-------- Original-Nachricht -------- > Datum: Mon, 19 Jan 2009 08:24:03 -0600 > Von: Ray Darrow <rdar...@worrad.com> > An: Steve <steeeeev...@gmx.net> > CC: dspam-users@lists.nuclearelephant.com > Betreff: Re: [dspam-users] DSPAM log contains nothing but timestamps
> ## $Id: dspam.conf.in,v 1.82 2006/06/23 03:11:31 jonz Exp $ > ## dspam.conf -- DSPAM configuration file > ## > > # > # DSPAM Home: Specifies the base directory to be used for DSPAM storage > # > Home /var/spool/dspam > > # > # StorageDriver: Specifies the storage driver backend (library) to use. > # You'll only need to set this if you are using dynamic storage driver > plugins > # from a binary distribution. The default build statically links the > storage > # driver (when only one is specified at configure time), overriding this > # setting, which only comes into play if multiple storage drivers are > specified > # at configure time. When using dynamic linking, be sure to include the > path > # to the library if necessary, and some systems may use an extension other > # than .so (e.g. OSX uses .dylib). > # > # Options include: > # > # libmysql_drv.so libpgsql_drv.so libsqlite_drv.so > # libsqlite3_drv.so libhash_drv.so > # > # IMPORTANT: Switching storage drivers requires more than merely changing > # this option. If you do not wish to lose all of your data, you will need > to > # migrate it to the new backend before making this change. > # > StorageDriver /usr/lib/dspam/libmysql_drv.so > > # > # Trusted Delivery Agent: Specifies the local delivery agent DSPAM > should call > # when delivering mail as a trusted user. Use %u to specify the user > DSPAM is > # processing mail for. It is generally a good idea to allow the MTA to > specify > # the pass-through arguments at run-time, but they may also be specified > here. > # > # Most operating system defaults: > #TrustedDeliveryAgent "/usr/bin/procmail" # Linux > #TrustedDeliveryAgent "/usr/bin/mail" # Solaris > #TrustedDeliveryAgent "/usr/libexec/mail.local" # FreeBSD > #TrustedDeliveryAgent "/usr/bin/procmail" # Cygwin > # > # Other popular configurations: > #TrustedDeliveryAgent "/usr/cyrus/bin/deliver" # Cyrus > #TrustedDeliveryAgent "/bin/maildrop" # Maildrop > #TrustedDeliveryAgent "/usr/local/sbin/exim -oMr spam-scanned" # Exim > # > TrustedDeliveryAgent "/usr/bin/procmail" > > # > # Untrusted Delivery Agent: Specifies the local delivery agent and > arguments > # DSPAM should use when delivering mail and running in untrusted user > mode. > # Because DSPAM will not allow pass-through arguments to be specified to > # untrusted users, all arguments should be specified here. Use %u to > specify > # the user DSPAM is processing mail for. This configuration parameter is > only > # necessary if you plan on allowing untrusted processing. > # > #UntrustedDeliveryAgent "/usr/bin/procmail -d %u" > > # > # SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP > # delivery to deliver your message to the mail server instead of using a > # delivery agent. You will need to configure with --enable-daemon to use > host > # delivery, however you do not need to operate in daemon mode. Specify > an IP > # address or UNIX path to a domain socket below as a host. > # > # If you would like to set up DeliveryHost's on a per-domain basis, use > # the syntax: DeliveryHost.domain.com 1.2.3.4 > # > #DeliveryHost 127.0.0.1 > #DeliveryPort 24 > #DeliveryIdent localhost > #DeliveryProto LMTP > > # > # FallbackDomains: If you want to specify certain domains as fallback > domains, > # enable this option. For example, you could create a user @domain.com, > and > # if b...@domain.com does not resolve to a known user on the system, the > user > # could default to your @domain.com user. NOTE: This also requires > designating > # fallbackDomain for the domain name; > # e.g. dspam_admin ch pref domain.com fallbackDomain on > # > #FallbackDomains on > > # > # Quarantine Agent: DSPAM's default behavior is to quarantine all mail it > # thinks is spam. If you wish to override this behavior, you may specify > # a quarantine agent which will be called with all messages DSPAM thinks > is > # spam. Use %u to specify the user DSPAM is processing mail for. > # > #QuarantineAgent "/usr/bin/procmail -d spam" > > # > # DSPAM can optionally process "plused users" (addresses in the > user+detail > # form) by truncating the username just before the "+", so all internal > # processing occurs for "user", but delivery