# dspam.sock -> connection refused

## Ateo

Greetings,

Yet another issue with DSPAM.... Or maybe Postfix this time.

When I enable DSPAM filtering, the connection between Postfix and DSPAM functions for a few deliveries. After a few deliveries, the connection between Postfix and DSPAM fails and messages are deferred. Specifically, the connection dies after DSPAM scans the message and attempts to re-deliver it back to Postfix so perhaps Postfix is the issue.

Here are logs for 2 different delivery attempts.:

```
Nov 20 10:54:07 boron postfix/smtpd[20072]: connect from web38915.mail.mud.yahoo.com[209.191.125.121]

Nov 20 10:54:08 boron postfix/smtpd[20072]: NOQUEUE: filter: RCPT from web38915.mail.mud.yahoo.com[209.191.125.121]: <alias@domain.com>: Recipient address triggers FILTER dspam:unix:/var/run/dspam/dspam.sock; from=<anubus3@yahoo.com> to=<alias@domain.com> proto=SMTP helo=<web38915.mail.mud.yahoo.com>

Nov 20 10:54:08 boron postfix/smtpd[20072]: 7421F36A990: client=web38915.mail.mud.yahoo.com[209.191.125.121]

Nov 20 10:54:08 boron postfix/cleanup[20078]: 7421F36A990: message-id=<71773.45354.qm@web38915.mail.mud.yahoo.com>

Nov 20 10:54:08 boron postfix/qmgr[20021]: 7421F36A990: from=<anubus3@yahoo.com>, size=1514, nrcpt=1 (queue active)

Nov 20 10:54:08 boron postfix/lmtp[20080]: 7421F36A990: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=mail.domain.com[/var/run/dspam/dspam.sock], delay=1.2, delays=1.1/0/0/0.07, dsn=4.4.2, status=deferred (lost connection with mail.mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once)

Nov 20 10:54:08 boron postfix/smtpd[20072]: disconnect from web38915.mail.mud.yahoo.com[209.191.125.121]
```

```
Nov 20 10:54:57 boron postfix/smtpd[20072]: connect from web38905.mail.mud.yahoo.com[209.191.125.111]

Nov 20 10:54:58 boron postfix/smtpd[20072]: NOQUEUE: filter: RCPT from web38905.mail.mud.yahoo.com[209.191.125.111]: <alias@domain.com>: Recipient address triggers FILTER dspam:unix:/var/run/dspam/dspam.sock; from=<anubus3@yahoo.com> to=<alias@domain.com> proto=SMTP helo=<web38905.mail.mud.yahoo.com>

Nov 20 10:54:58 boron postfix/smtpd[20072]: 8427B36C333: client=web38905.mail.mud.yahoo.com[209.191.125.111]

Nov 20 10:54:58 boron postfix/cleanup[20078]: 8427B36C333: message-id=<655226.26995.qm@web38905.mail.mud.yahoo.com>

Nov 20 10:54:58 boron postfix/qmgr[20021]: 8427B36C333: from=<anubus3@yahoo.com>, size=1607, nrcpt=1 (queue active)

Nov 20 10:54:58 boron postfix/lmtp[20080]: 8427B36C333: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=none, delay=1.5, delays=1.5/0/0/0, dsn=4.4.1, status=deferred (connect to mail.domain.com[/var/run/dspam/dspam.sock]: Connection refused)

Nov 20 10:54:58 boron postfix/smtpd[20072]: disconnect from web38905.mail.mud.yahoo.com[209.191.125.111]
```

Here are my configuration files:

```
syslog_facility = mail

syslog_name = postfix

config_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mailq_path = /usr/bin/mailq

mydomain = mydomain.com

myhostname = mail.$mydomain

myorigin = $mydomain

mydestination =

 $myhostname,

 $mydomain,

 localhost.$mydomain

mynetworks = cidr:$config_directory/inc/mynetworks

relay_domains = $mynetworks

inet_interfaces = all

queue_run_delay = 1h

maximal_backoff_time = 2h

minimal_backoff_time = 1h

maximal_queue_lifetime = 2d

bounce_queue_lifetime = 2d

setgid_group = postdrop

html_directory = no

default_privs = nobody

recipient_delimiter = -

home_mailbox = .maildir/

biff = yes

mail_name = AntiUCE-Creepy.Mail.Services

smtpd_banner = $myhostname ESMTP $mail_name (Postfix $mail_version)

smtpd_delay_reject = yes

strict_rfc821_envelopes = yes

disable_vrfy_command = yes

smtpd_helo_required = yes

smtp_always_send_ehlo = yes

header_checks = pcre:$config_directory/inc/header_checks

body_checks =

smtpd_client_restrictions =

 permit_mynetworks,

 check_client_access cidr:$config_directory/inc/blacklist,

 reject_rbl_client rbl_domain=countries.blackholes.us

smtpd_helo_restrictions =

 permit_mynetworks,

 reject_invalid_hostname,

 check_helo_access pcre:$config_directory/inc/helo

smtpd_sender_restrictions =

 permit_mynetworks,

 reject_non_fqdn_sender

smtpd_recipient_restrictions =

 permit_mynetworks,

 permit_sasl_authenticated,

 reject_non_fqdn_sender,

 reject_non_fqdn_recipient,

 reject_unknown_sender_domain,

 reject_unknown_recipient_domain,

 reject_non_fqdn_helo_hostname,

 reject_unauth_destination,

 reject_unauth_pipelining,

 reject_invalid_hostname,

 check_policy_service inet:127.0.0.1:10025,

 check_recipient_access pcre:$config_directory/inc/filter_dspam,

 permit

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_sasl_path = /etc/sasl2:/usr/lib/sasl2

smtp_use_tls = yes

smtpd_use_tls = yes

smtpd_tls_key_file = $config_directory/ssl/newkey.pem

smtpd_tls_cert_file = $config_directory/ssl/newcert.pem

smtpd_tls_CAfile = $config_directory/ssl/demoCA/cacert.pem

smtpd_tls_loglevel = 0

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache

mailbox_command = /usr/bin/maildrop -w 90 -d $USER 0 $USER $DOMAIN $SENDER

virtual_transport = maildrop

default_destination_concurrency_limit = 10

local_destination_concurrency_limit = 2

virtual_destination_concurrency_limit = $default_destination_concurrency_limit

maildrop_destination_recipient_limit = $default_destination_concurrency_limit

transport_maps = 

local_recipient_maps = proxy:unix:passwd.byname $transport_maps

virtual_minimum_uid = 1000

virtual_gid_maps = static:5000

virtual_uid_maps = static:5000

virtual_mailbox_base = static:/home/vmail

virtual_mailbox_domains = pgsql:$config_directory/inc/sql-vdomains.cf

virtual_mailbox_maps = pgsql:$config_directory/inc/sql-vmailboxes.cf

virtual_alias_maps = pgsql:$config_directory/inc/sql-valiases.cf

virtual_alias_domains =

virtual_maildir_limit_message =

relay_domains = pgsql:$config_directory/inc/sql-mx-domains.cf

proxy_read_maps = 

 $local_recipient_maps

 $virtual_alias_maps

 $virtual_mailbox_maps

 $virtual_mailbox_domains

 $relay_domains

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 550

unknown_relay_recipient_reject_code = 550

unknown_virtual_alias_reject_code = 550

unknown_virtual_mailbox_reject_code = 550

unverified_recipient_reject_code = 450

unverified_sender_reject_code = 450

soft_bounce = yes

2bounce_notice_recipient = postmaster@$mydomain

bounce_notice_recipient = postmaster@$mydomain

error_notice_recipient = postmaster@$mydomain

debug_peer_level = 1
```

```
# ==========================================================================

# DSPAM service (LMTP)

dspam     unix  -       -       n       -       10      lmtp

127.0.0.1:11025 inet    n       -       n       -       -       smtpd

 -o smtpd_authorized_xforward_hosts=127.0.0.1

 -o smtpd_client_restrictions=

 -o smtpd_helo_restrictions=

 -o smtpd_sender_restrictions=

 -o smtpd_recipient_restrictions=permit_mynetworks,reject

 -o mynetworks=127.0.0.1

 -o receive_override_options=no_unknown_recipient_checks
```

```
/./     FILTER dspam:unix:/var/run/dspam/dspam.sock
```

```
Home /var/spool/dspam

StorageDriver /usr/lib/dspam/libpgsql_drv.so

TrustedDeliveryAgent "/usr/sbin/sendmail"

UntrustedDeliveryAgent "/usr/sbin/sendmail"

DeliveryHost        127.0.0.1

DeliveryPort        11025

DeliveryIdent       localhost

DeliveryProto       SMTP

OnFail error

Trust root

Trust dspam

Trust apache

Trust mail

Trust smmsp

Trust daemon

Trust postfix

Debug *

TrainingMode toe

TestConditionalTraining on

Feature noise

Feature whitelist

Feature tb=5

Algorithm burton graham naive

Tokenizer osb

PValue bcr

WebStats on

ImprobabilityDrive on

Preference "trainingMode=TOE"      # TEFT, TUM, TOE

Preference "spamAction=tag"      # tag, quarantine, deliver

Preference "signatureLocation=headers"   # 'message' or 'headers'

Preference "spamSubject="

Preference "statisticalSedation=5"   # 0 to 9

Preference "enableBNR=on"      # on, off

Preference "showFactors=off"      # on, off

Preference "enableWhitelist=on"      # on, off

Preference "whitelistThreshold=5"

AllowOverride trainingMode

AllowOverride spamAction spamSubject

AllowOverride statisticalSedation

AllowOverride enableBNR

AllowOverride enableWhitelist

AllowOverride signatureLocation

AllowOverride showFactors

AllowOverride optIn optOut

AllowOverride whitelistThreshold

PgSQLServer 127.0.0.1

PgSQLPort 5432

PgSQLUser dspam

PgSQLPass 3aBZ767L5e6q9

PgSQLDb dspamdb

PgSQLUIDInSignature     on 

PgSQLVirtualTable          dspam_virtual_uids

PgSQLVirtualUIDField       uid

PgSQLVirtualUsernameField  username

HashRecMax              98317

HashAutoExtend          on  

HashMaxExtents          0

HashExtentSize          49157

HashPctIncrease 10

HashMaxSeek             10

HashConnectionCache     10

Notifications   off

PurgeSignature  off # Specified in purge.sql

PurgeNeutral   90

PurgeUnused    off # Specified in purge.sql

PurgeHapaxes   off # Specified in purge.sql

PurgeHits1S    off # Specified in purge.sql

PurgeHits1I    off # Specified in purge.sql

LocalMX 127.0.0.1

SystemLog on

UserLog   on

Opt out

TrackSources spam nonspam

ParseToHeaders on

ChangeModeOnParse on

ChangeUserOnParse off

Broken case

Broken lineStripping

MaxMessageSize 1024000

ServerQueueSize         32

ServerPID              /var/run/dspam/dspam.pid

ServerMode auto

ServerPass.localhost    "dspam"

ServerParameters        "--deliver=innocent,spam"

ServerIdent             "localhost"

ServerDomainSocketPath  "/var/run/dspam/dspam.sock"

ClientHost      "/var/run/dspam/dspam.sock"

ClientIdent     "dspam@localhost"

ProcessorURLContext on

ProcessorBias on
```

Things I've done:

Changed MTU on interface from 1500 to 1492 (didn't work)

Any input/suggestions would be appreciated.

ThanksLast edited by Ateo on Thu Jan 10, 2008 5:57 am; edited 3 times in total

----------

## steveb

This is the error part:

```
Nov 20 10:54:58 boron postfix/lmtp[20080]: 8427B36C333: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=none, delay=1.5, delays=1.5/0/0/0, dsn=4.4.1, status=deferred (connect to mail.domain.com[/var/run/dspam/dspam.sock]: Connection refused)
```

It is Postfix trying to send over LMTP to the DSPAM socket but it does not work.

Could you try if this would help? Change in /etc/postfix/inc/filter_dspam to this content:

```
/./     FILTER lmtp:unix:/var/run/dspam/dspam.sock
```

If that did not help, then try to change in dspam.conf the ServerMode to be:

```
ServerMode standard
```

// SteveB

----------

## Ateo

I did both of the changes. Same result. When it dies, the first log message will always have "while sending end of data -- message may be sent more than once". Second log message and all after will contain the "Connection refused"...

Thanks

----------

## steveb

I don't think it is this part from master.cf but still.... could you try to exchange your port 11025 stuff with this:

```
127.0.0.1:11025 inet n  -       n       -       -       smtpd

  -o local_header_rewrite_clients=

  -o local_recipient_maps=

  -o mynetworks=127.0.0.0/8

  -o mynetworks_style=host

  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

  -o relay_recipient_maps=

  -o smtp_send_xforward_command=yes

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

  -o smtpd_client_connection_count_limit=0

  -o smtpd_client_connection_rate_limit=0

  -o smtpd_client_restrictions=permit_mynetworks,reject

  -o smtpd_data_restrictions=reject_unauth_pipelining

  -o smtpd_delay_reject=no

  -o smtpd_end_of_data_restrictions=

  -o smtpd_error_sleep_time=0

  -o smtpd_hard_error_limit=1000

  -o smtpd_helo_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o smtpd_restriction_classes=

  -o smtpd_sender_restrictions=

  -o smtpd_soft_error_limit=1001

  -o strict_rfc821_envelopes=yes
```

What version of Postfix do you use?

// SteveB

----------

## Ateo

Added all the good stuff to the service... Still get connection refused.

Postfix version: mail-mta/postfix-2.4.5

Just FYI.. Some times I can get 2, 3 or 4 messages through. 4 is about the maximum then connections are refused. So, the socket works for a bit then dies.

----------

## steveb

The socket dies? Completely gone? There is no dspam.sock in /var/run/dspam/?

