Has inpaths format changed?
John F. Morse
inn at xanadu-bbs.net
Sat Aug 11 12:44:29 UTC 2012
Hi Ray,
Ray Banana wrote:
> Thus spake "John F. Morse" <inn at xanadu-bbs.net>
>
>> I don't think it is encryption, but something in a Path: header from
>> somewhere. Like I said, it may be a new attempt to bypass EMP (phn
>> path) by a spammer.
>
> What you are seeing are fancy path tokens, apparently inserted by Google:
>
> <1344671082_2347594 at news.newsville.com>
> news.glorb.com!r1no17429633qas.0!news-out.google.com!c6ni61305096qas.0!nntp.google.com!newsfeed2.dallas1.level3.net!news.level3.com!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> news.newsville.com!news.newsville.com!not-for-mail
>
> so there's nothing wrong at your end.
I suspected that as I dug deeper yesterday, after seeing the frequent "qas"
etc. at the end of their token in the latest dump file and e-mail.
I wasn't sure because I also saw a pattern of all zeros in the token for iad,
which is Highwinds, and they own NewsGuy, a notorious spammer.
Perhaps this is the straw that broke the camel's back, and justifies entering
google.com into Cleanfeed's bad_paths file?
However, this doesn't explain why the inpaths e-mail is growing bigger each
day? They are now at 708 kB!
That makes me wonder if there isn't something wrong with ninpaths or
sendinpaths, not clearing out the old data.
It could be the .0 and .1 used by Google for a TLD is causing a problem with
ninpaths or sendinpaths.
news at v102:/var/log/news/path$ ls -al
total 2129
drwxrwxr-x 2 news news 848 Aug 11 05:08 .
drwxr-xr-x 4 news news 424 Aug 11 00:05 ..
-rw-rw-r-- 1 news news 80690 Jul 28 05:06 inpaths.1343469961
-rw-rw-r-- 1 news news 81430 Jul 29 05:06 inpaths.1343556361
-rw-rw-r-- 1 news news 84225 Jul 30 05:06 inpaths.1343642761
-rw-rw-r-- 1 news news 96567 Jul 31 05:06 inpaths.1343729161
-rw-rw-r-- 1 news news 70736 Jul 31 16:56 inpaths.1343771796
-rw-rw-r-- 1 news news 297 Jul 31 16:56 inpaths.1343771797
-rw-rw-r-- 1 news news 79470 Aug 1 05:06 inpaths.1343815561
-rw-rw-r-- 1 news news 22254 Aug 1 05:44 inpaths.1343817852
-rw-rw-r-- 1 news news 206694 Aug 2 05:06 inpaths.1343901961
-rw-rw-r-- 1 news news 335431 Aug 3 05:06 inpaths.1343988361
-rw-rw-r-- 1 news news 218217 Aug 4 01:04 inpaths.1344060249
-rw-rw-r-- 1 news news 58530 Aug 4 05:06 inpaths.1344074761
-rw-rw-r-- 1 news news 121682 Aug 5 05:06 inpaths.1344161161
-rw-rw-r-- 1 news news 98564 Aug 6 05:06 inpaths.1344247561
-rw-rw-r-- 1 news news 108827 Aug 7 05:06 inpaths.1344333961
-rw-rw-r-- 1 news news 121120 Aug 8 05:06 inpaths.1344420361
-rw-rw-r-- 1 news news 69223 Aug 8 14:42 inpaths.1344454949
-rw-rw-r-- 1 news news 73910 Aug 9 05:06 inpaths.1344506761
-rw-rw-r-- 1 news news 107786 Aug 10 05:06 inpaths.1344593161
-rw-rw-r-- 1 news news 101636 Aug 11 05:06 inpaths.1344679561
The above shows 20 dump files, but they are covering only 15 days. That is
normal because keep=14 is in sendinpaths.
All servers have 15 days worth of dump files, but they range from 19 files to
22, since some days have more than one dumpfile. None are anywhere near 708 kB!
john at v102:~$ sudo cat /var/log/syslog | grep inpaths
Aug 11 05:06:01 v102 /USR/SBIN/CRON[30072]: (news) CMD (ctlinnd -s -t 60 flush
inpaths!)
Aug 11 05:06:01 v102 innd: ctlinnd command f:inpaths!
Aug 11 05:06:01 v102 innd: inpaths! flush
Aug 11 05:06:01 v102 innd: inpaths! spawned inpaths!:99:proc:30074
Aug 11 05:06:01 v102 innd: inpaths! closed
Aug 11 05:06:01 v102 innd: inpaths! exit 0 elapsed 86400 pid 8108
Aug 11 05:08:01 v102 /USR/SBIN/CRON[30076]: (news) CMD (sendinpaths)
--
John
More information about the inn-workers
mailing list