Re: Spamassassin Letting a Lot of Spams Through
Yeah, I'm strugglin'! I'm new to spamassassin, and don't know what rbl's and uri-rbl's are, and, if you've had a chance to see further emails, my sa-update is broken. When you get to your system, I'd appreciate any further insight you may have. Thanks! On Sunday 14 September 2008 16:21, Martin.Hepworth wrote: > Well you normally need to add in extra rules from rulesemporium.com also. > 3.1.7 is ages old (there's surprise for a debian port!) and gting sa-update > will help also. I'd check your running rbl's and uri-rbls (check you've got > dns checks set and running ok). If you struggle I'll get more info on this > when i've better access to my system than a windows mobile pda! > > As for bayes, force the bayes to a globally writable dir, as right now only > root can access it! > > -- > martin > > > -Original Message- > From: aladdin <[EMAIL PROTECTED]> > Sent: Sunday, September 14, 2008 6:35 PM > To: users@spamassassin.apache.org > Subject: Re: Spamassassin Letting a Lot of Spams Through > > Thanks, Martin, for the reply. > > Well, I guess I get the idea; what that doesn't explain now is why my spam > scores (on what one would think is really obvious spam) are so low and why > the log says it can't find the bayes database. > > On Sunday 14 September 2008 12:01, Martin.Hepworth wrote: > > Hi > > > > /usr/share/spamassassin - contains version release time rules, always > > used unless next dir exists. > > > > /var/lib/spamassassin// - contains 'sa-update'ed rules to bring > > release time rules upto date without needing a full version release > > > > /etc/mail/spamassassin - contains site wide rules and settings. > > > > ~/.spamassassin contains user specific rules. > > > > So copying rules from /usr/share/spamassassin to ~/.spamassassin will > > achieve nothing. > > > > Get the idea now? > > -- > > martin > > > > -Original Message- > > From: aladdin <[EMAIL PROTECTED]> > > Sent: Sunday, September 14, 2008 3:13 PM > > To: users@spamassassin.apache.org > > Subject: Re: Spamassassin Letting a Lot of Spams Through > > > > On Sunday 14 September 2008 10:06, aladdin wrote: > > > On Sunday 14 September 2008 05:07, you wrote: > > > > On Sun, 2008-09-14 at 01:05 -0400, aladdin wrote: > > > > > > So, evidently, it can't find my bayes database. So, since I want > > > > > > to use a system-wide database, where is it > > > > > > (/usr/share/spamassassin?, which has a lot of likely looking > > > > > > files in it), and how do I tell spamd to use it? > > > > > > > > By default it is in the .spamassassin directory of the user SA runs > > > > in. > > > > > > > > Using /usr/share/spamassin sounds like a bad idea to me: you're > > > > attempting to mix site-specific data with system files. > > > > > > > > > > > > Martin > > > > > > Hmmm! Oddly enough, that's where apt (the Debian package manager) put > > > them. So, I guess that leads to two more areas of questions: > > > > > > 1. Is there no precedent for stopping spam using system-wide files? I > > > am almost the sole user of this machine and would like to do this, if > > > it's possibe. Why would apt put them there otherwise? > > > > > > 2. If question one leads to user-specific files & directories, do I > > > just take the contents of /usr/share/spamassassin and copy it into > > > ~/.spamassassin? The contents of /usr/share/spamassassin are: > > > ### > > > total 676 > > > drwxr-xr-x 2 root root 4096 2008-09-07 19:24 ./ > > > drwxr-xr-x 256 root root 12288 2008-09-07 19:24 ../ > > > -rw-r--r-- 1 root root 5681 2007-02-15 00:28 10_misc.cf > > > > > > > > > -rw-r--r-- 1 root root 18944 2007-02-15 00:28 triplets.txt > > > -rw-r--r-- 1 root root 1843 2007-02-15 00:28 user_prefs.template > > > > > > Are these the files to be copied to ~/.spamassassin? > > > > As it turns out, I do have a ~/.spamassassin directory. It's current > > contents are: > > # > > -rw--- 1 anw anw 1306624 2008-09-14 03:38 auto-whitelist > > -rw--- 1 anw anw 88190 2008-07-28 16:52 bayes_journal > > -rw--- 1 anw anw 684032 2008-07-28 16:52 bayes_seen > > -rw--- 1 anw anw 5283840 2008-07-28 16:52 bayes_toks > > -rw-r--r-- 1 anw anw1487 2008-07-28 16:52 user_prefs > > # > > > > Should I just copy the above into it and change the owner/group, and > > that's how spamassassin is supposed to work? -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272
