Test Bayes?
I've been running spamassassin along with a bayes setup for (literally) years on the same server. I'm using a MySQL backend that appears to be working wonderfully. However, I have been seeing a lot of the same spam over and over, even after having bayes learn about them. Is this normal? Is there a way I can actually test the bayes data to be sure that it is working properly? The bayes_seen table currently has 1,129,184 records and is changing all the time, so SOMETHING is happening. For the most part I have been using a mutt macro to learn spam/ham with sa-learn --spam --single and --ham respectively... -- Matthew Daubenspeck http://oddprocess.org Gentoo Linux x86_64 Dual Core AMD Opteron(tm) Processor 165 08:01:33 up 20 days, 11:51, 2 users, load average: 0.17, 0.06, 0.02
Re: Rule for Stock Spam
On Wed, Dec 07, 2005 at 01:43:59PM -0700, Chris Stone wrote: > Works great here (watch wrapping): > > header __SUBJ_NEWS Subject =~ /(^news$)|(^[a-z]+ news$)|(^news > alert$)|(^press release$)|(^news report$)|(^winner$)|(^plea?s[ae]nt news$)/i > meta SENET_BRK_NEWS_GIF (__SUBJ_NEWS && (HTML_IMAGE_ONLY_04 || > HTML_IMAGE_ONLY_08)) > describe SENET_BRK_NEWS_GIF Breaking news (gif) > score SENET_BRK_NEWS_GIF8.0 Wonderful. It's been catching them all. Thanks so much! -- Matthew Daubenspeck http://www.oddprocess.org Gentoo Linux 2.6.14-gentoo-r2 x86_64 AMD Athlon(tm) 64 Processor 2800+ 15:32:42 up 2 days, 2:45, 2 users, load average: 0.40, 0.34, 0.29
Rule for Stock Spam
Recently I have been receiving a TON of Stock Spam lately. For the most part, the subject is news related (news, updated news, breaking news, etc) and the message itself is empty except for a .GIF file with Stock information on it. Has anyone seen these and come up with a custom rule to stop them? Thanks in advance. -- Matthew Daubenspeck http://www.oddprocess.org Gentoo Linux 2.6.14-gentoo-r2 x86_64 AMD Athlon(tm) 64 Processor 2800+ 08:29:50 up 19:42, 2 users, load average: 0.14, 0.17, 0.16
Re: 3.0.3 uses all CPUs after tie
On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote: > can you repro this reliably? if so, output from -D and/or an "strace > - -f -p $spamdpid" would be helpful. >From top: 28702 nobody25 0 781m 714m 1796 R 99.9 35.5 4:11.72 spamd That's the "runaway process." # strace -f -p 28702 Process 28702 attached - interrupt to quit That's all it does. I never see anything else. It then continues to chew up both processors untill I killall and restart spamd. If I kill just that PID, another spamd PID takes over and uses 100% cpu. About the only thing I can do is run a cron script that kills all of spamd and restarts it. However, that is a VERY ugly fix :) Thanks.
Re: 3.0.3 uses all CPUs after tie
On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > can you repro this reliably? if so, output from -D and/or an "strace > - -f -p $spamdpid" would be helpful. It randomly happens after an hour or so of use. Next time it happens I will try both and send it to the list. > where does "tie" come in? (from the subj line). Whoops. That should have been time :)
3.0.3 uses all CPUs after tie
I am using Spamassassin 3.0.3 on a Gentoo AMD64 system with exim and exiscan. This has worked VERY well for months without a single issue. All of the sudden spamd eventually uses all of both CPU's and nearly locks the machine. I have tried downgrading to 3.0.2 with the same result. I have been using several of the RulesDuJour's and first started to suspect that. I removed all of the files from /etc/mail/spamassassin except for the following local.cf: required_hits 5 skip_rbl_checks 0 use_bayes 0 score HELO_DYNAMIC_IPADDR 2 score ALL_TRUSTED 0 use_auto_whitelist 0 When spamd is running normally its processes look as such: # ps aux | grep spamd root 29434 0.0 1.6 66712 33828 ?Ss 21:13 0:00 /usr/sbin/spamd -d -r /var/run/spamd.pid -m 5 -c -H root 29442 0.1 1.8 69712 37152 ?S21:13 0:00 spamd child root 29443 0.0 1.7 68852 36300 ?S21:13 0:00 spamd child root 29444 0.0 1.7 68444 35904 ?S21:13 0:00 spamd child root 29445 0.0 1.7 68124 35584 ?S21:13 0:00 spamd child root 29446 0.0 1.7 68160 35600 ?S21:13 0:00 spamd child When both CPU's are pegged at 100%, they look like this: # ps aux | grep spamd root 10097 0.2 5.6 152336 117208 ? Ss 10:32 0:06 /usr/sbin/spamd -d -r /var/run/spamd.pid -m 5 -c -H root 10378 0.9 6.8 176116 141012 ? S10:32 0:19 spamd child root 10379 1.0 6.6 170452 136024 ? S10:32 0:22 spamd child root 10380 0.9 6.8 174528 140080 ? S10:32 0:19 spamd child nobody 10381 27.1 38.0 818616 783476 ? R10:32 9:20 spamd child root 10382 0.7 6.4 167376 133004 ? S10:32 0:16 spamd child I'm sure pasting that to a message screwed everything up, so you can also see them at http://daubnet.dyndns.org:3000/foo/spamassassin For some reason, one of the processes switches from being owned by root to owned by nobody. Its state also changes from S to R. The only way I can clear this is by killing all spamd processes and restarting the service. I was initially using bayes, but thought that might have something to do with it so I disabled it. This made no change. I've tried everything I can think of but nothing makes any difference. I have searched the archives and can't seem to find a solution. I know the list has heard this a million times, but I have changed nothing as far as settings in months :) Any suggestions? -- Matthew Daubenspeck http://www.oddprocess.org 13:53:22 up 5 days, 23:52, 1 user, load average: 0.24, 0.20, 0.12