Re: URIBL_RHS_DOB high hits
On 10/09/2014 03:06 AM, David Jones wrote: On 10/07/2014 01:12 PM, Axb wrote: On 10/07/2014 01:01 PM, Reindl Harald wrote: Am 07.10.2014 um 12:53 schrieb Axb: On 10/07/2014 12:40 PM, Reindl Harald wrote: Am 06.10.2014 um 19:06 schrieb Axb: On 10/06/2014 07:01 PM, David Jones wrote: Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB? host google.com.dob.sibl.support-intelligence.net Host google.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) "web tools" not that it was not junk but created 10 years ago Date: Tue, 07 Oct 2014 12:00:47 +0200 1.0 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) * [URIs: emms.com] Domain Name: EMMS.COM Registrar: REGISTRYGATE GMBH Whois Server: whois.registrygate.com Referral URL: http://www.registrygate.com Name Server: NS1.DNSSOCKET.NET Name Server: NS2.DNSSOCKET.NET Status: clientTransferProhibited Updated Date: 02-jul-2014 Creation Date: 06-may-2004 Expiration Date: 06-may-2015 host emms.com.dob.sibl.support-intelligence.net Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) funky resolver? unbound on localhost with adjusted caching to avoid DNS mistakes hit for many hours, i get 3 respones one of them with 127.0.0.2 and two with NXDOMAIN and exactly the same result on the LAN cache running BIND while both do recursion and not forwarding cache-min-ttl: 300 cache-max-ttl: 3600 host emms.com.dob.sibl.support-intelligence.net emms.com.dob.sibl.support-intelligence.net has address 127.0.0.2 Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) host emms.com.dob.sibl.support-intelligence.net emms.com.dob.sibl.support-intelligence.net has address 127.0.0.2 Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) I'm testing from 3 different sites/networks with PowerDNS recursor and all give me a single NXDOMAIN Found it. dig A a.support-intelligence.net +short 208.67.172.17 dig A b.support-intelligence.net +short 209.23.235.22 dig emms.com.dob.sibl.support-intelligence.net @208.67.172.17 +short 127.0.0.2 The mirror on 208.67.172.17 is not in sync Shooting Rick another mail... Will take a while - he's in US west coast I tried a few queries and they were good so are we safe to enable this rule again? Anyone get word back from Rick that this issue is resolved? Yep, He replied confirming that it's fixed.
Re: spamd does not start
Hi, > /usr/local/bin/sa-update && /usr/local/bin/sa-compile && > /usr/local/etc/rc.d/sa-spamd restart > > the only time spamd would restart is if sa-update AND sa-compile were > successfully completed, correct? Sorry for jumping in the conversation... I have solved that issue by calling sa-update from a script (perl) and I do a spamassassin -lint before ever trying to restart spamd (or amavisd in my case), so I am sure that I will only restart on something clean. That way, I can also update some rules that are not on sa-update. And in any case, send myself an email if something went wrong. Being executed only once a day, the extra load of a Perl script is neglectible. Best regards, Olivier
Re: spamd does not start
On Wednesday, October 8, 2014, 6:31:08 PM, Martin confabulated: > On Wed, 2014-10-08 at 16:46 -0600, Amir Caspi wrote: >> On Oct 8, 2014, at 4:23 PM, Duane Hill wrote: >> > >> > No. && is a way of chaining commands together. Your cron says run >> > sa-update and then restart spamd. In other words, when sa-update >> > finishes running, regardless if there was an update applied or not, >> > restart spamd. >> >> Unless I am mistaken, I believe this is not correct. On *nix systems, >> && is the logical "and" operator, and it can be used to chain commands >> as dependencies. >> > Correct. >> && short-circuits on failure, so if the first command returns zero, >> the "and" would fail and the second command never runs. The second >> command is only evaluated if the first returns non-zero ("true"). >> > Incorrect. sh and its descendants such as bash and ksh reverse the > representation of true and false with respect to C and its descendants: > in shell scripts a value of zero is TRUE and non-zero is FALSE. > This is a necessary feature since, by convention, under UNIX/Linux or > any other POSIX-compliant OS a program returns zero on success and a > non-zero value on failure. The non zero exit code *may* be a value > showing what the error was but this isn't guaranteed: all you can say is > that a non-zero exit code indicates that the program didn't complete its > usual activity. >> Hence, spamd is restarted only if sa-update actually loads an update, >> and not otherwise. >> > Correct: "a && b" in a shell script means run b iff a was successful >> This is the same reason why you can also see commands like: >> do_this || die >> in perl scripts, because the logical "or" operator || will >> short-circuit on success, hence the "fallback" command never gets run >> if the first one succeeded. >> > True, but be aware that Perl, like C, C++, Java, represents false by > zero and true by non-zero values - the reverse of a Unix/Linux/POSIX > shell script. > In all cases there's no danger of confusion as long as you write logical > statements that are either boolean algebra that makes no attempt to > represent the value of a logical variable or only represents it by the > literals TRUE and FALSE. Thanks for clarifying everything. So, if I had: /usr/local/bin/sa-update && /usr/local/bin/sa-compile && /usr/local/etc/rc.d/sa-spamd restart the only time spamd would restart is if sa-update AND sa-compile were successfully completed, correct? -- Duane Hill duih...@gmail.com "If at first you don't succeed, so much for sky diving."
