Lars Stavholm wrote: > Lars Stavholm wrote: >> Tony Earnshaw wrote: >>> Lars Stavholm wrote, on 16. mar 2007 09:39: >>> >>>> Dear List, I really need some help with my setup. I'm detecting >>>> no spam whatsoever, and I'm new to dspam and have difficulties >>>> debugging my setup. It all seems to work just fine, except for >>>> the simple fact that there's no spam detection in place. I'm >>>> trying for a shared group setup with ham/spam folders in IMAP >>>> for user training. >>>> >>>> Here's what I have so far: >>>> >>>> Using SuSE Linux 10.2. >>>> >>>> Postfix -> DSPAM -> Cyrus IMAP >>>> >>>> Built with... >>>> ./configure --prefix=/usr \ >>>> --sysconfdir=/etc \ >>>> --with-dspam-home=/var/lib/dspam \ >>>> --mandir=/usr/share/man \ >>>> --enable-daemon \ >>>> --enable-debug \ >>> So you should have a /var/lib/log directory with dspam.debug in it ... >>> have you? >> Nop. In addition to the above, I've just now enabled the Debug >> and DebugOpt options in the dspam.conf file and restarted dspam. >> The debug files are now, in my case, created in /var/lib/dspam/log. >> >>>> --enable-clamav \ >>>> --enable-syslog \ >>>> --enable-homedir >>>> >>>> /var/lib/dspam/group... >>>> users:shared:[EMAIL PROTECTED] >>> What does /var/lib/dspam/log/dspam.debug tell you happens for each >>> message when you submit a mail for retraining? I have no idea what the >>> hash driver does, since my sites use MySQL, but you should get some >>> impression of something going wrong, if it is. >> OK, I'm looking at it, don't understand much though. >> >> For one particular retrained spam that I just received >> (there's no shortage of fresh spam) the debug starts with: >> >> 7714: [03/16/2007 13:10:24] DSPAM Instance Startup >> 7714: [03/16/2007 13:10:24] input args: dspam --user [EMAIL PROTECTED] >> --class=s >> pam --source=error >> 7714: [03/16/2007 13:10:24] pass-thru args: >> 7714: [03/16/2007 13:10:24] processing user [EMAIL PROTECTED] >> 7714: [03/16/2007 13:10:24] uid = 0, euid = 0, gid = 0, egid = 0 >> 7714: [03/16/2007 13:10:24] loading preferences for user [EMAIL PROTECTED] >> 7714: [03/16/2007 13:10:24] default preferences empty. reverting to >> dspam.conf p >> references. >> 7714: [03/16/2007 13:10:24] Loading preferences from dspam.conf >> 7714: [03/16/2007 13:10:24] using >> /var/lib/dspam/opt-in/[EMAIL PROTECTED] >> as path >> 7714: [03/16/2007 13:10:24] using >> /var/lib/dspam/opt-out/[EMAIL PROTECTED] >> am as path >> 7714: [03/16/2007 13:10:24] assigning user [EMAIL PROTECTED] to group users >> 7714: [03/16/2007 13:10:24] sedation level set to: 0 >> >> So, I guess that looks alright. However, then there's a lot of these: >> >> ' doesn't contains `:' characterde.c:365: unexpected data: header string ' >> ...and... >> >> 7714: [03/16/2007 13:10:24] decode.c:365: unexpected data: header string >> '<!DOCT >> >> ...and so on (a few hundred lines of gibberish, looks really weird), > > That actually turned out to be some strange stuff in the mail header > including '^M' at end of line and an encoded attachment in the mail. > >> and then it all ends with the following... >> >> 7714: [03/16/2007 13:10:24] message is signed. retaining original text >> for reassembly >> 7714: [03/16/2007 13:10:24] message is signed. retaining original text >> for reassembly >> 7714: [03/16/2007 13:10:24] Loading 1 BNR patterns >> 7714: [03/16/2007 13:10:24] Whitelist threshold: 10 >> 7714: [03/16/2007 13:10:24] [graham] [1.000000] >> Received*localhost+(localhost (1 frq, 744s, 0i) >> 7714: [03/16/2007 13:10:24] [burton] [1.000000] >> Received*localhost+(localhost (1 frq, 744s, 0i) >> 7714: [03/16/2007 13:10:24] [graham] [1.000000] Received*socket]) (1frq, >> 740s, 0i) >> [snip] >> >> I'm not sure what I'm looking for:| > > Well, at the far end I can see: > > 9089: [03/16/2007 13:26:37] message result: SPAM > > So, I guess that's good, I told dspam that this is a spam, > and it is acknowledged (whatever good that will do me:).
In addition, just looking at an excerpt from a debug message: [snip] [burton] [1.000000] ^M*Office (1frq, 129s, 0i) [burton] [1.000000] ^M*software (1frq, 122s, 0i) [burton] [1.000000] ^M*Acrobat (1frq, 119s, 0i) [burton] [1.000000] ^M*Premiere (1frq, 118s, 0i) [burton] [1.000000] ^M*Suite (2frq, 118s, 0i) [snip] I guess this might hold information that I need. Can anyone tell me what the numbers in the parenthesis "1frq, 122s, 0i" means? frq is frequency I guess, but how about the other two? /L >>> [...] >>> >>>> I'm using the default hash drive on a low volume box. >>>> TrainingMode was changed from TEFT to TOE after the >>>> 2500 mails training phase. >>> I'm going through the same sort of thing for my home site at the moment, >>> but without any initial training whatsoever and after 7416 messages and >>> training false negatives, dspam CVS=3.6.8 is giving 99.15% accuracy >>> (still training for some spam). >> Impressive, that's what I'm looking for:) >> /L >> > >
