On Apr 9, 2010, at 7:21 PM, Stevan Bajić wrote:

> On Fri, 9 Apr 2010 19:00:54 -0700
> Terry Barnum <te...@dop.com> wrote:
> 
>> I've been running DSPAM for approximately 2 weeks and looking at the output 
>> of dspam_stats, I'm curious how long training normally takes.
>> 
>> A script is run nightly to check .Junk mailboxes for false negatives and 
>> .NotJunk mailboxes for false positives and retrains on error. (Richard 
>> Valk's http://switch.richard5.net/serverinstall/train.dspam)
>> 
>> Here's sample output from dspam_stats -H
>> 
>> x...@dop.com:
>>              TP True Positives:                     0
>>              TN True Negatives:                    19
>>              FP False Positives:                    0
>>              FN False Negatives:                  348
>>              SC Spam Corpusfed:                     0
>>              NC Nonspam Corpusfed:                  0
>>              TL Training Left:                   2481
>>              SHR Spam Hit Rate                  0.00%
>>              HSR Ham Strike Rate:               0.00%
>>              PPV Positive predictive value:   100.00%
>>              OCA Overall Accuracy:              5.18%
>> 
>> y...@dop.com:
>>              TP True Positives:                     0
>>              TN True Negatives:                     0
>>              FP False Positives:                    0
>>              FN False Negatives:                 3035
>>              SC Spam Corpusfed:                     0
>>              NC Nonspam Corpusfed:                  0
>>              TL Training Left:                   2500
>>              SHR Spam Hit Rate                  0.00%
>>              HSR Ham Strike Rate:             100.00%
>>              PPV Positive predictive value:   100.00%
>>              OCA Overall Accuracy:              0.00%
>> 
>> z...@dop.com:
>>              TP True Positives:                     0
>>              TN True Negatives:                     0
>>              FP False Positives:                    0
>>              FN False Negatives:                  358
>>              SC Spam Corpusfed:                     0
>>              NC Nonspam Corpusfed:                  0
>>              TL Training Left:                   2500
>>              SHR Spam Hit Rate                  0.00%
>>              HSR Ham Strike Rate:             100.00%
>>              PPV Positive predictive value:   100.00%
>>              OCA Overall Accuracy:              0.00%
>> 
>> te...@dop.com:
>>              TP True Positives:                     0
>>              TN True Negatives:                     3
>>              FP False Positives:                    0
>>              FN False Negatives:                 5108
>>              SC Spam Corpusfed:                     0
>>              NC Nonspam Corpusfed:                  0
>>              TL Training Left:                   2497
>>              SHR Spam Hit Rate                  0.00%
>>              HSR Ham Strike Rate:               0.00%
>>              PPV Positive predictive value:   100.00%
>>              OCA Overall Accuracy:              0.09%
>> 
> This all looks to me that you are not using DSPAM at all. Seems to me that 
> only the script from http://switch.richard5.net/serverinstall/train.dspam is 
> feeding DSPAM with data in your setup.

Thank you for your help Stevan. My understanding of how this is supposed to 
eventually work is DSPAM analyzes and adds a header to email as Innocent or 
Spam and the MUA, which is configured to trust the Spam header, moves mail into 
the Junk mailbox if DSPAM classified it as Spam. The MUA has its own Junk 
filtering and moves mail it considers spam into the Junk mailbox too. So the 
nightly script may run across mail in the Junk mailbox that it mis-classified 
as Innocent but is actually spam and is retrained as a false negative. 
Conversely, if DSPAM incorrectly classifies mail as spam, the user moves that 
email from the Junk mailbox into the NotJunk mailbox so the nightly script can 
retrain as a false positive.

DSPAM appears to be correctly adding headers but so far I've seen only 
Whitelisted and Innocent.


