SpamAssassin 4.0 and DNS timeouts

[mxroute]

I'm looking for feedback from other users who have their servers upgraded to SpamAssassin 4.0. You can tell by this:

root@moose:/var/log# spamassassin -V
SpamAssassin version 4.0.0

On servers upgraded to SA 4.0, our /var/log/maillog (or /var/log/mail.log) is filled with tons of log entries like this:

Jan 26 18:27:43 moose spamd[630695]: async: aborting after 14.294 s, deadline shrunk

The indication here is that DNS lookups are timing out, for SA rules that require DNS lookups. Here's what I'm asking of you, if you have SA 4.0:

1. What is the output of this command:

grep "aborting after" /var/log/maillog | wc -l

2. How many accounts do you have on your server?

ls /usr/local/directadmin/data/users | wc -l

2. What are the DNS resolvers you use?

cat /etc/resolv.conf

I've ruled out issues with DNS resolvers, I've started running my own Unbound caching resolvers locally on the systems in question, the servers are far closer to idle than overloaded, and I've ruled out network issues. I don't know what other data to gather at this stage, but figuring out how far this is from normal isn't a bad next step.

 

[Richard G]

Couldn't these be caused by the fact that Spamhaus nowadays has limits unless registered or something like that?
We are way not using as much mail as you do, but ofcourse I'm very prepared to be of service to you as far as possible, as you are also always very helpfull

1.) grep "aborting after" /var/log/maillog | wc -l
407

2.) ls /usr/local/directadmin/data/users | wc -l
100

3.) cat /etc/resolv.conf
search companydomain.nl
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 185.12.64.2
nameserver 2a01:4ff:xxx:xxx::add:1

There are some other servers, but with less accounts. Another server has 30 accounts with 62 "aborting after" result.

 

[Active8]

/usr/bin/spamassassin -V
SpamAssassin version 4.0.0
running on Perl version 5.26.3

grep "aborting after" /var/log/maillog | wc -l
31
ls /usr/local/directadmin/data/users | wc -l
9
# Generated by NetworkManager
search a.com
nameserver 195.8.195.8
nameserver 195.135.195.135
nameserver 2a01:7c8:7000:195:0:8:195:8
nameserver 2a01:7c8:7000:195:0:135:195:135

 

[Richard G]

I had a look again. Seems most of my deadline shrunk are caused by dnsbl.sorbs.net.
deadline shrunk: DNSBL, A/xxx.xxx.xxx.136.dnsbl.sorbs.net

 

[Ohm J]

Even on previous version, I setting spamassassin to look up with dns "127.0.0.1".

#/etc/mail/spamassassin/local.cf

dns_server 127.0.0.1

since I config this long time ago, maybe it's incorrect path.

Because place "127.0.0.1" in resolve.conf will cause some issued with domains that's use 3rd party dns server like "cloudflare". Some people use curl to their own domains, this will cause curl to look up in wrong place.