Re: URIBL_RHS_DOB high hits
> On 10/07/2014 01:12 PM, Axb wrote: > > On 10/07/2014 01:01 PM, Reindl Harald wrote: > >> > >> > >> Am 07.10.2014 um 12:53 schrieb Axb: > >>> On 10/07/2014 12:40 PM, Reindl Harald wrote: > Am 06.10.2014 um 19:06 schrieb Axb: > > On 10/06/2014 07:01 PM, David Jones wrote: > >> Anyone else seeing an unusually high hit count today for > >> URIBL_RHS_DOB? > >>> > > >>> > > > host google.com.dob.sibl.support-intelligence.net > > Host google.com.dob.sibl.support-intelligence.net not found: > > 3(NXDOMAIN) > > > > "web tools" > > not that it was not junk but created 10 years ago > > Date: Tue, 07 Oct 2014 12:00:47 +0200 > 1.0 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) > * [URIs: emms.com] > > Domain Name: EMMS.COM > Registrar: REGISTRYGATE GMBH > Whois Server: whois.registrygate.com > Referral URL: http://www.registrygate.com > Name Server: NS1.DNSSOCKET.NET > Name Server: NS2.DNSSOCKET.NET > Status: clientTransferProhibited > Updated Date: 02-jul-2014 > Creation Date: 06-may-2004 > Expiration Date: 06-may-2015 > > >>> > >>> host emms.com.dob.sibl.support-intelligence.net > >>> Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) > >>> > >>> funky resolver? > >> > >> unbound on localhost with adjusted caching to avoid DNS mistakes hit for > >> many hours, i get 3 respones one of them with 127.0.0.2 and two with > >> NXDOMAIN and exactly the same result on the LAN cache running BIND while > >> both do recursion and not forwarding > >> > >> cache-min-ttl: 300 > >> cache-max-ttl: 3600 > >> > >> host emms.com.dob.sibl.support-intelligence.net > >> emms.com.dob.sibl.support-intelligence.net has address 127.0.0.2 > >> Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) > >> Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) > >> > >> host emms.com.dob.sibl.support-intelligence.net > >> emms.com.dob.sibl.support-intelligence.net has address 127.0.0.2 > >> Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) > >> Host emms.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) > > > > I'm testing from 3 different sites/networks with PowerDNS recursor and > > all give me a single NXDOMAIN > Found it. > dig A a.support-intelligence.net +short > 208.67.172.17 > dig A b.support-intelligence.net +short > 209.23.235.22 > dig emms.com.dob.sibl.support-intelligence.net @208.67.172.17 +short > 127.0.0.2 > The mirror on 208.67.172.17 is not in sync > Shooting Rick another mail... > Will take a while - he's in US west coast I tried a few queries and they were good so are we safe to enable this rule again? Anyone get word back from Rick that this issue is resolved?
