-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/03/11 15:49, Campbell Krueger wrote:
> On 03/03/2011 09:36 AM, Tom Hendrikx wrote:
>
> On 03/03/11 15:00, Campbell Krueger wrote:
>>>> Hey guys,
>>>>
>>>> I'm running the latest stable build of dspam (3.9.1-RC1) and have
>>>> noticed an odd issue...
>>>>
>>>> My user is set (via my preferences in the web interface) to quarantine
>>>> messages. Oddly, this behavior applies to about half of the spam I
>>>> receive - the other half is tagged and delivered to my mailbox.
>>>>
> Is there any indication on which you can divide the received spam in two
> groups? Maybe the recipient for the messages that are not threated as
> your settings command, are sent to some alias address that is processed
> by DSPAM under default settings, and are in a later stadium aliased to
> the same delivery endpoint by postfix?
>
> This largely depends on the way you integrated dspam in your postfix
> setup, but you must first find out why dspam is treating the messages
> differently, as this will probably indicate in which way your
> config/setup is messed up.
>
> Please check these things:
> - output of dspam_stats: do you see uids that are unexpected? Upon
> receiving spam that are not handled according to your settings (i.e.
> tagged and delivered in stead of quarantined), counters for which uid
> are raised, and is that the expected uid?
>
> - any sign of coherence between the message threated 'right' and the
> messages threated 'wrong', based on recipient address or interface that
> receives them (maybe all 'wrong' messages are injected via sendmail
> command, and 'right' messages come from smtp?).
>
>
> Details on dspam setup (config, backend, etc) would also be nice.
>
>>
> Thanks for the reply, Tom - upon looking at dspam_stats, I found my user
> but no aliases (I do not have any configured at this time). All
> messages arrive via the same path - they are received by Postfix on port
> 25 and queued for processing by dspam. Once processed, dspam reinjects
> them into an SMTP listener on port 10025 (localhost only).
> I've attached a screenshot of the "History" tab in the web UI for my
> user - here, you can see that some are shown as quarantined, others as
> tagged.
> Configuration details are below...
> ---------
> .../configure --with-storage-driver=mysql_drv --enable-virtual-users
> --enable-preferences-extension --enable-daemon
> --with-mysql-includes=/usr/include/mysql --enable-syslog
> --enable-long-usernames --enable-debug
> ---------
> # mysql -V
> mysql Ver 14.12 Distrib 5.0.45, for redhat-linux-gnu (x86_64) using
> readline 5.0
> ---------
> Home /usr/local/var/dspam
> StorageDriver /usr/local/lib/dspam/libmysql_drv.so
> TrustedDeliveryAgent "/usr/bin/procmail"
> DeliveryHost 127.0.0.1
> DeliveryPort 10026
> DeliveryIdent localhost
> DeliveryProto SMTP
> OnFail error
> Trust root
> Trust dspam
> Trust apache
> Trust mail
> Trust mailnull
> Trust smmsp
> Trust daemon
> TrainingMode teft
> TestConditionalTraining on
> Feature whitelist
> Algorithm graham burton
> Tokenizer chain
> PValue bcr
> WebStats on
> Preference "spamAction=tag"
> Preference "signatureLocation=headers" # 'message' or 'headers'
> Preference "showFactors=on"
> Preference "spamSubject=[SPAM]"
> AllowOverride trainingMode
> AllowOverride spamAction spamSubject
> AllowOverride statisticalSedation
> AllowOverride enableBNR
> AllowOverride enableWhitelist
> AllowOverride signatureLocation
> AllowOverride showFactors
> AllowOverride optIn optOut
> AllowOverride whitelistThreshold
> MySQLServer /var/lib/mysql/mysql.sock
> MySQLPort
> MySQLUser herpaderp
> MySQLPass derpaderpaderp
> MySQLDb vmail_dspam
> MySQLCompress true
> MySQLConnectionCache 2
> HashRecMax 98317
> HashAutoExtend on
> HashMaxExtents 0
> HashExtentSize 49157
> HashPctIncrease 10
> HashMaxSeek 10
> HashConnectionCache 10
> Notifications on
> PurgeSignatures 14 # Stale signatures
> PurgeNeutral 90 # Tokens with neutralish probabilities
> PurgeUnused 90 # Unused tokens
> PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
> PurgeHits1S 15 # Tokens with only 1 spam hit
> PurgeHits1I 15 # Tokens with only 1 innocent hit
> LocalMX 127.0.0.1
> SystemLog on
> UserLog on
> Opt out
> ServerPID /var/run/dspam.pid
> ServerMode auto
> ServerParameters "--deliver=innocent"
> ServerIdent "uki.flargen.com"
> ServerDomainSocketPath "/tmp/dspam.sock"
> ProcessorURLContext on
> ProcessorBias on
> StripRcptDomain off
> ---------
> I've noticed that if I kill and respawn dspam every 5 minutes, it will
> quarantine all the messages. Unfortunately, I have no idea where to go
> from here in diagnosing this behavior.
Your settings look ok to me, as you can see the 'wrong' behaviour is the
default in your config file, and the right is in your mysql preference
extension. Maybe something goes wrong in retrieving the mysql data, and
dspam falls back to the defaults.
Going on this road means to do some further debugging:
- - do you see any errors in dspam log for 'wrong' messages?
- - do you see ay error in mysql logging for the dspam connection?
- - A complete dspam debug log of a 'wrong' message could be quite
interesting.
FWIW: you can disable MysqlCompress as you're using a local socket. I
don't know about any issue with this seting but it won't speed up
anything, so disable it.
Regards,
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk10CBMACgkQeEmCqmj6IjYGRwCgykFr5ADNRQ1s4iQeOuukrJfP
aZMAn2fViZd9sBohGYKD1V9ubhCNJqgf
=kH5Y
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
