Re: spamc/d not doing SURBL lookups vs spamassassin w/ same config
I think that it might have been something as simple as restarting the daemon. Not sure why it failed in the first place.. but after restarting it.. it worked. (I started a second one, with a new socket.. (to do the debug) and poof! it worked. Silly computers.) Now to just figure out what's wrong on the colo box. It's at least not doing the checks for either program. Debug here I come. Matthew Matthew Barr Managing Partner Datalyte Consulting, LLC Apple Authorized Reseller mailto:[EMAIL PROTECTED] cell: (646) 765-6878 On Apr 18, 2005, at 12:30 PM, Kelly Corbin wrote: What does spamassassin -D --lint say? Especially about the Net::DNS module? It definitely looks like you are not doing the network tests in the second test you ran. It should say something like this: debug: diag: module installed: Net::DNS, version 0.48 Then further down it should mention the URIDNSBL modules: debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9924958) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9927820) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x99473f4) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9924958) implements ' parse_config' And then this: debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) intel.com... debug: looking up NS for 'intel.com' debug: NS lookup of intel.com succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 I had a couple of machines that had DNS issues. On one, the DNS module was installed, but too old and I didn't see that it was a problem (just that there were no DNS checks in the headers, which I realized later) until I ran the above test. On another, a new enough Net::DNS was installed, but because of platform issues, it couldn't find the DNS.pm in the @INC path. The weird thing is explaining the discrepancy between running spamassassin and spamc which do the same things. Kelly Matthew Barr wrote: I've looked throught the Wiki, Faq's, Readme's, and GMANE's archives & searches on this list. Oh, and Google.. and haven't found anything that would describe or fix what's happening. Problem being seen: I recently switched to spamd / spamc from running spamassassin out of my procmail. This is on a mail system I administer, but with the switch, i saw an upsurge in spam making it's way through. I've been keeping a watch on the various tests being triggered, and haven't seen any of the DNSRBL's or SURBL's. I look at the older spam emails i've captured, and they were frequently being triggered. I managed to go ahead and take an old email, strip off everything that SA had added, and ran it through both spamassassin & spamc. I came up with different results. Here's the current configs, and then I'll go into my testing methodology. I'm running spamassassin 3.02, on a Mac OS X 10.2.8 machine. It has razor2 installed, along with the various cpan parts needed for net tests. Just to give the current config: Spamd is run as root with: /usr/bin/spamd -d --socketpath=/var/run/spamd.sock spamc is run by the user from procmail with: :0fw: spamassassin.lock * < 256000 | /usr/bin/spamc -U /var/run/spamd.sock - spamassassin used to run with: | /usr/bin/spamassassin - I only have 2 things in my user_prefs score RCVD_IN_BL_SPAMCOP_NET3 score RAZOR2_CHECK 3 - I've confirmed that the spamd daemon is dropping to the right user by watching the logs: Apr 17 18:22:54 neuromancer spamd[26173]: got connection over /var/run/spamd.sock Apr 17 18:22:54 neuromancer spamd[26173]: info: setuid to mbarr succeeded Apr 17 18:22:54 neuromancer spamd[26173]: processing message <[EMAIL PROTECTED]> for mbarr:501. Apr 17 18:22:57 neuromancer spamd[26173]: clean message (-2.5/5.0) for mbarr:501 in 2.7 seconds, 12724 bytes. Apr 17 18:22:57 neuromancer spamd[26173]: result: . -2 - BAYES_00,MSGID_FROM_MTA_HEADER,NO_REAL_NAME scantime=2.7,size=12724,mid=<[EMAIL PROTECTED] e. org>,bayes=0,autolearn=no -- I took an old spam (from about 2 weeks ago), and stripped the SA envelope from it to get the original message. I captured that to a file, and looked it over to make sure it had Recieved-Froms:, etc. I then ran it through these 2 programs, from the command line: cat ~/mail/123 | spamassassin -t cat ~/mail/123 | /usr/bin/spamc -U /var/run/spamd.sock I got a drastically different result. From spamassassin, i got this: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on x
spamc/d not doing SURBL lookups vs spamassassin w/ same config
