Re: Razor timeout
Sébastien AVELINE wrote: Hello, Did anyone experience razor timeout today ? I saw my spools grew and grew up, and saw that spamassassin took very long time to check messages. I tried to disable plugin after plugin and saw that the problem came from razor. Any feedback would be appreciate. Tanks by advance. Sebastien I noticed the same behavior. Decreased the razor timeout to prevent queues from increasing too much. Seems to be back in business now however. /Lukas
Re: uridnsbl: domains to query: empty - more info
Hi all, as I stated in my previous message, I have a problem with certain messages not getting any URIDNSBL-hits, despite containing listed URL:s. The most interesting part is that an older (SA 3.2.0) box seems to catch them perfectly, when the newer (first 3.2.3, now 3.2.4) don't seem to find any URL:s at all. Anyway, using telnet to manually send a certain mail (see http://ninja.spritelink.net/~olle/sa.txt) I've noticed that if I place the period finishing the data-part of the SMTP-session at the line immediately after the last line of text, I get the following SA report: score=5.782, required 4, BAYES_99 4.00, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88 However, if I instead end the mail with en empty, blank line before the finishing period, I get the following result: score=14.383, required 4, BAYES_99 4.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47 Both tests were carried out on the very same machine, the one with SA 3.2.4. I did the test a few times and so far it has been 100% repeatable, on three different machines running SA 3.2.4 and MailScanner 4.65.3-1. May someone confirm this, or am I the only one seeing this problem? Thank you in advance, Lukas Garberg
uridnsbl: domains to query: empty
Hi, I'm having trouble with lots of false negatives on my primary spam filter box, running SA 3.2.3 and MailScanner 4.65.3-1. I tried to redirect all scanned messages to an older box, running SA 3.2.0 and MailScanner 4.59.4, forwarding all messaged catched by the older box but not the newer to a certain mailbox for observation. Suddenly the amount of spam in my and my colleagues' mailboxes dropped significantly. The messages catched by the older box but not the newer with few exceptions have one thing in common; they got no URIBL hit on the SA 3.2.3 box but a few on the 3.2.0 one. During a few hours I've been running SA in debug mode (Debug SpamAssassin = yes in MailScanner.conf) to see what's going on,and what I can see is a lot of messages like [3403] dbg: uridnsbl: domains to query: (as a contrast to ie. [3416] dbg: uridnsbl: domains to query: felisooi.com) on messages that later hit the URIBL-rules on the second machine. Does this sound familiar to anyone? I've read through the changelog for SA 3.2.4 and see no mention of such an error. Any ideas on what might be causing this? Thank you in advance, Lukas Garberg
Synchronize bayes databases
Dear list, I'm developing a spam filter solution where we'll distribute the load between a number of machines running SpamAssassin (together with MailScanner and postfix). We do currently use the bayes self learning feature, and would like to do so in the future as well. However, since the machines get different sets of mail fed to them, their bayes databases will differ quite a bit, and it would be great if all the self-learned tokens from all servers get distributed to all the others, as well as the manual learning. Which is the preferred way to synchronize the databases between the servers? I did consider the alternative to let all the servers use a common database server, and use the bayes SQL storage module but I'd like to avoid the single point of failure that solution comes with. To make all the servers member of a MySQL cluster is an alternative, but I'd like to avoid that as well to keep the complexity of the system low. Is it possible to simply sum the token counters from each of the servers to merge the databases? Thank you in advance, Lukas Garberg
