|
Hi. I setup dspam to work with a global merged group named globalgroup: globaluser:merged:* Default and users in TOE mode. I train some users and one time a day run dspam_merge user1 user2 .... -o globaluser And clean old token and signature data for the users: delete from dspam_signature_data where uid!=1000; delete from dspam_stats where uid!=1000; delete from dspam_token_data where uid!=1000; globaluser have id 1000 The issue that this don´t work. The token of globaluser are in the database, but dspam don´t mark the messages as SPAM. Example: 5428: [08/14/2012 12:43:59] connection id 7 from 10.0.1.116. 5428: [08/14/2012 12:43:59] checking trusted user list for dspam(499) 5428: [08/14/2012 12:43:59] No QuarantineAgent option found. Using standard quarantine. 5428: [08/14/2012 12:43:59] using database handle id 1 5428: [08/14/2012 12:43:59] handle locked 5428: [08/14/2012 12:43:59] DSPAM Instance Startup 5428: [08/14/2012 12:43:59] input args: dspam --deliver=innocent -d %u 5428: [08/14/2012 12:43:59] pass-thru args: -d %u 5428: [08/14/2012 12:43:59] processing user x...@xxx.com 5428: [08/14/2012 12:43:59] uid = 499, euid = 499, gid = 498, egid = 12 5428: [08/14/2012 12:43:59] loading preferences for user x...@xxx.com 5428: [08/14/2012 12:43:59] default preferences empty. reverting to dspam.conf preferences. 5428: [08/14/2012 12:43:59] Loading preferences from dspam.conf 5428: [08/14/2012 12:43:59] using /var/lib/dspam/opt-in/x...@xxx.com.dspam as path 5428: [08/14/2012 12:43:59] using /var/lib/dspam/opt-out/x...@xxx.com.nodspam as path 5428: [08/14/2012 12:43:59] adding user to merged group globaluser 5428: [08/14/2012 12:43:59] sedation level set to: 10 5428: [08/14/2012 12:43:59] Connecting to 127.0.0.1:3310 for virus check 5428: [08/14/2012 12:43:59] Connecting to 127.0.0.1:1889 for virus stream transmission 5428: [08/14/2012 12:43:59] message is signed. retaining original text for reassembly 5428: [08/14/2012 12:43:59] Loading 17 BNR patterns 5428: [08/14/2012 12:43:59] Whitelist threshold: 10 5428: [08/14/2012 12:43:59] [graham] [0.300546] para+#+a (1frq, 1s, 2i) 5428: [08/14/2012 12:43:59] [burton] [0.300546] para+#+a (1frq, 1s, 2i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] ar+#+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] ar+#+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] Click+#+#+enviar (1frq, 1s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Click+#+#+enviar (1frq, 1s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] From*Gama+#+contacto (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] From*Gama+#+contacto (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] un+#+#+#+desea (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] un+#+#+#+desea (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] p+#+#+#+ar (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] p+#+#+#+ar (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] Url*//iplanexpress2 (10frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Url*//iplanexpress2 (10frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Url*//iplanexpress2 (10frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] Aqui+#+enviar (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Aqui+#+enviar (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] Subject*Adelanta+tus (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Subject*Adelanta+tus (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] p+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] p+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] xxx+#+#+#+p (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] xxx+#+#+#+p (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] com+#+p (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] com+#+p (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] amigo+Si (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] amigo+Si (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] com+#+#+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] com+#+#+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [graham] [0.400000] ar+#+Haga (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] ar+#+Haga (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] format+#+#+xxx (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Subject*tus+Cuotas (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Subject*Cuotas+en (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] usted+#+#+Click (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Subject*Adelanta+#+#+en (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Url*ar&ciclo=0&id_mensaje=52546&ok=&ko= (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] p+#+#+#+para (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] desuscribirse+#+Aqui (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] From*Gama+#+#+gama-sa.com (1frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Click+Aqui (2frq, 0s, 0i) 5428: [08/14/2012 12:43:59] [burton] [0.400000] Click+Aqui (2frq, 0s, 0i) 5428: [08/14/2012 12:43:59] Graham-Bayesian Probability: 0.001470 Samples: 15 5428: [08/14/2012 12:43:59] Burton-Bayesian Probability: 0.000011 Samples: 27 5428: [08/14/2012 12:43:59] no factors specified; using default 5428: [08/14/2012 12:43:59] Result Confidence: 1.00 5428: [08/14/2012 12:43:59] total processing time: 0.01574s 5428: [08/14/2012 12:43:59] saving signature as 502a723f54286362912545 5428: [08/14/2012 12:43:59] libdspam returned probability of 0.001470 5428: [08/14/2012 12:43:59] message result: NOT SPAM 5428: [08/14/2012 12:43:59] delivering message I don´t undertand why this doesn´t work. If I use without merge the data, the users work fine, but the idea is merge all the spam data in a global merged group and then when put into production reduce the user data into database. Thanks. Cristian. |
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
