I'm getting this same thing, and have seem a few posts about it, but
never a fix. The only time that it 'fixed itself' on me, was when I
moved the dspam DB from one system (Gentoo) to another (FreeBSD),
but forgot to move the filesystem part of it. After that, I've been
able to deliver correctly.
However I still have it happening on a different system.
In both cases I am using dspam-web to retrain the emails.
Current one:
Gentoo AMD64 Stable/Hardened (SELinux set to Permissive)
mail-filter/dspam-3.10.2-r1 (from Unstable/~AMD64 USE="clamav daemon
domain-scale ldap mysql syslog virtual-users -debug -hash -large-scale
-postgres -small-scale -sqlite -static-libs -user-homedirs")
www-apps/dspam-web-3.10.1
dev-db/mysql-5.1.62-r1 (Stable, for DB Backend)
mail-mta/postfix-2.9.3
mail.log sample:
Sep 23 18:42:10 MailFilter postfix/smtpd[8429]: connect from
localhost[127.0.0.1]
Sep 23 18:42:10 MailFilter postfix/smtpd[8429]: D9590603B7:
client=localhost[127.0.0.1]
Sep 23 18:42:10 MailFilter postfix/cleanup[8421]: D9590603B7:
message-id=<0.0.21d.5cc.1cd9917beea6d72.3...@vz1197.businesswatchnetwork.com>
Sep 23 18:42:10 MailFilter postfix/qmgr[25855]: D9590603B7: from=<>,
size=16742, nrcpt=1 (queue active)
Sep 23 18:42:11 MailFilter postfix/smtpd[8429]: disconnect from
localhost[127.0.0.1]
Sep 23 18:42:11 MailFilter postfix/local[8596]: D9590603B7:
to=<?f???@mailfilter.domain.com>, orig_to=<?f???>, relay=local, delay=0.24,
delays=0.15/0.01/0/0.08, dsn=5.1.1, status=bounced (unknown user: "?f???")
Sep 23 18:42:11 MailFilter postfix/qmgr[25855]: D9590603B7: removed
DSpam Config (Comments and empty lines removed):
Home /var/spool/dspam
StorageDriver /usr/lib64/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/bin/procmail"
DeliveryHost 127.0.0.1
DeliveryPort 10025
DeliveryIdent localhost
DeliveryProto SMTP
OnFail error
Trust root
Trust dspam
Trust apache
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
MySQLServer localhost
MySQLPort 3306
MySQLUser <user>
MySQLPass <password>
MySQLDb dspam
MySQLCompress false
MySQLReconnect false
MySQLUIDInSignature on
HashRecMax 98317
HashAutoExtend on
HashMaxExtents 0
HashExtentSize 49157
HashPctIncrease 10
HashMaxSeek 10
HashConnectionCache 10
Notifications on
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
TrackSources spam virus
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse accept
ServerPID /var/run/dspam/dspam.pid
ServerMode auto
ServerDomainSocketPath "/tmp/dspam.sock"
ClientHost /tmp/dspam.sock
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
Snippet of Postfix master.cf:
dspam unix - - n - 10 lmtp
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/bin/dspam --debug --deliver=innocent --user
${recipient} --rcpt-to $recipient -i -f ${sender} -- ${recipient}
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Some other info to correspond to what you posted in the other thread:
# ldd /usr/bin/dspam
linux-vdso.so.1 (0x000002a8bccf1000)
libdspam.so.7 => /usr/lib64/libdspam.so.7 (0x000002a8bc8af000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x000002a8bc692000)
libc.so.6 => /lib64/libc.so.6 (0x000002a8bc2e5000)
libm.so.6 => /lib64/libm.so.6 (0x000002a8bbff0000)
libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2 (0x000002a8bbda4000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x000002a8bbb88000)
libdl.so.2 => /lib64/libdl.so.2 (0x000002a8bb984000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x000002a8bb74d000)
libgnutls.so.26 => /usr/lib64/libgnutls.so.26 (0x000002a8bb48a000)
libgcrypt.so.11 => /usr/lib64/libgcrypt.so.11 (0x000002a8bb203000)
liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x000002a8baff2000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x000002a8badda000)
/lib64/ld-linux-x86-64.so.2 (0x000002a8bccf2000)
libtasn1.so.3 => /usr/lib64/libtasn1.so.3 (0x000002a8babc9000)
libnettle.so.4 => /usr/lib64/libnettle.so.4 (0x000002a8ba99f000)
libgmp.so.10 => /usr/lib64/libgmp.so.10 (0x000002a8ba733000)
libhogweed.so.2 => /usr/lib64/libhogweed.so.2 (0x000002a8ba51f000)
libz.so.1 => /lib64/libz.so.1 (0x000002a8ba308000)
libgpg-error.so.0 => /usr/lib64/libgpg-error.so.0
(0x000002a8ba103000)
libc - sys-libs/glibc-2.15-r2
If it matters, both systems have users stored in LDAP, but DSPAM
doesn't do anything against LDAP directly, it's either Postfix, Apache,
or Cyrus-SASL that handles that aspect.