Let's try something crazy. Could you use this dspam.conf and test if you still have the problem?

```
## $Id: dspam.conf.in,v 1.82 2006/06/23 03:11:31 jonz Exp $

## dspam.conf -- DSPAM configuration file

##

#

# DSPAM Home: Specifies the base directory to be used for DSPAM storage

#

Home   /var/spool/dspam

#

# StorageDriver: Specifies the storage driver backend (library) to use.

# You'll only need to set this if you are using dynamic storage driver plugins

# from a binary distribution. The default build statically links the storage

# driver (when only one is specified at configure time), overriding this

# setting, which only comes into play if multiple storage drivers are specified

# at configure time. When using dynamic linking, be sure to include the path

# to the library if necessary, and some systems may use an extension other

# than .so (e.g. OSX uses .dylib).

#

# Options include:

#

#   libmysql_drv.so     libpgsql_drv.so   libsqlite_drv.so

#   libsqlite3_drv.so   libhash_drv.so

#

# IMPORTANT: Switching storage drivers requires more than merely changing

# this option. If you do not wish to lose all of your data, you will need to

# migrate it to the new backend before making this change.

#

StorageDriver      /usr/lib/dspam/libpgsql_drv.so

#

# Trusted Delivery Agent: Specifies the local delivery agent DSPAM should call

# when delivering mail as a trusted user. Use %u to specify the user DSPAM is

# processing mail for. It is generally a good idea to allow the MTA to specify

# the pass-through arguments at run-time, but they may also be specified here.

#

# Most operating system defaults:

#TrustedDeliveryAgent "/usr/bin/procmail"       # Linux

#TrustedDeliveryAgent "/usr/bin/mail"           # Solaris

#TrustedDeliveryAgent "/usr/libexec/mail.local" # FreeBSD

#TrustedDeliveryAgent "/usr/bin/procmail"       # Cygwin

#

# Other popular configurations:

#TrustedDeliveryAgent "/usr/cyrus/bin/deliver"  # Cyrus

#TrustedDeliveryAgent "/bin/maildrop"           # Maildrop

#TrustedDeliveryAgent "/usr/local/sbin/exim -oMr spam-scanned" # Exim

#

TrustedDeliveryAgent "/usr/sbin/sendmail"

#

# Untrusted Delivery Agent: Specifies the local delivery agent and arguments

# DSPAM should use when delivering mail and running in untrusted user mode.

# Because DSPAM will not allow pass-through arguments to be specified to

# untrusted users, all arguments should be specified here. Use %u to specify

# the user DSPAM is processing mail for. This configuration parameter is only

# necessary if you plan on allowing untrusted processing.

#

#UntrustedDeliveryAgent "/usr/bin/procmail -d %u"

UntrustedDeliveryAgent "/usr/sbin/sendmail"

#

# SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP

# delivery to deliver your message to the mail server instead of using a

# delivery agent. You will need to configure with --enable-daemon to use host

# delivery, however you do not need to operate in daemon mode. Specify an IP

# address or UNIX path to a domain socket below as a host.

#

# If you would like to set up DeliveryHost's on a per-domain basis, use

# the syntax: DeliveryHost.domain.com 1.2.3.4

#

#DeliveryHost      127.0.0.1

#DeliveryPort      24

#DeliveryIdent      localhost

#DeliveryProto      LMTP

##

DeliveryHost      127.0.0.1

DeliveryPort      11025

DeliveryIdent      localhost

DeliveryProto      SMTP

#

# FallbackDomains: If you want to specify certain domains as fallback domains,

# enable this option. For example, you could create a user @domain.com, and

# if bob@domain.com does not resolve to a known user on the system, the user

# could default to your @domain.com user. NOTE: This also requires designating

# fallbackDomain for the domain name;

# e.g. dspam_admin ch pref domain.com fallbackDomain on

#

#FallbackDomains   on

#

# Quarantine Agent: DSPAM's default behavior is to quarantine all mail it

# thinks is spam. If you wish to override this behavior, you may specify

# a quarantine agent which will be called with all messages DSPAM thinks is

# spam. Use %u to specify the user DSPAM is processing mail for.

#

#QuarantineAgent   "/usr/bin/procmail -d spam"

#

# DSPAM can optionally process "plused users" (addresses in the user+detail

# form) by truncating the username just before the "+", so all internal

# processing occurs for "user", but delivery will be performed for

# "user+detail". This is only useful if the LDA can handle "plused users"

# (for example Cyrus IMAP) and when configured for LMTP delivery above

#

#EnablePlusedDetail   on

#

# Quarantine Mailbox: DSPAM's LMTP code can send spam mail using LMTP to a

# "plused" mailbox (such as user+quarantine) leaving quarantine processing

# for retraining or deletion to be performed by the LDA and the mail client.

# "plused" mailboxes are supported by Cyrus IMAP and possibly other LDAs.

# The mailbox name must have the +

#

#QuarantineMailbox   +quarantine

#

# OnFail: What to do if local delivery or quarantine should fail. If set

# to "unlearn", DSPAM will unlearn the message prior to exiting with an

# un successful return code. The default option, "error" will not unlearn

# the message but return the appropriate error code. The unlearn option

# is use-ful on some systems where local delivery failures will cause the

# message to be requeued for delivery, and could result in the message

# being processed multiple times. During a very large failure, however,

# this could cause a significant load increase.

#

OnFail   error

#

# Trusted Users: Only the users specified below will be allowed to perform

# administrative functions in DSPAM such as setting the active user and

# accessing tools. All other users attempting to run DSPAM will be restricted;

# their uids will be forced to match the active username and they will not be

# able to specify delivery agent privileges or use tools.

#

Trust root

Trust dspam

Trust apache

Trust mail

Trust mailnull

Trust smmsp

Trust daemon

Trust mailman

Trust postfix

#Trust nobody

#Trust majordomo

#

# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM must

# be compiled with debug support in order to use this option. DSPAM should

# never be running in production with debug active unless you are

# troubleshooting problems.

#

# DebugOpt: One or more of: process, classify, spam, fp, inoculation, corpus

#   process     standard message processing

#   classify    message classification using --classify

#   spam        error correction of missed spam

#   fp          error correction of false positives

#   inoculation message inoculations (source=inoculation)

#   corpus      corpusfed messages (source=corpus)

#

#Debug *

#Debug bob bill

#

Debug *

#DebugOpt process spam fp

#DebugOpt process classify spam fp inoculation corpus

#

# ClassAlias: Alias a particular class to spam/nonspam. This is useful if

# classifying things other than spam.

#

#ClassAliasSpam badstuff

#ClassAliasNonspam goodstuff

#

# Training Mode: The default training mode to use for all operations, when

# one has not been specified on the commandline or in the user's preferences.

# Acceptable values are:

#     toe     Train on Error (Only)

#     teft    Train Everything (Trains on every message)

#     tum     Train Until Mature (Train only tokens without enough data)

#     notrain Do not train or store signatures (large ISP systems, post-train)

#

TrainingMode   toe

#

# TestConditionalTraining: By default, dspam will retrain certain errors

# until the condition is no longer met. This usually accelerates learning.

# Some people argue that this can increase the risk of errors, however.

#

TestConditionalTraining   on

#

# Features: Specify features to activate by default; can also be specified

# on the commandline. See the documentation for a list of available features.

# If _any_ features are specified on the commandline, these are ignored.

#

#Feature sbph

#Feature chained

Feature noise

Feature whitelist

# Training Buffer: The training buffer waters down statistics during training.

# It is designed to prevent false positives, but can also dramatically reduce

# dspam's catch rate during initial training. This can be a number from 0

# (no buffering) to 10 (maximum buffering). If you are paranoid about false

# positives, you should probably enable this option.

#

Feature tb=5

#

# Algorithms: Specify the statistical algorithms to use, overriding any

# defaults configured in the build. The options are:

#    naive       Naive-Bayesian (All Tokens)

#    graham      Graham-Bayesian ("A Plan for Spam")

#    burton      Burton-Bayesian (SpamProbe)

#    robinson    Robinson's Geometric Mean Test (Obsolete)

#    chi-square  Fisher-Robinson's Chi-Square Algorithm

#

# You may have multiple algorithms active simultaneously, but it is strongly

# recommended that you group Bayesian algorithms with other Bayesian

# algorithms, and any use of Chi-Square remain exclusive.

#

# NOTE: For standard "CRM114" Markovian weighting, use 'naive', or consider

#       using 'burton' for slightly better accuracy

#

# Don't mess with this unless you know what you're doing

#

#Algorithm chi-square

#Algorithm naive

Algorithm burton graham naive

#Algorithm burton

#

# Tokenizer: Specify the tokenizer to use. The tokenizer is the piece

# responsible for parsing the message into individual tokens. Depending on

# how many resources you are willing to trade off vs. accuracy, you may

# choose to use a less or more detailed tokenizer:

#   word    uniGram (single word) tokenizer

#           Tokenizes message into single individual words/tokens

#           example: "free" and "viagra"

#   chain   biGram (chained tokens) tokenizer (default)

#           Single words + chains adjacent tokens together

#           example: "free" and "viagra" and "free viagra"

#   sbph    Sparse Binary Polynomial Hashing tokenizer

#           Creates sparse token patterns across sliding window of 5-tokens

#           example: "the quick * fox jumped" and "the * * fox jumped"

#   osb     Orthogonal Sparse biGram

#           Similar to SBPH, but only uses the biGrams

#           example: "the * * fox" and "the * * * jumped"

#

#Tokenizer chain

Tokenizer osb

#

# PValue: Specify the technique used for calculating Probability Values,

# overriding any defaults configured in the build. These options are:

#    bcr         Bayesian Chain Rule (Graham's Technique - "A Plan for Spam")

#    robinson    Robinson's Technique (used in Chi-Square)

#    markov      Markovian Weighted Technique (for Markovian discrimination)

#

# Unlike the "Algorithms" property, you may only have one of these defined.

# Use of the chi-square algorithm automatically changes this to robinson.

#

# Don't mess with this unless you know what you're doing.

#

#PValue robinson

#PValue markov

PValue bcr

#

# WebStats: Enable this if you are using the CGI, which writes .stats files

WebStats on

#

# ImprobabilityDrive: Calculate odds-ratios for ham/spam, and add to

# X-DSPAM-Improbability headers

#

ImprobabilityDrive   on

#

# Preferences: Specify any preferences to set by default, unless otherwise

# overridden by the user (see next section) or a default.prefs file.

# If user or default.prefs are found, the user's preferences will override any

# defaults.

#

Preference "trainingMode=TOE"         # TEFT, TUM, TOE

Preference "spamAction=tag"         # tag, quarantine, deliver

Preference "signatureLocation=headers"   # 'message' or 'headers'

Preference "spamSubject="

Preference "statisticalSedation=5"      # 0 to 9

Preference "enableBNR=on"         # on, off

Preference "showFactors=off"         # on, off

Preference "enableWhitelist=on"      # on, off

Preference "whitelistThreshold=5"

#

# Overrides: Specifies the user preferences which may override configuration

# and commandline defaults. Any other preferences supplied by an untrusted user

# will be ignored.

#

AllowOverride enableBNR

AllowOverride enableWhitelist

AllowOverride fallbackDomain

AllowOverride ignoreGroups

AllowOverride localStore

AllowOverride makeCorpus

AllowOverride optIn

AllowOverride optOut

AllowOverride optOutClamAV

AllowOverride processorBias

AllowOverride showFactors

AllowOverride signatureLocation

AllowOverride spamAction

AllowOverride spamSubject

AllowOverride statisticalSedation

AllowOverride storeFragments

AllowOverride tagNonspam

AllowOverride tagSpam

AllowOverride trainPristine

AllowOverride trainingMode

AllowOverride whitelistThreshold

# --- MySQL ---

#

# Storage driver settings: Specific to a particular storage driver. Uncomment

# the configuration specific to your installation, if applicable.

#

#MySQLServer         /var/run/mysqld/mysqld.sock

#MySQLPort

#MySQLUser         dspam

#MySQLPass         changeme

#MySQLDb            dspam

#MySQLCompress         true

#MySQLReconnect      true

# If you are using replication for clustering, you can also specify a separate

# server to perform all writes to.

#

#MySQLWriteServer      /var/run/mysqld/mysqld.sock

#MySQLWritePort

#MySQLWriteUser      dspam

#MySQLWritePass      changeme

#MySQLWriteDb         dspam_write

#MySQLCompress         true

#MySQLReconnect      true

# If your replication isn't close to real-time, your retraining might fail if

# the  signature isn't found. One workaround for this is to use the write

# database for all signature reads:

#

#MySQLReadSignaturesFromWriteDb   on

# Use this if you have the 4.1 quote bug (see doc/mysql.txt)

#MySQLSupressQuote      on

# If you're running DSPAM in client/server (daemon) mode, uncomment the

# setting below to override the default connection cache size (the number

# of connections the server pools between all clients). The connection cache

# represents the maximum number of database connections *available* and should

# be set based on the maximum number of concurrent connections you're likely

# to have. Each connection may be used by only one thread at a time, so all

# other threads _will block_ until another connection becomes available.

#

#MySQLConnectionCache   10

# If you're using vpopmail or some other type of virtual setup and wish to

# change the table dspam uses to perform username/uid lookups, you can over-

# ride it below

#MySQLVirtualTable         dspam_virtual_uids

#MySQLVirtualUIDField      uid

#MySQLVirtualUsernameField   username

# UIDInSignature: MySQL supports the insertion of the user id into the DSPAM

# signature. This allows you to create one single spam or fp alias

# (pointing to some arbitrary user), and the uid in the signature will

# switch to the correct user. Result: you need only one spam alias

#MySQLUIDInSignature   on

# --- PostgreSQL ---

PgSQLServer         127.0.0.1

PgSQLPort            5432

PgSQLUser            dspam

PgSQLPass            3aBZ767L5e6q9

PgSQLDb            dspamdb

# If you're running DSPAM in client/server (daemon) mode, uncomment the

# setting below to override the default connection cache size (the number

# of connections the server pools between all clients).

#

PgSQLConnectionCache   3

# UIDInSignature: PgSQL supports the insertion of the user id into the DSPAM

# signature. This allows you to create one single spam or fp alias

# (pointing to some arbitrary user), and the uid in the signature will

# switch to the correct user. Result: you need only one spam alias

#

PgSQLUIDInSignature      on

# If you're using vpopmail or some other type of virtual setup and wish to

# change the table dspam uses to perform username/uid lookups, you can over-

# ride it below

#PgSQLVirtualTable         dspam_virtual_uids

#PgSQLVirtualUIDField      uid

#PgSQLVirtualUsernameField   username

# --- SQLite ---

#SQLitePragma   "synchronous = OFF"

# --- Hash ---

#

# HashRecMax: Default number of records to create in the initial segment when

# building hash files. 100,000 yields files 1.6MB in size, but can fill up

# fast, so be sure to increase this (to a million or more) if you're not using

# autoextend.

#

# NOTE: If you're using a heavy-weight tokenizer, such as SBPH, you should be

#       looking for settings in the 'millions' of records.

#

# Primes List:

#  53, 97, 193, 389, 769, 1543, 3079, 6151, 12289, 24593, 49157, 98317, 196613,

#  393241, 786433, 1572869, 3145739, 6291469, 12582917, 25165843, 50331653,

#  100663319, 201326611, 402653189, 805306457, 1610612741, 3221225473,

#  4294967291

#

#HashRecMax         98317

#

# HashAutoExtend: Autoextend hash databases when they fill up. This allows

# them to continue to train by adding extents (extensions) to the file. There

# will be a small delay during the growth process, as everything needs to be

# closed and remapped.

#

#HashAutoExtend      on

#

# HashMaxExtents: The maximum number of extents that may be created in a single

# hash file. Set this to zero for unlimited

#

#HashMaxExtents      0

#

# HashExtentSize: The initial record size for newly created extents. Creating

# this too small could result in many extents being created. Creating this too

# large could result in excessive disk space usage. Typically, a value close

# to half of the HashRecMax size is good.

#

#HashExtentSize      49157

#

# HashPctIncrease: Increase the next extent size by n% from the size of the

# last extent. This is useful in accommodating systems where the default

# HashExtentSize can be too small for certain high-volume users, and can also

# help keep seeks nice and speedy and/or prevent too many unnecessary extents

# from being created when using a low HashMaxSeek. The default behavior, when

# HashPctIncrease is not used, is to always use # HashExtentSize with no

# increase.

#

#HashPctIncrease      10

#

# HashMaxSeek: The maximum number of record seeks when inserting a new record

# before failing or adding a new extent. This ultimately translates into the

# max # of acceptable seeks per segment. Setting this too high will exhaustively

# scan each segment and hurt performance. Typically, a low value is acceptable

# as even older extents will continue to fill as training progresses.

#

#HashMaxSeek         10

#

# HashConcurrentUser: If you are using a single, stateful hash database in

# daemon mode, specifying a concurrent user below will cause the user to be

# permanently mapped into memory and shared via rwlocks. This is very fast and

# very cool if you are running a "userless" relay appliance.

#

#HashConcurrentUser      user

#

# HashConnectionCache: If running in daemon mode, this is the max # of

# concurrent connections that will be supported. NOTE: If you are using

# HashConcurrentUser, this option is ignored, as all connections are read-

# write locked instead of mutex locked.

#

#HashConnectionCache   10

# -- LDAP --

#

# LDAP: Perform various LDAP functions depending on LDAPMode variable.

# Presently, the only mode supported is 'verify', which will verify the

# existence of an unknown user in LDAP prior to creating them as a new user in

# the system.  This is useful on some systems acting as gateway machines.

#

#LDAPMode         verify

#LDAPHost         ldaphost.mydomain.com

#LDAPFilter      "(mail=%u)"

#LDAPBase         ou=people,dc=domain,dc=com

# -- Profiles --

#

# You can specify multiple storage profiles, and specify the server to

# use on the commandline with --profile. For example:

#

#Profile DECAlpha

#MySQLServer.DECAlpha   10.0.0.1

#MySQLPort.DECAlpha      3306

#MySQLUser.DECAlpha      dspam

#MySQLPass.DECAlpha      changeme

#MySQLDb.DECAlpha      dspam

#MySQLCompress.DECAlpha   true

#

#Profile Sun420R

#MySQLServer.Sun420R   10.0.0.2

#MySQLPort.Sun420R      3306

#MySQLUser.Sun420R      dspam

#MySQLPass.Sun420R      changeme

#MySQLDb.Sun420R      dspam

#MySQLCompress.Sun420R   false

#

Profile Ateo

PgSQLServer.Ateo         127.0.0.1

PgSQLPort.Ateo            5432

PgSQLUser.Ateo            dspam

PgSQLPass.Ateo            3aBZ767L5e6q9

PgSQLDb.Ateo            dspamdb

PgSQLConnectionCache.Ateo   3

PgSQLUIDInSignature.Ateo      on

#

#DefaultProfile DECAlpha

#

DefaultProfile   Ateo

#

# If you're using storage profiles, you can set failovers for each profile.

# Of course, if you'll be failing over to another database, that database

# must have the same information as the first. If you're using a global

# database with no training, this should be relatively simple. If you're

# configuring per-user data, however, you'll need to set up some type of

# replication between databases.

#

#Failover.DECAlpha      SUN420R

#Failover.Sun420R      DECAlpha

# If the storage fails, the agent will follow each profile's failover up to

# a maximum number of failover attempts. This should be set to a maximum of

# the number of profiles you have, otherwise the agent could loop and try

# the same profile multiple times (unless this is your desired behavior).

#

#FailoverAttempts      1

#

# Ignored headers: If DSPAM is behind other tools which may add a header to

# incoming emails, it may be beneficial to ignore these headers - especially

# if they are coming from another spam filter. If you are _not_ using one of

# these tools, however, leaving the appropriate headers commented out will

# allow DSPAM to use them as telltale signs of forged email.

#

IgnoreHeader DKIM-Signature

IgnoreHeader Date

IgnoreHeader Injection-Info

IgnoreHeader Lines

IgnoreHeader NNTP-Posting-Date

IgnoreHeader NNTP-Posting-Host

IgnoreHeader Newsgroups

IgnoreHeader Organization

IgnoreHeader Path

IgnoreHeader X--MailScanner-SpamCheck

IgnoreHeader X-AV-Scanned

IgnoreHeader X-AVAS-Spam-Level

IgnoreHeader X-AVAS-Spam-Score

IgnoreHeader X-AVAS-Spam-Status

IgnoreHeader X-AVAS-Spam-Symbols

IgnoreHeader X-AVAS-Virus-Status

IgnoreHeader X-AVK-Virus-Check

IgnoreHeader X-Admission-MailScanner-SpamCheck

IgnoreHeader X-Admission-MailScanner-SpamScore

IgnoreHeader X-Amavis-Alert

IgnoreHeader X-AntiVirus

IgnoreHeader X-Antispam

IgnoreHeader X-Antivirus-Scanner

IgnoreHeader X-Antivirus-Status

IgnoreHeader X-Assp-Spam-Prob

IgnoreHeader X-BTI-AntiSpam

IgnoreHeader X-Barracuda

IgnoreHeader X-Barracuda-Bayes

IgnoreHeader X-Barracuda-Spam-Flag

IgnoreHeader X-Barracuda-Spam-Report

IgnoreHeader X-Barracuda-Spam-Score

IgnoreHeader X-Barracuda-Spam-Status

IgnoreHeader X-Barracuda-Virus-Scanned

IgnoreHeader X-Bogosity

IgnoreHeader X-CRM114-CacheID

IgnoreHeader X-CRM114-Status

IgnoreHeader X-CRM114-Version

IgnoreHeader X-ClamAntiVirus-Scanner

IgnoreHeader X-Complaints-To

IgnoreHeader X-DKIM

IgnoreHeader X-Despammed-Tracer

IgnoreHeader X-ELTE-SpamCheck

IgnoreHeader X-ELTE-SpamCheck-Details

IgnoreHeader X-ELTE-SpamScore

IgnoreHeader X-ELTE-SpamVersion

IgnoreHeader X-ELTE-VirusStatus

IgnoreHeader X-Face

IgnoreHeader X-GMX-Antispam

IgnoreHeader X-GMX-Antivirus

IgnoreHeader X-GWSPAM

IgnoreHeader X-Greylist

IgnoreHeader X-HTMLM

IgnoreHeader X-HTMLM-Info

IgnoreHeader X-HTMLM-Score

IgnoreHeader X-HTTP-UserAgent

IgnoreHeader X-ID

IgnoreHeader X-IMAIL-SPAM-STATISTICS

IgnoreHeader X-IMAIL-SPAM-URL-DBL

IgnoreHeader X-IMAIL-SPAM-VALFROM

IgnoreHeader X-IMAIL-SPAM-VALHELO

IgnoreHeader X-IMAIL-SPAM-VALREVDNS

IgnoreHeader X-IronPort-Anti-Spam-Filtered

IgnoreHeader X-IronPort-Anti-Spam-Result

IgnoreHeader X-KSV-Antispam

IgnoreHeader X-Kaspersky-Antivirus

IgnoreHeader X-MDAV-Processed

IgnoreHeader X-MDRemoteIP

IgnoreHeader X-MDaemon-Deliver-To

IgnoreHeader X-MIE-MailScanner-SpamCheck

IgnoreHeader X-MIMEOLE

IgnoreHeader X-MSMail-Priority

IgnoreHeader X-MailScanner

IgnoreHeader X-MailScanner-Information

IgnoreHeader X-MailScanner-SpamCheck

IgnoreHeader X-Mailer

IgnoreHeader X-Mlf-Spam-Status

IgnoreHeader X-NAI-Spam-Checker-Version

IgnoreHeader X-NAI-Spam-Flag

IgnoreHeader X-NAI-Spam-Level

IgnoreHeader X-NAI-Spam-Route

IgnoreHeader X-NAI-Spam-Rules

IgnoreHeader X-NAI-Spam-Score

IgnoreHeader X-NAI-Spam-Threshold

IgnoreHeader X-NEWT-spamscore

IgnoreHeader X-NNTP-Posting-Date

IgnoreHeader X-NNTP-Posting-Host

IgnoreHeader X-NetcoreISpam1-ECMScanner

IgnoreHeader X-NetcoreISpam1-ECMScanner-From

IgnoreHeader X-NetcoreISpam1-ECMScanner-Information

IgnoreHeader X-NetcoreISpam1-ECMScanner-SpamCheck

IgnoreHeader X-NetcoreISpam1-ECMScanner-SpamScore

IgnoreHeader X-Newsreader

IgnoreHeader X-No-Archive

IgnoreHeader X-No-Spam

IgnoreHeader X-OSBF-Lua-Score

IgnoreHeader X-OWM-SpamCheck

IgnoreHeader X-OWM-VirusCheck

IgnoreHeader X-Olypen-Virus

IgnoreHeader X-Orig-Path

IgnoreHeader X-OriginalArrivalTime

IgnoreHeader X-PAA-AntiVirus

IgnoreHeader X-PAA-AntiVirus-Message

IgnoreHeader X-PIRONET-NDH-MailScanner-SpamCheck

IgnoreHeader X-PIRONET-NDH-MailScanner-SpamScore

IgnoreHeader X-PMX

IgnoreHeader X-PMX-Version

IgnoreHeader X-PN-SPAMFiltered

IgnoreHeader X-Priority

IgnoreHeader X-Proofpoint-Spam-Details

IgnoreHeader X-RAV-AntiVirus

IgnoreHeader X-RITmySpam

IgnoreHeader X-RITmySpam-IP

IgnoreHeader X-RITmySpam-Spam

IgnoreHeader X-Rc-Spam

IgnoreHeader X-Rc-Virus

IgnoreHeader X-RedHat-Spam-Score

IgnoreHeader X-RedHat-Spam-Warning

IgnoreHeader X-RegEx

IgnoreHeader X-RegEx-Score

IgnoreHeader X-Rocket-Spam

IgnoreHeader X-SA-GROUP

IgnoreHeader X-SA-RECEIPTSTATUS

IgnoreHeader X-STA-NotSpam

IgnoreHeader X-STA-Spam

IgnoreHeader X-SenderID

IgnoreHeader X-Sohu-Antivirus

IgnoreHeader X-Spam

IgnoreHeader X-Spam-ASN

IgnoreHeader X-Spam-Check

IgnoreHeader X-Spam-Checked-By

IgnoreHeader X-Spam-Checker

IgnoreHeader X-Spam-Checker-Version

IgnoreHeader X-Spam-DCC

IgnoreHeader X-Spam-Details

IgnoreHeader X-Spam-Filter

IgnoreHeader X-Spam-Filtered

IgnoreHeader X-Spam-Flag

IgnoreHeader X-Spam-Level

IgnoreHeader X-Spam-OrigSender

IgnoreHeader X-Spam-Pct

IgnoreHeader X-Spam-Prev-Subject

IgnoreHeader X-Spam-Processed

IgnoreHeader X-Spam-Pyzor

IgnoreHeader X-Spam-Rating

IgnoreHeader X-Spam-Report

IgnoreHeader X-Spam-Scanned

IgnoreHeader X-Spam-Score

IgnoreHeader X-Spam-Status

IgnoreHeader X-Spam-Tagged

IgnoreHeader X-Spam-Tests

IgnoreHeader X-Spam-Tests-Failed

IgnoreHeader X-Spam-Virus

IgnoreHeader X-Spam-detection-level

IgnoreHeader X-SpamBouncer

IgnoreHeader X-SpamCatcher-Score

IgnoreHeader X-SpamCop-Checked

IgnoreHeader X-SpamCop-Disposition

IgnoreHeader X-SpamCop-Whitelisted

IgnoreHeader X-SpamDetected

IgnoreHeader X-SpamInfo

IgnoreHeader X-SpamPal

IgnoreHeader X-SpamPal-Timeout

IgnoreHeader X-SpamReason

IgnoreHeader X-SpamScore

IgnoreHeader X-SpamTest-Categories

IgnoreHeader X-SpamTest-Info

IgnoreHeader X-SpamTest-Method

IgnoreHeader X-SpamTest-Status

IgnoreHeader X-SpamTest-Version

IgnoreHeader X-Spamadvice

IgnoreHeader X-Spamarrest-noauth

IgnoreHeader X-Spamarrest-speedcode

IgnoreHeader X-Spambayes-Classification

IgnoreHeader X-Spamcount

IgnoreHeader X-Spamsensitivity

IgnoreHeader X-TERRACE-SPAMMARK

IgnoreHeader X-TERRACE-SPAMRATE

IgnoreHeader X-TM-AS-Product-Ver

IgnoreHeader X-TM-AS-Result

IgnoreHeader X-TNEFEvaluated

IgnoreHeader X-Text-Classification

IgnoreHeader X-Text-Classification-Data

IgnoreHeader X-Trace

IgnoreHeader X-UCD-Spam-Score

IgnoreHeader X-User-ID

IgnoreHeader X-Virus-Check

IgnoreHeader X-Virus-Checked

IgnoreHeader X-Virus-Checker-Version

IgnoreHeader X-Virus-Scan

IgnoreHeader X-Virus-Scanned

IgnoreHeader X-Virus-Scanner

IgnoreHeader X-Virus-Scanner-Result

IgnoreHeader X-Virus-Status

IgnoreHeader X-VirusChecked

IgnoreHeader X-Virusscan

IgnoreHeader X-WinProxy-AntiVirus

IgnoreHeader X-WinProxy-AntiVirus-Message

IgnoreHeader X-iHateSpam-Checked

IgnoreHeader X-iHateSpam-Quarantined

IgnoreHeader X-policyd-weight

IgnoreHeader X-purgate

IgnoreHeader X-purgate-Ad

IgnoreHeader X-purgate-ID

IgnoreHeader X-to-viruscore

IgnoreHeader Xref

IgnoreHeader x-uscspam

#

# Lookup: Perform lookups on streamlined blackhole list servers (see

# http://www.nuclearelephant.com/projects/sbl/). The streamlined blacklist

# server is machine-automated, unsupervised blacklisting system designed to

# provide real-time and highly accurate blacklisting based on network spread.

# When performing a lookup, DSPAM will automatically learn the inbound message

# as spam if the source IP is listed. Until an official public RABL server is

# available, this feature is only useful if you are running your own

# streamlined blackhole list server for internal reporting among multiple mail

# servers. Provide the name of the lookup zone below to use.

#

# This function performs standard reverse-octet.domain lookups, and while it

# will function with many RBLs, it's strongly discouraged to use those

# maintained by humans as they're often inaccurate and could hurt filter

# learning and accuracy.

#

#Lookup "sbl.yourdomain.com"

#Lookup "sbl-xbl.spamhaus.org"

Lookup   "bl.spamcop.net"

#

# RBLInoculate: If you want to inoculate the user from RBL'd messages it would

# have otherwise missed, set this to on.

#

#RBLInoculate   on

#

# Notifications: Enable the sending of notification emails to users (first

# message, quarantine full, etc.)

#

#Notifications   on

#

# Purge configuration: Set dspam_clean purge default options, if not otherwise

# specified on the commandline

#

#PurgeSignatures   14          # Stale signatures

#PurgeNeutral      90          # Tokens with neutralish probabilities

#PurgeUnused      90          # Unused tokens

#PurgeHapaxes      30          # Tokens with less than 5 hits (hapaxes)

#PurgeHits1S      15          # Tokens with only 1 spam hit

#PurgeHits1I      15          # Tokens with only 1 innocent hit

#

# Purge configuration for SQL-based installations using purge.sql

#

PurgeSignature   off # Specified in purge.sql

PurgeNeutral   90

PurgeUnused   off # Specified in purge.sql

PurgeHapaxes   off # Specified in purge.sql

PurgeHits1S   off # Specified in purge.sql

PurgeHits1I   off # Specified in purge.sql

#

# Local Mail Exchangers: Used for source address tracking, tells DSPAM which

# mail exchangers are local and therefore should be ignored in the Received:

# header when tracking the source of an email. Note: you should use the address

# of the host as appears between brackets [ ] in the Received header.

#

LocalMX 127.0.0.1

#

# Logging: Disabling logging for users will make usage graphs unavailable to

# them. Disabling system logging will make admin graphs unavailable.

#

SystemLog   on

UserLog   on

#

# TrainPristine: for systems where the original message remains server side

# and can therefore be presented in pristine format for retraining. This option

# will cause DSPAM to cease all writing of signatures and DSPAM headers to the

# message, and deliver the message in as pristine format as possible. This mode

# REQUIRES that the original message in its pristine format (as of delivery)

# be presented for retraining, as in the case of webmail, imap, or other

# applications where the message is actually kept server-side during reading,

# and is preserved. DO NOT use this switch unless the original message can be

# presented for retraining with the ORIGINAL HEADERS and NO MODIFICATIONS.

#

# NOTE: You can't use this setting with dspam_trian; if you're going to use it,

#       wait until after you train any corpora.

#

#TrainPristine   on

#

# Opt: in or out; determines DSPAM's default filtering behavior. If this value

# is set to in, users must opt-in to filtering by dropping a .dspam file in

# /var/dspam/opt-in/user.dspam (or if you have homedirs configured, a .dspam

# folder in their home directory).  The default is opt-out, which means all

# users will be filtered unless a .nodspam file is dropped in

# /var/dspam/opt-out/user.nodspam

#

Opt out

#

# TrackSources: specify which (if any) source addresses to track and report

# them to syslog (mail.info). This is useful if you're running a firewall or

# blacklist and would like to use this information. Spam reporting also drops

# RABL blacklist files (see http://www.nuclearelephant.com/projects/rabl/).

#

TrackSources spam nonspam virus

#

# ParseToHeaders: In lieu of setting up individual aliases for each user,

# DSPAM can be configured to automatically parse the To: address for spam and

# false positive forwards. From there, it can be configured to either set the

# DSPAM user based on the username specified in the header and/or change the

# training class and source accordingly. The options below can be used to

# customize most common types of header parsing behavior to avoid the need for

# multiple aliases, or if using LMTP, aliases entirely..

#

# ParseToHeader: Parse the To: headers of an incoming message. This must be

#                set to 'on' to use either of the following features.

#

# ChangeModeOnParse: Automatically change the class (to spam or innocent)

#   depending on whether spam- or notspam- was specified, and change the source

#   to 'error'. This is convenient if you're not using aliases at all, but

#   are delivering via LMTP.

#

# ChangeUserOnParse: Automatically change the username to match that specified

#   in the To: header. For example, spam-bob@domain.tld will set the username

#   to bob, ignoring any --user passed in. This may not always be desirable if

#   you are using virtual email addresses as usernames. Options:

#     on or user        take the portion before the @ sign only

#     full              take everything after the initial {spam,notspam}-.

#

ParseToHeaders on

ChangeModeOnParse on

ChangeUserOnParse full

#

# Broken MTA Options: Some MTAs don't support the proper functionality

# necessary. In these cases you can activate certain features in DSPAM to

# compensate. 'returnCodes' causes DSPAM to return an exit code of 99 if

# the message is spam, 0 if not, or a negative code if an error has occured.

# Specifying 'case' causes DSPAM to force the input usernames to lowercase.

# Spceifying 'lineStripping' causes DSPAM to strip ^M's from messages passed

# in.

#

#Broken returnCodes

Broken case

Broken lineStripping

#

# MaxMessageSize: You may specify a maximum message size for DSPAM to process.

# If the message is larger than the maximum size, it will be delivered

# without processing. Value is in bytes.

#

MaxMessageSize   1024000

#

# Virus Checking: If you are running clamd, DSPAM can perform stream-based

# virus checking using TCP. Uncomment the values below to enable virus

# checking.

#

# ClamAVResponse: reject (reject or drop the message with a permanent failure)

#                 accept (accept the message and quietly drop the message)

#                 spam   (treat as spam and quarantine/tag/whatever)

#

#ClamAVPort      3310

#ClamAVHost      127.0.0.1

#ClamAVResponse   accept

# -- CLIENT / SERVER --

#

# Daemonized Server: If you are running DSPAM as a daemonized server using

# --daemon, the following parameters will override the default. Use the

# ServerPass option to set up accounts for each client machine. The DSPAM

# server will process and deliver the message based on the parameters

# specified. If you want the client machine to perform delivery, use

# the --stdout option in conjunction with a local setup.

#

#ServerPort         24

ServerQueueSize      32

ServerPID            /var/run/dspam/dspam.pid

#

# ServerMode specifies the type of LMTP server to start. This can be one of:

#     dspam: DSPAM-proprietary DLMTP server, for communicating with dspamc

#  standard: Standard LMTP server, for communicating with Postfix or other MTA

#      auto: Speak both DLMTP and LMTP; auto-detect by ServerPass.IDENT

#

ServerMode         auto

# If supporting DLMTP (dspam) mode, dspam clients will require authentication

# as they will be passing in parameters. The idents below will be used to

# determine which clients will be speaking DLMTP, so if you will be using

# both LMTP and DLMTP from the same host, be sure to use something other

# than the server's hostname below (which will be sent by the MTA during a

# standard LMTP LHLO).

#

#ServerPass.Relay1      "secret"

#ServerPass.Relay2      "password"

#

ServerPass.Ateo         "3aBZ767L5e6q9"

# If supporting standard LMTP mode, server parameters will need to be specified

# here, as they will not be passed in by the mail server. The ServerIdent

# specifies the 250 response code ident sent back to connecting clients and

# should be set to the hostname of your server, or an alias.

#

# NOTE: If you specify --user in ServerParameters, the RCPT TO will be

#       used only for delivery, and not set as the active user for processing.

#

#ServerParameters      "--deliver=innocent,spam -d %u"

ServerParameters      "--deliver=innocent"

ServerIdent         "ateo.dspam.server"

# If you wish to use a local domain socket instead of a TCP socket, uncomment

# the following. It is strongly recommended you use local domain sockets if

# you are running the client and server on the same machine, as it eliminates

# much of the bandwidth overhead.

#

ServerDomainSocketPath   "/var/run/dspam/dspam.sock"

#

# Client Mode: If you are running DSPAM in client/server mode, uncomment and

# set these variables. A ClientHost beginning with a / will be treated as

# a domain socket.

#

#ClientHost      /tmp/dspam.sock

#ClientIdent      "secret@Relay1"

#

#ClientHost      127.0.0.1

#ClientPort      24

#ClientIdent      "secret@Relay1"

#

ClientHost      /var/run/dspam/dspam.sock

ClientIdent      "3aBZ767L5e6q9@ateo"

# RABLQueue: Touch files in the RABL queue

# If you are a reporting streamlined blackhole list participant, you can

# touch ip addresses within the directory the rabl_client process is watching.

#

#RABLQueue      /var/spool/rabl

# DataSource: If you are using any type of data source that does not include

# email-like headers (such as documents), uncomment the line below. This

# will cause the entire input to be treated like a message "body"

#

#DataSource      document

# ProcessorWordFrequency: By default, words are only counted once per message.

# If you are classifying large documents, however, you may wish to count once

# per occurrence instead.

#

#ProcessorWordFrequency   occurrence

# ProcessorURLContext: By default, a URL context is generated for URLs, which

# records their tokens as separate from words found in documents. To use

# URL tokens in the same context as words, turn this feature off.

#

ProcessorURLContext   on

# ProcessorBias: Bias causes the filter to lean more toward 'innocent', and

# usually greatly reduces false positives. It is the default behavior of

# most Bayesian filters (including dspam).

#

# NOTE: You probably DONT want this if you're using Markovian Weighting, unless

# you are paranoid about false positives.

#

ProcessorBias   on

## EOF
```