Re: spamd does not start
On Wed, 2014-10-08 at 16:46 -0600, Amir Caspi wrote: > On Oct 8, 2014, at 4:23 PM, Duane Hill wrote: > > > > No. && is a way of chaining commands together. Your cron says run > > sa-update and then restart spamd. In other words, when sa-update > > finishes running, regardless if there was an update applied or not, > > restart spamd. > > Unless I am mistaken, I believe this is not correct. On *nix systems, > && is the logical "and" operator, and it can be used to chain commands > as dependencies. > Correct. > && short-circuits on failure, so if the first command returns zero, > the "and" would fail and the second command never runs. The second > command is only evaluated if the first returns non-zero ("true"). > Incorrect. sh and its descendants such as bash and ksh reverse the representation of true and false with respect to C and its descendants: in shell scripts a value of zero is TRUE and non-zero is FALSE. This is a necessary feature since, by convention, under UNIX/Linux or any other POSIX-compliant OS a program returns zero on success and a non-zero value on failure. The non zero exit code *may* be a value showing what the error was but this isn't guaranteed: all you can say is that a non-zero exit code indicates that the program didn't complete its usual activity. > Hence, spamd is restarted only if sa-update actually loads an update, > and not otherwise. > Correct: "a && b" in a shell script means run b iff a was successful > This is the same reason why you can also see commands like: > do_this || die > in perl scripts, because the logical "or" operator || will > short-circuit on success, hence the "fallback" command never gets run > if the first one succeeded. > True, but be aware that Perl, like C, C++, Java, represents false by zero and true by non-zero values - the reverse of a Unix/Linux/POSIX shell script. In all cases there's no danger of confusion as long as you write logical statements that are either boolean algebra that makes no attempt to represent the value of a logical variable or only represents it by the literals TRUE and FALSE. Martin Martin
Re: spamd does not start
Looks like I'm late to the party. :-) --- Amir thumbed via iPhone > On Oct 8, 2014, at 4:46 PM, Amir Caspi wrote: > >> On Oct 8, 2014, at 4:23 PM, Duane Hill wrote: >> >> No. && is a way of chaining commands together. Your cron says run >> sa-update and then restart spamd. In other words, when sa-update >> finishes running, regardless if there was an update applied or not, >> restart spamd. > > Unless I am mistaken, I believe this is not correct. On *nix systems, && is > the logical "and" operator, and it can be used to chain commands as > dependencies. && short-circuits on failure, so if the first command returns > zero, the "and" would fail and the second command never runs. The second > command is only evaluated if the first returns non-zero ("true"). Hence, > spamd is restarted only if sa-update actually loads an update, and not > otherwise. > > This is the same reason why you can also see commands like: > do_this || die > in perl scripts, because the logical "or" operator || will short-circuit on > success, hence the "fallback" command never gets run if the first one > succeeded. >
Re: spamd does not start
On Wednesday, October 8, 2014, 5:38:20 PM, John wrote: > On Wed, 8 Oct 2014, Duane Hill wrote: >> No. && is a way of chaining commands together. > ...where the second command is only executed if the first command exited > with a zero status. && stops on failure. > try: > true && echo "was true" > false && echo "was false" > If you want it to execute the subsequent command regardless of exit status > of the first command, use a plain ; I stand corrected. I discovered that. Sorry for the noise. -- Duane Hill duih...@gmail.com "If at first you don't succeed, so much for sky diving."
Re: spamd does not start
On Oct 8, 2014, at 4:23 PM, Duane Hill wrote: > > No. && is a way of chaining commands together. Your cron says run > sa-update and then restart spamd. In other words, when sa-update > finishes running, regardless if there was an update applied or not, > restart spamd. Unless I am mistaken, I believe this is not correct. On *nix systems, && is the logical "and" operator, and it can be used to chain commands as dependencies. && short-circuits on failure, so if the first command returns zero, the "and" would fail and the second command never runs. The second command is only evaluated if the first returns non-zero ("true"). Hence, spamd is restarted only if sa-update actually loads an update, and not otherwise. This is the same reason why you can also see commands like: do_this || die in perl scripts, because the logical "or" operator || will short-circuit on success, hence the "fallback" command never gets run if the first one succeeded.
