Where can I change spamd logging?

[Gene Heskett]

Greetings all;

Somehow, spamd and friends have gotten the idea that they can spam the
syslog to the point where logrotate fires off at least daily, putting so
much trash in the syslog it worthless as a troubleshooting tool.

What file, and where, do I edit to put that log someplace else?

System is updodate amd64 stretch.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

[mick crane]

On 2021-03-13 04:25, Gene Heskett wrote:
> Greetings all;
>
> Somehow, spamd and friends have gotten the idea that they can spam the
> syslog to the point where logrotate fires off at least daily, putting
> so
> much trash in the syslog it worthless as a troubleshooting tool.
>
> What file, and where, do I edit to put that log someplace else?
>
> System is updodate amd64 stretch.
>
> Cheers, Gene Heskett

hello,
I don't know anything about this but this guy says that he had a typo (
incorrect file name ) to logrotate caused syslog to fill up.
https://serverfault.com/questions/842082/spamassassin-logging

mick


--
Key ID 4BFEBB31

[Andy Smith]

Hi Gene,

On Fri, Mar 12, 2021 at 11:25:20PM -0500, Gene Heskett wrote:
> What file, and where, do I edit to put that log someplace else?

What's unclear or not working about the --syslog= option in "man
spamd"?

https://manpages.debian.org/stretch/spamassassin/spamd.8p.en.html

You can change the options that spamd runs with by editing
/etc/default/spamassassin.

Don't forget to arrange for log rotation of whatever file you do
redirect this to.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

[Gene Heskett]

Thats workiing fine here mick, thanks anyway.

[Gene Heskett]

On Saturday 13 March 2021 07:13:38 Andy Smith wrote:

> Hi Gene,
>
> On Fri, Mar 12, 2021 at 11:25:20PM -0500, Gene Heskett wrote:
> > What file, and where, do I edit to put that log someplace else?
>
> What's unclear or not working about the --syslog= option in "man
> spamd"?
>
> https://manpages.debian.org/stretch/spamassassin/spamd.8p.en.html
>
> You can change the options that spamd runs with by editing
> /etc/default/spamassassin.

And thats the only place I did't look.

> Don't forget to arrange for log rotation of whatever file you do
> redirect this to.

I expect that a given, giving how verbose its logging is, over 10 lines
of drivel for every incoming message. I'll take a look there, thanks
Andy.

> Cheers,
> Andy

[Gene Heskett]

On Saturday 13 March 2021 07:13:38 Andy Smith wrote:

> Hi Gene,
>
> On Fri, Mar 12, 2021 at 11:25:20PM -0500, Gene Heskett wrote:
> > What file, and where, do I edit to put that log someplace else?
>
> What's unclear or not working about the --syslog= option in "man
> spamd"?
>
> https://manpages.debian.org/stretch/spamassassin/spamd.8p.en.html
>
> You can change the options that spamd runs with by editing
> /etc/default/spamassassin.

adding this "-s ~/gene/log/mail.log" inside the option "double quote
pair"> and issueing an /etc/init.d/spamassassin restart, didn't bother
it a bit.

The way I read that manpage, it should have worked.

> Don't forget to arrange for log rotation of whatever file you do
> redirect this to.
>
> Cheers,
> Andy

[Greg Wooledge]

On Sat, Mar 13, 2021 at 02:52:05PM -0500, Gene Heskett wrote:
> adding this "-s ~/gene/log/mail.log" inside the option "double quote
> pair"> and issueing an /etc/init.d/spamassassin restart, didn't bother
> it a bit.
>
> The way I read that manpage, it should have worked.

First: do you actually have a subdirectory named 'gene' inside your
home directory?

Second: can you show the actual line of the config file, with your
modification, and then the resulting service logs after the restart?

Third: can you explain what "didn't bother it a bit" means? What was
the actual resulting behavior? What did it say in the logs?

If you mean something like "the logs were not written to ~/log/mail.log
but instead were written to ____" then it might be because you used the
wrong pathname in the config, so it ignored the config, and used its
default pathname. Ideally the logs would include a warning telling
you this, but not everything gives coherent warnings in all cases.

Fourth: it's possible that tilde expansion is not performed by this
service when reading this particular config option. Hopefully the
man page will say whether it does or not -- but if it doesn't say, then
you'll fall back to trial-and-error (put it in the configs, restart
the service, check the logs, and repeat). Or, if you don't like
trial-and-error documentation, you could just use a pathname that is
guaranteed to work correctly, without requiring tilde expansion.

[Gene Heskett]

On Saturday 13 March 2021 15:13:06 Greg Wooledge wrote:

> On Sat, Mar 13, 2021 at 02:52:05PM -0500, Gene Heskett wrote:
> > adding this "-s ~/gene/log/mail.log" inside the option "double quote
> > pair"> and issueing an /etc/init.d/spamassassin restart, didn't
> > bother it a bit.
> >
> > The way I read that manpage, it should have worked.
>
> First: do you actually have a subdirectory named 'gene' inside your
> home directory?
>
> Second: can you show the actual line of the config file, with your
> modification, and then the resulting service logs after the restart?