I've tried turning on debugging, but haven't found anything useful as
of yet.
Hopefully the above helps that we can get this narrowed down.
Brandon Penglase
On Fri, 14 Sep 2012 09:40:48 +0200
Håkon Alstadheim <ha...@alstadheim.priv.no> wrote:
> Please see minor correction below.
>
> On 12. sep. 2012 20:44, Håkon Alstadheim wrote:
> > I have tickled an ugly old bug in dspam that was discussed ages ago
> > but never to my knowledge resolved. It exhibits like so in my logs
> > (literally) : Sep 12 20:03:41 garbo postfix/smtpd[12003]: warning:
> > Illegal address syntax from localhost[127.0.0.1] in RCPT
> > command:<????`?r?h?> Sep 12 20:03:41 garbo dspam[11992]: Got error
> > 501 in response to RCPT TO: 501 5.1.3 Bad recipient address syntax
> >
> > The question is what is mangling the recipient address ?
> > I can work around this by not having dspam deliver the false
> > positive, and just let dovecot-antispam refile into INBOX. The only
> > problem with that is that the retrained mail ends up not going
> > through my standard inbox filters, ending up at the top-level INBOX.
> >
> > The bad behaviour is the result of the following command:
> >
> > /usr/bin/dspam --deliver=spam,innocent --user hakon --rcpt-to hakon
> > --class=spam --source=error
> Following up my self here with a minor correction. A false positive
> would naturally have --class=innocent
> as seen in this config grom dovecot-antispam:
> antispam_pipe_program = /usr/local/bin/dspam-stub
> antispam_pipe_program_spam_arg = --class=spam --source=error
> antispam_pipe_program_notspam_arg = --class=innocent --source=error
> antispam_pipe_program_args = --deliver=spam,innocent --user %u
> --rcpt-to %u
>
> The script at /usr/local/bin/dspam-stub is:--------
> /usr/bin/logger -p mail.info -t dspam-stub "$0:$1:$2:$3:$4:$5:$6"
> exec /usr/bin/dspam $*
> -------------------------------------------
> So, the command-example in my original mail is obviously from a miss,
> and not a false positive. Same problem with recipient mangling
> happens for both cases though.
> >
> > ... which receives a mail on standard input from dovecot. It is run
> > as the user hakon, I believe. Same thing happens without the
> > "--rcpt-to".
> >
> > I have pasted my config below (actually the output of "grep -h -v
> > '^#' dspam.conf dspam.d/*.conf |grep -v '^$' " )
> > It is an ungodly mess carried over from several years. Unsanitized,
> > with passwords and all. I know. Trusting shorewall too much.
> > Preferences for user hakon upon request. They are read from MySQL,
> > while the default user prefs are read from file.
> > ------------------------------------My dspam config
> > -----------------------------------------
> > Home /var/spool/dspam
> > StorageDriver /usr/lib/dspam/libmysql_drv.so
> > TrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda"
> > UntrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda -a %u"
> > DeliveryHost 127.0.0.1
> > DeliveryPort 10025
> > DeliveryIdent localhost
> > DeliveryProto SMTP
> > FallbackDomains off
> > EnablePlusedDetail on
> > OnFail unlearn
> > Trust root
> > Trust dspam
> > Trust mail
> > Trust mailnull
> > Trust smmsp
> > Trust daemon
> > DebugOpt process spam fp classify inoculation corpus
> > TrainingMode teft
> > TestConditionalTraining on
> > Feature wh
> > Algorithm graham burton
> > Tokenizer chain
> > PValue bcr
> > WebStats on
> > Preference "trainingMode=TEFT" # { TOE | TUM | TEFT |
> > NOTRAIN } -> default:teft
> > Preference "spamAction=tag" # { quarantine | tag | deliver }
> > -> default:quarantine
> > Preference "spamSubject=[SPAM]" # { string } ->
> > default:[SPAM] Preference "statisticalSedation=5" # { 0 - 10 }
> > -> default:0 Preference "enableBNR=on" # { on | off } ->
> > default:off Preference "enableWhitelist=on" # { on | off }
> > -> default:on Preference "signatureLocation=message" #
> > { message | headers } -> default:message
> > Preference "tagSpam=off" # { on | off }
> > Preference "tagNonspam=off" # { on | off }
> > Preference "showFactors=off" # { on | off } -> default:off
> > Preference "optIn=off" # { on | off }