will be performed for > # "user+detail". This is only useful if the LDA can handle "plused users" > # (for example Cyrus IMAP) and when configured for LMTP delivery above > # > #EnablePlusedDetail on > > # > # Quarantine Mailbox: DSPAM's LMTP code can send spam mail using LMTP to a > # "plused" mailbox (such as user+quarantine) leaving quarantine processing > # for retraining or deletion to be performed by the LDA and the mail > client. > # "plused" mailboxes are supported by Cyrus IMAP and possibly other LDAs. > # The mailbox name must have the + > # > #QuarantineMailbox +quarantine > > # > # OnFail: What to do if local delivery or quarantine should fail. If set > # to "unlearn", DSPAM will unlearn the message prior to exiting with an > # un successful return code. The default option, "error" will not unlearn > # the message but return the appropriate error code. The unlearn option > # is use-ful on some systems where local delivery failures will cause the > # message to be requeued for delivery, and could result in the message > # being processed multiple times. During a very large failure, however, > # this could cause a significant load increase. > # > OnFail error > > # > # Trusted Users: Only the users specified below will be allowed to perform > # administrative functions in DSPAM such as setting the active user and > # accessing tools. All other users attempting to run DSPAM will be > restricted; > # their uids will be forced to match the active username and they will > not be > # able to specify delivery agent privileges or use tools. > # > Trust root > Trust dspam > Trust apache > Trust mail > Trust mailnull > Trust smmsp > Trust daemon > #Trust nobody > #Trust majordomo > > # > # Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM > must > # be compiled with debug support in order to use this option. DSPAM should > # never be running in production with debug active unless you are > # troubleshooting problems. > # > # DebugOpt: One or more of: process, classify, spam, fp, inoculation, > corpus > # process standard message processing > # classify message classification using --classify > # spam error correction of missed spam > # fp error correction of false positives > # inoculation message inoculations (source=inoculation) > # corpus corpusfed messages (source=corpus) > # > Debug * > #Debug bob bill > # > DebugOpt process > > # > # ClassAlias: Alias a particular class to spam/nonspam. This is useful if > # classifying things other than spam. > # > #ClassAliasSpam badstuff > #ClassAliasNonspam goodstuff > > # > # Training Mode: The default training mode to use for all operations, when > # one has not been specified on the commandline or in the user's > preferences. > # Acceptable values are: > # toe Train on Error (Only) > # teft Train Everything (Trains on every message) > # tum Train Until Mature (Train only tokens without enough data) > # notrain Do not train or store signatures (large ISP systems, > post-train) > # > TrainingMode teft > > # > # TestConditionalTraining: By default, dspam will retrain certain errors > # until the condition is no longer met. This usually accelerates learning. > # Some people argue that this can increase the risk of errors, however. > # > TestConditionalTraining on > > # > # Features: Specify features to activate by default; can also be specified > # on the commandline. See the documentation for a list of available > features. > # If _any_ features are specified on the commandline, these are ignored.. > # > #Feature noise > Feature whitelist > > # Training Buffer: The training buffer waters down statistics during > training. > # It is designed to prevent false positives, but can also dramatically > reduce > # dspam's catch rate during initial training. This can be a number from 0 > # (no buffering) to 10 (maximum buffering). If you are paranoid about > false > # positives, you should probably enable this option. > # > #Feature tb=5 > > # > # Algorithms: Specify the statistical algorithms to use, overriding any > # defaults configured in the build. The options are: > # naive Naive-Bayesian (All Tokens) > # graham Graham-Bayesian ("A Plan for Spam") > # burton Burton-Bayesian (SpamProbe) > # robinson Robinson's Geometric Mean Test (Obsolete) > # chi-square Fisher-Robinson's Chi-Square Algorithm > # > # You may have multiple algorithms active simultaneously, but it is > strongly > # recommended that you group Bayesian algorithms