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -s ~/log/mail.log"

> Third: can you explain what "didn't bother it a bit" means? What was
> the actual resulting behavior? What did it say in the logs?
>

Its not hitting the named file, but its not spamming syslog any more.
So I've no clue where all that is going

> If you mean something like "the logs were not written to
> ~/log/mail.log but instead were written to ____" then it might be
> because you used the wrong pathname in the config, so it ignored the
> config, and used its default pathname. Ideally the logs would include
> a warning telling you this, but not everything gives coherent warnings
> in all cases.
>
> Fourth: it's possible that tilde expansion is not performed by this
> service when reading this particular config option. Hopefully the
> man page will say whether it does or not -- but if it doesn't say,
> then you'll fall back to trial-and-error (put it in the configs,
> restart the service, check the logs, and repeat). Or, if you don't
> like trial-and-error documentation, you could just use a pathname that
> is guaranteed to work correctly, without requiring tilde expansion.

I'll give it a shot with a full path, and a unique name. And you were
right, its using that name as a log file now. Now, put it in logrotate.

[Andy Smith]

Hello,

On Sat, Mar 13, 2021 at 05:10:42PM -0500, Gene Heskett wrote:
> OPTIONS="--create-prefs --max-children 5 --helper-home-dir -s ~/log/mail.log"

spamd is a system service and it normally (initially) runs as root,
so using a ~ there probably isn't what you want. Storing logs from
such a daemon inside your home directory also doesn't seem
appropriate.

> Its not hitting the named file, but its not spamming syslog any more.
> So I've no clue where all that is going

I wouldn't be surprised if it had ended up somewhere inside /root
(user root's home directory), or nowhere.

[Gene Heskett]

But you've forgotten the spamd's cameleon ability's, that of assuming the
users identity, so while it didn't accept the ~/gene/log path, it works
just fine if the path given is the full pathname.

Since I am alone, and never had a computer using & literate wife, and she
passed last Pearl Harbor Day, Dec 7, 2020, I'm the only breathing user
here, and keeping such as my email logs in my own log dir sure puts and
end to the constant battle for permissions in /var/log. Once set up, it
Just Works.

gene@coyote:~/Downloads/3dp.stf$ ls -l /home/gene/log
total 44060
-rw-r--r-- 1 gene gene 16147 Mar 14 12:14 fetchmail.log
-rw-r--r-- 1 gene gene 11226014 Mar 14 00:09 fetchmail.log.1
-rw-r--r-- 1 gene gene 7694 Jul 6 2020 fetchmail.log.2.gz
-rw-r--r-- 1 gene gene 7326 Jun 28 2020 fetchmail.log.3.gz
-rw-r--r-- 1 gene gene 7697 Jun 21 2020 fetchmail.log.4.gz
-rw-r--r-- 1 gene gene 9975 Jun 15 2020 fetchmail.log.5.gz
-rw-r--r-- 1 gene gene 3471 Mar 14 12:14 mail.log
-rw-r--r-- 1 gene gene 2397019 Mar 14 00:09 mail.log.1
-rw-r--r-- 1 gene gene 4833 Jul 6 2020 mail.log.2.gz
-rw-r--r-- 1 gene gene 4581 Jun 28 2020 mail.log.3.gz
-rw-r--r-- 1 gene gene 4688 Jun 21 2020 mail.log.4.gz
-rw-r--r-- 1 gene gene 5864 Jun 15 2020 mail.log.5.gz
-rw-r--r-- 1 gene gene 45302 Mar 14 12:14 procmail.log
-rw-r--r-- 1 gene gene 31003168 Mar 14 00:09 procmail.log.1
-rw-r--r-- 1 gene gene 36668 Jul 6 2020 procmail.log.2.gz
-rw-r--r-- 1 gene gene 34798 Jun 28 2020 procmail.log.3.gz
-rw-r--r-- 1 gene gene 32404 Jun 21 2020 procmail.log.4.gz
-rw-r--r-- 1 gene gene 42483 Jun 15 2020 procmail.log.5.gz
-rw-r--r-- 1 gene gene 180494 Mar 14 12:14 sa-mail.log

sa-mail.log has not existed long enough to be rotated, and the long gap
in the dates was because I had piggy backed "mystuff" onto a system
rotate file, which apparently got replaced by an update in late June of
last year and went un-noticed by me until a couple days ago. So
now "mystuff" has its own file. Shoulda had it originally. :(

Sometimes I learn slow now, but what the hell, I'm also 86 years old.
And lucky to be here, but I seem to be a survivor, altho one emergency
did cost me some of my once 147 IQ. I had a pulmonary embolism at 79 yo
that while I'm one of the < 2% that survive one of those, it did do some
brain damage. Enough that I failed the Mensa test at 81. And working on
3d printing a harmonic drive that will last more than 24 hours running
at 1000 input rpms. 3 or 4 heart attacks and some hardware helpers
installed in my heart, and a pacemaker are keeping me going. But as one
comic said on the radio in the middle of WW-II, I don't even buy green
bananas. :)

So far, so good.

Take care, stay safe and well all.