i have this really annoying issue i'm hoping you can help with.
it seems the spamd child process gets stuck and causes 100% cpu usage. but this doens't just happen randomly, its only for this single user account. e.g. take a look at top output:
the 93 is 93% cpu usage. 40:58 is how long the process has been running, 40 minutes and counting (i just killed it though). and all it tells me its running spamd child. it usually dies after a few hours but only after causing 200% cpu usage (100% on both cpus) and making my server load skyrocket. This happens at least twice daily at no set times.
this user isn't a spammer. no scripts, no mail queue generation, no email accounts even.
I a keep received the email as below every 5 min: spamd failed @ Fri Jul 31 09:29:04 2009. A restart was attempted automagically. Service Check Method: [check command]
Cmd Service Check Raw Output: Spamd is not running
root@server [~]# service exim restart Shutting down clamd: [ OK ] Shutting down exim: [ OK ] Shutting down antirelayd: [ OK ] Shutting down spamd: [ OK ] Starting clamd: [ OK ] Starting exim-26: [ OK ] Starting exim: [ OK ] Starting exim-smtps: [ OK ] Starting antirelayd: [ OK ] Starting spamd: [1814] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use [1814] warn: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use [1814] error: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
spamd: could not create INET socket on 127.0.0.1:783: Address already in use
I tried forced exim update, restarted xinetd, nothing works.
Anyone have a complete tutorial from start to finish on installing spamd as a smtp relay server/gateway? Im looking for some good doccumentation on this all i can find is just the spamd install guide but thats it. Im not even sure if i need postfix etc on the machine to run I have no idea.
1. what are the requirements
2. how to install and compile spamd
3. how to configure your mail servers to accept only mail from smtp relay and setup your mx records accordingly.
I'm having a problem with one user account, every 5-10 minutes a spamd process of this user gets locked using 60-90% cpu and never ends. If I don't kill the process another one does the same and they all get locked causing very high loads
I reinstalled exim but it did nothing
The problem persisted even when this user's account was suspended
It may have already been covered, but i have searched and cannot find a solution to the following.
I have a few Shared hosting servers using Cpanel. The biggest use of resource is spamd.
Is there a way of setting up a spamd server, ie not using Cpanel so that this server purely does the spam checking then passes it back to which ever Cpanel server it came from.
I have done this using postfix, but I'm new to the whole exim / Cpanel thing.
I have been using my Server for a decent while, All of a sudden of the last month it has decided that it wants to play a game.
"Spamd" keeps failing and automagically restarts.
It restarts and works, But then Fails once again a few hours later. One morning I woke up to 7 error messages with the same service. By Restarting Exim it resolves the issue but it happens hours later. I have tried mostly of what I can think of.
Does anyone have any other thoughts on this issue and how it can be resolved?
I am pretty sure that the following entries in the logs are not good and I would like to resolve this issue. I have been reading on Google for several hours straight looking for answers and have come up short.
[/var/log]# grep -i -C4 failed maillog | tail -18 Jul 29 10:12:29 bamboo spamd[31310]: spamd: setuid to root succeeded Jul 29 10:12:29 bamboo spamd[31310]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Jul 29 10:12:29 bamboo spamd[31310]: spamd: processing message <GTUBE1.1010101@example.net> for root:99 Jul 29 10:12:29 bamboo spamd[31310]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.bamboo.site.com.31310 for /.spamassassin/auto-whitelist.lock: No such file or directory Jul 29 10:12:29 bamboo spamd[31310]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes. Jul 29 10:12:29 bamboo spamd[31310]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS ....
i've noticed a number of times in the past few weeks where the spamd process gets stuck (apache 2 server / whm) with a single user name running the process. there is no spam being sent out, no major incoming influx of mail either - the process is just stuck but consumes 100% of cpu and runs for ages before it terminates itself.
My nobody_check is killing a process that seems to be o.k. but I'm not sure. The process is running /usr/bin/perl-bin which I never heard of. I thought it was /usr/bin/perl
Should I be concerned? Again, I don't know what /perl-bin is.
I have just moved my sites from shared host to a vps. After several initial problems (cpanel issue, config not set up correctly, memory spikes and sites down every morning due to backup and stats) I thought everything was going to be ok. hmm.