Re: spamd does not start
On Wed, 8 Oct 2014 17:23:36 -0500 Duane Hill wrote: > No. && is a way of chaining commands together. && is a logical AND > Your cron says run > sa-update and then restart spamd. In other words, when sa-update > finishes running, regardless if there was an update applied or not, > restart spamd. No, it's conditional. A && B has a logical value, if A is false then A && B can't possibly be true so B isn't evaluated, this is called short-circuiting.
Re: spamd does not start
On Wednesday, October 8, 2014, 5:31:07 PM, Dave wrote: > On 2014-10-08 15:23, Duane Hill wrote: >> No. && is a way of chaining commands together. Your cron says run >> sa-update and then restart spamd. In other words, when sa-update >> finishes running, regardless if there was an update applied or not, >> restart spamd. > I thought that ; would chain commands together and run both in sequence > regardless of the results, whereas && is a conditional for if the > previous command succeeded and || was a conditional for if the previous > command failed? > At least in bash... I stand corrected. I found this: && will automatically run the command on the right, as long as the command on the left executes without an error return code. Sorry for the noise. -- Duane Hill duih...@gmail.com "If at first you don't succeed, so much for sky diving."
Re: spamd does not start
On Wed, 8 Oct 2014, Duane Hill wrote: No. && is a way of chaining commands together. ...where the second command is only executed if the first command exited with a zero status. && stops on failure. try: true && echo "was true" false && echo "was false" If you want it to execute the subsequent command regardless of exit status of the first command, use a plain ; -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Rights can only ever be individual, which means that you cannot gain a right by joining a mob, no matter how shiny the issued badges are, or how many of your neighbors are part of it. -- Marko --- 860 days since the first successful private support mission to ISS (SpaceX)
Re: spamd does not start
On 2014-10-08 15:23, Duane Hill wrote: No. && is a way of chaining commands together. Your cron says run sa-update and then restart spamd. In other words, when sa-update finishes running, regardless if there was an update applied or not, restart spamd. I thought that ; would chain commands together and run both in sequence regardless of the results, whereas && is a conditional for if the previous command succeeded and || was a conditional for if the previous command failed? At least in bash... -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
Re: spamd does not start
On Wednesday, October 8, 2014, 3:11:06 PM, LuKreme wrote: >> On 08 Oct 2014, at 04:56 , Duane Hill wrote: >> >> On Tuesday, October 7, 2014, 10:56:54 PM, LuKreme wrote: >> >>> On 07 Oct 2014, at 11:45 , Jari Fredrisson wrote: I ran sa-update & sa-compile. >> >>> Should sa-compile be run after sa-update? >> >>> I have a crontab entry: >> >>> 16 1 * * * /usr/local/bin/sa-update && >>> /usr/local/etc/rc.d/sa-spamd restart >> >>> should I add an sa-compile call? >> >> I am on FreeBSD here. This is what I use: >> >> Content of sa_update.sh: >> >> #!/bin/sh >> >> /usr/local/bin/sa-update -D --nogpg >> >> if [ $? -eq 0 ] ; then >> /usr/local/bin/sa-compile >> /usr/local/etc/rc.d/sa-spamd restart >> exit 0 >> else >> exit 0 >> fi >> >> This way, sa-compile is ran and spamd is restarted only when there is >> an update. I then use the script in a cron which runs once per day. >> >> I believe the way you have it, spamd will get restarted every time >> your cron is ran whether there is an update or not. > It will get restarted if the sa-update process finishes cleanly > (that’s what && does) which I think is the same as if [ $? -eq 0]; > So, I’ll add an sa-compile in there, thanks. No. && is a way of chaining commands together. Your cron says run sa-update and then restart spamd. In other words, when sa-update finishes running, regardless if there was an update applied or not, restart spamd. The part in my shell script you mentioned '[ $? -eq 0]' tests to see if the exit result of running sa-update is not equal to zero. If the result is not equal to zero, meaning an update was loaded, run sa-compile and restart spamd. -- Duane Hill duih...@gmail.com "If at first you don't succeed, so much for sky diving."
