Web lists-archives.com

spamd spamming logs?




Greetings;

Fairly new, 2 weeks approx stretch amd64 install

Using fetchmail, feeding procmail which has some spam checking in it
My syslog is being spammed for every incoming mail with a paragraph of"

May 19 07:56:05 coyote spamc[3500]: connect to spamd on 127.0.0.1 failed, 
retrying (#1 of 3): Connection refused
May 19 07:56:06 coyote spamc[3500]: connect to spamd on 127.0.0.1 failed, 
retrying (#2 of 3): Connection refused
May 19 07:56:07 coyote spamc[3500]: connect to spamd on 127.0.0.1 failed, 
retrying (#3 of 3): Connection refused
May 19 07:56:07 coyote spamc[3500]: connection attempt to spamd aborted 
after 3 retries

Does anyone have a clue what to check? I do have some odd entries in the 
key dept at /var/lib/spamassassin/sa-update-keys, but I just scanned a 
search for keys in synaptic without finding any handy suspects.

An ls -lR of that /var.lib/spamassassin/sa0update-keys:
oot@coyote:spamassassin$ cd sa-update-keys/
root@coyote:sa-update-keys$ ls -l
total 16
drwx------ 2 debian-spamd debian-spamd 4096 May  4 16:32 
private-keys-v1.d
-rw-r--r-- 1 debian-spamd debian-spamd 2953 May  4 16:32 pubring.kbx
-rw------- 1 debian-spamd debian-spamd   32 May  4 16:32 pubring.kbx~
srwx------ 1 debian-spamd debian-spamd    0 May  4 16:32 S.gpg-agent
srwx------ 1 debian-spamd debian-spamd    0 May  4 16:32 
S.gpg-agent.browser
srwx------ 1 debian-spamd debian-spamd    0 May  4 16:32 
S.gpg-agent.extra
srwx------ 1 debian-spamd debian-spamd    0 May  4 16:32 S.gpg-agent.ssh
-rw------- 1 debian-spamd debian-spamd 1200 May  4 16:32 trustdb.gpg

What does that 1st column s indicate? Humm, chattr says its been securely 
zeroed, but that the name has not been deleted so its now a zero length 
file. For a new install, thats odd. And it appears spamassassin had not 
been started, starting it changed the syslog to:

May 19 08:17:26 coyote systemd[1]: Started Perl-based spam filter using 
text analysis.
May 19 08:18:41 coyote spamd[4225]: spamd: connection from 127.0.0.1 
[127.0.0.1]:59326 to port 783, fd 5
May 19 08:18:41 coyote spamd[4225]: spamd: setuid to gene succeeded
May 19 08:18:41 coyote spamd[4225]: spamd: processing message 
<878sv2ljw3.fsf@lenovo> aka <k_gHvyRJekP.A.NeC.lkU4cB@bendel> for 
gene:1000
May 19 08:18:41 coyote spamd[4225]: dns: new_dns_packet: domain is utf8 
flagged: a.ns.planet-service.fr
May 19 08:18:41 coyote spamd[4225]: dns: new_dns_packet: domain is utf8 
flagged: b.ns.planet-service.fr
May 19 08:18:41 coyote spamd[4225]: dns: new_dns_packet: domain is utf8 
flagged: ans1.cw.net
May 19 08:18:41 coyote spamd[4225]: dns: new_dns_packet: domain is utf8 
flagged: ans2.cw.net
May 19 08:18:41 coyote spamd[4225]: spamd: clean message (0.2/5.0) for 
gene:1000 in 0.3 seconds, 7339 bytes.
May 19 08:18:41 coyote spamd[4225]: spamd: result: . 0 - 
DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI 
scantime=0.3,size=7339,user=gene,uid=1000,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=59326,mid=<878sv2ljw3.fsf@lenovo>,rmid=<k_gHvyRJekP.A.NeC.lkU4cB@bendel>,autolearn=no 
autolearn_force=no
May 19 08:18:41 coyote spamd[4222]: prefork: child states: II

So what utility in stretch will properly edit the various run levels to 
make sure spamassassin is started?

Thanks.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>