with other Bayesian > # algorithms, and any use of Chi-Square remain exclusive. > # > # NOTE: For standard "CRM114" Markovian weighting, use 'naive', or > consider > # using 'burton' for slightly better accuracy > # > # Don't mess with this unless you know what you're doing > # > #Algorithm chi-square > #Algorithm naive > Algorithm graham burton > > # > # Tokenizer: Specify the tokenizer to use. The tokenizer is the piece > # responsible for parsing the message into individual tokens. Depending on > # how many resources you are willing to trade off vs. accuracy, you may > # choose to use a less or more detailed tokenizer: > # word uniGram (single word) tokenizer > # Tokenizes message into single individual words/tokens > # example: "free" and "viagra" > # chain biGram (chained tokens) tokenizer (default) > # Single words + chains adjacent tokens together > # example: "free" and "viagra" and "free viagra" > # sbph Sparse Binary Polynomial Hashing tokenizer > # Creates sparse token patterns across sliding window of > 5-tokens > # example: "the quick * fox jumped" and "the * * fox jumped" > # osb Orthogonal Sparse biGram > # Similar to SBPH, but only uses the biGrams > # example: "the * * fox" and "the * * * jumped" > # > Tokenizer chain > > # > # PValue: Specify the technique used for calculating Probability Values, > # overriding any defaults configured in the build. These options are: > # bcr Bayesian Chain Rule (Graham's Technique - "A Plan for > Spam") > # robinson Robinson's Technique (used in Chi-Square) > # markov Markovian Weighted Technique (for Markovian > discrimination) > # > # Unlike the "Algorithms" property, you may only have one of these > defined. > # Use of the chi-square algorithm automatically changes this to robinson. > # > # Don't mess with this unless you know what you're doing. > # > #PValue robinson > #PValue markov > PValue bcr > > # > # WebStats: Enable this if you are using the CGI, which writes .stats > files > WebStats on > > # > # ImprobabilityDrive: Calculate odds-ratios for ham/spam, and add to > # X-DSPAM-Improbability headers > # > #ImprobabilityDrive on > > # > # Preferences: Specify any preferences to set by default, unless otherwise > # overridden by the user (see next section) or a default.prefs file. > # If user or default.prefs are found, the user's preferences will > override any > # defaults. > # > Preference "spamAction=quarantine" > Preference "signatureLocation=headers" # 'message' or 'headers' > Preference "showFactors=on" > #Preference "spamAction=tag" > #Preference "spamSubject=SPAM" > > # > # Overrides: Specifies the user preferences which may override > configuration > # and commandline defaults. Any other preferences supplied by an > untrusted user > # will be ignored. > # > AllowOverride trainingMode > AllowOverride spamAction spamSubject > AllowOverride statisticalSedation > AllowOverride enableBNR > AllowOverride enableWhitelist > AllowOverride signatureLocation > AllowOverride showFactors > AllowOverride optIn optOut > AllowOverride whitelistThreshold > > # --- MySQL --- > > # > # Storage driver settings: Specific to a particular storage driver. > Uncomment > # the configuration specific to your installation, if applicable. > # > MySQLServer /var/run/mysqld/mysqld.sock > #MySQLPort > MySQLUser dspam > MySQLPass changeme > MySQLDb dspam > MySQLCompress false > #MySQLReconnect true > I have my hard time to believe you are using "changeme" as your password for MySQL and DSPAM. Does that here work for you: mysql --user=dspam --password=changeme --socket=/var/run/mysqld/mysqld.sock --batch -e "SHOW TABLES" dspam Have you configured your DSPAM at all? Have you executed: emerge --config =mail-filter/dspam-3.8.0-r15 > # If you are using replication for clustering, you can also specify a > separate > # server to perform all writes to. > # > #MySQLWriteServer /var/lib/mysql/mysql.sock > #MySQLWritePort > #MySQLWriteUser dspam > #MySQLWritePass changeme > #MySQLWriteDb dspam_write > #MySQLCompress false > #MySQLReconnect true > > # If your replication isn't close to real-time, your retraining might > fail if > # the signature isn't found. One workaround for this is to use the write > # database for all signature reads: > # > #MySQLReadSignaturesFromWriteDb on > > # Use this if you have the 4.1 quote bug (see doc/mysql.txt) > #MySQLSupressQuote on > > # If you're running DSPAM in client/server (daemon) mode, uncomment the > # setting below