup) or possibly a file permissions problem is
preventing it from updating, ie does the _spamd user have write
permission to /var/db/spamdb?  What you are seeing is really, really
strange at any rate.

> My spamd logs to /var/log/spam, which has many interesting entries in it:
>
> Oct 26 11:18:31 bewilderbeast spamd[731]: (GREY) 216.136.204.119: <owner-doc-committers@FreeBSD.org> -> <mwlucas@blackhelicopters.org>
> Oct 26 11:18:40 bewilderbeast spamd[731]: 204.127.192.84: connected (12/1)
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: From: Leila Wood <uzzfnh@fantasy-heaven.de>
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: To: mwlucas@blackhelicopters.org
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Subject: caustic assent
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: This is a multi-part message in MIME format.
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: --------------060605040706020008040508
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Type: text/html; charset=ISO-8859-1
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Transfer-Encoding: 7bit
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <html>
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <head>
> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body:  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
> Oct 26 11:19:13 bewilderbeast spamd[731]: 204.152.190.11: disconnected after 390 seconds.
> Oct 26 11:19:15 bewilderbeast spamd[731]: 12.130.136.42: disconnected after 390 seconds.
> Oct 26 11:19:34 bewilderbeast spamd[731]: 89.110.7.178: disconnected after 390 seconds.
> Oct 26 11:19:48 bewilderbeast spamd[731]: 200.52.66.237: connected (10/1)

This sequence looks pretty normal to me.  Here, you should have found
a 'GREY' entry for 216.136.204.199 in your spamd database immediately
afterwards.  If you find out why that isn't happening, you've solved
the problem, I think.

> I'm running spamd as below:
>
> pfspamd_flags="-v -G7:4:864 -r451"

Not related to the main problem, but I think you could probably get
away with a 2 or even 1 minute passtime without ill effects.  

> All of spamd could use some documentation, but that'll happen.  ;-)

Well, fwiw it's one of the things I will be writing about in the near future.

Good luck,
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds