Troy,
Looks like it was indeed a mysql issue. While I see lots of dspam-generated
stuff in mysql it wasn't putting user preferences in there. When I manually
added the user's preferences to mysql guess what? The quarantine started
filling!
I bet I need to change some settings in dspam.d/mysql.conf.
Thanks for the help!
Troy
On Wed, 21 Dec 2011 17:23:01 -0600
Troy Ayers <dspam1...@wcta.net> wrote:
> Do you have more than one dspam.conf?
> default is: /usr/local/etc/dspam.conf
>
> "Unable to attach DSPAM context. Retrying"
> Means, I think that dspam wasn't able to connect to mysql, I think.
>
> QuarantineAgent, when not set, defaults to the built in method.
> Sounds like this is what you want.
>
> You could, I suppose, set the default user and/or this user
> preference for spamAction=quarantine, till you get it figured out. I
> suggesting using the command line for now, to set that.
>
> dspam --version tells you if it was built with
> --enable-preferences-entension. If so, dspam is looking at the
> storage drive (mysql) for prefs. If not so, it's looking for file
> based prefs.
>
> If you have mysql, I didn't see any
> MySQLServer blah balh
> MySQLUser blah
> etc.
> In your full config?
>
> -Troy
>
>
> On 12/21/2011 3:35 PM, Troy Vitullo wrote:
> > Weird:
> >
> > # dspam_admin list preference be...@scionaviation.com
> > # dspam_admin aggregate preference be...@scionaviation.com
> > spamAction=quarantine
> > signatureLocation=message
> > showFactors=on
> > spamSubject=SPAM
> >
> > My users all sign in with their email addresses.
> >
> > While I have a local preferences file, maybe dspam isn't reading it
> > but is instead looking in mysql. If so ...
> >
> > mysql> select * FROM dspam_preferences;
> > Empty set (0.00 sec)
> >
> > That could be why list preference comes up empty. How much does
> > that matter though if the aggregate preferences show quarantine?
> >
> > I started it up as dspam --daemon --debug and I got a spam right
> > away. Here's what it said:
> >
> > 32368: [12/21/2011 14:42:11] No QuarantineAgent option found. Using
> > standard quarantine. 32368: [12/21/2011 14:42:11] using database
> > handle id 0 32368: [12/21/2011 14:42:11] handle locked
> > 32368: [12/21/2011 14:42:11] DSPAM Instance Startup
> > 32368: [12/21/2011 14:42:11] input args: dspam --deliver=innocent
> > 32368: [12/21/2011 14:42:11] pass-thru args: /usr/bin/procmail
> > 32368: [12/21/2011 14:42:11] processing user be...@scionaviation.com
> > 32368: [12/21/2011 14:42:11] uid = 0, euid = 0, gid = 0, egid = 115
> > 32368: [12/21/2011 14:42:11] loading preferences for user
> > be...@scionaviation.com 32368: [12/21/2011 14:42:11] Loading
> > preferences for uid 1 32368: [12/21/2011 14:42:11] Loading
> > preferences for uid 0 32368: [12/21/2011 14:42:11] Loading
> > preferences for uid 0 32368: [12/21/2011 14:42:11] default
> > preferences empty. reverting to dspam.conf preferences. 32368:
> > [12/21/2011 14:42:11] Loading preferences from dspam.conf 32368:
> > [12/21/2011 14:42:11]
> > using /var/spool/dspam/opt-in/scionaviation.com/betsy.dspam as path
> > 32368: [12/21/2011 14:42:11]
> > using /var/spool/dspam/opt-out/scionaviation.com/betsy.nodspam as
> > path 32368: [12/21/2011 14:42:11] sedation level set to: 0 32368:
> > [12/21/2011 14:42:11] Whitelist threshold: 10
> >
> > [SNIP SPAM ANALYSIS]
> >
> > 32368: [12/21/2011 14:42:11] Graham-Bayesian Probability: 1.000000
> > Samples: 15 32368: [12/21/2011 14:42:11] Burton-Bayesian
> > Probability: 1.000000 Samples: 27 32368: [12/21/2011 14:42:11]
> > using Graham factors 32368: [12/21/2011 14:42:11] Result
> > Confidence: 0.99 32368: [12/21/2011 14:42:11] Control: [10 10] [11
> > 10] Delta: [1 0] 32368: [12/21/2011 14:42:11] saving signature as
> > 4ef244a3323682082510379 32368: [12/21/2011 14:42:11] libdspam
> > returned probability of 1.000000 32368: [12/21/2011 14:42:11]
> > message result: SPAM 32368: [12/21/2011 14:42:11] DSPAM Instance
> > Shutdown. Exit Code: 0
> >
> > What should I set QuarantineAgent to (if anything)?
> >
> > I checked /var/log/mail.info to see if it said anything about
> > delivering the message by pulling the from address from dspam's
> > system.log and then searching for it in mail.info. All I see is my
> > greylisting info (which the message passed).
> >
> > In /var/log/mail.err I have:
> >
> > Dec 20 14:23:33 s1 deliver(www-data): mkdir(/var/www/Maildir/cur)
> > failed: Permission denied Dec 20 22:52:26 s1 dspam[7142]: Unable to
> > attach DSPAM context. Retrying. Dec 21 08:22:00 s1 dspam[7142]:
> > Unable to attach DSPAM context. Retrying. Dec 21 14:14:14 s1
> > dspam[7142]: Unable to attach DSPAM context. Retrying.
> >
> > Is any of this useful?
> >
> > Thanks,
> >
> > Troy
> >
> > On Wed, 21 Dec 2011 14:34:01 -0600
> > Troy Ayers<dspam1...@wcta.net> wrote:
> >
> >> does
> >> "dspam_admin list preference $USER"
> >> show the same as what you have in your user.prefs?
> >>
> >> For that matter how about
> >> "dspam_admin aggregate preference $USER"?
> >>
> >> As far as I thought I knew, user prefs override the default user
> >> prefs, as well as the preferences specified on the command line.
> >>
> >> Hopefully someone has a better option, but all I can think of now
> >> is to turn on debugging and see what the dspam.debug shows.
> >>
> >>
> >> On 12/21/2011 12:26 PM, Troy Vitullo wrote:
> >>> Thanks for getting back to me. Now that we have Troys helping
> >>> Troys the world is in big trouble.
> >> :D
> >> -Troy
> >>> The only config I have in /etc/dspam/dspam.d/ is my mysql conf. I
> >>> checked just in case and it has no spamAction setting in there.
> >>>
> >>> I checked the user's settings and she has spamAction=quarantine.
> >>> Here's her full config
> >>> from /var/spool/dspam/data/[domain]/[user]/[user].prefs
> >>>
> >>> trainingMode=TEFT
> >>> spamAction=quarantine
> >>> spamSubject=[SPAM]
> >>> statisticalSedation=0
> >>> enableBNR=on
> >>> optIn=off
> >>> optOut=off
> >>> showFactors=off
> >>> enableWhitelist=on
> >>> signatureLocation=message
> >>>
> >>> /etc/dspam/default.prefs also has a spamAction of quarantine.
> >>>
> >>> I think it's some basic setting I don't have turned on that
> >>> enables dspam to quarantine.
> >>>
> >>> Here's what a spam looks like in the log:
> >>>
> >>> 1324488427 S "OrGreenic Natural
> >>> Cookware"<orgree...@securegridbackups.com>
> >>> 4ef216eb71421784485046 Cook Without Oil, Butter or Grease with
> >>> OrGreenic! 0.076892 [user's email]
> >>> Tagged<7111466088970171208.1324957292a854a2686c7ee87e375c97.651008...@server.securegridbackups.com>
> >>>
> >>> Thanks,
> >>>
> >>> Troy
> >>>
> >>> On Wed, 21 Dec 2011 12:06:02 -0600
> >>> Troy Ayers<dspam1...@wcta.net> wrote:
> >>>
> >>>> Troy,
> >>>>
> >>>> Perhaps the user has their own override for spamaction since that
> >>>> is allowed in dspam.conf? AllowOverride spamAction spamSubject
> >>>>
> >>>>
> >>>> Also, The last line of you dspam.conf is:
> >>>> Include /etc/dspam/dspam.d/
> >>>> So perhaps inspect the contents of that directory, see if there
> >>>> is another Preference "spamAction=
> >>>> in there? I don't recall if dspam takes the first or last
> >>>> instance if you have something defined more than once, I presume
> >>>> it takes the last.
> >>>>
> >>>> -Troy
> >>>>
> >>>>
> >>>>
> >>>> On 12/21/2011 7:57 AM, Troy Vitullo wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I have a fairly simple dspam set up, but I'm missing a key piece
> >>>>> of it.
> >>>>>
> >>>>> I've set dspam up to quarantine suspect messages but it's
> >>>>> sending them anyway (with a [SPAM] tag attached to them.)
> >>>>> Here's my relevant config settings in /etc/dspam/dspam.conf:
> >>>>>
> >>>>> ServerParameters "--deliver=innocent"
> >>>>> ServerIdent "localhost.localdomain"
> >>>>>
> >>>>> Here's what I have in /etc/postfix/master.cf:
> >>>>>
> >>>>> smtp inet n - n - - smtpd
> >>>>> -o
> >>>>> content_filter=lmtp:unix:/var/spool/postfix/var/run/dspam.sock
> >>>>> 127.0.0.1:10026 inet n - - - - smtpd -o
> >>>>> content_filter= -o
> >>>>> receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> >>>>> -o smtpd_helo_restrictions= -o smtpd_client_restrictions=
> >>>>> -o smtpd_sender_restrictions=
> >>>>> -o
> >>>>> smtpd_recipient_restrictions=permit_mynetworks,reject -o
> >>>>> mynetworks=127.0.0.0/8 -o
> >>>>> smtpd_authorized_xforward_hosts=127.0.0.0/8
> >>>>>
> >>>>> postfix uses dovecot as an external delivery method to deliver
> >>>>> mail:
> >>>>>
> >>>>> dovecot unix - n n - - pipe
> >>>>> flags=DRhu user=dovecot argv=/usr/lib/dovecot/deliver -d
> >>>>> ${recipient}
> >>>>>
> >>>>> I added this:
> >>>>> dspam unix - n n - 10 pipe
> >>>>> flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent
> >>>>> --user $recipient -i -f $sender -- $recipient
> >>>>>
> >>>>> underneath but it looks like it still forwards spam instead of
> >>>>> quarantining it.
> >>>>>
> >>>>> The whole system was set up by somebody a lot smarter than I am,
> >>>>> and I'm trying to tack dspam onto the end of it, so thanks for
> >>>>> humoring a newb.
> >>>>>
> >>>>> Full dspam config:
> >>>>>
> >>>>> Home /var/spool/dspam
> >>>>> StorageDriver /usr/lib/dspam/libmysql_drv.so
> >>>>> TrustedDeliveryAgent "/usr/bin/procmail"
> >>>>> DeliveryHost 127.0.0.1
> >>>>> DeliveryPort 10026
> >>>>> DeliveryIdent localhost
> >>>>> DeliveryProto SMTP
> >>>>> OnFail error
> >>>>> Trust root
> >>>>> Trust dspam
> >>>>> Trust mail
> >>>>> Trust mailnull
> >>>>> Trust smmsp
> >>>>> Trust daemon
> >>>>> Debug *
> >>>>> TrainingMode teft
> >>>>> TestConditionalTraining on
> >>>>> Feature chained
> >>>>> Feature whitelist
> >>>>> Algorithm graham burton
> >>>>> PValue graham
> >>>>> Preference "spamAction=quarantine"
> >>>>> Preference "signatureLocation=message" # 'message' or 'headers'
> >>>>> Preference "showFactors=on"
> >>>>> Preference "spamSubject=SPAM"
> >>>>> AllowOverride trainingMode
> >>>>> AllowOverride spamAction spamSubject
> >>>>> AllowOverride statisticalSedation
> >>>>> AllowOverride enableBNR
> >>>>> AllowOverride enableWhitelist
> >>>>> AllowOverride signatureLocation
> >>>>> AllowOverride showFactors
> >>>>> AllowOverride optIn optOut
> >>>>> AllowOverride whitelistThreshold
> >>>>> HashRecMax 98317
> >>>>> HashAutoExtend on
> >>>>> HashMaxExtents 0
> >>>>> HashExtentSize 49157
> >>>>> HashMaxSeek 100
> >>>>> HashConnectionCache 10
> >>>>> Notifications off
> >>>>> PurgeSignatures 14 # Stale signatures
> >>>>> PurgeNeutral 90 # Tokens with neutralish
> >>>>> probabilities PurgeUnused 90 # Unused tokens
> >>>>> PurgeHapaxes 30 # Tokens with less than 5 hits
> >>>>> (hapaxes) PurgeHits1S 15 # Tokens with only 1 spam hit
> >>>>> PurgeHits1I 15 # Tokens with only 1 innocent hit
> >>>>> LocalMX 127.0.0.1
> >>>>> SystemLog on
> >>>>> UserLog on
> >>>>> Opt out
> >>>>> TrackSources spam
> >>>>> ParseToHeaders full
> >>>>> ChangeModeOnParse on
> >>>>> ChangeUserOnParse off
> >>>>> ServerPID /var/run/dspam.pid
> >>>>> ServerMode auto
> >>>>> ServerPass.Relay1 "secret"
> >>>>> ServerParameters "--deliver=innocent"
> >>>>> ServerIdent "localhost.localdomain"
> >>>>> ServerDomainSocketPath "/var/spool/postfix/var/run/dspam.sock"
> >>>>> ClientHost /var/spool/postfix/var/run/dspam.sock
> >>>>> ClientIdent "secret@Relay1"
> >>>>> ProcessorBias on
> >>>>> Include /etc/dspam/dspam.d/
> >>>>>
> >>>>> Troy
> >>>>>
> >>>>> ------------------------------------------------------------------------------
> >>>>>
>
>
>
> ------------------------------------------------------------------------------
> Write once. Port to many.
> Get the SDK and tools to simplify cross-platform app development.
> Create new or port existing apps to sell to consumers worldwide.
> Explore the Intel AppUpSM program developer opportunity.
> appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev
> _______________________________________________
> Dspam-user mailing list
> Dspam-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
> !DSPAM:4ef262d4323681286475438!
>
>
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