to override the default connection cache size (the number > # of connections the server pools between all clients). The connection > cache > # represents the maximum number of database connections *available* and > should > # be set based on the maximum number of concurrent connections you're > likely > # to have. Each connection may be used by only one thread at a time, so > all > # other threads _will block_ until another connection becomes available.. > # > #MySQLConnectionCache 10 > > # If you're using vpopmail or some other type of virtual setup and wish to > # change the table dspam uses to perform username/uid lookups, you can > over- > # ride it below > > #MySQLVirtualTable dspam_virtual_uids > #MySQLVirtualUIDField uid > #MySQLVirtualUsernameField username > > # UIDInSignature: MySQL supports the insertion of the user id into the > DSPAM > # signature. This allows you to create one single spam or fp alias > # (pointing to some arbitrary user), and the uid in the signature will > # switch to the correct user. Result: you need only one spam alias > > #MySQLUIDInSignature on > > # --- PostgreSQL --- > > #PgSQLServer 127.0.0.1 > #PgSQLPort 5432 > #PgSQLUser dspam > #PgSQLPass changeme > #PgSQLDb dspam > > # If you're running DSPAM in client/server (daemon) mode, uncomment the > # setting below to override the default connection cache size (the number > # of connections the server pools between all clients). > # > #PgSQLConnectionCache 3 > > # UIDInSignature: PgSQL supports the insertion of the user id into the > DSPAM > # signature. This allows you to create one single spam or fp alias > # (pointing to some arbitrary user), and the uid in the signature will > # switch to the correct user. Result: you need only one spam alias > > #PgSQLUIDInSignature on > > # If you're using vpopmail or some other type of virtual setup and wish to > # change the table dspam uses to perform username/uid lookups, you can > over- > # ride it below > > #PgSQLVirtualTable dspam_virtual_uids > #PgSQLVirtualUIDField uid > #PgSQLVirtualUsernameField username > > # --- SQLite --- > > #SQLitePragma "synchronous = OFF" > > # --- Hash --- > > # > # HashRecMax: Default number of records to create in the initial segment > when > # building hash files. 100,000 yields files 1.6MB in size, but can fill up > # fast, so be sure to increase this (to a million or more) if you're not > using > # autoextend. > # > # NOTE: If you're using a heavy-weight tokenizer, such as SBPH, you > should be > # looking for settings in the 'millions' of records. > # > # Primes List: > # 53, 97, 193, 389, 769, 1543, 3079, 6151, 12289, 24593, 49157, 98317, > 196613, > # 393241, 786433, 1572869, 3145739, 6291469, 12582917, 25165843, > 50331653, > # 100663319, 201326611, 402653189, 805306457, 1610612741, 3221225473, > # 4294967291 > # > HashRecMax 98317 > > # > # HashAutoExtend: Autoextend hash databases when they fill up. This allows > # them to continue to train by adding extents (extensions) to the file. > There > # will be a small delay during the growth process, as everything needs > to be > # closed and remapped. > # > HashAutoExtend on > > # > # HashMaxExtents: The maximum number of extents that may be created in a > single > # hash file. Set this to zero for unlimited > # > HashMaxExtents 0 > > # > # HashExtentSize: The initial record size for newly created extents. > Creating > # this too small could result in many extents being created. Creating > this too > # large could result in excessive disk space usage. Typically, a value > close > # to half of the HashRecMax size is good. > # > HashExtentSize 49157 > > # > # HashPctIncrease: Increase the next extent size by n% from the size of > the > # last extent. This is useful in accommodating systems where the default > # HashExtentSize can be too small for certain high-volume users, and can > also > # help keep seeks nice and speedy and/or prevent too many unnecessary > extents > # from being created when using a low HashMaxSeek. The default behavior, > when > # HashPctIncrease is not used, is to always use # HashExtentSize with no > # increase. > # > HashPctIncrease 10 > > # > # HashMaxSeek: The maximum number of record seeks when inserting a new > record > # before failing or adding a new extent. This ultimately translates into > the > # max # of acceptable seeks per segment. Setting this too high will > exhaustively > # scan each segment and hurt performance. Typically, a