Site-wide bayes and individual bayes
Is it possible to have a site-wide bayes AND individual bayes for some users (or all users)? And, if not, is it generally better to do sitewide? And, is it possible to take all the individual bayes and combine them into a stitewide db? -- "You've got to dance like nobody's watching." - Kathy Mattea
Re: Score Ignored
On Wed, 2014-10-08 at 15:48 -0500, Robert A. Ober wrote: > > On Mon, 22 Sep 2014 15:11:44 -0500 Robert A. Ober wrote: > > > *Yes, my test messages and SPAM hit the rules but ignore the score.* > What is the easiest way to know what score is applied per rule? Neither > the server log nor the header breaks it down. Wait. If there's no Report, if you do not have the list of rules hit and its respective scores, how do you tell your custom rule's score is ignored by SA? Besides the Report as mentioned by Axb already, you also can modify the default Status header to include per-rule scores. add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTSSCORES(,)_ autolearn=_AUTOLEARN_ version=_VERSION_" -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Score Ignored
On 10/08/2014 10:48 PM, Robert A. Ober wrote: On 9/22/14 4:20 PM, RW wrote: On Mon, 22 Sep 2014 15:11:44 -0500 Robert A. Ober wrote: *Yes, my test messages and SPAM hit the rules but ignore the score.* What score does it have? Could it be that the score got set after spamd was restarted? __ What is the easiest way to know what score is applied per rule? Neither the server log nor the header breaks it down. I think the SA's docs show you how http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.txt TEMPLATE TAGS _REPORT_ terse report of tests hit (for header reports) put this in you local.cf : add_header all Report _REPORT_ iirc, this will add a nice X-Spam-Report: header with a list of rules AND scores. and when in doubt, rtfm: http://spamassassin.apache.org/full/3.4.x/doc/ and/or in the local box via perldoc spamassassin
Re: Score Ignored
On 9/22/14 4:20 PM, RW wrote: On Mon, 22 Sep 2014 15:11:44 -0500 Robert A. Ober wrote: *Yes, my test messages and SPAM hit the rules but ignore the score.* What score does it have? Could it be that the score got set after spamd was restarted? __ What is the easiest way to know what score is applied per rule? Neither the server log nor the header breaks it down. Not sure what you mean by the score set after spamd was restarted. Don't know how that would happen. To answer earlier ideas/questions, I have retyped and the rules are not duplicated. Baffled and annoyed, Robert A. Ober
Re: spamd does not start
> On 08 Oct 2014, at 04:56 , Duane Hill wrote: > > On Tuesday, October 7, 2014, 10:56:54 PM, LuKreme wrote: > >> On 07 Oct 2014, at 11:45 , Jari Fredrisson wrote: >>> I ran sa-update & sa-compile. > >> Should sa-compile be run after sa-update? > >> I have a crontab entry: > >> 16 1 * * * /usr/local/bin/sa-update && >> /usr/local/etc/rc.d/sa-spamd restart > >> should I add an sa-compile call? > > I am on FreeBSD here. This is what I use: > > Content of sa_update.sh: > > #!/bin/sh > > /usr/local/bin/sa-update -D --nogpg > > if [ $? -eq 0 ] ; then > /usr/local/bin/sa-compile > /usr/local/etc/rc.d/sa-spamd restart > exit 0 > else > exit 0 > fi > > This way, sa-compile is ran and spamd is restarted only when there is > an update. I then use the script in a cron which runs once per day. > > I believe the way you have it, spamd will get restarted every time > your cron is ran whether there is an update or not. It will get restarted if the sa-update process finishes cleanly (that’s what && does) which I think is the same as if [ $? -eq 0]; So, I’ll add an sa-compile in there, thanks. -- Internet was down last night. Turns out I have two kids. They seem pretty well-behaved
Re: recent channel update woes
