Hopefully this isn't a FAQ, I looked over the list on the website and
while there is some useful info there I didn't see answers to all my
questions (or maybe I just didn't realize they were answered as this is
all new to me ;))
THE PROBLEM: Recently the hit %age has dropped significantly (to about
50%, that's just a guess though). For example I've recevied several
"valentine card" spams over the last couple of days and SA is still not
marking it as spam :(
THE SETUP:
I recently upgraded our mail server to POSTFIX and added in SpamAssassin
(3.0.2). In case it's important the spam level is set at 4, users are NOT
allowed to set their own preferences, spamd is called through procmail
(and the default spamc script) with the "-d" and "-u [see below]" options and
the OS is Solaris9.
Everything w/ the install went great and it was picking up spam like a
champ (maybe 1 out of 10 wouldn't be flagged properly). In order to
facilitate people reporting improperly marked spam/ham I set up a couple
of internal aliases they can forward email to and on those files (and the
spam/ham I get which I save in separate mailboxes) I occasionally run:
sa-learn --[spam|ham] --showdots --mbox <file>
The one thing that has changed since the initial setup is the fact someone
on the postfix list mentioned spamd shouldn't run as `nobody` (that's how
it was originally configured). I created another user for it to run under
(and it seems to be fine w/ that using the "-u" option mentioned earlier) I
also chowned the "spool" files (journal, seen, etc) to that user. The config
files and the test files (the #_* files in the "share" dir) are still owned by
root.
THE QUESTIONS:
- Is the recent degrade in performance just a matter of the spammers
changing their tactics and SA having to learn the new spam? As I said
I've only been doing this about a month so I'm not sure if this is part of
a normal cyclical thing.
- Should the sa-learn process report anything through syslog? I mean it's
reporting successful results at the prompt but I didn't know if there was
some place else to check to see if there might be warnings/errors "behind the
scenes"?
- Is the sa-learn process the only/best way of doing the training?
- Is the forwarding of email to that address potentially causing a problem
w/ the learning process? I mean for the email I set aside I know it is
unmodified, but when users forward a spam to the email alias all the
forwarding information is attached, is that potentially causing a problem?
I did find something about forwarding mail and vanity domains in the FAQ
but I'm not sure that is directly applicable to what I'm doing.
- I've found several good guides on initial installation and configuration
but is there a decent "care and feeing" manual around for ongoing maint of
SA? For example is there a command/process I can run though before and after
using the sa-learn to get a feel for what changes were made?
- Just out of curiosity why is it not a good idea to run spamd as
`nobody`?
I think that's it. I appreciate any/all help
Thanks