My server load starts off fine first thing (less than 1) then creeps up nearly 1 per hour, ie been 3.5 hours now and it is at 2.57. Sites are ok at the moment but yesterday load got up to nearly 7 and sites were extremely slow.
CPU usage is HIGH for one site and goes up very quickly throughout the day. Yesterday it reached well over 90%. First thing today it was already amber and showing 14%. It is now 70.54% and shows below it :
Top Process %CPU 80.2 spamd child Top Process %CPU 79.8 spamd child Top Process %CPU 79.4 spamd child
I have a ticket open and they (Liquid Web) they are not sure what the deal is, but are apparently monitoring it to see if they can isolate the cause of the problem. But that was a couple of days ago and now the ticket is due for closure.
I telephoned them (expensive as I'm in the UK!) and raised my concerns, but was just told that everything looked ok on the vps, cpu usage was in fact not high and to ignore the warnings.
So, I am posting here to see if anybody can help me get to the root of this.
I understand that spamd child is to do with email / spam assassin?
My problem is that this is the first vps I have had and don't have a clue now where to go or what to do.
Anybody understand about spamd child that can explain it to a poor dumb blonde and how to fix it?
I've got a vB site which has a RSS Poster Bot (fetches RSS Feeds then posts them). However, for some strange reason, it stopped working. Theres no errors in the error_log and when I do a manual run, it just times out after a minute or so.
The only thing I can think of is that one of the RSS Feeds is down or one of the sites is blocking the server IP for some reason.
I have a weird problem since the movement of our ip range with one of our servers. Bind doesn`t seem to react on any changes we make.
For example, the server still resolves to the old ip adress while we changed all of those with ipswap.sh (directadmin) The weird thing is that all zone files are 100% Correct. Ip`s are all changed and no sign of the old ip whatsoever. Again, the nameserver still resolves to the old ip`s.
Also when i create a new domain, named.conf is changed and the zone file is created sucessfully. Still the nameserver doesn`t seem to add the domain name.
Restarting, reloading and even reinstalling named doesn`t help
It is my only (at present), and main production web server located in a datacentre in the Uk.
I am running Centos 4-4.2 since a hardware failure earlier this year neccesitated a stressful overnight ssh reinstall.
I have it setup pretty well now (I think!) but I cant work out how I am able to sftp into the server!
Reason being, I have installed VSFTPD (made sure there were no ftpd daemons installed or running), and when I stop this service via sshd, it does not affect the fact that I can then sftp in to the server using an ftp client such as wsftp pro...
Also, even when I change the vsftpd.conf to jail certain ftp users to a directory, it seems to have no effect and ftp works exactly as it did before without imposing the restrictions?
There is no other ftp daemon showing up in the process list.
I have tripwire installed, rootkit hunter, and cisco hardware firewall in conjunciton with ip tables.
I dont 'think' its hacked!
Also, the last time I upgraded centos was from an early v4 to 4.4.2 due to major hardware failure on the server and the fact I didnt have a mirrored OS/server backup (due to cost) *but I did of course have all my sites and databases etc) I am rather scared to upgrade Centos kernel to the latest version in part due to horror stories I have heard from others (NOT regarding Centos specifically) from kernel upgrades going wrong or compatibility issues etc that mean that I am very very reluctant to do it on our main production server..
I am imminently buying another server to act as a failover and backup for the existing one,but is keeping my current Centos install as it is and holding out to wait for a test server the best thing to do? (are there any serious security issues in 4.4.2? bugs etc?) Or should I have confidence and get Yum to do its business!
It seems that i am facing some weird Apache issue.
I cant access my forum.domain.com but can access forum.domain.com/admin
I didnt found anything in Apache error logs,but found this in access logs IP HERE - - [26/Dec/2007:03:13:44 +0400] "GET / HTTP/1.0" 200 22435 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727)"
Is there anything strange in that info and what does 22435 represent?
On one of my Web sites I have it set to e-mail me whenever someone tries a SQL Injection attempt through the GET.
(I find some of the results interesting and/or funny.)
I also have it e-mail me the visitor's IP address and browser client. I recently got one with a result for the IP address that certainly got my interest.
It read: Quote:
<?php phpinfo(); echo "LOOOOL, X-FORWERD BUG"; ?>
The PHP scripting I use to get the IP address is:
Code: $visIP = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; I guess I'm wondering how they may have done it, and if this indicates an issues where people can hack my site (for control or at least info) through this method?