On 2014-10-07 16:58, Karsten Bräckelmann wrote: I monitor positive and negative responses, for IP based DNS BLs, I use >the following by default: > >127.0.0.1 should not be listed. >127.0.0.2 should be listed. Depending on how the DNSBL implements such static test-points, they might not be affected by the issue causing the false listings. Similarly, domains likely to appear on exonerate lists (compare uridnsbl_skip_domain e.g.) might also not be affected. For paranoid monitoring, low-profile domains that definitely do not and will not match the listing criteria might be better suited for the task. I included: $MYIP for that reason; If I'm listed, either the world is being listed, or I have a problem. Either way, I want to know about it, now. >$MYIP should not be listed. In the event that I'm blocked from querying the DNSBL, that a DNSBL is offline, under attack or whatever, odds are that 127.0.0.2 (or whatever is applicable) will disappear. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
Re: spamassassin working very poorly
On 10/8/2014 2:58 PM, Nick wrote: Thanks Bowie, sure enough the actual spamd process was running as a different user. The file to configure the user it runs under is /etc/syscofnig/spamassassin But it still should have used the bayes_path option from local.cf regardless of the user. Unless it was running as a user that couldn't read the bayes_path directory...not sure what would happen in that case. Out of curiosity, what options are being fed to spamd? The simplest way to get them is probably to grab the line from the "ps -ef" list. -- Bowie
RE: spamassassin working very poorly
Thanks Bowie, sure enough the actual spamd process was running as a different user. The file to configure the user it runs under is /etc/syscofnig/spamassassin So I'm now seeing Bayes show up in the mail headers! Many thanks, Nick -Original Message- From: Bowie Bailey [mailto:bowie_bai...@buc.com] Sent: Wednesday, October 08, 2014 2:31 PM To: users@spamassassin.apache.org Subject: Re: spamassassin working very poorly On 10/8/2014 2:13 PM, Nick wrote: > In postfix, I'm calling spamassassin with the 2 lines: > smtp inet n - n - - smtpd -o > content_filter=spamassassin > spamassassin unix - n n - - pipe flags=R > user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} > ${recipient} This shows spamc being called. > In /etc/cron.d/sa-learn I have: > 51 * * * * spamd sa-learn --spam /var/log/spamassassin/SPAM/ > >/dev/null 2>&1 > 52 * * * * spamd sa-learn --ham /var/log/spamassassin/HAM/ >/dev/null > 2>&1 (/var/log/spamassassin is spamd's home directory, and it's where > the SPAM/HAM is getting copied for learning) This shows sa-learn being called. > My /etc/mail/spamassassin/local.cf file is: > required_hits 5 > report_safe 0 > rewrite_header Subject [SPAM] > required_score 5.0 > use_bayes 1 > use_bayes_rules 1 > bayes_auto_learn 0 > bayes_path /var/log/spamassassin/.spamassassin/bayes And this shows a site-wide bayes db, which should be used by both spamd and sa-learn regardless of user. But I still don't see how you start spamd. For CentOS, it should be started by /etc/init.d/spamd (or something similar). There may also be options defined in /etc/sysconfig/spamd (or similar). -- Bowie
Re: spamassassin working very poorly
On 10/8/2014 2:13 PM, Nick wrote: In postfix, I'm calling spamassassin with the 2 lines: smtp inet n - n - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} This shows spamc being called. In /etc/cron.d/sa-learn I have: 51 * * * * spamd sa-learn --spam /var/log/spamassassin/SPAM/ >/dev/null 2>&1 52 * * * * spamd sa-learn --ham /var/log/spamassassin/HAM/ >/dev/null 2>&1 (/var/log/spamassassin is spamd's home directory, and it's where the SPAM/HAM is getting copied for learning) This shows sa-learn being called. My /etc/mail/spamassassin/local.cf file is: required_hits 5 report_safe 0 rewrite_header Subject [SPAM] required_score 5.0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 0 bayes_path /var/log/spamassassin/.spamassassin/bayes And this shows a site-wide bayes db, which should be used by both spamd and sa-learn regardless of user. But I still don't see how you start spamd. For CentOS, it should be started by /etc/init.d/spamd (or something similar). There may also be options defined in /etc/sysconfig/spamd (or similar). -- Bowie
RE: spamassassin working very poorly