Let me know if this is working or not? I have one other thing which you could try.

// SteveB

----------

## steveb

If the above config did not help... could you try this.

/etc/postfix/master.cf:

```
# For filtering mail with DSPAM over lmtp

127.0.0.1:11024 inet n  -       n       -       -       smtpd

  -o content_filter=lmtp:unix:/var/run/dspam/dspam.sock

  -o local_header_rewrite_clients=

  -o local_recipient_maps=

  -o mynetworks=127.0.0.0/8

  -o mynetworks_style=host

  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

  -o relay_recipient_maps=

  -o smtp_send_xforward_command=yes

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

  -o smtpd_client_connection_count_limit=0

  -o smtpd_client_connection_rate_limit=0

  -o smtpd_client_restrictions=permit_mynetworks,reject

  -o smtpd_data_restrictions=reject_unauth_pipelining

  -o smtpd_delay_reject=no

  -o smtpd_end_of_data_restrictions=

  -o smtpd_error_sleep_time=0

  -o smtpd_hard_error_limit=1000

  -o smtpd_helo_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o smtpd_restriction_classes=

  -o smtpd_sender_restrictions=

  -o smtpd_soft_error_limit=1001

  -o strict_rfc821_envelopes=yes

# For injecting mail back into Postfix from the any filter (Anti-Virus, Anti-Spam, etc)

127.0.0.1:11025 inet n  -       n       -       -       smtpd

  -o content_filter=

  -o local_header_rewrite_clients=

  -o local_recipient_maps=

  -o mynetworks=127.0.0.0/8

  -o mynetworks_style=host

  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

  -o relay_recipient_maps=

  -o smtp_send_xforward_command=yes

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

  -o smtpd_client_connection_count_limit=0

  -o smtpd_client_connection_rate_limit=0

  -o smtpd_client_restrictions=permit_mynetworks,reject

  -o smtpd_data_restrictions=reject_unauth_pipelining

  -o smtpd_delay_reject=no

  -o smtpd_end_of_data_restrictions=

  -o smtpd_error_sleep_time=0

  -o smtpd_hard_error_limit=1000

  -o smtpd_helo_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o smtpd_restriction_classes=

  -o smtpd_sender_restrictions=

  -o smtpd_soft_error_limit=1001

  -o strict_rfc821_envelopes=yes
```

/etc/postfix/inc/filter_dspam:

```
/./      FILTER smtp:[127.0.0.1]:11024
```

// SteveB

----------

## Ateo

Tried your configuration but the issue is still here. Same exact log messages... and in the same order...

Also, to answer your question about the socket 'dying', dspam.sock is still present after mail starts to defer into the queue.

----------

## steveb

Did you tried the other stuff with master.cf as well?

Could you list the permission and owner info of the socket?

// SteveB

----------

## magic919

Can I ask what this bit does here?  Again quite different from my set-ups.

```

ClientHost      "/var/run/dspam/dspam.sock" 

```

----------

## steveb

 *magic919 wrote:*   

> Can I ask what this bit does here?  Again quite different from my set-ups.
> 
> ```
> 
> ClientHost      "/var/run/dspam/dspam.sock" 
> ...

 If you run DSPAM in client/server mode, then you need a way to define where the client will connect to.

// SteveB

----------

## Ateo

 *steveb wrote:*   

> Did you tried the other stuff with master.cf as well?

 

Oh yea. I'm taking all of your suggestions. =)

 *steveb wrote:*   

> Could you list the permission and owner info of the socket?

 

```
$ ls -l /var/run/dspam/       

total 4

-rw-rw---- 1 root dspam 6 Nov 21 09:53 dspam.pid

srwxrwxrwx 1 root dspam 0 Nov 21 09:53 dspam.sock
```

----------

## steveb

Strange. Rights look okay to me. Could you post the output of:

```
id dspam

id postfix

id mail
```

// SteveB

----------

## Ateo

 *steveb wrote:*   

> Strange. Rights look okay to me. Could you post the output of:
> 
> ```
> id dspam
> 
> ...

 

Sure. They are:

```
$ id dspam

uid=1003(dspam) gid=1002(dspam) groups=1002(dspam),12(mail)

$ id postfix

uid=207(postfix) gid=207(postfix) groups=207(postfix),12(mail)

$ id mail   

uid=8(mail) gid=12(mail) groups=12(mail)
```

----------

## Ateo

Also, in my testing, I tested by piping it to DSPAM.. I get the same exact results with one exception. The log is different:

```
Nov 21 10:55:36 mail.mydomain.com postfix/pipe[23899]: E623A123AE: to=<user@mydomain.com>, orig_to=<alias@mydomain.com>, relay=dspam, delay=1.7, delays=1.7/0/0/0.01, dsn=4.3.0, status=SOFTBOUNCE (Command died with status 251: "/usr/bin/dspam")
```

----------

## steveb

Just for testing: Could you add postfix into the dspam group?

// SteveB

----------

## magic919

 *steveb wrote:*   

>  *magic919 wrote:*   Can I ask what this bit does here?  Again quite different from my set-ups.
> 
> ```
> 
> ClientHost      "/var/run/dspam/dspam.sock" 
> ...

 

Ok.  So these 2 bits should tie up then?

```

ServerPass.Ateo         "3aBZ767L5e6q9" 

ClientIdent      "3aBZ767L5e6q9@ateo"

```

Is it case sensitive?

----------

## Ateo

 *steveb wrote:*   

> Just for testing: Could you add postfix into the dspam group?
> 
> // SteveB

 

Grr. Added postfix to the dspam group. Same results...

wow. DSPAM has given me grey hair!!! =P

----------

## Ateo

 *magic919 wrote:*   

> 
> 
> ```
> ServerPass.Ateo         "3aBZ767L5e6q9" 
> 
> ...

 

Yes. But this wouldn't affect the relaying between the 2 servers. This applies when passing a message in client mode..

I might be wrong, so..... correct me if I am =)Last edited by Ateo on Wed Nov 21, 2007 7:45 pm; edited 1 time in total

----------

## steveb

 *Ateo wrote:*   

> wow. DSPAM has given me grey hair!!! =P

   :Laughing:   :Laughing:   :Laughing:   :Laughing:   :Laughing:   :Laughing:   :Laughing:   :Laughing: 

Thanks for bringing a smile on my face  :Smile: 

----------

## Ateo

 *steveb wrote:*   

>  *Ateo wrote:*   wow. DSPAM has given me grey hair!!! =P         
> 
> Thanks for bringing a smile on my face 

 

the equation is simple: DSPAM + 2 weeks + (troubelshoot + $x) = grey hair

I better be an expert when I'm done with this!

----------

## steveb

Can you run a strace while processing a message?

Once in client mode:

```
echo -ne "Date: $(date)\nFrom: user_001 <foo001@gmail.com>\nTo: user@domain.com\nSubject: Link\n\nhttp://www.linux-magazin.de\n" | strace dspam --client --mode=notrain --user user@domain.com --classify --stdout --deliver=summary
```

And once in normal mode:

```
echo -ne "Date: $(date)\nFrom: user_001 <foo001@gmail.com>\nTo: user@domain.com\nSubject: Link\n\nhttp://www.linux-magazin.de\n" | strace dspam --mode=notrain --user user@domain.com --classify --stdout --deliver=summary
```

Again replace user@domain.com with your user.

// SteveB

----------

## Ateo

```
# You can specify multiple storage profiles, and specify the server to

# use on the commandline with --profile. For example:

Profile Ateo

PgSQLServer.Ateo 127.0.0.1

PgSQLPort.Ateo 5432

PgSQLUser.Ateo dspam

PgSQLPass.Ateo 7z6VfeAulplw

PgSQLDb.Ateo dspamdb

PgSQLConnectionCache.Ateo 3

PgSQLUIDInSignature.Ateo on
```

I am a little confused with this. When/where did I send --profile to the server? I haven't done anything to for that requirement. I'm not sure how to pass it to the server...   :Question: 

----------

## steveb

 *Ateo wrote:*   

> 
> 
> ```
> # You can specify multiple storage profiles, and specify the server to
> 
> ...

 

I added that to the dspam.conf I posted for you.

// SteveB

----------

## Ateo

Here are the strace output (split into 3 posts... sorry, the 2nd was was ****HUGE****):

```
boron dspam # echo -ne "Date: $(date)\nFrom: user_001 <foo001@gmail.com>\nTo: user@domain.net\nSubject: Link\n\nhttp://www.linux-magazin.de\n" | strace dspam --client --mode=notrain --user user@domain.net --classify --stdout --deliver=summary

execve("/usr/bin/dspam", ["dspam", "--client", "--mode=notrain", "--user", "user@domain.net", "--classify", "--stdout", "--deliver=summary"], [/* 27 vars */]) = 0

brk(0)                                  = 0x8060000

fcntl64(0, F_GETFD)                     = 0

fcntl64(1, F_GETFD)                     = 0

fcntl64(2, F_GETFD)                     = 0

access("/etc/suid-debug", F_OK)         = -1 ENOENT (No such file or directory)

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f66000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f60000

close(3)                                = 0

open("/usr/lib/libdspam.so.7", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360<\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=78976, ...}) = 0

mmap2(NULL, 84608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f4b000

mmap2(0xb7f5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xb7f5e000

close(3)                                = 0

open("/lib/libm.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2603\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=150380, ...}) = 0

mmap2(NULL, 143488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f27000

mmap2(0xb7f49000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21) = 0xb7f49000

close(3)                                = 0

open("/lib/libdl.so.2", O_RDONLY)       = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\f\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=10144, ...}) = 0

mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f23000

mmap2(0xb7f25000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7f25000

close(3)                                = 0

open("/lib/libpthread.so.0", O_RDONLY)  = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200A\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=82558, ...}) = 0

mmap2(NULL, 328832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ed2000

mmap2(0xb7edf000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc) = 0xb7edf000

mmap2(0xb7ee1000, 267392, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ee1000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0F^\1\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=1169156, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ed1000

mmap2(NULL, 1136144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dbb000

mmap2(0xb7ecb000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x110) = 0xb7ecb000

mmap2(0xb7ece000, 9744, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ece000

close(3)                                = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7dba000

set_thread_area({entry_number:-1 -> 6, base_addr:0xb7dba6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0

mprotect(0xb7ecb000, 4096, PROT_READ)   = 0

mprotect(0xb7edf000, 4096, PROT_READ)   = 0

mprotect(0xb7f5e000, 4096, PROT_READ)   = 0

mprotect(0x805e000, 4096, PROT_READ)    = 0

mprotect(0xb7f82000, 4096, PROT_READ)   = 0

munmap(0xb7f60000, 22793)               = 0

getpid()                                = 31579

rt_sigaction(SIGRTMIN, {0xb7ed9b73, [], 0}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {0xb7ed98c9, [RTMIN], 0}, NULL, 8) = 0

rt_sigaction(SIGRT_2, {0xb7ed90e1, [], 0}, NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, [RTMIN], NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RT_1], NULL, 8) = 0

_sysctl({{CTL_KERN, KERN_VERSION}, 2, 0xbff6c1d4, 35, (nil), 0}) = 0

getpid()                                = 31579

umask(06)                               = 022

getuid32()                              = 0

brk(0)                                  = 0x8060000

brk(0x8081000)                          = 0x8081000

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)

fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)

fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

open("/etc/nsswitch.conf", O_RDONLY)    = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=508, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f65000

read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 508

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0xb7f65000, 4096)                = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f60000

close(3)                                = 0

open("/lib/libnss_compat.so.2", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\20\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=26560, ...}) = 0

mmap2(NULL, 29252, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db2000

mmap2(0xb7db8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7db8000

close(3)                                = 0

open("/lib/libnsl.so.1", O_RDONLY)      = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3005\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=72784, ...}) = 0

mmap2(NULL, 83752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d9d000

mmap2(0xb7dae000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb7dae000

mmap2(0xb7db0000, 5928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7db0000

close(3)                                = 0

munmap(0xb7f60000, 22793)               = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f60000

close(3)                                = 0

open("/lib/libnss_nis.so.2", O_RDONLY)  = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \34\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=34908, ...}) = 0

mmap2(NULL, 37436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d93000

mmap2(0xb7d9b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7d9b000

close(3)                                = 0

open("/lib/libnss_files.so.2", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\33\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=34804, ...}) = 0

mmap2(NULL, 37524, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d89000

mmap2(0xb7d91000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7d91000

close(3)                                = 0

munmap(0xb7f60000, 22793)               = 0

open("/etc/passwd", O_RDONLY)           = 3

fcntl64(3, F_GETFD)                     = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

_llseek(3, 0, [0], SEEK_CUR)            = 0

fstat64(3, {st_mode=S_IFREG|0644, st_size=1766, ...}) = 0

mmap2(NULL, 1766, PROT_READ, MAP_SHARED, 3, 0) = 0xb7f65000

_llseek(3, 1766, [1766], SEEK_SET)      = 0

munmap(0xb7f65000, 1766)                = 0

close(3)                                = 0

open("/etc/mail/dspam/dspam.conf", O_RDONLY) = 3

fstat64(3, {st_mode=S_IFREG|0640, st_size=37820, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f65000

read(3, "## $Id: dspam.conf.in,v 1.82 200"..., 4096) = 4096

read(3, "# form) by truncating the userna"..., 4096) = 4096

read(3, "he statistical algorithms to use"..., 4096) = 4096

read(3, "#\n# Storage driver settings: Spe"..., 4096) = 4096

read(3, "xtend      on\n\n#\n# HashMaxExtent"..., 4096) = 4096

read(3, "ols which may add a header to\n# "..., 4096) = 4096

read(3, "PTSTATUS\nIgnoreHeader X-STA-NotS"..., 4096) = 4096

read(3, "     15          # Tokens with o"..., 4096) = 4096

read(3, "n features in DSPAM to\n# compens"..., 4096) = 4096

read(3, "h as documents), uncomment the l"..., 4096) = 956

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0xb7f65000, 4096)                = 0

fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f65000

read(0, "Date: Wed Nov 21 12:02:51 PST 20"..., 1024) = 135

read(0, "", 1024)                       = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

connect(3, {sa_family=AF_FILE, path="/var/run/dspam/dspam.sock"}, 28) = 0

setsockopt(3, SOL_SOCKET, SO_DEBUG, [1], 4) = 0

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {300, 0})

recv(3, "220 DSPAM LMTP 3.8.0 Ready\r\n", 1023, 0) = 28

send(3, "LHLO Ateo", 9, 0)              = 9

send(3, "\r\n", 2, 0)                   = 2

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {300, 0})

recv(3, "250-ateo.dspam.server\r\n250-PIPEL"..., 1023, 0) = 96

send(3, "MAIL FROM: <7z6VfeAulplw@Ateo> D"..., 112, 0) = 112

send(3, "\r\n", 2, 0)                   = 2

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {300, 0})

recv(3, "250 2.1.0 OK\r\n", 1023, 0)    = 14

send(3, "RCPT TO: <user@domain.net>", 29, 0) = 29

send(3, "\r\n", 2, 0)                   = 2

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {300, 0})

recv(3, "250 2.1.5 OK\r\n", 1023, 0)    = 14

send(3, "DATA", 4, 0)                   = 4

send(3, "\r\n", 2, 0)                   = 2

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {300, 0})

recv(3, "354 Enter mail, end with \".\" on "..., 1023, 0) = 50

send(3, "Date: Wed Nov 21 12:02:51 PST 20"..., 135, 0) = 135

send(3, ".", 1, 0)                      = 1

send(3, "\r\n", 2, 0)                   = 2

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {299, 992000})

recv(3, "X-DSPAM-Result: user@domain.n"..., 1023, 0) = 124

write(1, "X-DSPAM-Result: user@domain.n"..., 123X-DSPAM-Result: user@domain.net; result="Innocent"; class="Innocent"; probability=0.0023; confidence=1.00; signature=N/A) = 123

write(1, "\n", 1

)                       = 1

send(3, "QUIT", 4, 0)                   = 4

send(3, "\r\n", 2, 0)                   = 2

select(4, [3], NULL, NULL, {300, 0})    = 1 (in [3], left {300, 0})

recv(3, "221 2.0.0 OK\r\n", 1023, 0)    = 14

close(3)                                = 0

exit_group(0)                           = ?
```