I've looked throught the Wiki, Faq's, Readme's, and GMANE's archives & searches on this list. Oh, and Google.. and haven't found anything that would describe or fix what's happening. Problem being seen: I recently switched to spamd / spamc from running spamassassin out of my procmail. This is on a mail system I administer, but with the switch, i saw an upsurge in spam making it's way through. I've been keeping a watch on the various tests being triggered, and haven't seen any of the DNSRBL's or SURBL's. I look at the older spam emails i've captured, and they were frequently being triggered. I managed to go ahead and take an old email, strip off everything that SA had added, and ran it through both spamassassin & spamc. I came up with different results. Here's the current configs, and then I'll go into my testing methodology. I'm running spamassassin 3.02, on a Mac OS X 10.2.8 machine. It has razor2 installed, along with the various cpan parts needed for net tests. Just to give the current config: Spamd is run as root with: /usr/bin/spamd -d --socketpath=/var/run/spamd.sock spamc is run by the user from procmail with: :0fw: spamassassin.lock * < 256000 | /usr/bin/spamc -U /var/run/spamd.sock - spamassassin used to run with: | /usr/bin/spamassassin - I only have 2 things in my user_prefs score RCVD_IN_BL_SPAMCOP_NET3 score RAZOR2_CHECK 3 - I've confirmed that the spamd daemon is dropping to the right user by watching the logs: Apr 17 18:22:54 neuromancer spamd[26173]: got connection over /var/run/spamd.sock Apr 17 18:22:54 neuromancer spamd[26173]: info: setuid to mbarr succeeded Apr 17 18:22:54 neuromancer spamd[26173]: processing message <[EMAIL PROTECTED]> for mbarr:501. Apr 17 18:22:57 neuromancer spamd[26173]: clean message (-2.5/5.0) for mbarr:501 in 2.7 seconds, 12724 bytes. Apr 17 18:22:57 neuromancer spamd[26173]: result: . -2 - BAYES_00,MSGID_FROM_MTA_HEADER,NO_REAL_NAME scantime=2.7,size=12724,mid=<[EMAIL PROTECTED] org>,bayes=0,autolearn=no -- I took an old spam (from about 2 weeks ago), and stripped the SA envelope from it to get the original message. I captured that to a file, and looked it over to make sure it had Recieved-Froms:, etc. I then ran it through these 2 programs, from the command line: cat ~/mail/123 | spamassassin -t cat ~/mail/123 | /usr/bin/spamc -U /var/run/spamd.sock I got a drastically different result. From spamassassin, i got this: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on xxx.xxx.net X-Spam-Level: X-Spam-Status: Yes, score=28.2 required=5.0 tests=AWL,BAYES_99, DNS_FROM_RFC_BOGUSMX,DNS_FROM_RFC_POST,HTML_IMAGE_ONLY_16, HTML_MESSAGE,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF, RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_HELO_IP_MISMATCH, RCVD_ILLEGAL_IP,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL, RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS_HTTP,RCVD_IN_SORBS_MISC, RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_AB_SURBL, URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=unavailable version=3.0.2 From spamc, i got this: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on xxx.xxx.net X-Spam-Level: X-Spam-Status: Yes, score=16.2 required=5.0 tests=AWL,BAYES_99, HTML_IMAGE_ONLY_16,HTML_MESSAGE,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI, MPART_ALT_DIFF,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK, RCVD_HELO_IP_MISMATCH,RCVD_ILLEGAL_IP,RCVD_NUMERIC_HELO autolearn=no version=3.0.2 (with an associated log of spamd of: Apr 17 18:46:37 neuromancer spamd[26073]: got connection over /var/run/spamd.sock Apr 17 18:46:37 neuromancer spamd[26073]: info: setuid to mbarr succeeded Apr 17 18:46:37 neuromancer spamd[26073]: processing message <[EMAIL PROTECTED]> for mbarr:501. Apr 17 18:46:38 neuromancer spamd[26073]: identified spam (16.2/5.0) for mbarr:501 in 1.0 seconds, 2472 bytes. Apr 17 18:46:38 neuromancer spamd[26073]: result: Y 16 - AWL,BAYES_99,HTML_IMAGE_ONLY_16,HTML_MESSAGE,MIME_HTML_ONLY,MIME_HTML_ON LY_MULTI,MPART_ALT_DIFF,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_HELO_IP _MISMATCH,RCVD_ILLEGAL_IP,RCVD_NUMERIC_HELO scantime=1.0,size=2472,mid=<[EMAIL PROTECTED] oo.com>,bayes=1,autolearn=no ) So, i'd say that something is happening that's not supposed to be. I'm running the network tests, as I'm twigging the razor2 rules. It must be something else... Anyone have any thoughts? Matthew Matthew Barr Managing Partner Datalyte Consulting, LLC Apple Authorized Reseller mailto:[EMAIL PROTECTED] cell: (646) 765-6878