In postfix, I'm calling spamassassin with the 2 lines: smtp inet n - n - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} In /etc/cron.d/sa-learn I have: 51 * * * * spamd sa-learn --spam /var/log/spamassassin/SPAM/ >/dev/null 2>&1 52 * * * * spamd sa-learn --ham /var/log/spamassassin/HAM/ >/dev/null 2>&1 (/var/log/spamassassin is spamd's home directory, and it's where the SPAM/HAM is getting copied for learning) My /etc/mail/spamassassin/local.cf file is: required_hits 5 report_safe 0 rewrite_header Subject [SPAM] required_score 5.0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 0 bayes_path /var/log/spamassassin/.spamassassin/bayes Would the above config make spamassassin run as the spamd user? (It's CentOS 6.5) I've verified the Bayes database is good and populated for user spamd. Thanks, Nick -Original Message- From: Bowie Bailey [mailto:bowie_bai...@buc.com] Sent: Wednesday, October 08, 2014 11:35 AM To: users@spamassassin.apache.org Subject: Re: spamassassin working very poorly On 10/8/2014 11:15 AM, Nick wrote: > I seem to be catching a lot more SPAM, but no matter what I try, it seems > Bayes isn't getting utilized. I have ~700 SPAMS and 2400 HAMS. When I run > "spamassassin -D --lint" (as the same user Postfix is running spamc as), it > comes back with a report that seems to utilize Bayes, but when normal e-mail > flows through, I don't see any indication of Bayes in the headers. Also, when > I run "sa-learn --dump magic" (as user spamd), I can see that nspam and nham > are correct. I've also tried setting bayes_path, but still no Bayes in the > headers. Any idea what could be wrong? Here is a most recent header: > > http://pastebin.com/J6TbrVG8 (had to use pastebin as the mailing list > was rejecting me!) So... 1) The Bayes DB for spamd has enough ham and spam to be used 2) Incoming email does not get a Bayes result This means that the SA process scanning your mail is NOT using the same database you are querying. The most common cause of this is running sa-learn as the wrong user. Are you 100% sure spamd is running as the spamd user? It may also be possible for config options or run-time flags to affect which database is being used. Double-check your config and the options you are passing to spamd. -- Bowie
Re: spamd does not start
On October 8, 2014 5:56:54 AM LuKreme wrote: 16 1 * * * /usr/local/bin/sa-update && /usr/local/etc/rc.d/sa-spamd restart should I add an sa-compile call? If the plugin for precompiled body rules is enabled yes, check plugins in pre file
Re: spamassassin working very poorly
On 10/8/2014 11:15 AM, Nick wrote: I seem to be catching a lot more SPAM, but no matter what I try, it seems Bayes isn't getting utilized. I have ~700 SPAMS and 2400 HAMS. When I run "spamassassin -D --lint" (as the same user Postfix is running spamc as), it comes back with a report that seems to utilize Bayes, but when normal e-mail flows through, I don't see any indication of Bayes in the headers. Also, when I run "sa-learn --dump magic" (as user spamd), I can see that nspam and nham are correct. I've also tried setting bayes_path, but still no Bayes in the headers. Any idea what could be wrong? Here is a most recent header: http://pastebin.com/J6TbrVG8 (had to use pastebin as the mailing list was rejecting me!) So... 1) The Bayes DB for spamd has enough ham and spam to be used 2) Incoming email does not get a Bayes result This means that the SA process scanning your mail is NOT using the same database you are querying. The most common cause of this is running sa-learn as the wrong user. Are you 100% sure spamd is running as the spamd user? It may also be possible for config options or run-time flags to affect which database is being used. Double-check your config and the options you are passing to spamd. -- Bowie
Re: spamassassin working very poorly
On 10/08/2014 05:15 PM, Nick wrote: I seem to be catching a lot more SPAM, but no matter what I try, it seems Bayes isn't getting utilized. I have ~700 SPAMS and 2400 HAMS. When I run "spamassassin -D --lint" (as the same user Postfix is running spamc as), it comes back with a report that seems to utilize Bayes, but when normal e-mail flows through, I don't see any indication of Bayes in the headers. Also, when I run "sa-learn --dump magic" (as user spamd), I can see that nspam and nham are correct. I've also tried setting bayes_path, but still no Bayes in the headers. Any idea what could be wrong? Here is a most recent header: http://pastebin.com/J6TbrVG8 (had to use pastebin as the mailing list was rejecting me!) What options are you using in your spamd init script ?
