On Thu, 10 Dec 2020 17:40:42 +0100
Marcin Mirosław wrote:
> Hi!
> I use spamassassin 3.4.4 and I try txrep. When I run sa-learn --spam
> <msg> it put six tuples to database (postgres):
> # select * from txrep ;
...
> this doesn't look correctly, none of this tuple is 100% correct.
Hopefully this version isn't wrapped:
username | email | ip |
msgcount | totscore | signedby | last_hit
----------+-------------------------------------------------------+-----------+----------+----------+------------+----------------------------
nobody | y...@multifinansowanie.com.pl | 5.199.143
| 1 | 20 | | 2020-12-10 17:34:25.830758
nobody | multifinansowanie.com.pl | 5.199.143 |
1 | 20 | | 2020-12-10 17:34:25.83376
nobody | slot10.multifinansowanie.com.pl | none |
1 | 20 | helo | 2020-12-10 17:34:25.836672
nobody | y...@multifinansowanie.com.pl | none
| 1 | 20 | | 2020-12-10 17:34:25.840392
nobody | 5.199.143.45 | none |
1 | 20 | | 2020-12-10 17:34:25.843831
nobody | f2c484bc9daccb07db6497f57fd18a7f0a1e29fa@sa_generated | none |
2 | 40 | 1606432596 | 2020-12-10 17:34:25.850803
I don't use TxRep and I've not looked at a TxRep database of either version.
However my concerns would be:
1. msgcount=2 in the last line (assuming the database was previously empty)
2. The absence of either DKIM or SPF entries.
The truncated IP address "5.199.143" is correct if you have
"txrep_ipv4_mask_len 24". The helo and epoch time in the
signedby column look OK.
The use of the username nobody suggests you are running sa-learn as root.
Part of the reason I don't use TxRep is that I have no confidence
in its correctness.