>> Is so much "Training Left" normal? Do I have something misconfigured? Will 
>> DSPAM start tagging email as SPAM only after 2500 successfully classified 
>> emails?
>> 
> No. DSPAM is fully functional from day one. The tagging can be turned on/off 
> inside dspam.conf or with the preference extension. However... turning on/off 
> the tagging has nothing to do with the training left number.
> 
> 
>> $ dspam --version
>> 
>> DSPAM Anti-Spam Suite 3.9.0 (agent/library)
>> 
>> Copyright (c) 2002-2009 DSPAM Project
>> http://dspam.sourceforge.net.
>> 
>> DSPAM may be copied only under the terms of the GNU General Public License,
>> a copy of which can be found with the DSPAM distribution kit.
>> 
>> $ cat /usr/local/dspam.conf | grep -v ^# | grep -v ^$
>> 
>> Home /usr/local/var/dspam
>> StorageDriver /usr/local/lib/dspam/libmysql_drv.dylib
>> TrustedDeliveryAgent "/usr/bin/procmail"
>> DeliveryHost         127.0.0.1
>> DeliveryPort         10026
>> DeliveryIdent                localhost
>> DeliveryProto                SMTP
>> OnFail error
>> Trust root
>> Trust dspam
>> Trust apache
>> Trust mail
>> Trust mailnull 
>> Trust smmsp
>> Trust daemon
>> Trust _dspam
>> Trust _postfix
>> Trust _www
>> TrainingMode toe
>> TestConditionalTraining on
>> Feature whitelist
>> Algorithm graham burton
>> Tokenizer osb
>> PValue bcr
>> WebStats on
>> Preference "trainingMode=TOE"                # { TOE | TUM | TEFT | NOTRAIN 
>> } -> default:teft
>> Preference "spamAction=tag"          # { quarantine | tag | deliver } -> 
>> default:quarantine
>> Preference "spamSubject=[SPAM]"              # { string } -> default:[SPAM]
>> Preference "statisticalSedation=5"   # { 0 - 10 } -> default:0
>> Preference "enableBNR=on"            # { on | off } -> default:off
>> Preference "enableWhitelist=on"              # { on | off } -> default:on
>> Preference "signatureLocation=headers"       # { message | headers } -> 
>> default:message
>> Preference "tagSpam=off"             # { on | off }
>> Preference "tagNonspam=off"          # { on | off }
>> Preference "showFactors=on"          # { on | off } -> default:off
>> Preference "optIn=off"                       # { on | off }
>> Preference "optOut=off"                      # { on | off }
>> Preference "whitelistThreshold=10"   # { Integer } -> default:10
>> Preference "makeCorpus=off"          # { on | off } -> default:off
>> Preference "storeFragments=off"              # { on | off } -> default:off
>> Preference "localStore="             # { on | off } -> default:username  
>> <---- ** okay to be blank? **
>> 
> Yes
> 
> 
>> Preference "processorBias=on"                # { on | off } -> default:on
>> Preference "fallbackDomain=off"              # { on | off } -> default:off
>> Preference "trainPristine=off"               # { on | off } -> default:off
>> Preference "optOutClamAV=off"                # { on | off } -> default:off
>> Preference "ignoreRBLLookups=off"    # { on | off } -> default:off
>> Preference "RBLInoculate=off"                # { on | off } -> default:off
>> AllowOverride enableBNR
>> AllowOverride enableWhitelist
>> AllowOverride fallbackDomain
>> AllowOverride ignoreGroups
>> AllowOverride ignoreRBLLookups
>> AllowOverride localStore
>> AllowOverride makeCorpus
>> AllowOverride optIn
>> AllowOverride optOut
>> AllowOverride optOutClamAV
>> AllowOverride processorBias
>> AllowOverride RBLInoculate
>> AllowOverride showFactors
>> AllowOverride signatureLocation
>> AllowOverride spamAction
>> AllowOverride spamSubject
>> AllowOverride statisticalSedation
>> AllowOverride storeFragments
>> AllowOverride tagNonspam
>> AllowOverride tagSpam
>> AllowOverride trainPristine
>> AllowOverride trainingMode
>> AllowOverride whitelistThreshold
>> AllowOverride dailyQuarantineSummary
>> MySQLServer          /var/mysql/mysql.sock
>> MySQLUser            *
>> MySQLPass            *
>> MySQLDb                      *
>> MySQLCompress                false
>> MySQLVirtualTable            dspam_virtual_uids
>> MySQLVirtualUIDField         uid
>> MySQLVirtualUsernameField    username
>> MySQLUIDInSignature  on
>> HashRecMax           98317
>> HashAutoExtend               on  
>> HashMaxExtents               0
>> HashExtentSize               49157
>> HashPctIncrease              10
>> HashMaxSeek          10
>> HashConnectionCache  10
>> Notifications        off
>> PurgeSignatures 14   # Stale signatures
>> PurgeNeutral 90      # Tokens with neutralish probabilities
>> PurgeUnused  90      # Unused tokens
>> PurgeHapaxes 30      # Tokens with less than 5 hits (hapaxes)
>> PurgeHits1S  15      # Tokens with only 1 spam hit
>> PurgeHits1I  15      # Tokens with only 1 innocent hit
>> LocalMX 127.0.0.1
>> SystemLog    on
>> UserLog              on
>> Opt out
>> ParseToHeaders on
>> ChangeModeOnParse on
>> ChangeUserOnParse full
>> ServerPID            /var/run/dspam.pid
>> ServerParameters     "--deliver=innocent,spam"
>> ServerIdent          "localhost.local"
>> ProcessorURLContext on
>> ProcessorBias on
>> StripRcptDomain off
>> 
> What MTA are you using? Postfix? If so could you post your master.conf and 
> your main.conf?