Last edited by Ateo on Wed Nov 21, 2007 8:10 pm; edited 1 time in total

----------

## Ateo

```
$ echo -ne "Date: $(date)\nFrom: user_001 <foo001@gmail.com>\nTo: user@domain.net\nSubject: Link\n\nhttp://www.linux-magazin.de\n" | strace dspam --mode=notrain --user user@domain.net --classify --stdout --deliver=summary

execve("/usr/bin/dspam", ["dspam", "--mode=notrain", "--user", "user@domain.net", "--classify", "--stdout", "--deliver=summary"], [/* 27 vars */]) = 0

brk(0)                                  = 0x8060000

fcntl64(0, F_GETFD)                     = 0

fcntl64(1, F_GETFD)                     = 0

fcntl64(2, F_GETFD)                     = 0

access("/etc/suid-debug", F_OK)         = -1 ENOENT (No such file or directory)

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f8f000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f89000

close(3)                                = 0

open("/usr/lib/libdspam.so.7", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360<\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=78976, ...}) = 0

mmap2(NULL, 84608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f74000

mmap2(0xb7f87000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xb7f87000

close(3)                                = 0

open("/lib/libm.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2603\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=150380, ...}) = 0

mmap2(NULL, 143488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f50000

mmap2(0xb7f72000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21) = 0xb7f72000

close(3)                                = 0

open("/lib/libdl.so.2", O_RDONLY)       = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\f\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=10144, ...}) = 0

mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f4c000

mmap2(0xb7f4e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7f4e000

close(3)                                = 0

open("/lib/libpthread.so.0", O_RDONLY)  = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200A\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=82558, ...}) = 0

mmap2(NULL, 328832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7efb000

mmap2(0xb7f08000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc) = 0xb7f08000

mmap2(0xb7f0a000, 267392, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f0a000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0F^\1\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=1169156, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7efa000

mmap2(NULL, 1136144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7de4000

mmap2(0xb7ef4000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x110) = 0xb7ef4000

mmap2(0xb7ef7000, 9744, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ef7000

close(3)                                = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7de3000

set_thread_area({entry_number:-1 -> 6, base_addr:0xb7de36c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0

mprotect(0xb7ef4000, 4096, PROT_READ)   = 0

mprotect(0xb7f08000, 4096, PROT_READ)   = 0

mprotect(0xb7f87000, 4096, PROT_READ)   = 0

mprotect(0x805e000, 4096, PROT_READ)    = 0

mprotect(0xb7fab000, 4096, PROT_READ)   = 0

munmap(0xb7f89000, 22793)               = 0

getpid()                                = 31588

rt_sigaction(SIGRTMIN, {0xb7f02b73, [], 0}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {0xb7f028c9, [RTMIN], 0}, NULL, 8) = 0

rt_sigaction(SIGRT_2, {0xb7f020e1, [], 0}, NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, [RTMIN], NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RT_1], NULL, 8) = 0

_sysctl({{CTL_KERN, KERN_VERSION}, 2, 0xbff521c4, 35, (nil), 0}) = 0

getpid()                                = 31588

umask(06)                               = 022

getuid32()                              = 0

brk(0)                                  = 0x8060000

brk(0x8081000)                          = 0x8081000

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)

fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)

fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

open("/etc/nsswitch.conf", O_RDONLY)    = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=508, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f8e000

read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 508

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0xb7f8e000, 4096)                = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f89000

close(3)                                = 0

open("/lib/libnss_compat.so.2", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\20\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=26560, ...}) = 0

mmap2(NULL, 29252, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ddb000

mmap2(0xb7de1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7de1000

close(3)                                = 0

open("/lib/libnsl.so.1", O_RDONLY)      = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3005\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=72784, ...}) = 0

mmap2(NULL, 83752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dc6000

mmap2(0xb7dd7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb7dd7000

mmap2(0xb7dd9000, 5928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7dd9000

close(3)                                = 0

munmap(0xb7f89000, 22793)               = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f89000

close(3)                                = 0

open("/lib/libnss_nis.so.2", O_RDONLY)  = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \34\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=34908, ...}) = 0

mmap2(NULL, 37436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dbc000

mmap2(0xb7dc4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7dc4000

close(3)                                = 0

open("/lib/libnss_files.so.2", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\33\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=34804, ...}) = 0

mmap2(NULL, 37524, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db2000

mmap2(0xb7dba000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7dba000

close(3)                                = 0

munmap(0xb7f89000, 22793)               = 0

open("/etc/passwd", O_RDONLY)           = 3

fcntl64(3, F_GETFD)                     = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

_llseek(3, 0, [0], SEEK_CUR)            = 0

fstat64(3, {st_mode=S_IFREG|0644, st_size=1766, ...}) = 0

mmap2(NULL, 1766, PROT_READ, MAP_SHARED, 3, 0) = 0xb7f8e000

_llseek(3, 1766, [1766], SEEK_SET)      = 0

munmap(0xb7f8e000, 1766)                = 0

close(3)                                = 0

open("/etc/mail/dspam/dspam.conf", O_RDONLY) = 3

fstat64(3, {st_mode=S_IFREG|0640, st_size=37820, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f8e000

read(3, "## $Id: dspam.conf.in,v 1.82 200"..., 4096) = 4096

read(3, "# form) by truncating the userna"..., 4096) = 4096

read(3, "he statistical algorithms to use"..., 4096) = 4096

read(3, "#\n# Storage driver settings: Spe"..., 4096) = 4096

read(3, "xtend      on\n\n#\n# HashMaxExtent"..., 4096) = 4096

read(3, "ols which may add a header to\n# "..., 4096) = 4096

read(3, "PTSTATUS\nIgnoreHeader X-STA-NotS"..., 4096) = 4096

read(3, "     15          # Tokens with o"..., 4096) = 4096

read(3, "n features in DSPAM to\n# compens"..., 4096) = 4096

read(3, "h as documents), uncomment the l"..., 4096) = 956

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0xb7f8e000, 4096)                = 0

fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f8e000

read(0, "Date: Wed Nov 21 12:04:21 PST 20"..., 1024) = 135

read(0, "", 1024)                       = 0

open("/usr/lib/dspam/libpgsql_drv.so", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\33\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=42052, ...}) = 0

mmap2(NULL, 45068, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7da6000

mmap2(0xb7db0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0xb7db0000

close(3)                                = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=22793, ...}) = 0

mmap2(NULL, 22793, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7da0000

close(3)                                = 0

open("/usr/lib/libpq.so.5", O_RDONLY)   = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000D\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=106044, ...}) = 0

mmap2(NULL, 108996, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d85000

mmap2(0xb7d9e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0xb7d9e000

close(3)                                = 0

open("/usr/lib/tls/i686/sse2/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls/i686/sse2", 0xbff50d4c) = -1 ENOENT (No such file or directory)

open("/usr/lib/tls/i686/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls/i686", 0xbff50d4c) = -1 ENOENT (No such file or directory)

open("/usr/lib/tls/sse2/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls/sse2", 0xbff50d4c) = -1 ENOENT (No such file or directory)

open("/usr/lib/tls/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls", 0xbff50d4c)      = -1 ENOENT (No such file or directory)

open("/usr/lib/i686/sse2/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/i686/sse2", 0xbff50d4c) = -1 ENOENT (No such file or directory)

open("/usr/lib/i686/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/i686", 0xbff50d4c)     = -1 ENOENT (No such file or directory)

open("/usr/lib/sse2/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/sse2", 0xbff50d4c)     = -1 ENOENT (No such file or directory)

open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\305\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0555, st_size=266084, ...}) = 0

mmap2(NULL, 265016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d44000

mmap2(0xb7d81000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3d) = 0xb7d81000

close(3)                                = 0

open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\317\3\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0555, st_size=1290780, ...}) = 0

mmap2(NULL, 1303288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c05000

mmap2(0xb7d2b000, 86016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x126) = 0xb7d2b000

mmap2(0xb7d40000, 13048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7d40000

close(3)                                = 0

open("/usr/lib/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/lib/libcrypt.so.1", O_RDONLY)    = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \10\0\0004\0\0\0"..., 512) = 512

fstat64(3, {st_mode=S_IFREG|0755, st_size=22164, ...}) = 0

mmap2(NULL, 184636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7bd7000

mmap2(0xb7bdc000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb7bdc000

mmap2(0xb7bde000, 155964, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7bde000

close(3)                                = 0

mprotect(0xb7d2b000, 32768, PROT_READ)  = 0

mprotect(0xb7d81000, 4096, PROT_READ)   = 0

mprotect(0xb7d9e000, 4096, PROT_READ)   = 0

mprotect(0xb7db0000, 4096, PROT_READ)   = 0

munmap(0xb7da0000, 22793)               = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=247779, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=247779, ...}) = 0

_llseek(3, 247779, [247779], SEEK_SET)  = 0

time(NULL)                              = 1195675461

open("/etc/localtime", O_RDONLY)        = 4

fstat64(4, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0

fstat64(4, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da4000

read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2819

close(4)                                = 0

munmap(0xb7da4000, 4096)                = 0

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] DSP"..., 52) = 52

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=247831, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=247831, ...}) = 0

_llseek(3, 247831, [247831], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] inp"..., 127) = 127

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=247958, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=247958, ...}) = 0

_llseek(3, 247958, [247958], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] pas"..., 46) = 46

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248004, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248004, ...}) = 0

_llseek(3, 248004, [248004], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] pro"..., 64) = 64

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

getegid32()                             = 1002

getgid32()                              = 0

geteuid32()                             = 0

getuid32()                              = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248068, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248068, ...}) = 0

_llseek(3, 248068, [248068], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] uid"..., 69) = 69

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.messages", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=65548, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=65548, ...}) = 0

_llseek(3, 65548, [65548], SEEK_SET)    = 0

write(3, "Date: Wed Nov 21 12:04:21 PST 20"..., 136) = 136

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248137, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248137, ...}) = 0

_llseek(3, 248137, [248137], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] loa"..., 77) = 77

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 3

bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0

getsockname(3, {sa_family=AF_NETLINK, pid=31588, groups=00000000}, [12]) = 0

time(NULL)                              = 1195675461

sendto(3, "\24\0\0\0\26\0\1\3E\217DG\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"8\0\0\0\24\0\2\0E\217DGd{\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 116

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0E\217DGd{\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20

close(3)                                = 0

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3

setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0

fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

connect(3, {sa_family=AF_INET, sin_port=htons(5432), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

getsockname(3, {sa_family=AF_INET, sin_port=htons(42493), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0\10\4\322\26/", 8, 0)    = 8

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "N", 16384, 0)                  = 1

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0%\0\3\0\0user\0dspam\0database\0dspa"..., 37, 0) = 37

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "R\0\0\0\10\0\0\0\0S\0\0\0\36client_encoding\0SQ"..., 16384, 0) = 284

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0?SELECT split_part(split_par"..., 64, 0) = 64

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0#\0\1split_part\0\0\0\0\0\0\0\0\0\0\25\0\2\377\377"..., 16384, 0) = 66

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0\276SELECT typname FROM pg_type"..., 191, 0) = 191

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0 \0\1typname\0\0\0\4\337\0\1\0\0\0\23\0@\377\377\377\377\0"..., 16384, 0) = 67

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0MSELECT uid FROM dspam_virtu"..., 78, 0) = 78

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248214, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248214, ...}) = 0

_llseek(4, 248214, [248214], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Loa"..., 59) = 59

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0DSELECT preference, value FR"..., 69, 0) = 69

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0;\0\2preference\0\0\0C\t\0\2\0\0\4\23\377\377\0\0"..., 16384, 0) = 78

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "X\0\0\0\4", 5, 0)              = 5

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

close(3)                                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 3

bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0

getsockname(3, {sa_family=AF_NETLINK, pid=31588, groups=00000000}, [12]) = 0

time(NULL)                              = 1195675461

sendto(3, "\24\0\0\0\26\0\1\3E\217DG\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"8\0\0\0\24\0\2\0E\217DGd{\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 116

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0E\217DGd{\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20

close(3)                                = 0

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3

setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0

fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

connect(3, {sa_family=AF_INET, sin_port=htons(5432), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

getsockname(3, {sa_family=AF_INET, sin_port=htons(42494), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0\10\4\322\26/", 8, 0)    = 8

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "N", 16384, 0)                  = 1

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0%\0\3\0\0user\0dspam\0database\0dspa"..., 37, 0) = 37

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "R\0\0\0\10\0\0\0\0S\0\0\0\36client_encoding\0SQ"..., 16384, 0) = 284

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0?SELECT split_part(split_par"..., 64, 0) = 64

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0#\0\1split_part\0\0\0\0\0\0\0\0\0\0\25\0\2\377\377"..., 16384, 0) = 66

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0\276SELECT typname FROM pg_type"..., 191, 0) = 191

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0 \0\1typname\0\0\0\4\337\0\1\0\0\0\23\0@\377\377\377\377\0"..., 16384, 0) = 67

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248273, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248273, ...}) = 0

_llseek(4, 248273, [248273], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Loa"..., 59) = 59

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0DSELECT preference, value FR"..., 69, 0) = 69

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0;\0\2preference\0\0\0C\t\0\2\0\0\4\23\377\377\0\0"..., 16384, 0) = 78

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "X\0\0\0\4", 5, 0)              = 5

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

close(3)                                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 3

bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0

getsockname(3, {sa_family=AF_NETLINK, pid=31588, groups=00000000}, [12]) = 0

time(NULL)                              = 1195675461

sendto(3, "\24\0\0\0\26\0\1\3E\217DG\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"8\0\0\0\24\0\2\0E\217DGd{\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 116

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0E\217DGd{\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20

close(3)                                = 0

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3

setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0

fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

connect(3, {sa_family=AF_INET, sin_port=htons(5432), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

getsockname(3, {sa_family=AF_INET, sin_port=htons(42495), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0\10\4\322\26/", 8, 0)    = 8

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "N", 16384, 0)                  = 1

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0%\0\3\0\0user\0dspam\0database\0dspa"..., 37, 0) = 37

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "R\0\0\0\10\0\0\0\0S\0\0\0\36client_encoding\0SQ"..., 16384, 0) = 284

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0?SELECT split_part(split_par"..., 64, 0) = 64

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0#\0\1split_part\0\0\0\0\0\0\0\0\0\0\25\0\2\377\377"..., 16384, 0) = 66

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0\276SELECT typname FROM pg_type"..., 191, 0) = 191

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0 \0\1typname\0\0\0\4\337\0\1\0\0\0\23\0@\377\377\377\377\0"..., 16384, 0) = 67

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248332, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248332, ...}) = 0

_llseek(4, 248332, [248332], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Loa"..., 59) = 59

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0DSELECT preference, value FR"..., 69, 0) = 69

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0;\0\2preference\0\0\0C\t\0\2\0\0\4\23\377\377\0\0"..., 16384, 0) = 78

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "X\0\0\0\4", 5, 0)              = 5

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

close(3)                                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248391, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248391, ...}) = 0

_llseek(3, 248391, [248391], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] def"..., 93) = 93

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248484, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248484, ...}) = 0

_llseek(3, 248484, [248484], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] Loa"..., 65) = 65

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248549, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248549, ...}) = 0

_llseek(3, 248549, [248549], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] usi"..., 92) = 92

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

stat64("/var/spool/dspam/opt-in/user@domain.net.dspam", 0xbff4f480) = -1 ENOENT (No such file or directory)

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248641, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248641, ...}) = 0

_llseek(3, 248641, [248641], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] usi"..., 95) = 95

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

stat64("/var/spool/dspam/opt-out/user@domain.net.nodspam", 0xbff4f480) = -1 ENOENT (No such file or directory)

gettimeofday({1195675461, 382642}, NULL) = 0

open("/var/spool/dspam/group", O_RDONLY) = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=16, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

read(3, "global:merged:*\n", 4096)      = 16

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248736, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da4000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248736, ...}) = 0

_llseek(4, 248736, [248736], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] add"..., 64) = 64

close(4)                                = 0

munmap(0xb7da4000, 4096)                = 0

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3

fstat64(3, {st_mode=S_IFREG|0660, st_size=248800, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(3, {st_mode=S_IFREG|0660, st_size=248800, ...}) = 0

_llseek(3, 248800, [248800], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(3, "31588: [11/21/2007 12:04:21] sed"..., 54) = 54

close(3)                                = 0

munmap(0xb7da5000, 4096)                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 3

bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0

getsockname(3, {sa_family=AF_NETLINK, pid=31588, groups=00000000}, [12]) = 0

time(NULL)                              = 1195675461

sendto(3, "\24\0\0\0\26\0\1\3E\217DG\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"8\0\0\0\24\0\2\0E\217DGd{\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 116

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0E\217DGd{\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20

close(3)                                = 0

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3

setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0

fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

connect(3, {sa_family=AF_INET, sin_port=htons(5432), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

getsockname(3, {sa_family=AF_INET, sin_port=htons(42496), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0\10\4\322\26/", 8, 0)    = 8

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "N", 16384, 0)                  = 1

poll([{fd=3, events=POLLOUT|POLLERR, revents=POLLOUT}], 1, -1) = 1

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "\0\0\0%\0\3\0\0user\0dspam\0database\0dspa"..., 37, 0) = 37

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "R\0\0\0\10\0\0\0\0S\0\0\0\36client_encoding\0SQ"..., 16384, 0) = 284

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0?SELECT split_part(split_par"..., 64, 0) = 64

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0#\0\1split_part\0\0\0\0\0\0\0\0\0\0\25\0\2\377\377"..., 16384, 0) = 66

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0\276SELECT typname FROM pg_type"..., 191, 0) = 191

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0 \0\1typname\0\0\0\4\337\0\1\0\0\0\23\0@\377\377\377\377\0"..., 16384, 0) = 67

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0MSELECT uid FROM dspam_virtu"..., 78, 0) = 78

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0ASELECT uid FROM dspam_virtu"..., 66, 0) = 66

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0\316SELECT uid, spam_learned, i"..., 207, 0) = 207

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\1:\0\tuid\0\0\0C\5\0\1\0\0\0\25\0\2\377\377\377\377\0\0spa"..., 16384, 0) = 385

open("/var/spool/dspam/data/d/r/user@domain.net/user@domain.net.blocklist", O_RDONLY) = -1 ENOENT (No such file or directory)

gettimeofday({1195675461, 415732}, {480, 0}) = 0

brk(0x80af000)                          = 0x80af000

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0MSELECT uid FROM dspam_virtu"..., 78, 0) = 78

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0ASELECT uid FROM dspam_virtu"..., 66, 0) = 66

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\1\236SELECT uid, token, spam_hit"..., 415, 0) = 415

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0p\0\4uid\0\0\0B\372\0\1\0\0\0\25\0\2\377\377\377\377\0\0tok"..., 16384, 0) = 131

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248854, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248854, ...}) = 0

_llseek(4, 248854, [248854], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Loa"..., 52) = 52

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0MSELECT uid FROM dspam_virtu"..., 78, 0) = 78

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0ASELECT uid FROM dspam_virtu"..., 66, 0) = 66

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0\34\0\1uid\0\0\0C\21\0\1\0\0\0\25\0\2\377\377\377\377\0\0D\0\0"..., 16384, 0) = 59

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "Q\0\0\0\275SELECT uid, token, spam_hit"..., 190, 0) = 190

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1

recv(3, "T\0\0\0p\0\4uid\0\0\0B\372\0\1\0\0\0\25\0\2\377\377\377\377\0\0tok"..., 16384, 0) = 131

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248906, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248906, ...}) = 0

_llseek(4, 248906, [248906], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Whi"..., 52) = 52

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=248958, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=248958, ...}) = 0

_llseek(4, 248958, [248958], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249033, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249033, ...}) = 0

_llseek(4, 249033, [249033], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249108, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249108, ...}) = 0

_llseek(4, 249108, [249108], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 97) = 97

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249205, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249205, ...}) = 0

_llseek(4, 249205, [249205], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 97) = 97

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249302, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249302, ...}) = 0

_llseek(4, 249302, [249302], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 91) = 91

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249393, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249393, ...}) = 0

_llseek(4, 249393, [249393], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 91) = 91

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249484, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249484, ...}) = 0

_llseek(4, 249484, [249484], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249560, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249560, ...}) = 0

_llseek(4, 249560, [249560], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249636, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249636, ...}) = 0

_llseek(4, 249636, [249636], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249713, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249713, ...}) = 0

_llseek(4, 249713, [249713], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249790, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249790, ...}) = 0

_llseek(4, 249790, [249790], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 80) = 80

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249870, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249870, ...}) = 0

_llseek(4, 249870, [249870], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 80) = 80

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=249950, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=249950, ...}) = 0

_llseek(4, 249950, [249950], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250025, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250025, ...}) = 0

_llseek(4, 250025, [250025], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250100, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250100, ...}) = 0

_llseek(4, 250100, [250100], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 81) = 81

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250181, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250181, ...}) = 0

_llseek(4, 250181, [250181], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 81) = 81

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250262, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250262, ...}) = 0
```