Re: Spamassassin Letting a Lot of Spams Through
On Sunday 14 September 2008 10:06, aladdin wrote: > On Sunday 14 September 2008 05:07, you wrote: > > On Sun, 2008-09-14 at 01:05 -0400, aladdin wrote: > > > > So, evidently, it can't find my bayes database. So, since I want to > > > > use a system-wide database, where is it (/usr/share/spamassassin?, > > > > which has a lot of likely looking files in it), and how do I tell > > > > spamd to use it? > > > > By default it is in the .spamassassin directory of the user SA runs in. > > > > Using /usr/share/spamassin sounds like a bad idea to me: you're > > attempting to mix site-specific data with system files. > > > > > > Martin > > Hmmm! Oddly enough, that's where apt (the Debian package manager) put > them. So, I guess that leads to two more areas of questions: > > 1. Is there no precedent for stopping spam using system-wide files? I am > almost the sole user of this machine and would like to do this, if it's > possibe. Why would apt put them there otherwise? > > 2. If question one leads to user-specific files & directories, do I just > take the contents of /usr/share/spamassassin and copy it into > ~/.spamassassin? The contents of /usr/share/spamassassin are: > ### > total 676 > drwxr-xr-x 2 root root 4096 2008-09-07 19:24 ./ > drwxr-xr-x 256 root root 12288 2008-09-07 19:24 ../ > -rw-r--r-- 1 root root 5681 2007-02-15 00:28 10_misc.cf > -rw-r--r-- 1 root root 18944 2007-02-15 00:28 triplets.txt > -rw-r--r-- 1 root root 1843 2007-02-15 00:28 user_prefs.template > > Are these the files to be copied to ~/.spamassassin? As it turns out, I do have a ~/.spamassassin directory. It's current contents are: # -rw--- 1 anw anw 1306624 2008-09-14 03:38 auto-whitelist -rw--- 1 anw anw 88190 2008-07-28 16:52 bayes_journal -rw--- 1 anw anw 684032 2008-07-28 16:52 bayes_seen -rw--- 1 anw anw 5283840 2008-07-28 16:52 bayes_toks -rw-r--r-- 1 anw anw1487 2008-07-28 16:52 user_prefs # Should I just copy the above into it and change the owner/group, and that's how spamassassin is supposed to work? -- Thanks and regards, anw
Re: Spamassassin Letting a Lot of Spams Through
On Saturday 13 September 2008 21:58, aladdin wrote: > On Saturday 13 September 2008 20:38, aladdin wrote: > > On Saturday 13 September 2008 20:30, Daryl C. W. O'Shea wrote: > > > On 13/09/2008 8:20 PM, aladdin wrote: > > > > On Saturday 13 September 2008 20:00, Daryl C. W. O'Shea wrote: > > > >> Check to make sure that network tests aren't disabled. Many distro > > > >> packages have network tests turned off my default. Not sure where > > > >> Debian would configure this, sorry. > > > >> > > > >> Daryl > > > > > > > > Thanks for the reply! > > > > > > > > Where would I check that and what would I look for? Can you tell > > > > that from either the header or the config file I posted? > > > > > > Not sure where Debian keeps its daemon config files, but you can > > > probably find out by running the following command and looking for "-L" > > > or "--local" in the output. > > > > > > ps aux | grep spamd > > > > > > > > > Daryl > > > > Thanks again! > > > > Yeah, if you saw my last email, I checked that very thing. I believe > > that all my config files are in /etc/spamassassin; that is where the > > local.cf came from, and there are init.pre and v310, v312 files in > > there as well. That's where I looked to see if it appeared the networks > > tests (razor, pyzor, etc.) where turned on, and they *appear* to be;-). > > A bit more data- lo & behold, I checked the log files, and here is what > they say: > > ### > Sep 13 21:19:37 anw-dev spamd[17910]: bayes: cannot open bayes > databases /home/anw/.spamassassin/bayes_* R/O: tie failed: > Sep 13 21:20:37 anw-dev last message repeated 5 times > Sep 13 21:24:41 anw-dev spamd[17910]: bayes: cannot open bayes > databases /home/anw/.spamassassin/bayes_* R/O: tie failed: > Sep 13 21:24:41 anw-dev last message repeated 2 times > Sep 13 21:24:41 anw-dev spamd[17910]: bayes: cannot open bayes > databases /home/anw/.spamassassin/bayes_* R/W: tie failed: Inappropriate > ioctl for device > Sep 13 21:35:55 anw-dev spamd[17910]: bayes: cannot open bayes > databases /home/anw/.spamassassin/bayes_* R/O: tie failed: > Sep 13 21:35:55 anw-dev last message repeated 2 times > Sep 13 21:35:55 anw-dev spamd[17910]: bayes: cannot open bayes > databases /home/anw/.spamassassin/bayes_* R/W: tie failed: Inappropriate > ioctl for device > Sep 13 21:39:57 anw-dev spamd[17910]: bayes: cannot open bayes > databases /home/anw/.spamassassin/bayes_* R/O: tie failed: > # > > So, evidently, it can't find my bayes database. So, since I want to use a > system-wide database, where is it (/usr/share/spamassassin?, which has a > lot of likely looking files in it), and how do I tell spamd to use it? > > This directory has a lot of bayes, razor, pyzor, etc. filenames in it, and > this could be my problem. Well, I have run (from the time of my last post) spamd with this command line: /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir=/usr/share/spamassassin -d --pidfile=/var/run/spamd.pid and I still have the same problem with emails and the same log entries. -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272
Re: Spamassassin Letting a Lot of Spams Through
On Saturday 13 September 2008 20:38, aladdin wrote: > On Saturday 13 September 2008 20:30, Daryl C. W. O'Shea wrote: > > On 13/09/2008 8:20 PM, aladdin wrote: > > > On Saturday 13 September 2008 20:00, Daryl C. W. O'Shea wrote: > > >> Check to make sure that network tests aren't disabled. Many distro > > >> packages have network tests turned off my default. Not sure where > > >> Debian would configure this, sorry. > > >> > > >> Daryl > > > > > > Thanks for the reply! > > > > > > Where would I check that and what would I look for? Can you tell that > > > from either the header or the config file I posted? > > > > Not sure where Debian keeps its daemon config files, but you can > > probably find out by running the following command and looking for "-L" > > or "--local" in the output. > > > > ps aux | grep spamd > > > > > > Daryl > > Thanks again! > > Yeah, if you saw my last email, I checked that very thing. I believe that > all my config files are in /etc/spamassassin; that is where the local.cf > came from, and there are init.pre and v310, v312 files in there as > well. That's where I looked to see if it appeared the networks tests > (razor, pyzor, etc.) where turned on, and they *appear* to be;-). A bit more data- lo & behold, I checked the log files, and here is what they say: ### Sep 13 21:19:37 anw-dev spamd[17910]: bayes: cannot open bayes databases /home/anw/.spamassassin/bayes_* R/O: tie failed: Sep 13 21:20:37 anw-dev last message repeated 5 times Sep 13 21:24:41 anw-dev spamd[17910]: bayes: cannot open bayes databases /home/anw/.spamassassin/bayes_* R/O: tie failed: Sep 13 21:24:41 anw-dev last message repeated 2 times Sep 13 21:24:41 anw-dev spamd[17910]: bayes: cannot open bayes databases /home/anw/.spamassassin/bayes_* R/W: tie failed: Inappropriate ioctl for device Sep 13 21:35:55 anw-dev spamd[17910]: bayes: cannot open bayes databases /home/anw/.spamassassin/bayes_* R/O: tie failed: Sep 13 21:35:55 anw-dev last message repeated 2 times Sep 13 21:35:55 anw-dev spamd[17910]: bayes: cannot open bayes databases /home/anw/.spamassassin/bayes_* R/W: tie failed: Inappropriate ioctl for device Sep 13 21:39:57 anw-dev spamd[17910]: bayes: cannot open bayes databases /home/anw/.spamassassin/bayes_* R/O: tie failed: # So, evidently, it can't find my bayes database. So, since I want to use a system-wide database, where is it (/usr/share/spamassassin?, which has a lot of likely looking files in it), and how do I tell spamd to use it? This directory has a lot of bayes, razor, pyzor, etc. filenames in it, and this could be my problem. -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272