low value is > acceptable > # as even older extents will continue to fill as training progresses. > # > HashMaxSeek 10 > > # > # HashConcurrentUser: If you are using a single, stateful hash database in > # daemon mode, specifying a concurrent user below will cause the user to > be > # permanently mapped into memory and shared via rwlocks. This is very > fast and > # very cool if you are running a "userless" relay appliance. > # > #HashConcurrentUser user > > # > # HashConnectionCache: If running in daemon mode, this is the max # of > # concurrent connections that will be supported. NOTE: If you are using > # HashConcurrentUser, this option is ignored, as all connections are read- > # write locked instead of mutex locked. > # > HashConnectionCache 10 > > # -- LDAP -- > > # > # LDAP: Perform various LDAP functions depending on LDAPMode variable. > # Presently, the only mode supported is 'verify', which will verify the > # existence of an unknown user in LDAP prior to creating them as a new > user in > # the system. This is useful on some systems acting as gateway machines. > # > #LDAPMode verify > #LDAPHost ldaphost.mydomain.com > #LDAPFilter "(mail=%u)" > #LDAPBase ou=people,dc=domain,dc=com > > # -- Profiles -- > > # > # You can specify multiple storage profiles, and specify the server to > # use on the commandline with --profile. For example: > # > #Profile DECAlpha > #MySQLServer.DECAlpha 10.0.0.1 > #MySQLPort.DECAlpha 3306 > #MySQLUser.DECAlpha dspam > #MySQLPass.DECAlpha changeme > #MySQLDb.DECAlpha dspam > #MySQLCompress.DECAlpha true > #MySQLReconnect.DECAlpha true > # > #Profile Sun420R > #MySQLServer.Sun420R 10.0.0.2 > #MySQLPort.Sun420R 3306 > #MySQLUser.Sun420R dspam > #MySQLPass.Sun420R changeme > #MySQLDb.Sun420R dspam > #MySQLCompress.Sun420R false > #MySQLReconnect.Sun420R true > # > #DefaultProfile DECAlpha > > # > # If you're using storage profiles, you can set failovers for each > profile. > # Of course, if you'll be failing over to another database, that database > # must have the same information as the first. If you're using a global > # database with no training, this should be relatively simple. If you're > # configuring per-user data, however, you'll need to set up some type of > # replication between databases. > # > #Failover.DECAlpha SUN420R > #Failover.Sun420R DECAlpha > > # If the storage fails, the agent will follow each profile's failover up > to > # a maximum number of failover attempts. This should be set to a maximum > of > # the number of profiles you have, otherwise the agent could loop and try > # the same profile multiple times (unless this is your desired behavior). > # > #FailoverAttempts 1 > > # > # Ignored headers: If DSPAM is behind other tools which may add a header > to > # incoming emails, it may be beneficial to ignore these headers - > especially > # if they are coming from another spam filter. If you are _not_ using one > of > # these tools, however, leaving the appropriate headers commented out will > # allow DSPAM to use them as telltale signs of forged email. > # > #IgnoreHeader X-Spam-Status > #IgnoreHeader X-Spam-Scanned > #IgnoreHeader X-Virus-Scanner-Result > > # > # Lookup: Perform lookups on streamlined blackhole list servers (see > # http://www.nuclearelephant.com/projects/sbl/). The streamlined blacklist > # server is machine-automated, unsupervised blacklisting system designed > to > # provide real-time and highly accurate blacklisting based on network > spread. > # When performing a lookup, DSPAM will automatically learn the inbound > message > # as spam if the source IP is listed. Until an official public RABL > server is > # available, this feature is only useful if you are running your own > # streamlined blackhole list server for internal reporting among > multiple mail > # servers. Provide the name of the lookup zone below to use. > # > # This function performs standard reverse-octet.domain lookups, and while > it > # will function with many RBLs, it's strongly discouraged to use those > # maintained by humans as they're often inaccurate and could hurt filter > # learning and accuracy. > # > #Lookup "sbl.yourdomain.com" > > # > # RBLInoculate: If you want to inoculate the user from RBL'd messages it > would > # have otherwise missed, set this to on. > # > #RBLInoculate off > > # > # Notifications: Enable the sending of notification emails to users (first > # message, quarantine full, etc.) > # > Notifications