----------

## Ateo

```
_llseek(4, 250262, [250262], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250340, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250340, ...}) = 0

_llseek(4, 250340, [250340], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250418, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250418, ...}) = 0

_llseek(4, 250418, [250418], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250493, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250493, ...}) = 0

_llseek(4, 250493, [250493], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250568, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250568, ...}) = 0

_llseek(4, 250568, [250568], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250654, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250654, ...}) = 0

_llseek(4, 250654, [250654], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250740, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250740, ...}) = 0

_llseek(4, 250740, [250740], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250818, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250818, ...}) = 0

_llseek(4, 250818, [250818], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250896, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250896, ...}) = 0

_llseek(4, 250896, [250896], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=250982, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=250982, ...}) = 0

_llseek(4, 250982, [250982], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251068, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251068, ...}) = 0

_llseek(4, 251068, [251068], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251145, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251145, ...}) = 0

_llseek(4, 251145, [251145], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251222, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251222, ...}) = 0

_llseek(4, 251222, [251222], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 88) = 88

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251310, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251310, ...}) = 0

_llseek(4, 251310, [251310], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 88) = 88

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251398, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251398, ...}) = 0

_llseek(4, 251398, [251398], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 87) = 87

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251485, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251485, ...}) = 0

_llseek(4, 251485, [251485], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251561, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251561, ...}) = 0

_llseek(4, 251561, [251561], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 85) = 85

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251646, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251646, ...}) = 0

_llseek(4, 251646, [251646], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251723, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251723, ...}) = 0

_llseek(4, 251723, [251723], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 85) = 85

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251808, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251808, ...}) = 0

_llseek(4, 251808, [251808], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 74) = 74

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251882, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251882, ...}) = 0

_llseek(4, 251882, [251882], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=251959, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=251959, ...}) = 0

_llseek(4, 251959, [251959], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 80) = 80

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252039, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252039, ...}) = 0

_llseek(4, 252039, [252039], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 74) = 74

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252113, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252113, ...}) = 0

_llseek(4, 252113, [252113], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 79) = 79

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252192, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252192, ...}) = 0

_llseek(4, 252192, [252192], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252268, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252268, ...}) = 0

_llseek(4, 252268, [252268], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252343, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252343, ...}) = 0

_llseek(4, 252343, [252343], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 90) = 90

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252433, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252433, ...}) = 0

_llseek(4, 252433, [252433], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 96) = 96

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252529, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252529, ...}) = 0

_llseek(4, 252529, [252529], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 74) = 74

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252603, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252603, ...}) = 0

_llseek(4, 252603, [252603], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Nai"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252681, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252681, ...}) = 0

_llseek(4, 252681, [252681], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Gra"..., 79) = 79

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252760, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252760, ...}) = 0

_llseek(4, 252760, [252760], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Bur"..., 79) = 79

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252839, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252839, ...}) = 0

_llseek(4, 252839, [252839], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] no "..., 65) = 65

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252904, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252904, ...}) = 0

_llseek(4, 252904, [252904], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Res"..., 53) = 53

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=252957, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=252957, ...}) = 0

_llseek(4, 252957, [252957], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253032, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253032, ...}) = 0

_llseek(4, 253032, [253032], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253107, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253107, ...}) = 0

_llseek(4, 253107, [253107], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 97) = 97

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253204, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253204, ...}) = 0

_llseek(4, 253204, [253204], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 97) = 97

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253301, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253301, ...}) = 0

_llseek(4, 253301, [253301], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 91) = 91

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253392, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253392, ...}) = 0

_llseek(4, 253392, [253392], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 91) = 91

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253483, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253483, ...}) = 0

_llseek(4, 253483, [253483], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253559, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253559, ...}) = 0

_llseek(4, 253559, [253559], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253635, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253635, ...}) = 0

_llseek(4, 253635, [253635], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253712, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253712, ...}) = 0

_llseek(4, 253712, [253712], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253789, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253789, ...}) = 0

_llseek(4, 253789, [253789], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 80) = 80

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253869, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253869, ...}) = 0

_llseek(4, 253869, [253869], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 80) = 80

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=253949, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=253949, ...}) = 0

_llseek(4, 253949, [253949], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254024, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254024, ...}) = 0

_llseek(4, 254024, [254024], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254099, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254099, ...}) = 0

_llseek(4, 254099, [254099], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 81) = 81

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254180, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254180, ...}) = 0

_llseek(4, 254180, [254180], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 81) = 81

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254261, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254261, ...}) = 0

_llseek(4, 254261, [254261], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254339, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254339, ...}) = 0

_llseek(4, 254339, [254339], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254417, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254417, ...}) = 0

_llseek(4, 254417, [254417], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254492, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254492, ...}) = 0

_llseek(4, 254492, [254492], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254567, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254567, ...}) = 0

_llseek(4, 254567, [254567], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254653, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254653, ...}) = 0

_llseek(4, 254653, [254653], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254739, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254739, ...}) = 0

_llseek(4, 254739, [254739], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254817, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254817, ...}) = 0

_llseek(4, 254817, [254817], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254895, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254895, ...}) = 0

_llseek(4, 254895, [254895], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=254981, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=254981, ...}) = 0

_llseek(4, 254981, [254981], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 86) = 86

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255067, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255067, ...}) = 0

_llseek(4, 255067, [255067], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255144, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255144, ...}) = 0

_llseek(4, 255144, [255144], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255221, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255221, ...}) = 0

_llseek(4, 255221, [255221], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [gr"..., 88) = 88

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255309, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255309, ...}) = 0

_llseek(4, 255309, [255309], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [bu"..., 88) = 88

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255397, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255397, ...}) = 0

_llseek(4, 255397, [255397], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 87) = 87

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255484, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255484, ...}) = 0

_llseek(4, 255484, [255484], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255560, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255560, ...}) = 0

_llseek(4, 255560, [255560], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 85) = 85

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255645, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255645, ...}) = 0

_llseek(4, 255645, [255645], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255722, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255722, ...}) = 0

_llseek(4, 255722, [255722], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 85) = 85

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255807, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255807, ...}) = 0

_llseek(4, 255807, [255807], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 74) = 74

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255881, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255881, ...}) = 0

_llseek(4, 255881, [255881], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 77) = 77

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=255958, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=255958, ...}) = 0

_llseek(4, 255958, [255958], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 80) = 80

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256038, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256038, ...}) = 0

_llseek(4, 256038, [256038], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 74) = 74

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256112, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256112, ...}) = 0

_llseek(4, 256112, [256112], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 79) = 79

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256191, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256191, ...}) = 0

_llseek(4, 256191, [256191], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 76) = 76

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256267, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256267, ...}) = 0

_llseek(4, 256267, [256267], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 75) = 75

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256342, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256342, ...}) = 0

_llseek(4, 256342, [256342], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 90) = 90

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256432, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256432, ...}) = 0

_llseek(4, 256432, [256432], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 96) = 96

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256528, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256528, ...}) = 0

_llseek(4, 256528, [256528], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] [na"..., 74) = 74

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256602, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256602, ...}) = 0

_llseek(4, 256602, [256602], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Nai"..., 78) = 78

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256680, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256680, ...}) = 0

_llseek(4, 256680, [256680], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Gra"..., 79) = 79

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256759, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256759, ...}) = 0

_llseek(4, 256759, [256759], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Bur"..., 79) = 79

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256838, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256838, ...}) = 0

_llseek(4, 256838, [256838], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] Res"..., 53) = 53

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256891, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256891, ...}) = 0

_llseek(4, 256891, [256891], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] BNR"..., 50) = 50

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

gettimeofday({1195675461, 567134}, {480, 0}) = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=256941, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=256941, ...}) = 0

_llseek(4, 256941, [256941], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] tot"..., 61) = 61

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

stat64("", 0xbff49ea0)                  = -1 ENOENT (No such file or directory)

stat64("/var", {st_mode=S_IFDIR|0755, st_size=440, ...}) = 0

stat64("/var/spool", {st_mode=S_IFDIR|0755, st_size=272, ...}) = 0

stat64("/var/spool/dspam", {st_mode=S_IFDIR|0770, st_size=176, ...}) = 0

stat64("/var/spool/dspam/data", {st_mode=S_IFDIR|0770, st_size=96, ...}) = 0

stat64("/var/spool/dspam/data/d", {st_mode=S_IFDIR|0770, st_size=72, ...}) = 0

stat64("/var/spool/dspam/data/d/r", {st_mode=S_IFDIR|0770, st_size=88, ...}) = 0

stat64("/var/spool/dspam/data/d/r/user@domain.net", {st_mode=S_IFDIR|0770, st_size=128, ...}) = 0

open("/var/spool/dspam/data/d/r/user@domain.net/user@domain.net.stats", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=0, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

write(4, "0,1,0,0,0,0\nglobal\n", 19)   = 19

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=257002, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=257002, ...}) = 0

_llseek(4, 257002, [257002], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] lib"..., 71) = 71

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

open("/var/log/dspam/dspam.debug", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4

fstat64(4, {st_mode=S_IFREG|0660, st_size=257073, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7da5000

fstat64(4, {st_mode=S_IFREG|0660, st_size=257073, ...}) = 0

_llseek(4, 257073, [257073], SEEK_SET)  = 0

time(NULL)                              = 1195675461

getpid()                                = 31588

write(4, "31588: [11/21/2007 12:04:21] mes"..., 54) = 54

close(4)                                = 0

munmap(0xb7da5000, 4096)                = 0

time(NULL)                              = 1195675461

write(1, "X-DSPAM-Result: user@domain.n"..., 124X-DSPAM-Result: user@domain.net; result="Innocent"; class="Innocent"; probability=0.0023; confidence=1.00; signature=N/A

) = 124

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0

send(3, "X\0\0\0\4", 5, 0)              = 5

rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0

close(3)                                = 0

exit_group(0)                           = ?
```

----------

## steveb

Can you post the content to http://www.pastebin.ca/

----------

## steveb

Can you run one with --client?

----------

## Ateo

 *steveb wrote:*   

>  *Ateo wrote:*   
> 
> ```
> # You can specify multiple storage profiles, and specify the server to
> 
> ...

 

right right.. but my question is... don't i have to pass --profile Ateo to the server from the command lline? Or is that just explaining that it does that for you on daemon start... I apologize but DSPAM isn't the best when it comes to documentation... =P

----------

## Ateo

 *steveb wrote:*   

> Can you run one with --client?

 

That's this post: https://forums.gentoo.org/viewtopic-p-4529753.html#4529753 (last post on page 1)

----------

## Ateo

 *steveb wrote:*   

> Can you post the content to http://www.pastebin.ca/

 

Oh. Do you still want them on pastebin?

----------

## steveb

 *Ateo wrote:*   

> right right.. but my question is... don't i have to pass --profile Ateo to the server from the command lline? Or is that just explaining that it does that for you on daemon start... I apologize but DSPAM isn't the best when it comes to documentation... =P

 No. It is already selected with:

```
DefaultProfile   Ateo
```

// SteveB

----------

## steveb

 *Ateo wrote:*   

>  *steveb wrote:*   Can you post the content to http://www.pastebin.ca/ 
> 
> Oh. Do you still want them on pastebin?

 No. I got already what I need:

```
...

socket(PF_FILE, SOCK_STREAM, 0)         = 3

connect(3, {sa_family=AF_FILE, path="/var/run/dspam/dspam.sock"}, 28) = 0

...

recv(3, "220 DSPAM LMTP 3.8.0 Ready\r\n", 1023, 0) = 28
```

I only wanted to see if you are communicating over LMTP. And you are. Damn!

So it must be Postfix! Something is wrong when Postfix is talking to DSPAM.

DSPAM on it's own probably works perfectly.

Damn! Damn! The problem I have is, that I run Postfix 2.4.6 and DSPAM 3.8.0-r8 and I run over a chain of transports in Postfix (totally different then you). So I have my hard time to find the damn error when using my setup.

I have to take the time and look again over your configuration.

btw: can you try to switch back to MySQL? Still same issue?

// SteveB

----------

## steveb

Are you able to crash DSPAM and get debug information? If the output is big, post it on pastebin.ca.

// SteveB

----------

## Ateo

 *steveb wrote:*   

> Are you able to crash DSPAM and get debug information? If the output is big, post it on pastebin.ca.
> 
> // SteveB

 

What do you mean by crashing it?

----------

## steveb

 *Ateo wrote:*   

>  *steveb wrote:*   Are you able to crash DSPAM and get debug information? If the output is big, post it on pastebin.ca.
> 
> // SteveB 
> 
> What do you mean by crashing it?

 I mean: can you reproduce the error in Postfix? If you can: can you reproduce this error while DSPAM runs in debug mode?

Another helpful information would be if you could run Postfix smtpd in verbose mode. Just add after smtpd in master.cf a -v or a -vv (more verbose).

// SteveB

----------

## Ateo

I have more details. I found where the connection fails. It fails during the lmtp transfer from postfix to dspam. I added -vv to the lmtp service in master.cf.

Here is the log:

```
Nov 21 21:02:09 boron.domain.com postfix/smtpd[9012]: connect from web38911.mail.mud.yahoo.com[209.191.125.117]

Nov 21 21:02:10 boron.domain.com postfix/policyd[7664]: weighted check:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .yahoo. - helo: .web38911.mail.mud.yahoo. - helo-domain: .yahoo.)  FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_ABUSE_RFCI=0.1 <client=209.191.125.117> <helo=web38911.mail.mud.yahoo.com> <from=anubus3@yahoo.com> <to=alias@domain.com>, rate: -8.4

Nov 21 21:02:10 boron.domain.com postfix/policyd[7664]: decided action=PREPEND X-policyd-weight:  NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .yahoo. - helo: .web38911.mail.mud.yahoo. - helo-domain: .yahoo.)  FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_ABUSE_RFCI=0.1 <client=209.191.125.117> <helo=web38911.mail.mud.yahoo.com> <from=anubus3@yahoo.com> <to=alias@domain.com>, rate: -8.4; delay: 1s

Nov 21 21:02:10 boron.domain.com postfix/smtpd[9012]: NOQUEUE: filter: RCPT from web38911.mail.mud.yahoo.com[209.191.125.117]: <alias@domain.com>: Recipient address triggers FILTER lmtp:unix:/var/run/dspam/dspam.sock; from=<anubus3@yahoo.com> to=<alias@domain.com> proto=SMTP helo=<web38911.mail.mud.yahoo.com>

Nov 21 21:02:10 boron.domain.com postfix/smtpd[9012]: 17B8D143ED: client=web38911.mail.mud.yahoo.com[209.191.125.117]

Nov 21 21:02:10 boron.domain.com postfix/cleanup[9018]: 17B8D143ED: message-id=<234404.41342.qm@web38911.mail.mud.yahoo.com>

Nov 21 21:02:10 boron.domain.com postfix/qmgr[8535]: 17B8D143ED: from=<anubus3@yahoo.com>, size=1677, nrcpt=1 (queue active)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: connection established

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: master_notify: status 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: deliver_request_initial: send initial status

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr status = 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: flags

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: flags

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 3

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: queue_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: queue_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: active

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: queue_id

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: queue_id

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 17B8D143ED

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: offset

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: offset

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 643

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: size

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: size

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 1677

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: nexthop

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: nexthop

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: unix:/var/run/dspam/dspam.sock

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: encoding

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: encoding

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: sender

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: sender

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: anubus3@yahoo.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: envelope_id

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: envelope_id

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: ret_flags

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: ret_flags

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: time

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: time

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: UQ1FR3D7CQBSDUVHbzcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: log_client_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: log_client_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: web38911.mail.mud.yahoo.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: log_client_address

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: log_client_address

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 209.191.125.117

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: log_protocol_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: log_protocol_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: SMTP

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: log_helo_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: log_helo_name

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: web38911.mail.mud.yahoo.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: sasl_method

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: sasl_method

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: sasl_username

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: sasl_username

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: sasl_sender

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: sasl_sender

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: rewrite_context

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: rewrite_context

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: remote

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: recipient_count

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: recipient_count

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 1

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: (list terminator)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: original_recipient

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: original_recipient

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: alias@domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: recipient

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: recipient

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: user@domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: offset

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: offset

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 621

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: dsn_orig_rcpt

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: dsn_orig_rcpt

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: rfc822;alias@domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: notify_flags

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: notify_flags

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: lmtp socket: wanted attribute: (list terminator)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: deliver_request_get: file active/17B8D143ED

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: deliver_message: from anubus3@yahoo.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: smtp_connect_unix: trying: /var/run/dspam/dspam.sock...

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: global TLS level: none

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 220 DSPAM LMTP 3.8.0 Ready

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: > mail.domain.com[/var/run/dspam/dspam.sock]: LHLO mail.domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 250-localhost

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 250-PIPELINING

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 250-ENHANCEDSTATUSCODES

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 250 SIZE

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: server features: 0xd size 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: Using LMTP PIPELINING, TCP send buffer size is 4096

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: > mail.domain.com[/var/run/dspam/dspam.sock]: MAIL FROM:<anubus3@yahoo.com>

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: > mail.domain.com[/var/run/dspam/dspam.sock]: RCPT TO:<user@domain.com>

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: > mail.domain.com[/var/run/dspam/dspam.sock]: DATA

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 250 2.1.0 OK

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 250 2.1.5 OK

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: < mail.domain.com[/var/run/dspam/dspam.sock]: 354 Enter mail, end with "." on a line by itself

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: header_token: text / plain

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: > mail.domain.com[/var/run/dspam/dspam.sock]: .

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: > mail.domain.com[/var/run/dspam/dspam.sock]: QUIT

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: smtp_get: EOF

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: connect to subsystem private/defer

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr nrequest = 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr flags = 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr queue_id = 17B8D143ED

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr original_recipient = alias@domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr recipient = user@domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr offset = 621

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr dsn_orig_rcpt = rfc822;alias@domain.com

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr notify_flags = 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr status = 4.4.2

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr diag_type = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr diag_text = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr mta_type = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr mta_mname = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr action = delayed

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr reason = lost connection with mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: private/defer socket: wanted attribute: status

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: status

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute value: 0

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: private/defer socket: wanted attribute: (list terminator)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: input attribute name: (end)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: 17B8D143ED: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=mail.domain.com[/var/run/dspam/dspam.sock], delay=0.72, delays=0.69/0/0/0.03, dsn=4.4.2, status=deferred (lost connection with mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: flush_add: site domain.com id 17B8D143ED

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: match_hostname: domain.com ~? pgsql:/etc/postfix/inc/sql-mx-domains.cf(0,lock|fold_fix)

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql_get_active: attempting to connect to host 127.0.0.1:5432

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql: successful connection to host 127.0.0.1:5432

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql: successful query from host 127.0.0.1:5432

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql_lookup: retrieved 0 rows

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: match_hostname: lookup pgsql:/etc/postfix/inc/sql-mx-domains.cf domain.com: notfound

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql_get_active: found active connection to host 127.0.0.1:5432

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql: successful query from host 127.0.0.1:5432

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: dict_pgsql_lookup: retrieved 0 rows

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: match_hostname: lookup pgsql:/etc/postfix/inc/sql-mx-domains.cf net: notfound

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: match_list_match: domain.com: no match

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: flush_add: site domain.com id 17B8D143ED status 4

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: name_mask: resource

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: name_mask: software

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: deliver_request_final: send: "lost connection with mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once" -1

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr status = 4.4.2

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr diag_type = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr diag_text = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr mta_type = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr mta_mname = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr action = 

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr reason = lost connection with mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: send attr status = 4294967295

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: master_notify: status 1

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: connection closed

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: watchdog_stop: 0x809b2b8

Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: watchdog_start: 0x809b2b8

Nov 21 21:02:10 boron.domain.com postfix/smtpd[9012]: disconnect from web38911.mail.mud.yahoo.com[209.191.125.117]
```

Heres the SQL log:

```
2007-11-21 21:02:10 PST [[unknown]] : LOG:  connection received: host=localhost.domain.com port=52846

2007-11-21 21:02:10 PST [postfix] : LOG:  connection authorized: user=postfix database=postoffice

2007-11-21 21:02:10 PST [postfix] : LOG:  statement: set client_encoding to 'LATIN1'

2007-11-21 21:02:10 PST [postfix] : LOG:  statement: SELECT DISTINCT relay_destination FROM transport WHERE domain = 'domain.com' AND active = '1' AND destination = 'mxbackup:' LIMIT 1

2007-11-21 21:02:10 PST [postfix] : LOG:  statement: SELECT DISTINCT relay_destination FROM transport WHERE domain = 'net' AND active = '1' AND destination = 'mxbackup:' LIMIT 1

2007-11-21 21:02:16 PST [postfix] : LOG:  unexpected EOF on client connection

2007-11-21 21:02:16 PST [postfix] : LOG:  disconnection: session time: 0:00:08.224 user=postfix database=postoffice host=localhost.domain.com port=52842

2007-11-21 21:02:16 PST [postfix] : LOG:  unexpected EOF on client connection

2007-11-21 21:02:16 PST [postfix] : LOG:  disconnection: session time: 0:00:08.221 user=postfix database=postoffice host=localhost.domain.com port=52843
```

Hmmm. It makes not sense. Who is killing who here?Last edited by Ateo on Thu Nov 22, 2007 5:21 am; edited 1 time in total

----------

## Ateo

I was thinking of using proxy to query the tables. But I get this:

```
Nov 21 18:51:42 boron.domain.com postfix/smtpd[10475]: warning: private/proxymap socket: service dict_proxy_open: Connection reset by peer

Nov 21 18:51:42 boron.domain.com postfix/qmgr[10462]: warning: private/proxymap socket: service dict_proxy_open: Success

Nov 21 18:52:43 boron.domain.com postfix/proxymap[10583]: warning: request for unapproved table: "pgsql:/etc/postfix/inc/sql-mx-domains.cf"

Nov 21 18:52:43 boron.domain.com postfix/proxymap[10583]: warning: to approve this table for proxymap access, list proxy:pgsql:/etc/postfix/inc/sql-mx-domains.cf in main.cf:proxy_read_maps

Nov 21 18:52:43 boron.domain.com postfix/proxymap[10583]: warning: request for unapproved table: "pgsql:/etc/postfix/inc/sql-mx-domains.cf"

Nov 21 18:52:43 boron.domain.com postfix/proxymap[10583]: warning: to approve this table for proxymap access, list proxy:pgsql:/etc/postfix/inc/sql-mx-domains.cf in main.cf:proxy_read_maps
```

Here is main.cf:

```
virtual_mailbox_domains = proxy:pgsql:$config_directory/inc/sql-vdomains.cf

virtual_mailbox_maps = proxy:pgsql:$config_directory/inc/sql-vmailboxes.cf

virtual_alias_maps = proxy:pgsql:$config_directory/inc/sql-valiases.cf

relay_domains = proxy:pgsql:$config_directory/inc/sql-mx-domains.cf

#

# Proxy maps

#

proxy_read_maps =

 $local_recipient_maps

 $virtual_alias_maps

 $virtual_alias_domains

 $virtual_mailbox_maps

 $virtual_alias_domains

 $relay_domains
```

Master:

```
proxymap  unix  -       -       n       -       -       proxymap
```

I have Postfix with proxy support:

```
$ postconf -m

btree

cidr

environ

hash

mysql

pcre

pgsql

proxy

regexp

static

unix
```

What the hell is wrong with Postfix. Looks like DSPAM is the sane one here. Postfix is funked up... It works just fine without proxy so I know it's not a DB permissions issue (unless I'm missing something here)....