RE: spamassassin working very poorly
I seem to be catching a lot more SPAM, but no matter what I try, it seems Bayes isn't getting utilized. I have ~700 SPAMS and 2400 HAMS. When I run "spamassassin -D --lint" (as the same user Postfix is running spamc as), it comes back with a report that seems to utilize Bayes, but when normal e-mail flows through, I don't see any indication of Bayes in the headers. Also, when I run "sa-learn --dump magic" (as user spamd), I can see that nspam and nham are correct. I've also tried setting bayes_path, but still no Bayes in the headers. Any idea what could be wrong? Here is a most recent header: http://pastebin.com/J6TbrVG8 (had to use pastebin as the mailing list was rejecting me!) Thanks, Nick -Original Message- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: Saturday, October 04, 2014 12:47 PM To: users@spamassassin.apache.org Subject: Re: spamassassin working very poorly Am 04.10.2014 um 18:36 schrieb andybalholm: > On Oct 4, 2014, at 4:39 AM, Benny Pedersen-2 wrote: > > > So anti spammer would now stop reading here ? :) > > No, but I sometimes wonder if it’s wise to post my anti-spam ideas here, > since that makes it easier for spammers to work around them a valid point on the other if you post your ideas as well as get the ideas from others and people implement the combination of all the ideas well at the end it makes spammers life harder and i still did not give up the idea that sooner or later spam dies because it may become no longer a business case frankly i *every* MX out there would implement Postscreen or something else let any new IP wait 10 seconds before answer with REJECT for whatever reason and even if the cient is on the 7-days-whitelist for this test wait 2 seconds before try to receive data i doubt that it would be a business case simple mathematics how much mail you in theory can deliver in a timeframe while completly ignore filters at that calculation that combind with every ISP close outgoing port 25 for endusers and force them to use 587 with smtp-out as well as start every endusers PTR with "dynamic-" until one said "i run a mailserver here and need 25 opened as well as PTR xyz" and spam would be dead from one day to the next leaving only hacked real accounts which can be fixed with abuse mails and blacklist straight away everybody bouncing on postmaster/abuse there are enough weapons to let spam die completly if every mailadmin and every tech people on ISP sides takes 30 minutes for brainstorming how to solve the problem and starts to act
Re: spamd does not start
On Tue, 7 Oct 2014 21:56:54 -0600 LuKreme wrote: > On 07 Oct 2014, at 11:45 , Jari Fredrisson wrote: > > I ran sa-update & sa-compile. > > Should sa-compile be run after sa-update? > > I have a crontab entry: > > 16 1 * * * /usr/local/bin/sa-update > && /usr/local/etc/rc.d/sa-spamd restart > > should I add an sa-compile call? It's not essential to compile rules, it speeds things up by a useful amount on busy servers but may not save as many cpu cycles as it takes to do the compilation on light loads. You have to uncomment the line: loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody in v320.pre for the compiled version to actually be used. I think most people that compile rules do it after every update. but AFAIK it's not essential - modified and new rules are just left to perl if you don't.
Re: New TLDs, time to update RegistrarBoundaries
On 10/7/2014 4:04 PM, A. Schulze wrote: Kevin A. McGrail: We are working on solutions expected for the 3.4.1 release on ~9/30. are the any updates on the release plan? I'm working on an RC as we speak. I'm not happy with the TLD solution, yet and Ivo had a flood so we have some delay on some known bugs with TxRep. I'm trying to release with both of those. Regards, KAM
Re: spamd does not start
On Tuesday, October 7, 2014, 10:56:54 PM, LuKreme wrote: > On 07 Oct 2014, at 11:45 , Jari Fredrisson wrote: >> I ran sa-update & sa-compile. > Should sa-compile be run after sa-update? > I have a crontab entry: > 16 1 * * * /usr/local/bin/sa-update && > /usr/local/etc/rc.d/sa-spamd restart > should I add an sa-compile call? I am on FreeBSD here. This is what I use: Content of sa_update.sh: #!/bin/sh /usr/local/bin/sa-update -D --nogpg if [ $? -eq 0 ] ; then /usr/local/bin/sa-compile /usr/local/etc/rc.d/sa-spamd restart exit 0 else exit 0 fi This way, sa-compile is ran and spamd is restarted only when there is an update. I then use the script in a cron which runs once per day. I believe the way you have it, spamd will get restarted every time your cron is ran whether there is an update or not. -- Duane Hill duih...@gmail.com "If at first you don't succeed, so much for sky diving."