Has inpaths format changed?

John F. Morse inn at xanadu-bbs.net
Sat Aug 11 12:44:29 UTC 2012 

Hi Ray,

Ray Banana wrote:
> Thus spake "John F. Morse" <inn at xanadu-bbs.net>
>  
>> I don't think it is encryption, but something in a Path: header from
>> somewhere. Like I said, it may be a new attempt to bypass EMP (phn
>> path) by a spammer.
> 
> What you are seeing are fancy path tokens, apparently inserted by Google:
> 
> <1344671082_2347594 at news.newsville.com>
> news.glorb.com!r1no17429633qas.0!news-out.google.com!c6ni61305096qas.0!nntp.google.com!newsfeed2.dallas1.level3.net!news.level3.com!
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> news.newsville.com!news.newsville.com!not-for-mail 
>    
> so there's nothing wrong at your end.


I suspected that as I dug deeper yesterday, after seeing the frequent "qas" 
etc. at the end of their token in the latest dump file and e-mail.

I wasn't sure because I also saw a pattern of all zeros in the token for iad, 
which is Highwinds, and they own NewsGuy, a notorious spammer.

Perhaps this is the straw that broke the camel's back, and justifies entering 
google.com into Cleanfeed's bad_paths file?

However, this doesn't explain why the inpaths e-mail is growing bigger each 
day? They are now at 708 kB!

That makes me wonder if there isn't something wrong with ninpaths or 
sendinpaths, not clearing out the old data.

It could be the .0 and .1 used by Google for a TLD is causing a problem with 
ninpaths or sendinpaths.

news at v102:/var/log/news/path$ ls -al
total 2129
drwxrwxr-x 2 news news    848 Aug 11 05:08 .
drwxr-xr-x 4 news news    424 Aug 11 00:05 ..
-rw-rw-r-- 1 news news  80690 Jul 28 05:06 inpaths.1343469961
-rw-rw-r-- 1 news news  81430 Jul 29 05:06 inpaths.1343556361
-rw-rw-r-- 1 news news  84225 Jul 30 05:06 inpaths.1343642761
-rw-rw-r-- 1 news news  96567 Jul 31 05:06 inpaths.1343729161
-rw-rw-r-- 1 news news  70736 Jul 31 16:56 inpaths.1343771796
-rw-rw-r-- 1 news news    297 Jul 31 16:56 inpaths.1343771797
-rw-rw-r-- 1 news news  79470 Aug  1 05:06 inpaths.1343815561
-rw-rw-r-- 1 news news  22254 Aug  1 05:44 inpaths.1343817852
-rw-rw-r-- 1 news news 206694 Aug  2 05:06 inpaths.1343901961
-rw-rw-r-- 1 news news 335431 Aug  3 05:06 inpaths.1343988361
-rw-rw-r-- 1 news news 218217 Aug  4 01:04 inpaths.1344060249
-rw-rw-r-- 1 news news  58530 Aug  4 05:06 inpaths.1344074761
-rw-rw-r-- 1 news news 121682 Aug  5 05:06 inpaths.1344161161
-rw-rw-r-- 1 news news  98564 Aug  6 05:06 inpaths.1344247561
-rw-rw-r-- 1 news news 108827 Aug  7 05:06 inpaths.1344333961
-rw-rw-r-- 1 news news 121120 Aug  8 05:06 inpaths.1344420361
-rw-rw-r-- 1 news news  69223 Aug  8 14:42 inpaths.1344454949
-rw-rw-r-- 1 news news  73910 Aug  9 05:06 inpaths.1344506761
-rw-rw-r-- 1 news news 107786 Aug 10 05:06 inpaths.1344593161
-rw-rw-r-- 1 news news 101636 Aug 11 05:06 inpaths.1344679561

The above shows 20 dump files, but they are covering only 15 days. That is 
normal because keep=14 is in sendinpaths.

All servers have 15 days worth of dump files, but they range from 19 files to 
22, since some days have more than one dumpfile. None are anywhere near 708 kB!

john at v102:~$ sudo cat /var/log/syslog | grep inpaths
Aug 11 05:06:01 v102 /USR/SBIN/CRON[30072]: (news) CMD (ctlinnd -s -t 60 flush 
inpaths!)
Aug 11 05:06:01 v102 innd: ctlinnd command f:inpaths!
Aug 11 05:06:01 v102 innd: inpaths! flush
Aug 11 05:06:01 v102 innd: inpaths! spawned inpaths!:99:proc:30074
Aug 11 05:06:01 v102 innd: inpaths! closed
Aug 11 05:06:01 v102 innd: inpaths! exit 0 elapsed 86400 pid 8108
Aug 11 05:08:01 v102 /USR/SBIN/CRON[30076]: (news) CMD (sendinpaths)

-- 
John

More information about the inn-workers mailing list