Re: Spamassassin Letting a Lot of Spams Through
On Saturday 13 September 2008 20:30, Daryl C. W. O'Shea wrote: > On 13/09/2008 8:20 PM, aladdin wrote: > > On Saturday 13 September 2008 20:00, Daryl C. W. O'Shea wrote: > >> Check to make sure that network tests aren't disabled. Many distro > >> packages have network tests turned off my default. Not sure where > >> Debian would configure this, sorry. > >> > >> Daryl > > > > Thanks for the reply! > > > > Where would I check that and what would I look for? Can you tell that > > from either the header or the config file I posted? > > Not sure where Debian keeps its daemon config files, but you can > probably find out by running the following command and looking for "-L" > or "--local" in the output. > > ps aux | grep spamd > > > Daryl Thanks again! Yeah, if you saw my last email, I checked that very thing. I believe that all my config files are in /etc/spamassassin; that is where the local.cf came from, and there are init.pre and v310, v312 files in there as well. That's where I looked to see if it appeared the networks tests (razor, pyzor, etc.) where turned on, and they *appear* to be;-). -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272
Re: Spamassassin Letting a Lot of Spams Through
On Saturday 13 September 2008 20:20, aladdin wrote: > On Saturday 13 September 2008 20:00, Daryl C. W. O'Shea wrote: > > Check to make sure that network tests aren't disabled. Many distro > > packages have network tests turned off my default. Not sure where > > Debian would configure this, sorry. > > > > Daryl > > Thanks for the reply! > > Where would I check that and what would I look for? Can you tell that from > either the header or the config file I posted? According to what I found on the web, NOT having the -L or --local switch enables the network tests. I DO NOT have this switch on my spamd command line. And, as near as I can tell, the config files turn on all that stuff (razor, pyzor, etc.). -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272 --- -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272
Re: Spamassassin Letting a Lot of Spams Through
On Saturday 13 September 2008 20:00, Daryl C. W. O'Shea wrote: > Check to make sure that network tests aren't disabled. Many distro > packages have network tests turned off my default. Not sure where > Debian would configure this, sorry. > > Daryl Thanks for the reply! Where would I check that and what would I look for? Can you tell that from either the header or the config file I posted? -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272
Spamassassin Letting a Lot of Spams Through
Sorry about the generic subject, but it is the only thing this newbie knows to describe the symptom. Platform: Debian (Etch?) Latest Spamassassin in apt (version 3.1.7-deb) Invocation comes from KMail, via spamc (presumably) to the spamd daemon- set up using KMail Wizard, and manually checked Spamassassin doesn't seem to be catching much spam at all. I've run thousands of spams through sa-learn, and hundreds of hams (needless to say, I get the ratio of thousands of spams to tens of hams). I can't see where it's even using the Bayes filter. Here is the config file: # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ### rewrite_header Subject *SPAM* required_score 5.0 use_bayes 1 bayes_auto_learn 1 # And here's the german portion of an example header from a processed email that should have been spam but wasn't: X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on anw-dev.cfl.rr.com X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=SUBJ_HAS_UNIQ_ID autolearn=no version=3.1.7-deb X-Virus-Flag: no Return-path: <[EMAIL PROTECTED]> ### It looks like, to this unwashed newbie, that: a) it's not autolearning (perhaps it doesn't on real emails?) and b) even though this email is full of references like "boosting your sexual power" and "high quality medications", and even comes from address "[EMAIL PROTECTED]", you can see it is still getting a low spam score. TIA -- Thanks and regards, Allen Williams Office: +1.321.309.7931 Mobile: +1.321.258.1272