off > > # > # Purge configuration: Set dspam_clean purge default options, if not > otherwise > # specified on the commandline > # > #PurgeSignatures 14 # Stale signatures > #PurgeNeutral 90 # Tokens with neutralish probabilities > #PurgeUnused 90 # Unused tokens > #PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes) > #PurgeHits1S 15 # Tokens with only 1 spam hit > #PurgeHits1I 15 # Tokens with only 1 innocent hit > > # > # Purge configuration for SQL-based installations using purge.sql > # > PurgeSignature off # Specified in purge.sql > PurgeNeutral 90 > PurgeUnused off # Specified in purge.sql > PurgeHapaxes off # Specified in purge.sql > PurgeHits1S off # Specified in purge.sql > PurgeHits1I off # Specified in purge.sql > > # > # Local Mail Exchangers: Used for source address tracking, tells DSPAM > which > # mail exchangers are local and therefore should be ignored in the > Received: > # header when tracking the source of an email. Note: you should use the > address > # of the host as appears between brackets [ ] in the Received header. > # > LocalMX 127.0.0.1 > > # > # Logging: Disabling logging for users will make usage graphs unavailable > to > # them. Disabling system logging will make admin graphs unavailable. > # > SystemLog on > UserLog on > > # > # TrainPristine: for systems where the original message remains server > side > # and can therefore be presented in pristine format for retraining. This > option > # will cause DSPAM to cease all writing of signatures and DSPAM headers > to the > # message, and deliver the message in as pristine format as possible. > This mode > # REQUIRES that the original message in its pristine format (as of > delivery) > # be presented for retraining, as in the case of webmail, imap, or other > # applications where the message is actually kept server-side during > reading, > # and is preserved. DO NOT use this switch unless the original message > can be > # presented for retraining with the ORIGINAL HEADERS and NO MODIFICATIONS. > # > # NOTE: You can't use this setting with dspam_trian; if you're going to > use it, > # wait until after you train any corpora. > # > #TrainPristine on > > # > # Opt: in or out; determines DSPAM's default filtering behavior. If this > value > # is set to in, users must opt-in to filtering by dropping a .dspam file > in > # /var/dspam/opt-in/user.dspam (or if you have homedirs configured, a > .dspam > # folder in their home directory). The default is opt-out, which means > all > # users will be filtered unless a .nodspam file is dropped in > # /var/dspam/opt-out/user.nodspam > # > Opt out > > # > # TrackSources: specify which (if any) source addresses to track and > report > # them to syslog (mail.info). This is useful if you're running a firewall > or > # blacklist and would like to use this information. Spam reporting also > drops > # RABL blacklist files (see > http://www.nuclearelephant.com/projects/rabl/). > # > #TrackSources spam nonspam > > # > # ParseToHeaders: In lieu of setting up individual aliases for each user, > # DSPAM can be configured to automatically parse the To: address for > spam and > # false positive forwards. From there, it can be configured to either > set the > # DSPAM user based on the username specified in the header and/or change > the > # training class and source accordingly. The options below can be used to > # customize most common types of header parsing behavior to avoid the > need for > # multiple aliases, or if using LMTP, aliases entirely.. > # > # ParseToHeader: Parse the To: headers of an incoming message. This must > be > # set to 'on' to use either of the following features. > # > # ChangeModeOnParse: Automatically change the class (to spam or innocent) > # depending on whether spam- or notspam- was specified, and change the > source > # to 'error'. This is convenient if you're not using aliases at all, but > # are delivering via LMTP. > # > # ChangeUserOnParse: Automatically change the username to match that > specified > # in the To: header. For example, spam-...@domain.tld will set the > username > # to bob, ignoring any --user passed in. This may not always be > desirable if > # you are using virtual email addresses as usernames. Options: > # on or user take the portion before the @ sign only > # full take everything after the initial {spam,notspam}-. > # > #ParseToHeaders on > #ChangeModeOnParse on > #ChangeUserOnParse on > > # > # Broken MTA Options: Some MTAs don't support the proper functionality > # necessary. In these cases you can activate certain features in DSPAM to > # compensate. 