Ideas?

----------

## steveb

Try removing $local_recipient_maps and $virtual_alias_domains from your proxy_read_maps.

Did that help?

// SteveB

----------

## Ateo

Nope. I've set proxy_read_maps to the 4 sql maps defined in the main.cf. Still doesn't work. I've even replaced the variable with the path to the file rather than defined with a variable (ie):

```
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/inc/sql-vdomains.cf

virtual_mailbox_maps = proxy:pgsql:/etc/postfix/inc/sql-vmailboxes.cf      

virtual_alias_maps = proxy:pgsql:/etc/postfix/inc/sql-valiases.cf      

relay_domains = proxy:pgsql:/etc/postfix/inc/sql-mx-domains.cf      

proxy_read_maps =

 proxy:pgsql:/etc/postfix/inc/sql-vdomains.cf

 proxy:pgsql:/etc/postfix/inc/sql-vmailboxes.cf

 proxy:pgsql:/etc/postfix/inc/sql-valiases.cf

 proxy:pgsql:/etc/postfix/inc/sql-mx-domains.cf
```

I've never been able to get proxy working with ebuilds. I can't say the same for building it from source myself (non-ebuild)...

----------

## steveb

 *Ateo wrote:*   

> I've never been able to get proxy working with ebuilds. I can't say the same for building it from source myself (non-ebuild)...

 Strange. I can not conform this problem with the ebuilds. I have Postfix since ages and currently running Postfix 2.4.6 and I have a lot proxy: stuff into my main.cf:

```
mail ~ # grep "^[^#]*proxy\:" /etc/postfix/main.cf|wc -l

28

mail ~ #
```

Could you try just to leave one proxy statement? Just pick one you think would not be problematic. If that works, then just add another one and look at which one it is failing.

// SteveB

----------

## Ateo

Negative. I enabled only one proxy statement at a time. Each time I get this error. The only thing that changes is the cf filename cf filename...

```
Nov 22 12:11:30 mail.domain.com postfix/proxymap[4339]: warning: request for unapproved table: "pgsql:/etc/postfix/inc/sql-vmailboxes.cf"

Nov 22 12:11:30 mail.domain.com postfix/proxymap[4339]: warning: to approve this table for proxymap access, list proxy:pgsql:/etc/postfix/inc/sql-vmailboxes.cf in main.cf:proxy_read_maps
```

/var/log/postfix/postfix.log just idles. Nothing new is written to the log (except the postfix reload commands)...

----------

## steveb

Strange! Ultra strange! Could you post the whole and complete main.cf? What about the permission inside /etc/postfix/ directory? Could you list a recursive list of the files and directories with their permission?

Do you use Postfix in a chroot? How about posting master.cf as well?

// SteveB

----------

## magic919

And an

emerge -pv postfix

perhaps.

----------

## Ateo

Postfix does not run in a chroot environment.

```
syslog_facility = mail

syslog_name = postfix

config_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mailq_path = /usr/bin/mailq

mydomain = mydomain.com

myhostname = mail.$mydomain

myorigin = $mydomain

mydestination =

 $myhostname,

 $mydomain,

 localhost.$mydomain

inet_interfaces =

 192.168.4.245,

 127.0.0.1

mynetworks = cidr:$config_directory/inc/mynetworks

relay_domains = $mynetworks

queue_run_delay = 1h

maximal_backoff_time = 2h

minimal_backoff_time = 1h

maximal_queue_lifetime = 2d

bounce_queue_lifetime = 2d

setgid_group = postdrop

default_privs = nobody

recipient_delimiter = -

home_mailbox = .maildir/

biff = yes

mail_name = AntiUCE-Creepy.Mail.Services

header_checks = pcre:$config_directory/inc/header_checks

body_checks =

html_directory = no

strict_rfc821_envelopes = yes

smtp_always_send_ehlo = yes

disable_vrfy_command = yes

smtpd_banner = $myhostname ESMTP $mail_name (Postfix $mail_version)

smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_client_restrictions =

 permit_inet_interfaces

 permit_mynetworks,

 permit_sasl_authenticated,

 check_client_access cidr:$config_directory/inc/blacklist,

 reject_rbl_client rbl_domain=countries.blackholes.us,

 permit

smtpd_helo_restrictions =

 permit_inet_interfaces

 permit_mynetworks,

 reject_invalid_hostname,

 check_helo_access pcre:$config_directory/inc/helo,

 permit

smtpd_sender_restrictions =

 permit_inet_interfaces,

 permit_mynetworks,

 reject_non_fqdn_sender,

 permit

smtpd_recipient_restrictions =

 permit_inet_interfaces,

 permit_mynetworks,

 permit_sasl_authenticated,

 reject_non_fqdn_sender,

 reject_non_fqdn_recipient,

 reject_unknown_sender_domain,

 reject_unknown_recipient_domain,

 reject_non_fqdn_helo_hostname,

 reject_unauth_destination,

 reject_unauth_pipelining,

 reject_invalid_hostname,

 check_policy_service inet:127.0.0.1:10025,

 check_recipient_access pcre:$config_directory/inc/filter_spamassassin,

 permit

smtpd_data_restrictions =

 reject_unauth_pipelining,

 permit

smtpd_sasl_type = cyrus

smtpd_sasl_application_name = smtpd

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options =

 noanonymous,

 noplaintext

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_sasl_path = /etc/sasl2:/usr/lib/sasl2

smtpd_sasl_exceptions_networks = $mynetworks

smtpd_sasl_local_domain = $mydomain

smtp_use_tls = yes

smtpd_use_tls = yes

smtpd_tls_key_file = $config_directory/ssl/newkey.pem

smtpd_tls_cert_file = $config_directory/ssl/newcert.pem

smtpd_tls_CAfile = $config_directory/ssl/demoCA/cacert.pem

smtpd_tls_loglevel = 0

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache

mailbox_command = /usr/bin/maildrop -w 90 -d $USER 0 $USER $DOMAIN $SENDER

virtual_transport = maildrop

default_destination_concurrency_limit = 10

local_destination_concurrency_limit = 2

virtual_destination_concurrency_limit = $default_destination_concurrency_limit

maildrop_destination_recipient_limit = $default_destination_concurrency_limit

transport_maps = 

local_recipient_maps =

 proxy:unix:passwd.byname

virtual_minimum_uid = 1000

virtual_gid_maps = static:5000

virtual_uid_maps = static:5000

virtual_mailbox_base = static:/home/vmail

virtual_mailbox_domains = pgsql:$config_directory/inc/sql-vdomains.cf

virtual_mailbox_maps = pgsql:$config_directory/inc/sql-vmailboxes.cf

virtual_alias_maps = pgsql:$config_directory/inc/sql-valiases.cf

virtual_alias_domains =

virtual_maildir_limit_message =

relay_domains = pgsql:$config_directory/inc/sql-mx-domains.cf

proxy_read_maps =

 $local_recipient_maps

 $virtual_mailbox_domains

 $virutal_mailbox_maps

 $vritual_alias_maps

 $relay_domains

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 550

unknown_relay_recipient_reject_code = 550

unknown_virtual_alias_reject_code = 550

unknown_virtual_mailbox_reject_code = 550

unverified_recipient_reject_code = 450

unverified_sender_reject_code = 450

soft_bounce = yes

2bounce_notice_recipient = postmaster@$mydomain

bounce_notice_recipient = postmaster@$mydomain

error_notice_recipient = postmaster@$mydomain

debug_peer_level = 1

debug_peer_list =

 192.168.4.0/24

 127.0.0.0/8
```

```
smtp      inet  n       -       n       -       -       smtpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

tlsmgr    unix  -       -       n       300     1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

relay     unix  -       -       n       -       -       smtp

 -o fallback_relay=

 -o smtp_helo_timeout=5

 -o smtp_connect_timeout=5

maildrop  unix  -       n       n       -       -       pipe

 flags=Ru user=vmail argv=/usr/bin/maildrop

 -w 90 -d ${recipient} 1 ${user} ${nexthop} ${sender}

127.0.0.1:11025 inet    n       -       n       -       -       smtpd

 -o smtpd_authorized_xforward_hosts=127.0.0.0/8

 -o mynetworks=127.0.0.0/8

 -o smtpd_client_restrictions=permit_mynetworks,reject

 -o smtpd_helo_restrictions=permit_mynetworks,reject

 -o smtpd_sender_restrictions=permit_mynetworks,reject

 -o smtpd_recipient_restrictions=permit_mynetworks,reject

 -o receive_override_options=no_unknown_recipient_checks

spamassassin unix -     n       n       -       -       pipe

 flags=Ru user=spamd argv=/usr/bin/spamc

 -u ${recipient} -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
```

```
$ ls -lR /etc/postfix/

/etc/postfix/:

total 72

drw-r----- 2 root root   384 Nov 21 19:15 inc

-rw-r--r-- 1 root root  5475 Nov 22 13:24 main.cf

-rw-r--r-- 1 root root  3004 Nov 22 12:43 master.cf

-rwxr-xr-x 1 root root 22197 Nov 22 13:22 post-install

-rw-r--r-- 1 root root 17588 Nov 22 13:22 postfix-files

-rwxr-xr-x 1 root root  6647 Nov 22 13:22 postfix-script

-rw------- 1 root root  1024 Nov 22 13:24 prng_exch

-rw------- 1 root root   141 Nov 22 13:22 saslpass

drwxr-xr-x 3 root root   168 Feb  1  2007 ssl

/etc/postfix/inc:

total 40

-rw-r----- 1 root root 2478 Nov 21 20:27 blacklist

-rw-r----- 1 root root  968 Nov 21 14:09 filter_dspam

-rw-r----- 1 root root  746 Nov 17 21:48 filter_spamassassin

-rw-r----- 1 root root 2019 Sep 10 14:28 header_checks

-rw-r----- 1 root root 1044 Sep 10 14:33 helo

-rw-r----- 1 root root   33 Nov 15 11:23 mynetworks

-rw-r----- 1 root root  294 Nov 21 19:49 sql-mx-domains.cf

-rw-r----- 1 root root  256 Nov 21 19:49 sql-valiases.cf

-rw-r----- 1 root root  299 Nov 21 19:50 sql-vdomains.cf

-rw-r----- 1 root root  276 Nov 21 19:50 sql-vmailboxes.cf

/etc/postfix/ssl:

total 12

drwxr-xr-x 6 root root  432 Feb  1  2007 demoCA

-rw-r--r-- 1 root root 3305 Feb  1  2007 newcert.pem

-rw-r--r-- 1 root root  887 Feb  1  2007 newkey.pem

-rw-r--r-- 1 root root  733 Feb  1  2007 newreq.pem

/etc/postfix/ssl/demoCA:

total 36

-rw-r--r-- 1 root root 3510 Feb  1  2007 cacert.pem

-rw-r--r-- 1 root root  733 Feb  1  2007 careq.pem

drwxr-xr-x 2 root root   48 Feb  1  2007 certs

drwxr-xr-x 2 root root   48 Feb  1  2007 crl

-rw-r--r-- 1 root root    3 Feb  1  2007 crlnumber

-rw-r--r-- 1 root root  279 Feb  1  2007 index.txt

-rw-r--r-- 1 root root   20 Feb  1  2007 index.txt.attr

-rw-r--r-- 1 root root   21 Feb  1  2007 index.txt.attr.old

-rw-r--r-- 1 root root  136 Feb  1  2007 index.txt.old

drwxr-xr-x 2 root root  128 Feb  1  2007 newcerts

drwxr-xr-x 2 root root   80 Feb  1  2007 private

-rw-r--r-- 1 root root   17 Feb  1  2007 serial

-rw-r--r-- 1 root root   17 Feb  1  2007 serial.old

/etc/postfix/ssl/demoCA/certs:

total 0

/etc/postfix/ssl/demoCA/crl:

total 0

/etc/postfix/ssl/demoCA/newcerts:

total 8

-rw-r--r-- 1 root root 3510 Feb  1  2007 BC63F1AECAA0F6DE.pem

-rw-r--r-- 1 root root 3305 Feb  1  2007 BC63F1AECAA0F6DF.pem

/etc/postfix/ssl/demoCA/private:

total 4

-rw-r--r-- 1 root root 963 Feb  1  2007 cakey.pem
```

```
[ebuild   R   ] mail-mta/postfix-2.4.5  USE="-cdb -dovecot-sasl -hardened -ipv6 -ldap mailwrapper -mbox mysql -nis pam postgres sasl (-selinux) ssl vda" 0 kB
```

----------

## steveb

There is an error in the master.cf file. You have specified twice a smtp service. Can you please disable the second one?

And where are the following transports?discardretryscachessmtpsubmission

Could you make a copy of your main.cf and master.cf and then run:

```
postfix upgrade-configuration
```

Run diff to find out what Postfix added to main.cf and/or master.cf.

// SteveB

----------

## Ateo

 *steveb wrote:*   

> There is an error in the master.cf file. You have specified twice a smtp service. Can you please disable the second one?

 

Commenting the 2nd smtp service breaks sending mail.

 *steveb wrote:*   

> And where are the following transports?discardretryscachessmtpsubmission

 

Well. To be honest. I don't know. Either way, I grabbed a main.cf.dist file and copied those extra services. But I don't see the ssmtp service in the distribrution file....

Here is my updated master.cf:

```
smtp      inet  n       -       n       -       -       smtpd

submission inet n       -       n       -       -       smtpd

 -o smtpd_enforce_tls=yes

 -o smtpd_sasl_auth_enable=yes

 -o smtpd_client_restrictions=permit_sasl_authenticated,reject

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

# ==========================================================================

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

 -o fallback_relay=

 -o smtp_helo_timeout=5

 -o smtp_connect_timeout=5

# ==========================================================================

# Maildrop service (piped)

maildrop  unix  -       n       n       -       -       pipe

 flags=Ru user=vmail argv=/usr/bin/maildrop

 -w 90 -d ${recipient} 1 ${user} ${nexthop} ${sender}

# ==========================================================================

# SMTP daemon for re-injecting mail from DSPAM

127.0.0.1:11025 inet    n       -       n       -       -       smtpd

 -o smtpd_authorized_xforward_hosts=127.0.0.0/8

 -o mynetworks=127.0.0.0/8

 -o smtpd_client_restrictions=permit_mynetworks,reject

 -o smtpd_helo_restrictions=permit_mynetworks,reject

 -o smtpd_sender_restrictions=permit_mynetworks,reject

 -o smtpd_recipient_restrictions=permit_mynetworks,reject

 -o receive_override_options=no_unknown_recipient_checks

# ==========================================================================

# SpamAssassin service (piped)

spamassassin unix -     n       n       -       -       pipe

 flags=Ru user=spamd argv=/usr/bin/spamc

 -u ${recipient} -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
```

So far, so good. I can send/ receive mail from my local network. I need to test TLS later...

Here is the distribution file. As you can see, it also has 2 smtp services...

```
#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master").

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

#submission inet n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#smtps     inet  n       -       n       -       -       smtpd

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#628      inet  n       -       n       -       -       qmqpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

        -o fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

#maildrop  unix  -       n       n       -       -       pipe

#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

#

# ====================================================================

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

#old-cyrus unix  -       n       n       -       -       pipe

#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

#

# ====================================================================

#

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

#

#cyrus     unix  -       n       n       -       -       pipe

#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

#

# ====================================================================

#

# See the Postfix UUCP_README file for configuration details.

#

#uucp      unix  -       n       n       -       -       pipe

#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# ====================================================================

#

# Other external delivery methods.

#

#ifmail    unix  -       n       n       -       -       pipe

#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

#

#bsmtp     unix  -       n       n       -       -       pipe

#  flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient

#

#scalemail-backend unix -       n       n       -       2       pipe

#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store

#  ${nexthop} ${user} ${extension}

#

#mailman   unix  -       n       n       -       -       pipe

#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

#  ${nexthop} ${user}
```

----------

## steveb

Yeah. Sorry. My error! You need both smtp lines in master.cf.

ssmtp is needed for SMTP protocol over TLS/SSL. Could be named ssmtp or smtps. It is the same.

Do you need that service? Should I post examples for ssmtp/smtps?

btw: Did you run that here: *steveb wrote:*   

> Could you make a copy of your main.cf and master.cf and then run:
> 
> ```
> postfix upgrade-configuration
> ```
> ...

 

// SteveB

----------

## Ateo

 *steveb wrote:*   

> Do you need that service? Should I post examples for ssmtp/smtps?

 

Yes please!!

 *steveb wrote:*   

> btw: Did you run that here: *steveb wrote:*   Could you make a copy of your main.cf and master.cf and then run:
> 
> ```
> postfix upgrade-configuration
> ```
> ...

 

Oh. I didn't catch this earlier. I've gone ahead and performed this but it appears nothing was added to either file...

----------

## steveb

Example 1:

```
ssmtp     inet  n       -       n       -       -       smtpd

  -o smtpd_tls_wrappermode=yes

  -o smtpd_sasl_auth_enable=yes
```

Exampel 2:

```
ssmtp     inet  n       -       n       -       -       smtpd

  -o smtpd_enforce_tls=yes

  -o smtp_tls_security_level=encrypt

  -o smtpd_tls_wrappermode=yes

  -o smtpd_sasl_auth_enable=yes
```

Example 3:

```
ssmtp     inet  n       -       n       -       -       smtpd

  -o smtpd_tls_wrappermode=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
```

----------

## Ateo

Thanks Steve... Since our long weekend is here, I'm taking some time off. I'll continue with this come Monday.

----------

## steveb

Okay  :Smile: 

----------

## steveb

Can I ask/request one thing? Could you switch to MySQL and look if you can reproduce that error/problem there as well?

// SteveB

----------

## Ateo

 *steveb wrote:*   

> Can I ask/request one thing? Could you switch to MySQL and look if you can reproduce that error/problem there as well?
> 
> // SteveB

 

Sure. I'll do that. I'll hit back when I've switched over...

----------

## Ateo

Recent changes:

I upgraded to mail-mta/postfix-2.4.6-r1 and mail-filter/dspam-3.8.0-r8. I have also switched to using MySQL.

I removed mail-filter/dspam-3.8.0-r7 completely before installing mail-filter/dspam-3.8.0-r8. Reconfigured DSPAM from scratch.

The bad news. I am still having the socket issue. A few messages are accepted/processed/delivered but then DSPAM locks up and every is queue. gads!

/edit: Currently on this issue: https://forums.gentoo.org/viewtopic-t-623999.html. I will return to this when I address my SASL issue...

----------

## steveb

FINALLY! I never ever could reproduce those connection issues on my end. But now I can! Cool!

I know where the error is. I mean I know where in the source code the error is and what the conditions are to trigger it. I had no time to fix it (yet) but I have a workaround to get your installation working. What you need to do is to switch away from using domain sockets and switch to use TCP sockets. In your dspam.conf comment out ServerDomainSocketPath and ClientHost. Replace it with (lets say you use port 10023 for DSPAM):

```
ServerPort      10023

ClientHost      127.0.0.1

ClientPort      10023
```

In Postfix you need to change from:

```
lmtp:unix:/var/run/dspam/dspam.sock
```

To:

```
lmtp:127.0.0.1:10023
```

Does that fix the issue?

