Lars Stavholm wrote: > Tony Earnshaw wrote: >> Lars Stavholm wrote, on 16. mar 2007 09:39: >> >>> Dear List, I really need some help with my setup. I'm detecting >>> no spam whatsoever, and I'm new to dspam and have difficulties >>> debugging my setup. It all seems to work just fine, except for >>> the simple fact that there's no spam detection in place. I'm >>> trying for a shared group setup with ham/spam folders in IMAP >>> for user training. >>> >>> Here's what I have so far: >>> >>> Using SuSE Linux 10.2. >>> >>> Postfix -> DSPAM -> Cyrus IMAP >>> >>> Built with... >>> ./configure --prefix=/usr \ >>> --sysconfdir=/etc \ >>> --with-dspam-home=/var/lib/dspam \ >>> --mandir=/usr/share/man \ >>> --enable-daemon \ >>> --enable-debug \ >> So you should have a /var/lib/log directory with dspam.debug in it ... >> have you? > > Nop. In addition to the above, I've just now enabled the Debug > and DebugOpt options in the dspam.conf file and restarted dspam. > The debug files are now, in my case, created in /var/lib/dspam/log. > >>> --enable-clamav \ >>> --enable-syslog \ >>> --enable-homedir >>> >>> /var/lib/dspam/group... >>> users:shared:[EMAIL PROTECTED] >> What does /var/lib/dspam/log/dspam.debug tell you happens for each >> message when you submit a mail for retraining? I have no idea what the >> hash driver does, since my sites use MySQL, but you should get some >> impression of something going wrong, if it is. > > OK, I'm looking at it, don't understand much though. > > For one particular retrained spam that I just received > (there's no shortage of fresh spam) the debug starts with: > > 7714: [03/16/2007 13:10:24] DSPAM Instance Startup > 7714: [03/16/2007 13:10:24] input args: dspam --user [EMAIL PROTECTED] > --class=s > pam --source=error > 7714: [03/16/2007 13:10:24] pass-thru args: > 7714: [03/16/2007 13:10:24] processing user [EMAIL PROTECTED] > 7714: [03/16/2007 13:10:24] uid = 0, euid = 0, gid = 0, egid = 0 > 7714: [03/16/2007 13:10:24] loading preferences for user [EMAIL PROTECTED] > 7714: [03/16/2007 13:10:24] default preferences empty. reverting to > dspam.conf p > references. > 7714: [03/16/2007 13:10:24] Loading preferences from dspam.conf > 7714: [03/16/2007 13:10:24] using > /var/lib/dspam/opt-in/[EMAIL PROTECTED] > as path > 7714: [03/16/2007 13:10:24] using > /var/lib/dspam/opt-out/[EMAIL PROTECTED] > am as path > 7714: [03/16/2007 13:10:24] assigning user [EMAIL PROTECTED] to group users > 7714: [03/16/2007 13:10:24] sedation level set to: 0 > > So, I guess that looks alright. However, then there's a lot of these: > > ' doesn't contains `:' characterde.c:365: unexpected data: header string ' > ...and... > > 7714: [03/16/2007 13:10:24] decode.c:365: unexpected data: header string > '<!DOCT > > ...and so on (a few hundred lines of gibberish, looks really weird),
That actually turned out to be some strange stuff in the mail header including '^M' at end of line and an encoded attachment in the mail. > and then it all ends with the following... > > 7714: [03/16/2007 13:10:24] message is signed. retaining original text > for reassembly > 7714: [03/16/2007 13:10:24] message is signed. retaining original text > for reassembly > 7714: [03/16/2007 13:10:24] Loading 1 BNR patterns > 7714: [03/16/2007 13:10:24] Whitelist threshold: 10 > 7714: [03/16/2007 13:10:24] [graham] [1.000000] > Received*localhost+(localhost (1 frq, 744s, 0i) > 7714: [03/16/2007 13:10:24] [burton] [1.000000] > Received*localhost+(localhost (1 frq, 744s, 0i) > 7714: [03/16/2007 13:10:24] [graham] [1.000000] Received*socket]) (1frq, > 740s, 0i) > [snip] > > I'm not sure what I'm looking for:| Well, at the far end I can see: 9089: [03/16/2007 13:26:37] message result: SPAM So, I guess that's good, I told dspam that this is a spam, and it is acknowledged (whatever good that will do me:). /L >> [...] >> >>> I'm using the default hash drive on a low volume box. >>> TrainingMode was changed from TEFT to TOE after the >>> 2500 mails training phase. >> I'm going through the same sort of thing for my home site at the moment, >> but without any initial training whatsoever and after 7416 messages and >> training false negatives, dspam CVS=3.6.8 is giving 99.15% accuracy >> (still training for some spam). > > Impressive, that's what I'm looking for:) > /L >