'returnCodes' causes DSPAM to return an exit code of 99 if > # the message is spam, 0 if not, or a negative code if an error has > occured. > # Specifying 'case' causes DSPAM to force the input usernames to > lowercase. > # Spceifying 'lineStripping' causes DSPAM to strip ^M's from messages > passed > # in. > # > #Broken returnCodes > #Broken case > #Broken lineStripping > > # > # MaxMessageSize: You may specify a maximum message size for DSPAM to > process. > # If the message is larger than the maximum size, it will be delivered > # without processing. Value is in bytes. > # > #MaxMessageSize 4194304 > > # > # Virus Checking: If you are running clamd, DSPAM can perform stream-based > # virus checking using TCP. Uncomment the values below to enable virus > # checking. > # > # ClamAVResponse: reject (reject or drop the message with a permanent > failure) > # accept (accept the message and quietly drop the message) > # spam (treat as spam and quarantine/tag/whatever) > # > #ClamAVPort 3310 > #ClamAVHost 127.0.0.1 > #ClamAVResponse accept > > # -- CLIENT / SERVER -- > > # > # Daemonized Server: If you are running DSPAM as a daemonized server using > # --daemon, the following parameters will override the default. Use the > # ServerPass option to set up accounts for each client machine. The DSPAM > # server will process and deliver the message based on the parameters > # specified. If you want the client machine to perform delivery, use > # the --stdout option in conjunction with a local setup. > # > #ServerPort 24 > #ServerQueueSize 32 > #ServerPID /var/run/dspam.pid > > # > # ServerMode specifies the type of LMTP server to start. This can be one > of: > # dspam: DSPAM-proprietary DLMTP server, for communicating with dspamc > # standard: Standard LMTP server, for communicating with Postfix or > other MTA > # auto: Speak both DLMTP and LMTP; auto-detect by ServerPass.IDENT > # > #ServerMode dspam > > # If supporting DLMTP (dspam) mode, dspam clients will require > authentication > # as they will be passing in parameters. The idents below will be used to > # determine which clients will be speaking DLMTP, so if you will be using > # both LMTP and DLMTP from the same host, be sure to use something other > # than the server's hostname below (which will be sent by the MTA during a > # standard LMTP LHLO). > # > #ServerPass.Relay1 "secret" > #ServerPass.Relay2 "password" > > # If supporting standard LMTP mode, server parameters will need to be > specified > # here, as they will not be passed in by the mail server. The ServerIdent > # specifies the 250 response code ident sent back to connecting clients > and > # should be set to the hostname of your server, or an alias. > # > # NOTE: If you specify --user in ServerParameters, the RCPT TO will be > # used only for delivery, and not set as the active user for > processing. > # > #ServerParameters "--deliver=innocent -d %u" > #ServerIdent "localhost.localdomain" > > # If you wish to use a local domain socket instead of a TCP socket, > uncomment > # the following. It is strongly recommended you use local domain sockets > if > # you are running the client and server on the same machine, as it > eliminates > # much of the bandwidth overhead. > # > #ServerDomainSocketPath "/tmp/dspam.sock" > > # > # Client Mode: If you are running DSPAM in client/server mode, uncomment > and > # set these variables. A ClientHost beginning with a / will be treated as > # a domain socket. > # > #ClientHost /tmp/dspam.sock > #ClientIdent "sec...@relay1" > # > #ClientHost 127.0.0.1 > #ClientPort 24 > #ClientIdent "sec...@relay1" > > # RABLQueue: Touch files in the RABL queue > # If you are a reporting streamlined blackhole list participant, you can > # touch ip addresses within the directory the rabl_client process is > watching. > # > #RABLQueue /var/spool/rabl > > # DataSource: If you are using any type of data source that does not > include > # email-like headers (such as documents), uncomment the line below. This > # will cause the entire input to be treated like a message "body" > # > #DataSource document > > # ProcessorWordFrequency: By default, words are only counted once per > message. > # If you are classifying large documents, however, you may wish to count > once > # per occurrence instead. > # > #ProcessorWordFrequency