// SteveB

----------

## Ateo

 *steveb wrote:*   

> Does that fix the issue?

 

Unfortunately, it did not fix the issue. Only one message got through then it crapped out. Same error messages.

----------

## steveb

 *Ateo wrote:*   

> Unfortunately, it did not fix the issue. Only one message got through then it crapped out. Same error messages.

 We are still talking about this error message?

```
Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: 17B8D143ED: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=mail.domain.com[/var/run/dspam/dspam.sock], delay=0.72, delays=0.69/0/0/0.03, dsn=4.4.2, status=deferred (lost connection with mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once)
```

// SteveB

----------

## Ateo

 *steveb wrote:*   

>  *Ateo wrote:*   Unfortunately, it did not fix the issue. Only one message got through then it crapped out. Same error messages. We are still talking about this error message?
> 
> ```
> Nov 21 21:02:10 boron.domain.com postfix/lmtp[9020]: 17B8D143ED: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=mail.domain.com[/var/run/dspam/dspam.sock], delay=0.72, delays=0.69/0/0/0.03, dsn=4.4.2, status=deferred (lost connection with mail.domain.com[/var/run/dspam/dspam.sock] while sending end of data -- message may be sent more than once)
> ```
> ...

 

Yes. Just replace mail.domain.com[/var/run/dspam/dspam.sock] with 127.0.01[127.0.0.1] and it's the same exact errors.

I'm perplexed.  :Question: 

----------

## steveb

Could you use tcpdump to dump the conversation between DSPAM client, DSPAM server and Postfix?

// SteveB

----------

## Ateo

Here's a "connection refused" tcpdump, the entire conversation until it dies.

```
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 68 bytes

18:25:24.197209 IP (tos 0x0, ttl 64, id 59654, offset 0, flags [DF], proto UDP (17), length 74) localhost.domain.com.32803 > localhost.domain.com.domain: 37267+[|domain]

18:25:24.263153 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 285) localhost.domain.com.domain > localhost.domain.com.32803: 37267 q:[|domain]

18:25:24.263304 IP (tos 0x0, ttl 64, id 59671, offset 0, flags [DF], proto UDP (17), length 73) localhost.domain.com.32803 > localhost.domain.com.domain: 43441+[|domain]

18:25:24.339253 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 259) localhost.domain.com.domain > localhost.domain.com.32803: 43441 q:[|domain]

18:25:24.487991 IP (tos 0x0, ttl 64, id 50359, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.60466 > localhost.domain.com.mysql: S 3566808568:3566808568(0) win 32792 <mss 16396,sackOK,timestamp 4057423[|tcp]>

18:25:24.488017 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.mysql > localhost.domain.com.60466: S 3574655533:3574655533(0) ack 3566808569 win 32768 <mss 16396,sackOK,timestamp 4057423[|tcp]>

18:25:24.488030 IP (tos 0x0, ttl 64, id 50360, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60466 > localhost.domain.com.mysql: ., cksum 0xe9b0 (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 4057423 4057423>

18:25:24.488172 IP (tos 0x8, ttl 64, id 865, offset 0, flags [DF], proto TCP (6), length 112) localhost.domain.com.mysql > localhost.domain.com.60466: P 1:61(60) ack 1 win 256 <nop,nop,timestamp 4057423 4057423>

18:25:24.488181 IP (tos 0x0, ttl 64, id 50361, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60466 > localhost.domain.com.mysql: ., cksum 0xe974 (correct), 1:1(0) ack 61 win 257 <nop,nop,timestamp 4057423 4057423>

18:25:24.491021 IP (tos 0x8, ttl 64, id 50362, offset 0, flags [DF], proto TCP (6), length 128) localhost.domain.com.60466 > localhost.domain.com.mysql: P 1:77(76) ack 61 win 257 <nop,nop,timestamp 4057423 4057423>

18:25:24.491034 IP (tos 0x8, ttl 64, id 866, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.mysql > localhost.domain.com.60466: ., cksum 0xe929 (correct), 61:61(0) ack 77 win 256 <nop,nop,timestamp 4057423 4057423>

18:25:24.491079 IP (tos 0x8, ttl 64, id 867, offset 0, flags [DF], proto TCP (6), length 63) localhost.domain.com.mysql > localhost.domain.com.60466: P 61:72(11) ack 77 win 256 <nop,nop,timestamp 4057423 4057423>

18:25:24.491115 IP (tos 0x8, ttl 64, id 50363, offset 0, flags [DF], proto TCP (6), length 175) localhost.domain.com.60466 > localhost.domain.com.mysql: P 77:200(123) ack 72 win 257 <nop,nop,timestamp 4057423 4057423>

18:25:24.491289 IP (tos 0x8, ttl 64, id 868, offset 0, flags [DF], proto TCP (6), length 159) localhost.domain.com.mysql > localhost.domain.com.60466: P 72:179(107) ack 200 win 256 <nop,nop,timestamp 4057423 4057423>

18:25:24.491355 IP (tos 0x0, ttl 64, id 59802, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.60467 > localhost.domain.com.mysql: S 3567911125:3567911125(0) win 32792 <mss 16396,sackOK,timestamp 4057423[|tcp]>

18:25:24.491366 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.mysql > localhost.domain.com.60467: S 3579407367:3579407367(0) ack 3567911126 win 32768 <mss 16396,sackOK,timestamp 4057423[|tcp]>

18:25:24.491377 IP (tos 0x0, ttl 64, id 59803, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60467 > localhost.domain.com.mysql: ., cksum 0x949f (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 4057423 4057423>

18:25:24.491459 IP (tos 0x8, ttl 64, id 34119, offset 0, flags [DF], proto TCP (6), length 112) localhost.domain.com.mysql > localhost.domain.com.60467: P 1:61(60) ack 1 win 256 <nop,nop,timestamp 4057424 4057423>

18:25:24.491468 IP (tos 0x0, ttl 64, id 59804, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60467 > localhost.domain.com.mysql: ., cksum 0x9461 (correct), 1:1(0) ack 61 win 257 <nop,nop,timestamp 4057424 4057424>

18:25:24.491503 IP (tos 0x8, ttl 64, id 59805, offset 0, flags [DF], proto TCP (6), length 128) localhost.domain.com.60467 > localhost.domain.com.mysql: P 1:77(76) ack 61 win 257 <nop,nop,timestamp 4057424 4057424>

18:25:24.491511 IP (tos 0x8, ttl 64, id 34120, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.mysql > localhost.domain.com.60467: ., cksum 0x9416 (correct), 61:61(0) ack 77 win 256 <nop,nop,timestamp 4057424 4057424>

18:25:24.491540 IP (tos 0x8, ttl 64, id 34121, offset 0, flags [DF], proto TCP (6), length 63) localhost.domain.com.mysql > localhost.domain.com.60467: P 61:72(11) ack 77 win 256 <nop,nop,timestamp 4057424 4057424>

18:25:24.491560 IP (tos 0x8, ttl 64, id 59806, offset 0, flags [DF], proto TCP (6), length 182) localhost.domain.com.60467 > localhost.domain.com.mysql: P 77:207(130) ack 72 win 257 <nop,nop,timestamp 4057424 4057424>

18:25:24.491649 IP (tos 0x8, ttl 64, id 34122, offset 0, flags [DF], proto TCP (6), length 171) localhost.domain.com.mysql > localhost.domain.com.60467: P 72:191(119) ack 207 win 265 <nop,nop,timestamp 4057424 4057424>

18:25:24.491688 IP (tos 0x8, ttl 64, id 59807, offset 0, flags [DF], proto TCP (6), length 176) localhost.domain.com.60467 > localhost.domain.com.mysql: P 207:331(124) ack 191 win 257 <nop,nop,timestamp 4057424 4057424>

18:25:24.491762 IP (tos 0x8, ttl 64, id 34123, offset 0, flags [DF], proto TCP (6), length 171) localhost.domain.com.mysql > localhost.domain.com.60467: P 191:310(119) ack 331 win 265 <nop,nop,timestamp 4057424 4057424>

18:25:24.527670 IP (tos 0x8, ttl 64, id 50364, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60466 > localhost.domain.com.mysql: ., cksum 0xe82d (correct), 200:200(0) ack 179 win 257 <nop,nop,timestamp 4057433 4057423>

18:25:24.531690 IP (tos 0x8, ttl 64, id 59808, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60467 > localhost.domain.com.mysql: ., cksum 0x9214 (correct), 331:331(0) ack 310 win 257 <nop,nop,timestamp 4057434 4057424>

18:25:24.564769 IP (tos 0x8, ttl 64, id 50365, offset 0, flags [DF], proto TCP (6), length 177) localhost.domain.com.60466 > localhost.domain.com.mysql: P 200:325(125) ack 179 win 257 <nop,nop,timestamp 4057442 4057423>

18:25:24.564879 IP (tos 0x8, ttl 64, id 869, offset 0, flags [DF], proto TCP (6), length 159) localhost.domain.com.mysql > localhost.domain.com.60466: P 179:286(107) ack 325 win 256 <nop,nop,timestamp 4057442 4057442>

18:25:24.564899 IP (tos 0x8, ttl 64, id 50366, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60466 > localhost.domain.com.mysql: ., cksum 0xe729 (correct), 325:325(0) ack 286 win 257 <nop,nop,timestamp 4057442 4057442>

18:25:24.565054 IP (tos 0x0, ttl 64, id 59746, offset 0, flags [DF], proto UDP (17), length 73) localhost.domain.com.32803 > localhost.domain.com.domain: 51581+[|domain]

18:25:24.565202 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 259) localhost.domain.com.domain > localhost.domain.com.32803: 51581 q:[|domain]

18:25:24.565278 IP (tos 0x0, ttl 64, id 59746, offset 0, flags [DF], proto UDP (17), length 55) localhost.domain.com.32803 > localhost.domain.com.domain: 43482+[|domain]

18:25:24.565412 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 539) localhost.domain.com.domain > localhost.domain.com.32803: 43482 q:[|domain]

18:25:24.565488 IP (tos 0x0, ttl 64, id 13055, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.55442 > localhost.domain.com.10025: S 3657292701:3657292701(0) win 32792 <mss 16396,sackOK,timestamp 4057442[|tcp]>

18:25:24.565499 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.10025 > localhost.domain.com.55442: S 3650797317:3650797317(0) ack 3657292702 win 32768 <mss 16396,sackOK,timestamp 4057442[|tcp]>

18:25:24.565507 IP (tos 0x0, ttl 64, id 13056, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.55442 > localhost.domain.com.10025: ., cksum 0x5680 (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 4057442 4057442>

18:25:24.565549 IP (tos 0x0, ttl 64, id 13057, offset 0, flags [DF], proto TCP (6), length 560) localhost.domain.com.55442 > localhost.domain.com.10025: P 1:509(508) ack 1 win 257 <nop,nop,timestamp 4057442 4057442>

18:25:24.565557 IP (tos 0x0, ttl 64, id 22116, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.10025 > localhost.domain.com.55442: ., cksum 0x547c (correct), 1:1(0) ack 509 win 265 <nop,nop,timestamp 4057442 4057442>

18:25:24.566716 IP (tos 0x0, ttl 64, id 59498, offset 0, flags [DF], proto UDP (17), length 78) localhost.domain.com.32802 > localhost.domain.com.domain: 8987+[|domain]

18:25:24.646515 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 142) localhost.domain.com.domain > localhost.domain.com.32802: 8987 NXDomain q:[|domain]

18:25:24.646644 IP (tos 0x0, ttl 64, id 59499, offset 0, flags [DF], proto UDP (17), length 82) localhost.domain.com.32802 > localhost.domain.com.domain: 9901+[|domain]

18:25:24.665006 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 146) localhost.domain.com.domain > localhost.domain.com.32802: 9901 NXDomain q:[|domain]

18:25:24.665102 IP (tos 0x0, ttl 64, id 59500, offset 0, flags [DF], proto UDP (17), length 76) localhost.domain.com.32802 > localhost.domain.com.domain: 30436+[|domain]

18:25:24.729756 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) localhost.domain.com.domain > localhost.domain.com.32802: 30436 NXDomain q:[|domain]

18:25:24.729849 IP (tos 0x0, ttl 64, id 59501, offset 0, flags [DF], proto UDP (17), length 77) localhost.domain.com.32802 > localhost.domain.com.domain: 57723+[|domain]

18:25:24.818768 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 122) localhost.domain.com.domain > localhost.domain.com.32802: 57723 NXDomain q:[|domain]

18:25:24.818868 IP (tos 0x0, ttl 64, id 59502, offset 0, flags [DF], proto UDP (17), length 75) localhost.domain.com.32802 > localhost.domain.com.domain: 50717+[|domain]

18:25:24.985384 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 127) localhost.domain.com.domain > localhost.domain.com.32802: 50717 NXDomain q:[|domain]

18:25:24.985483 IP (tos 0x0, ttl 64, id 59503, offset 0, flags [DF], proto UDP (17), length 81) localhost.domain.com.32802 > localhost.domain.com.domain: 54580+[|domain]

18:25:25.355465 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 148) localhost.domain.com.domain > localhost.domain.com.32802: 54580 NXDomain q:[|domain]

18:25:25.356152 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 55) localhost.domain.com.32803 > localhost.domain.com.domain: 46346+[|domain]

18:25:25.356329 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 539) localhost.domain.com.domain > localhost.domain.com.32803: 46346 q:[|domain]

18:25:25.358257 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 4256+[|domain]

18:25:25.358373 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 319) localhost.domain.com.domain > localhost.domain.com.32803: 4256 q:[|domain]

18:25:25.359729 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 48693+[|domain]

18:25:25.359839 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 319) localhost.domain.com.domain > localhost.domain.com.32803: 48693 q:[|domain]

18:25:25.361197 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 44623+[|domain]

18:25:25.361309 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 335) localhost.domain.com.domain > localhost.domain.com.32803: 44623 q:[|domain]

18:25:25.362705 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 61136+[|domain]

18:25:25.362813 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 319) localhost.domain.com.domain > localhost.domain.com.32803: 61136 q:[|domain]

18:25:25.364166 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 59549+[|domain]

18:25:25.364274 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 319) localhost.domain.com.domain > localhost.domain.com.32803: 59549 q:[|domain]

18:25:25.365617 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 31550+[|domain]

18:25:25.365725 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 335) localhost.domain.com.domain > localhost.domain.com.32803: 31550 q:[|domain]

18:25:25.367115 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65) localhost.domain.com.32803 > localhost.domain.com.domain: 52015+[|domain]

18:25:25.367223 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 335) localhost.domain.com.domain > localhost.domain.com.32803: 52015 q:[|domain]

18:25:25.368602 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 55) localhost.domain.com.32803 > localhost.domain.com.domain: 36917+[|domain]

18:25:25.368707 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 325) localhost.domain.com.domain > localhost.domain.com.32803: 36917 q:[|domain]

18:25:25.370236 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 73) localhost.domain.com.32803 > localhost.domain.com.domain: 4752+[|domain]

18:25:25.440651 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258) localhost.domain.com.domain > localhost.domain.com.32803: 4752 q:[|domain]

18:25:25.441965 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 45) localhost.domain.com.32803 > localhost.domain.com.domain: [bad udp cksum a4ba!] 50574+ A? . (17)

18:25:25.442041 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 120) localhost.domain.com.domain > localhost.domain.com.32803: 50574 q: A? . 0/1/0 ns: . (92)

18:25:25.442793 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 73) localhost.domain.com.32803 > localhost.domain.com.domain: 56635+[|domain]

18:25:25.442900 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 259) localhost.domain.com.domain > localhost.domain.com.32803: 56635 q:[|domain]

18:25:25.444182 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 74) localhost.domain.com.32803 > localhost.domain.com.domain: 38801+[|domain]

18:25:25.444289 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 285) localhost.domain.com.domain > localhost.domain.com.32803: 38801 q:[|domain]

18:25:25.445106 IP (tos 0x0, ttl 64, id 59504, offset 0, flags [DF], proto UDP (17), length 71) localhost.domain.com.32802 > localhost.domain.com.domain: 25713+[|domain]

18:25:25.445172 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 120) localhost.domain.com.domain > localhost.domain.com.32802: 25713 NXDomain q:[|domain]

18:25:25.445241 IP (tos 0x0, ttl 64, id 59505, offset 0, flags [DF], proto UDP (17), length 70) localhost.domain.com.32802 > localhost.domain.com.domain: 58437+[|domain]

18:25:25.445297 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 123) localhost.domain.com.domain > localhost.domain.com.32802: 58437 NXDomain q:[|domain]

18:25:25.445359 IP (tos 0x0, ttl 64, id 59506, offset 0, flags [DF], proto UDP (17), length 76) localhost.domain.com.32802 > localhost.domain.com.domain: 57652+[|domain]

18:25:25.445417 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 122) localhost.domain.com.domain > localhost.domain.com.32802: 57652 NXDomain q:[|domain]

18:25:25.445480 IP (tos 0x0, ttl 64, id 59507, offset 0, flags [DF], proto UDP (17), length 83) localhost.domain.com.32802 > localhost.domain.com.domain: 1920+[|domain]

18:25:25.445526 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 129) localhost.domain.com.domain > localhost.domain.com.32802: 1920 NXDomain q:[|domain]

18:25:25.445588 IP (tos 0x0, ttl 64, id 59508, offset 0, flags [DF], proto UDP (17), length 78) localhost.domain.com.32802 > localhost.domain.com.domain: 26023+[|domain]

18:25:25.445701 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 418) localhost.domain.com.domain > localhost.domain.com.32802: 26023 q:[|domain]

18:25:25.446299 IP (tos 0x0, ttl 64, id 22117, offset 0, flags [DF], proto TCP (6), length 491) localhost.domain.com.10025 > localhost.domain.com.55442: P 1:440(439) ack 509 win 265 <nop,nop,timestamp 4057661 4057442>

18:25:25.446315 IP (tos 0x0, ttl 64, id 13058, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.55442 > localhost.domain.com.10025: ., cksum 0x510f (correct), 509:509(0) ack 440 win 265 <nop,nop,timestamp 4057661 4057661>

18:25:25.447040 IP (tos 0x0, ttl 64, id 27131, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.60469 > localhost.domain.com.mysql: S 238584774:238584774(0) win 32792 <mss 16396,sackOK,timestamp 4057661[|tcp]>

18:25:25.447053 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.mysql > localhost.domain.com.60469: S 231810136:231810136(0) ack 238584775 win 32768 <mss 16396,sackOK,timestamp 4057661[|tcp]>

18:25:25.447062 IP (tos 0x0, ttl 64, id 27132, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60469 > localhost.domain.com.mysql: ., cksum 0xe57a (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 4057661 4057661>

18:25:25.447421 IP (tos 0x8, ttl 64, id 52836, offset 0, flags [DF], proto TCP (6), length 112) localhost.domain.com.mysql > localhost.domain.com.60469: P 1:61(60) ack 1 win 256 <nop,nop,timestamp 4057661 4057661>

18:25:25.447450 IP (tos 0x8, ttl 64, id 27133, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60469 > localhost.domain.com.mysql: ., cksum 0xe53e (correct), 1:1(0) ack 61 win 257 <nop,nop,timestamp 4057661 4057661>

18:25:25.450321 IP (tos 0x8, ttl 64, id 27134, offset 0, flags [DF], proto TCP (6), length 128) localhost.domain.com.60469 > localhost.domain.com.mysql: P 1:77(76) ack 61 win 257 <nop,nop,timestamp 4057662 4057661>

18:25:25.450333 IP (tos 0x8, ttl 64, id 52837, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.mysql > localhost.domain.com.60469: ., cksum 0xe4f1 (correct), 61:61(0) ack 77 win 256 <nop,nop,timestamp 4057662 4057662>

18:25:25.450376 IP (tos 0x8, ttl 64, id 52838, offset 0, flags [DF], proto TCP (6), length 63) localhost.domain.com.mysql > localhost.domain.com.60469: P 61:72(11) ack 77 win 256 <nop,nop,timestamp 4057662 4057662>

18:25:25.450410 IP (tos 0x8, ttl 64, id 27135, offset 0, flags [DF], proto TCP (6), length 150) localhost.domain.com.60469 > localhost.domain.com.mysql: P 77:175(98) ack 72 win 257 <nop,nop,timestamp 4057662 4057662>

18:25:25.450600 IP (tos 0x8, ttl 64, id 52839, offset 0, flags [DF], proto TCP (6), length 151) localhost.domain.com.mysql > localhost.domain.com.60469: P 72:171(99) ack 175 win 256 <nop,nop,timestamp 4057662 4057662>

18:25:25.450655 IP (tos 0x8, ttl 64, id 27136, offset 0, flags [DF], proto TCP (6), length 138) localhost.domain.com.60469 > localhost.domain.com.mysql: P 175:261(86) ack 171 win 257 <nop,nop,timestamp 4057662 4057662>

18:25:25.450752 IP (tos 0x8, ttl 64, id 52840, offset 0, flags [DF], proto TCP (6), length 162) localhost.domain.com.mysql > localhost.domain.com.60469: P 171:281(110) ack 261 win 256 <nop,nop,timestamp 4057662 4057662>

18:25:25.456093 IP (tos 0x0, ttl 64, id 32373, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.60470 > localhost.domain.com.mysql: S 238916682:238916682(0) win 32792 <mss 16396,sackOK,timestamp 4057663[|tcp]>

18:25:25.456112 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.mysql > localhost.domain.com.60470: S 240918131:240918131(0) ack 238916683 win 32768 <mss 16396,sackOK,timestamp 4057663[|tcp]>

18:25:25.456124 IP (tos 0x0, ttl 64, id 32374, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60470 > localhost.domain.com.mysql: ., cksum 0xda46 (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 4057663 4057663>

18:25:25.456304 IP (tos 0x8, ttl 64, id 62539, offset 0, flags [DF], proto TCP (6), length 112) localhost.domain.com.mysql > localhost.domain.com.60470: P 1:61(60) ack 1 win 256 <nop,nop,timestamp 4057663 4057663>

18:25:25.456318 IP (tos 0x8, ttl 64, id 32375, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60470 > localhost.domain.com.mysql: ., cksum 0xda0a (correct), 1:1(0) ack 61 win 257 <nop,nop,timestamp 4057663 4057663>

18:25:25.459138 IP (tos 0x8, ttl 64, id 32376, offset 0, flags [DF], proto TCP (6), length 128) localhost.domain.com.60470 > localhost.domain.com.mysql: P 1:77(76) ack 61 win 257 <nop,nop,timestamp 4057664 4057663>

18:25:25.459185 IP (tos 0x8, ttl 64, id 62540, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.mysql > localhost.domain.com.60470: ., cksum 0xd9bd (correct), 61:61(0) ack 77 win 256 <nop,nop,timestamp 4057664 4057664>

18:25:25.459271 IP (tos 0x8, ttl 64, id 62541, offset 0, flags [DF], proto TCP (6), length 63) localhost.domain.com.mysql > localhost.domain.com.60470: P 61:72(11) ack 77 win 256 <nop,nop,timestamp 4057664 4057664>

18:25:25.459294 IP (tos 0x8, ttl 64, id 32377, offset 0, flags [DF], proto TCP (6), length 150) localhost.domain.com.60470 > localhost.domain.com.mysql: P 77:175(98) ack 72 win 257 <nop,nop,timestamp 4057664 4057664>

18:25:25.459540 IP (tos 0x8, ttl 64, id 62542, offset 0, flags [DF], proto TCP (6), length 151) localhost.domain.com.mysql > localhost.domain.com.60470: P 72:171(99) ack 175 win 256 <nop,nop,timestamp 4057664 4057664>

18:25:25.459577 IP (tos 0x8, ttl 64, id 32378, offset 0, flags [DF], proto TCP (6), length 138) localhost.domain.com.60470 > localhost.domain.com.mysql: P 175:261(86) ack 171 win 257 <nop,nop,timestamp 4057664 4057664>

18:25:25.459725 IP (tos 0x8, ttl 64, id 62543, offset 0, flags [DF], proto TCP (6), length 162) localhost.domain.com.mysql > localhost.domain.com.60470: P 171:281(110) ack 261 win 256 <nop,nop,timestamp 4057664 4057664>

18:25:25.488878 IP (tos 0x8, ttl 64, id 27137, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60469 > localhost.domain.com.mysql: ., cksum 0xe352 (correct), 261:261(0) ack 281 win 257 <nop,nop,timestamp 4057672 4057662>

18:25:25.496937 IP (tos 0x8, ttl 64, id 32379, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60470 > localhost.domain.com.mysql: ., cksum 0xd81e (correct), 261:261(0) ack 281 win 257 <nop,nop,timestamp 4057674 4057664>

18:25:25.703967 IP (tos 0x0, ttl 64, id 2237, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.33902 > localhost.domain.com.12025: S 494133952:494133952(0) win 32792 <mss 16396,sackOK,timestamp 4057725[|tcp]>

18:25:25.703989 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) localhost.domain.com.12025 > localhost.domain.com.33902: R, cksum 0xfe31 (correct), 0:0(0) ack 494133953 win 0

18:25:25.711889 IP (tos 0x0, ttl 64, id 18226, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.60472 > localhost.domain.com.mysql: S 494316877:494316877(0) win 32792 <mss 16396,sackOK,timestamp 4057727[|tcp]>

18:25:25.711912 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) localhost.domain.com.mysql > localhost.domain.com.60472: S 505315873:505315873(0) ack 494316878 win 32768 <mss 16396,sackOK,timestamp 4057727[|tcp]>

18:25:25.711926 IP (tos 0x0, ttl 64, id 18227, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60472 > localhost.domain.com.mysql: ., cksum 0x3e18 (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 4057727 4057727>

18:25:25.712154 IP (tos 0x8, ttl 64, id 26717, offset 0, flags [DF], proto TCP (6), length 112) localhost.domain.com.mysql > localhost.domain.com.60472: P 1:61(60) ack 1 win 256 <nop,nop,timestamp 4057727 4057727>

18:25:25.712224 IP (tos 0x8, ttl 64, id 18228, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60472 > localhost.domain.com.mysql: ., cksum 0x3ddc (correct), 1:1(0) ack 61 win 257 <nop,nop,timestamp 4057727 4057727>

18:25:25.715064 IP (tos 0x8, ttl 64, id 18229, offset 0, flags [DF], proto TCP (6), length 128) localhost.domain.com.60472 > localhost.domain.com.mysql: P 1:77(76) ack 61 win 257 <nop,nop,timestamp 4057728 4057727>

18:25:25.715092 IP (tos 0x8, ttl 64, id 26718, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.mysql > localhost.domain.com.60472: ., cksum 0x3d8f (correct), 61:61(0) ack 77 win 256 <nop,nop,timestamp 4057728 4057728>

18:25:25.715154 IP (tos 0x8, ttl 64, id 26719, offset 0, flags [DF], proto TCP (6), length 63) localhost.domain.com.mysql > localhost.domain.com.60472: P 61:72(11) ack 77 win 256 <nop,nop,timestamp 4057728 4057728>

18:25:25.715182 IP (tos 0x8, ttl 64, id 18230, offset 0, flags [DF], proto TCP (6), length 184) localhost.domain.com.60472 > localhost.domain.com.mysql: P 77:209(132) ack 72 win 257 <nop,nop,timestamp 4057728 4057728>

18:25:25.715362 IP (tos 0x8, ttl 64, id 26720, offset 0, flags [DF], proto TCP (6), length 171) localhost.domain.com.mysql > localhost.domain.com.60472: P 72:191(119) ack 209 win 265 <nop,nop,timestamp 4057728 4057728>

18:25:25.715426 IP (tos 0x8, ttl 64, id 18231, offset 0, flags [DF], proto TCP (6), length 176) localhost.domain.com.60472 > localhost.domain.com.mysql: P 209:333(124) ack 191 win 257 <nop,nop,timestamp 4057728 4057728>

18:25:25.715518 IP (tos 0x8, ttl 64, id 26721, offset 0, flags [DF], proto TCP (6), length 171) localhost.domain.com.mysql > localhost.domain.com.60472: P 191:310(119) ack 333 win 265 <nop,nop,timestamp 4057728 4057728>

18:25:25.754272 IP (tos 0x8, ttl 64, id 18232, offset 0, flags [DF], proto TCP (6), length 52) localhost.domain.com.60472 > localhost.domain.com.mysql: ., cksum 0x3b8b (correct), 333:333(0) ack 310 win 257 <nop,nop,timestamp 4057738 4057728>
```