> > Preference "whitelistThreshold=10" # { Integer } -> default:10
> > Preference "makeCorpus=off" # { on | off } -> default:off
> > Preference "storeFragments=off" # { on | off } ->
> > default:off Preference "localStore=" # { on | off } ->
> > default:username Preference "processorBias=on" # { on |
> > off } -> default:on Preference "fallbackDomain=off" # { on
> > | off } -> default:off Preference "trainPristine=off" #
> > { on | off } -> default:off Preference "optOutClamAV=off" #
> > { on | off } -> default:off Preference "ignoreRBLLookups=off" #
> > { on | off } -> default:off Preference "RBLInoculate=off" #
> > { on | off } -> default:off Preference "notifications=off"
> > # { on | off } -> default:off AllowOverride enableBNR
> > AllowOverride enableWhitelist
> > AllowOverride fallbackDomain
> > AllowOverride ignoreGroups
> > AllowOverride ignoreRBLLookups
> > AllowOverride localStore
> > AllowOverride makeCorpus
> > AllowOverride optIn
> > AllowOverride optOut
> > AllowOverride optOutClamAV
> > AllowOverride processorBias
> > AllowOverride RBLInoculate
> > AllowOverride showFactors
> > AllowOverride signatureLocation
> > AllowOverride spamAction
> > AllowOverride spamSubject
> > AllowOverride statisticalSedation
> > AllowOverride storeFragments
> > AllowOverride tagNonspam
> > AllowOverride tagSpam
> > AllowOverride trainPristine
> > AllowOverride trainingMode
> > AllowOverride whitelistThreshold
> > AllowOverride dailyQuarantineSummary
> > AllowOverride notifications
> > Notifications off
> > PurgeSignatures 14 # Stale signatures
> > PurgeNeutral 90 # Tokens with neutralish probabilities
> > PurgeUnused 90 # Unused tokens
> > PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
> > PurgeHits1S 15 # Tokens with only 1 spam hit
> > PurgeHits1I 15 # Tokens with only 1 innocent hit
> > LocalMX 127.0.0.1
> > SystemLog on
> > UserLog on
> > Opt in
> > TrackSources spam
> > Broken case
> > ServerMode auto
> > ServerParameters "--deliver=innocent -d %u"
> > ServerIdent "garbo.alstadheim.priv.no"
> > ProcessorURLContext on
> > ProcessorBias on
> > StripRcptDomain on
> > Include /etc/dspam/dspam.d/
> > StripRcptDomain on
> > ParseToHeaders off
> > ChangeModeOnParse off
> > ChangeUserOnParse off
> > ServerPass.Relay1 "Ra5pha8a"
> > ClientHost /tmp/dspam.sock
> > ClientIdent "Ra5pha8a@Relay1"
> > ServerDomainSocketPath "/tmp/dspam.sock"
> > ClamAVPort 3310
> > ClamAVHost 127.0.0.1
> > ClamAVResponse spam
> > ExtLookup on
> > ExtLookupMode strict # available modes are
> > 'verify', 'map' and 'strict'.
> > # 'strict' enforces both verify and
> > map ExtLookupDriver program # There
> > are plans to support both MySQL and Postgres.
> > ExtLookupServer "/usr/local/bin/rewrite-localpart %u"
> > # Can either be a database hostname or the full path to
> > ExtLookupQuery %u # an executable lookup
> > program and its arguments.
> > # and ExtLookupMode 'map' or 'strict'
> > HashRecMax 98317
> > HashAutoExtend on
> > HashMaxExtents 0
> > HashExtentSize 49157
> > HashPctIncrease 10
> > HashMaxSeek 10
> > HashConnectionCache 10
> > DebugOpt process spam fp classify inoculation corpus
> > Debug *
> > OnFail unlearn
> > TrainingMode toe
> > AllowOverride optIn
> > PlusedUserLowercase on
> > MySQLServer /var/run/mysqld/mysqld.sock
> > MySQLUser libdspam7-drv-my
> > MySQLPass NV4dXWa6xMhm
> > MySQLDb libdspam7drvmysql
> > MySQLUIDInSignature on
> >
> >
> > ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond.
> > Discussions will include endpoint security, mobile security and the
> > latest in malware threats.
> > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________ Dspam-user mailing
> > list Dspam-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/dspam-user
> >
>
>
> --
> Håkon Alstadheim / N-7510 Skatval / email:ha...@alstadheim.priv.no
> tlf: 74 82 60 27 mob: 47 35 39 38
> http://alstadheim.priv.no/hakon/
> spamtrap: finnesi...@alstadheim.priv.no -- 1 hit& you are out
>
>
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Dspam-user mailing list
> Dspam-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
