Paul and Pete,
Thanks for the tips, the 'always log to screen' has been enabled now
(was disabled), so this should solve the problem of the logging (just
checked it and logging is ok now).
However (and that was the reason I thought that the plugin went to sleep
mode), some spams that have been found by SNF receives a +5 score and
other not (with the same config).
It seems indeed that SNF is always working now (thanks), that is always
inserting a header into the mail, but apparently not always passing the
message the message to Mdaemon's SA, since the +5 score is not added to
the header:
The strange thing is that the config has not been changed between the
time that the messages below has arrived at the mailserver.
Seems to be an error in the communication between SNF and SA?
My config in SA local.cf rule:
header MESSAGE_SNIFFER X-SortMonster-MessageSniffer-Result =~ /([1-63])/
describe MESSAGE_SNIFFER Flagged by message sniffer
(www.sortmonster.com)
score MESSAGE_SNIFFER 5.0
So if I understand it well, all messages woth result 1 till 63 should
add a score of 5 to the original headers?
Example of email header:
++++++++++++++++++++++++
X-Spam-Status: No, score=0.3 required=6.1 tests=BAYES_00,HTML_MESSAGE,
MESSAGE_SNIFFER autolearn=no version=3.1.3
X-SortMonster-MessageSniffer-Result: 52
--> no +5 score here (however with a result of 52 +5 should be added)
And an example of a correct flagging and +5 score:
++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Status: Yes, score=16.8 required=6.1
tests=BAYES_99,BLANK_LINES_70_80,
MESSAGE_SNIFFER autolearn=no version=3.1.3
X-Spam-Report:
* 5.0 MESSAGE_SNIFFER Flagged by message sniffer
* 10 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 1.8 BLANK_LINES_70_80 BODY: Message body has 70-80% blank
lines
--> +5 score correctly inserted
And here is my config of the SNF plugin.cfg
(fairly standard, I removed the comments to keep this mail small
enough):
#CtlFileLog: c:\ctlfile.log
License: xxxxxxxxxx
Authentication: xxxxxxxxxxxxxxxxxxxxxxxx
# MaxMessageSize: 128000
Phantom-Received-Header-On
# NoScan: Local
# NoScan: Remote
# NoScan: Lan
# LogFormat: Full
# LogFormat: NoDups
LogFormat: SingleLine
#XHeaderData: X-SortMonster-MessageSniffer-Rules
XHeaderFinal: X-SortMonster-MessageSniffer-Result
#XHeaderMessage: X-SortMonster-MessageSniffer-Message
# XHeaderBlack: X-SNF-Black
# XHeaderBlack: X-Spam-Flag: YES
# XHeaderWhite: X-SNF-White
# XHeaderClean: X-SNF-Clean
# XHeaderNumbered: 63 X-SNF-Group: General-Black-Rules
# XHeaderNumbered: 62 X-SNF-Group: Experimental-Abstract
# XHeaderNumbered: 61 X-SNF-Group: Obfuscation-Techniques
# XHeaderNumbered: 60 X-SNF-Group: Experimental-Received-ip
# XHeaderNumbered: 59 X-SNF-Group: Casinos-Gambling
# XHeaderNumbered: 58 X-SNF-Group: Debt-Credit
# XHeaderNumbered: 57 X-SNF-Group: Get-Rich
# XHeaderNumbered: 56 X-SNF-Group: Ink-Toner
# XHeaderNumbered: 55 X-SNF-Group: Malware
# XHeaderNumbered: 54 X-SNF-Group: Porn-Dating-Adult
# XHeaderNumbered: 53 X-SNF-Group: Scam-Phishing
# XHeaderNumbered: 52 X-SNF-Group: Snake-Oil
# XHeaderNumbered: 51 X-SNF-Group: Spamware
# XHeaderNumbered: 50 X-SNF-Group: Media-Theft
# XHeaderNumbered: 49 X-SNF-Group: AV-Push
# XHeaderNumbered: 48 X-SNF-Group: Insurance
# XHeaderNumbered: 47 X-SNF-Group: Travel
# RulePanic: 10001
# RulePanic: 10002
# RulePanic: 10003
# RulePanic: 10004
# RulePanic: 10005
# RulePanic: 10006
# RulePanic: 10007
# RulePanic: 10008
# RulePanic: 10009
# RulePanic: 10010
Thanks for any assistance!
Kind regards,
Sven
> -----Original Message-----
> From: Message Sniffer Community
> [mailto:[EMAIL PROTECTED] On Behalf Of Peer-to-Peer (Support)
> Sent: vrijdag 22 september 2006 1:03
> To: Message Sniffer Community
> Subject: [sniffer] Re: Mdaemon plugin 'sleeping'
>
> Hi Sven,
>
> My guess is that the plug-in is actually working but just not
> being logged
> when MD is minimized (or Windows logged-off).
> Check the MD Log Settings and enable "Always log to screen".
>
> Setup|Logging|Options - Enable "Always log to screen"
>
>
> --Paul
>
>
>
> -----Original Message-----
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED]
> Behalf Of Sven De Troch
> Sent: Thursday, September 21, 2006 6:15 PM
> To: Message Sniffer Community
> Subject: [sniffer] Mdaemon plugin 'sleeping'
>
>
> Dear all,
>
> Configuration: mdaemon 9.0.6 / included spamassasin (from mdaemon) /
> mdaemon plug-in (latest version)
> Trial account.
>
> We configured the plugin (scanning of emails and add 5 extra
> score point
> to Mdaemon's Spam Assasin in case of spam) and it's working
> fine most of
> the time, but:
>
> The plugin is working fine when we are logged on on the
> server (Windows
> 2003 Server). But as soon as we logoff, the plugin stops working.
> Apparently the plugin "falls into sleep" (mdaemon plugin tab indicates
> no activity during these periods). When we (interactively via
> RDP) logon
> to the server again, the plugin starts working again (without
> intervention from us) ... And the 'mdaemon plugin' tabpage is showing
> activity again.
>
> FYI: The mailserver is receiving thousands of mail/hour, so it's sure
> that there was mail coming in at those moments.
> Any idea how to solve this problem?
>
> (I just changed the ACL's on the files to everyone/full
> access and will
> check if this changes anything)
>
> kind regards,
> Sven
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <[email protected]>.
> To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
> To switch to the DIGEST mode, E-mail to
> <[EMAIL PROTECTED]>
> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
> Send administrative queries to <[EMAIL PROTECTED]>
>
>
>
>
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <[email protected]>.
> To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
> To switch to the DIGEST mode, E-mail to
> <[EMAIL PROTECTED]>
> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
> Send administrative queries to <[EMAIL PROTECTED]>
>
>
>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