Yes, postfix/dovecot/mysql with virtual users, postgrey, dspam and vacation.

$ postconf -n

broken_sasl_auth_clients = yes
command_directory = /opt/local/sbin
config_directory = /opt/local/etc/postfix
daemon_directory = /opt/local/libexec/postfix
data_directory = /opt/local/var/lib/postfix
debug_peer_level = 2
default_privs = nobody
delay_warning_time = 4h
home_mailbox = Maildir/
html_directory = no
mail_owner = _postfix
mailq_path = /opt/local/bin/mailq
manpage_directory = /opt/local/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = mailbox.dop.com
mynetworks = 192.168.0.0/23, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /opt/local/bin/newaliases
proxy_interfaces = 70.167.15.114
queue_directory = /opt/local/var/spool/postfix
readme_directory = /opt/local/share/postfix/readme
sample_directory = /opt/local/share/postfix/sample
sendmail_path = /opt/local/sbin/sendmail
setgid_group = _postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_non_fqdn_sender, reject_non_fqdn_recipient, 
reject_unknown_sender_domain, reject_unknown_recipient_domain, 
reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient, 
check_helo_access hash:/opt/local/etc/postfix/helo_checks, check_sender_access 
hash:/opt/local/etc/postfix/access_sender, reject_rbl_client zen.spamhaus.org, 
reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:60000, 
check_client_access pcre:/opt/local/etc/postfix/dspam_filter_access
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_address
smtpd_tls_cert_file = /opt/local/etc/postfix/ssl/certs/postfix.cert
smtpd_tls_key_file = /opt/local/etc/postfix/ssl/private/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = hash:/opt/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = 
proxy:mysql:/opt/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:102
virtual_mailbox_base = /xxxx/xxxx/xxxx/
virtual_mailbox_domains = 
mysql:/opt/local/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = 
proxy:mysql:/opt/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 102
virtual_transport = dovecot
virtual_uid_maps = static:102

$ cat master.cf | grep -v ^#

smtp      inet  n       -       n       -       -       smtpd
dspam     unix  -       n       n       -       10      pipe
 flags=Ru user=_dspam argv=/usr/local/bin/dspam --deliver=innocent --user 
${recipient} -i -f $sender -- $recipient
submission inet n       -       n       -       -       smtpd
 -o smtpd_enforce_tls=yes
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
dovecot   unix  -       n       n       -       -       pipe
 flags=DRhu user=_vmail argv=/opt/local/libexec/dovecot/deliver -f ${sender} -d 
${recipient}
localhost:10026 inet    n       -       n       -       -       smtpd
 -o content_filter=
 -o 
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
 -o smtpd_helo_restrictions=
 -o smtpd_client_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
vacation  unix  -       n       n       -       -       pipe
 flags=Rq user=_vacation argv=/opt/local/var/spool/vacation/vacation.pl -f 
${sender} -- ${recipient}

Thanks,
-Terry


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to