And here is what postfix logged:

```
Nov 30 18:25:25 mail.domain.com postfix/smtpd[32121]: connect from web38914.mail.mud.yahoo.com[209.191.125.120]

Nov 30 18:25:25 mail.domain.com postfix/policyd[15754]: weighted check:  NOT_IN_DYN_PBL_SPAMHAUS=0 NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_DSBL_ORG=0 NOT_IN_IX_MANITU=0 CL_IP_EQ_HELO_IP=-2 (check from: .yahoo. - helo: .web38914.mail.mud.yahoo. - helo-domain: .yahoo.)  FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_ABUSE_RFCI=0.1 <client=209.191.125.120> <helo=web38914.mail.mud.yahoo.com> <from=anubus3@yahoo.com> <to=alias@domain.com>, rate: -8.4

Nov 30 18:25:25 mail.domain.com postfix/policyd[15754]: decided action=PREPEND X-policyd-weight:  NOT_IN_DYN_PBL_SPAMHAUS=0 NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_DSBL_ORG=0 NOT_IN_IX_MANITU=0 CL_IP_EQ_HELO_IP=-2 (check from: .yahoo. - helo: .web38914.mail.mud.yahoo. - helo-domain: .yahoo.)  FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_ABUSE_RFCI=0.1 <client=209.191.125.120> <helo=web38914.mail.mud.yahoo.com> <from=anubus3@yahoo.com> <to=alias@domain.com>, rate: -8.4; delay: 1s

Nov 30 18:25:25 mail.domain.com postfix/smtpd[32121]: NOQUEUE: filter: RCPT from web38914.mail.mud.yahoo.com[209.191.125.120]: <alias@domain.com>: Recipient address triggers FILTER lmtp:127.0.0.1:12025; from=<anubus3@yahoo.com> to=<alias@domain.com> proto=SMTP helo=<web38914.mail.mud.yahoo.com>

Nov 30 18:25:25 mail.domain.com postfix/smtpd[32121]: 98C3E38DCD4: client=web38914.mail.mud.yahoo.com[209.191.125.120]

Nov 30 18:25:25 mail.domain.com postfix/cleanup[32101]: 98C3E38DCD4: message-id=<126420.82396.qm@web38914.mail.mud.yahoo.com>

Nov 30 18:25:25 mail.domain.com postfix/qmgr[32081]: 98C3E38DCD4: from=<anubus3@yahoo.com>, size=1843, nrcpt=1 (queue active)

Nov 30 18:25:25 mail.domain.com postfix/lmtp[32103]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 12025)

Nov 30 18:25:25 mail.domain.com postfix/lmtp[32103]: 98C3E38DCD4: to=<user@domain.com>, orig_to=<alias@domain.com>, relay=none, delay=1.2, delays=1.2/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)

Nov 30 18:25:25 mail.domain.com postfix/smtpd[32121]: disconnect from web38914.mail.mud.yahoo.com[209.191.125.120]
```

----------

## steveb

I managed to get the same issue. Using the normal way (without the client/server part) it crashes:

```
mail dspam # /usr/bin/dspam --user globaluser --deliver=summary --stdout < '/var/spool/spam/trec06p/data/054/066'

X-DSPAM-Result: globaluser; result="Innocent"; class="Innocent"; probability=0.0000; confidence=0.99; signature=1,475c23a4162321097217829

Segmentation fault
```

Using it in client/server mode it does not crash. But it is the same message! And I can reproduce it. At any given time:

```
mail dspam # /usr/bin/dspam --client --user globaluser --deliver=summary --stdout < '/var/spool/spam/trec06p/data/054/066'

X-DSPAM-Result: globaluser; result="Innocent"; class="Innocent"; probability=0.0000; confidence=0.99; signature=1,475c23a9161265965111896

mail dspam #
```

Using the normal way with debug flag works:

```
mail dspam # /usr/bin/dspam --debug --user globaluser --deliver=summary --stdout < '/var/spool/spam/trec06p/data/054/066'

X-DSPAM-Result: globaluser; result="Innocent"; class="Innocent"; probability=0.0000; confidence=0.99; signature=1,475c24c5182771784016309

mail dspam #
```

The message triggering this is from the TREC06 corpus:

```
mail dspam # cat /var/spool/spam/trec06p/data/054/066

Received: from cgi1.tm.net.my (provision.tm.net.my [202.188.95.13])

        by aleve.media.mit.edu (8.9.1a/8.9.1/+ALEVE) with ESMTP id KAA10997

        for <handyboard@media.mit.edu>; Sat, 16 Oct 1999 10:12:38 -0400 (EDT)

Received: from jaring ([202.188.87.151]) by cgi1.tm.net.my

          (InterMail v03.02.05 118 121 101) with SMTP

          id <19991016141204.PNQV3811@jaring>;

          Sat, 16 Oct 1999 22:12:04 +0800

Message-Id: <003101bf17e1$645166c0$9757bcca@jaring.my>

From: "William Ho" <ukho@tm.net.my>

To: "Chul Hun,Han" <chhan@hint.hanjung.co.kr>

Cc: <handyboard@media.mit.edu>

References: <001601bf16c1$ac4a1a60$4a243705@hanjung.co.kr>

Subject: Re: Data acquisition through analog input

Date: Sat, 16 Oct 1999 22:18:58 +0800

Mime-Version: 1.0

Content-Type: multipart/alternative;

        boundary="----=_NextPart_000_002E_01BF1824.71468700"

X-Priority: 3

X-Msmail-Priority: Normal

X-Mailer: Microsoft Outlook Express 5.00.2314.1300

X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300

This is a multi-part message in MIME format.

------=_NextPart_000_002E_01BF1824.71468700

Content-Type: text/plain;

        charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

Mr. Han,

I think you can try to transmit the data through radio frequency =

transmitter to the receiver which is connected to the PC.  I have tried =

this but it is digital data and not analog.

Thanks,

Wil.

  ----- Original Message -----=20

  From: Chul Hun,Han=20

  To: handyboard@media.mit.edu=20

  Sent: Friday, October 15, 1999 11:59 AM

  Subject: Data acquisition through analog input

  Hi!

  Has anyone idea about the method of continuous=20

  data acquisition and store through analog input of=20

  Handy Board and dump them into PC for data analysis

  with MS-Excel?

  Thank you in advance

  C.H.Han

------=_NextPart_000_002E_01BF1824.71468700

Content-Type: text/html;

        charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD>

<META content=3D"text/html; charset=3Dwindows-1252" =

http-equiv=3DContent-Type>

<META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR>

<STYLE></STYLE>

</HEAD>

<BODY bgColor=3D#ffffff>

<DIV><FONT face=3DArial size=3D2>Mr. Han,</FONT></DIV>

<DIV><FONT face=3DArial size=3D2>I think you can try to transmit the =

data through=20

radio frequency transmitter to the receiver which is connected to the =

PC.&nbsp;=20

I have tried this but it is digital data and not analog.</FONT></DIV>

<DIV>&nbsp;</DIV>

<DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV>

<DIV><FONT face=3DArial size=3D2>Wil.</FONT></DIV>

<BLOCKQUOTE=20

style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =

0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">

  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>

  <DIV=20

  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =

black"><B>From:</B>=20

  <A href=3D"mailto:chhan@hint.hanjung.co.kr" =

title=3Dchhan@hint.hanjung.co.kr>Chul=20

  Hun,Han</A> </DIV>

  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20

  href=3D"mailto:handyboard@media.mit.edu"=20

  title=3Dhandyboard@media.mit.edu>handyboard@media.mit.edu</A> </DIV>

  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, October 15, 1999 =

11:59=20

  AM</DIV>

  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Data acquisition =

through analog=20

  input</DIV>

  <DIV><BR></DIV>

  <DIV><FONT face=3D굴림>Hi!</FONT></DIV>

  <DIV>&nbsp;</DIV>

  <DIV><FONT face=3D굴림>Has anyone idea about the method of =

continuous=20

</FONT></DIV>

  <DIV><FONT face=3D굴림>data acquisition and store =

</FONT><FONT face=3D굴림>through=20

  </FONT><FONT face=3D굴림>analog input of </FONT></DIV>

  <DIV><FONT face=3D굴림>Handy Board and dump them =

</FONT><FONT face=3D굴림>into=20

  </FONT><FONT face=3D굴림>PC for data analysis</FONT></DIV>

  <DIV><FONT face=3D굴림>with MS-Excel?</FONT></DIV>

  <DIV>&nbsp;</DIV>

  <DIV><FONT face=3D굴림>Thank you in advance</FONT></DIV>

  <DIV>&nbsp;</DIV>

  <DIV><FONT face=3D굴림>C.H.Han</FONT></DIV>

  <DIV>&nbsp;</DIV>

  <DIV>&nbsp;</DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_002E_01BF1824.71468700--

mail dspam #
```

I can reproduce this on:dspam-3.8.0-r8dspam-3.8.0-r7

With dspam-3.8.0-r6 or dspam-3.8.0-r5 I can get DSPAM to crash but this time when using client/server mode. The normal mode works without crashing. I don't think that r5/r6 are better then r7/r8. I think all of them have the same issue. It is just luck that with one release I am hitting the error first in --client mode and on others with normal mode.

Interesting is that normal mode fails in r7/r8 while client server works. And ultra strange is that with --debug it works while without it it does not work. However... if I do training with many mails in --client mode, then DSPAM goes away and any connection to the socket is not possible any more. Basically the socket is there but DSPAM is either refusing connection to it or DSPAM is totally gone and has left a stale socket. This are the two scenarios I have found.

Debugging this beast is difficult. I some how can not get the debug symbols for DSPAM. I have them (using splitdebug FEATURES) but I still can not properly debug that thing. Backtrace in gdb does not show much (if at all).

And to make things more funny: Disabling the debug USE flags makes things stable again.

If you ask me, then something in the debug flags is not okay.

// SteveB

----------

## steveb

Fixed (I hope)!

// SteveB

----------

## Ateo

I'll test this first chance i get. Probably tonight or tomorrow...

thanks steve. much appreciated.

----------

## Ateo

Ok.

Sorry it took so long to get back to this.. Busy..

Anyways, I disabled debug entirely. It appears things are working but only time will tell.

Thanks steveb. Your help is always appreciated....

I'll change the subject once DSPAM doesn't crash in a while... =)

----------

## steveb

 *Ateo wrote:*   

> Anyways, I disabled debug entirely. It appears things are working but only time will tell.

 Ahh. Then it is the BNR debug. I fixed that issue. Gentoo's DSPAM 3.8.0 -r9 should fix that issue.

 *Ateo wrote:*   

> Thanks steveb. Your help is always appreciated....

 No problem mate.

// SteveB

----------

## Ateo

I'm going to keep it under close eye. All seems good a few hours later.

I'll change the subject to solved once DSPAM delivers 100 emails. =P

Also, I'm looking to do some experimenting with dspam. Can you point to me to some bulk spam messages I can feed dspam?

I appreciate it.

----------

## steveb

 *Ateo wrote:*   

> Can you point to me to some bulk spam messages I can feed dspam?

 I have many of them. In many different formats and different languages. If you want one for the English language and one which gets often updated, then I suggest you to look here. Let me know if you need more.

// SteveB

----------

## Ateo

 *steveb wrote:*   

>  *Ateo wrote:*   Can you point to me to some bulk spam messages I can feed dspam? I have many of them. In many different formats and different languages. If you want one for the English language and one which gets often updated, then I suggest you to look here. Let me know if you need more.
> 
> // SteveB

 

Perfect. Many thanks. The 100 email mark has been reached so it appears you have fixed DSPAM..

----------

## Ateo

I don't mean to bump this but I believe what solved my issue was using SMTP and not LMTP. I just tested it. When I use to LMTP to deliver mail back to Postfix, mail stops being delivered after a few deliveries. When I use SMTP, it functions as expected.

I'm not under pressure to use LMTP. SMTP is fine but LMTP is preferred since these are local interactions.

I do have

```
lmtp      unix  -       -       n       -       -       lmtp
```

in master.cf so I don't know what the issue might be. Unless I need to specify an 'lmtpd' in master.cf...

----------

## mariourk

 *steveb wrote:*   

> FINALLY! I never ever could reproduce those connection issues on my end. But now I can! Cool!
> 
> I know where the error is. I mean I know where in the source code the error is and what the conditions are to trigger it. I had no time to fix it (yet) but I have a workaround to get your installation working. What you need to do is to switch away from using domain sockets and switch to use TCP sockets. In your dspam.conf comment out ServerDomainSocketPath and ClientHost. Replace it with (lets say you use port 10023 for DSPAM):
> 
> ```
> ...

 

I have a problem that seems to be similar to the one this tread is all about. Only my server crashes after a few hours and will deliver hundreds of emails before dspam starts refusing connections.

This is what I see in the logfiles:

```

Jun  8 11:16:34 mail postfix/smtp[19907]: fatal: unknown service: /var/run/dspam.sock/tcp

Jun  8 11:16:34 mail postfix/smtp[19884]: fatal: unknown service: /var/run/dspam.sock/tcp

Jun  8 11:16:34 mail postfix/smtp[19888]: fatal: unknown service: /var/run/dspam.sock/tcp

Jun  8 11:16:34 mail postfix/smtp[19907]: fatal: unknown service: /var/run/dspam.sock/tcp

```

```

Jun  8 11:16:35 mail postfix/qmgr[19861]: warning: private/smtp socket: malformed response

Jun  8 11:16:35 mail postfix/qmgr[19861]: warning: private/smtp socket: malformed response

Jun  8 11:16:35 mail postfix/qmgr[19861]: warning: private/smtp socket: malformed response

Jun  8 11:16:35 mail postfix/qmgr[19861]: warning: private/smtp socket: malformed response

```

These messages turn of a few times, I have no idea what is causing them.

When I monitor the logfiles, after a few hours running smooth, these lines show up and all emails will start piling up in the queue:

```

Jun  8 11:15:07 mail postfix/lmtp[19226]: 605586A20A7: to=<user@ourdomain.nl>, relay=mail.ourdomain.nl[/var/run/dspam.sock], delay=6.4, delays=6.4/0/0/0, dsn=4.3.0, status=deferred (host mail.ourdomain.nl[/var/run/dspam.sock] said: 421 4.3.0 <gwoort@ourdomain.nl> Unable to connect to server (in reply to end of DATA command))

```

I followed your advise and changed the configuration to your suggestion. I had to comment one line to make this work:

```

ServerDomainSocketPath  "/var/run/dspam.sock"

```

It seems to work fine, with your suggestions and this line commented. I have no idea what this line is for or what it should be, now I switched to TCP.

I hope this will solve my problem. Time will tell  :Wink: 

 *Quote:*   

> 
> 
> I don't mean to bump this but I believe what solved my issue was using SMTP and not LMTP. I just tested it. When I use to LMTP to deliver mail back to Postfix, mail stops being delivered after a few deliveries. When I use SMTP, it functions as expected.
> 
> I'm not under pressure to use LMTP. SMTP is fine but LMTP is preferred since these are local interactions.
> ...

 

In case it doesn't solve my problem, I like to know how you switched to smtp instead of lmtp.

I tried:

```

smtp      inet  n       -       n       -       -       smtpd

       -o content_filter=smtp:unix:/var/run/dspam.sock

```

but that didn't work.

Any help/advise is most welcome  :Very Happy: 

----------

## mariourk

Update, switching to TCP didn't solve my problem either. After a few hours I ran into the same problem.

I'd like to know how to switch tp smtp instead of lmtp and see how that works.

I found this post about the same issue. But his suggested fix was allready in my master.cf

----------