occurrence > > # ProcessorURLContext: By default, a URL context is generated for URLs, > which > # records their tokens as separate from words found in documents. To use > # URL tokens in the same context as words, turn this feature off. > # > ProcessorURLContext on > > # ProcessorBias: Bias causes the filter to lean more toward 'innocent', > and > # usually greatly reduces false positives. It is the default behavior of > # most Bayesian filters (including dspam). > # > # NOTE: You probably DONT want this if you're using Markovian Weighting, > unless > # you are paranoid about false positives. > # > ProcessorBias on > > # StripRcptDomain: Cut the domain (including the at sign) from > recipients. > # This is particularly useful if the recipient name is equal to real user > # accounts as recipients with domains tend to cause permission issues with > # dspam-web. > # > StripRcptDomain off > > ## EOF > > > Steve wrote: > > -------- Original-Nachricht -------- > >> Datum: Mon, 19 Jan 2009 07:25:27 -0600 > >> Von: Ray Darrow <rdar...@worrad.com> > >> An: dspam-users@lists.nuclearelephant.com > >> Betreff: [dspam-users] DSPAM log contains nothing but timestamps > > > >> I recently upgraded from a 3.6 install I did manually on my Gentoo > >> server before there was a DSPAM package on Gentoo to the officially > >> supported Gentoo DSPAM 3.8.0 package. The strangest problem is > >> happening after the upgraded: the logs contain nothing but timestamps, > >> no other useful information for debugging my problems. For instance, > >> before recompiling the package with debug on, my log contained entries > >> like this for each message going through DSPAM: > >> > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> 4716: [01/18/2009 21:49:56] > >> > >> > >> And after turning debug on they look like this: > >> > >> 18970: [01/18/2009 22:22:14] ^A > >> 18970: [01/18/2009 22:22:14] ^A > >> 18970: [01/18/2009 22:22:14] > >> 18970: [01/18/2009 22:22:14] > >> 18970: [01/18/2009 22:22:14] > >> 18970: [01/18/2009 22:22:14] > >> 18970: [01/18/2009 22:22:14] _ds_getall_spamrecords() failed > >> 18970: [01/18/2009 22:22:14] total processing time: 0.00832s > >> 18970: [01/18/2009 22:22:14] > >> 18970: [01/18/2009 22:22:14] > >> 18970: [01/18/2009 22:22:14] ^C > >> > >> > >> None of this would matter terribly to me except that I'm trying to > >> troubleshoot why DSPAM doesn't appear to be analyzing my emails at all. > >> It isn't adding it's signature to the email body, nor is it adding > it's > >> headers. It also isn't returning any errors when it is called by > >> procmail - it just passes the mail straight through without any > >> modification. > >> > >> I've compiled DSPAM with the following options: > >> > >> > >> DSPAM Anti-Spam Suite 3.8.0 (agent/library) > >> > >> Copyright (c) 2002-2006 Jonathan A. Zdziarski > >> http://dspam.nuclearelephant.com > >> > >> DSPAM may be copied only under the terms of the GNU General Public > >> License, > >> a copy of which can be found with the DSPAM distribution kit. > >> > >> Configuration parameters: '--prefix=/usr' '--host=i686-pc-linux-gnu' > >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' > >> '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' > >> '--with-storage-driver=hash_drv,mysql_drv' > >> '--with-dspam-home=/var/spool/dspam' '--sysconfdir=/etc/mail/dspam' > >> '--disable-daemon' '--enable-ldap' '--disable-clamav' > >> '--disable-large-scale' '--enable-domain-scale' '--enable-syslog' > >> '--enable-debug' '--disable-bnr-debug' '--enable-verbose-debug' > >> '--enable-long-usernames' '--with-dspam-group=dspam' > >> '--with-dspam-home-group=dspam' '--with-dspam-mode=2511' > >> '--with-logdir=/var/log/dspam' '--enable-virtual-users' > >> '--enable-preferences-extension' '--disable-homedir' > >> '--with-mysql-includes=/usr/include/mysql' > >> '--with-mysql-libraries=/usr/lib/mysql' '--build=i686-pc-linux-gnu' > >> 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' > >> 'CFLAGS=-O3 -march=pentium3 -pipe' 'LDFLAGS=' 'CXXFLAGS=-O3 > >> -march=pentium3 -pipe' > >> > >> > >> > >> I appreciate any help that can be offered. I'm stumped. I can't > >> troubleshoot my initial problem without logging, and I can't seem to > get > >> logging working usefully. > >> > > How about posting your dspam.conf? > > > > > >> Ray > >> > > Steve > > > > > >> > > > > > -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger !DSPAM:1011,49749afa150922030717126!