RE: local host
If you "man spamd" or "netstat -an", you'll notice that it listens by default on 127.0.0.1:783. The log entries would presumably represent the tcp connections made from spamc to spamd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 12, 2004 9:50 AM To: users@spamassassin.apache.org Subject: local host Watching the maillogs with SA 2.6 each call of spamd comes with this: Oct 12 09:47:24 mail spamd[15997]: connection from localhost.localdomain [127.0.0.1] at port 51225 and the following call the port increments upward. What is this?
RE: more spam since upgrade
We have gotten better accuracy from 3.0 as well. We use a small whitelist, stock rules, plus the conservative SARE rules (conservative meaning no supposed chance of ham), and no bigevil. My only major complaint is the memory footprint. We use spamc/spamd, and I've reduced the number of preforks as well as having zthe spamd's die every 10 messages to reduce the memory utilization. -Original Message- From: Darren Coleman [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 6:56 AM To: Zsolt Koppany; Spamassassin Subject: RE: more spam since upgrade Is the last line meant as some kind of threat? :) I'm sorry to say but you must have some sort of configuration issue with your install, and I'd suggest to RTFM. I upgraded from 2.64 to 3.00 and have recently less untagged spam (as expected) as a result. - Are you using any additional rulesets from www.rulesemporium.com ? If not why not? :) - Have you verified that your configuration is correct and working? (spamassassin --lint) That's a good starting point. Regards, Daz > -Original Message- > From: Zsolt Koppany [mailto:[EMAIL PROTECTED] > Sent: 06 October 2004 11:47 > To: Spamassassin > Subject: RE: more spam since upgrade > > Hi, > > since I upgraded to 3.0.0 from 2.63 I get also much more spam and most of > them absolutely trivial for example Xiagra (I replaced 'V' with 'X'), > Xenis (I replaced 'P' with 'X') are not found either in Subject or in > Body. > > I will go back to 2.63 unless somebody can help me to fix the problem. > > Zsolt > > > -Original Message- > > From: Thomas Kinghorn [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 06, 2004 7:07 AM > > To: [EMAIL PROTECTED] > > Subject: more spam since upgrade > > > > > > Hi List. > > > > I have recently upgraded toExim-4.42, Spamassassin 3.0 & sa-exim-4.1 > > > > The amount of spam slipping through since then has increased > dramatically. > > > > The scores seem a bit on the low side since upgrading. > > > > Below is the message ID and I have attached the mail from which it > > originates. > > > > Any ideas would be appreciated. > > > > Regards > > > > Tom > > > > > > > > Message-ID: <[EMAIL PROTECTED]> > > From: Tom Theroux <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Date: Tue, 05 Oct 2004 14:26:30 + > > MIME-Version: 1.0 > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2600. > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. > > X-SA-Exim-Connect-IP: 196.4.87.24 > > X-SA-Exim-Mail-From: [EMAIL PROTECTED] > > Subject: US Students email list > > Content-Type: multipart/related; > > type="multipart/alternative"; > > boundary="=_NextPart_000__AC8AFB96.13499A18" > > X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on jp-mx-1 > > X-Spam-Level: *** > > X-Spam-Status: No, score=3.1 required=4.4 > > tests=BAYES_50,FORGED_OUTLOOK_TAGS, > > > > HTML_20_30,HTML_MESSAGE,HTML_TAG_EXIST_TBODY,INVALID_TZ_GMT,URIBL_SBL, > > URIBL_WS_SURBL autolearn=no version=3.0.0 > > X-SA-Exim-Version: 4.1 (built Tue, 05 Oct 2004 09:43:32 +0200) > > > > > > <> > > > > >
Whitelist to improve performance?
My configuration is Postfix 2.1.5 and SpamAssassin 3.0.0. We're using spamc as a content_filter in /etc/postfix/master.cf to call spamd. My understanding is that the manual whitelist function in SA simply starts the message scoring at -100. Is there a way to have spamc/spamd abort scoring a message if the sender is whitelisted? I'd think that this would improve performance on these messages since rbls, dcc, razor, and pyzor would be skipped. If not (and this is more of a postfix question), is there a way to use whitelists in postfix to bypass SA (or a content_filter in general)? William W. TanChief Technology OfficerEze Castle Integration, Inc.50 Federal St., Suite 400Boston, MA 02110(617) 217-3006[EMAIL PROTECTED]
RE: Problem with bayes autolearn on 3.0.0
It seems that it was some sort of file permission problem that prevented the creation of bayes_journal. Spamd was running as root, which probably isn't the best way to do it anyway. So rather than trying to fix the permission problem, I'm now running spamd chrooted, and the problem has gone away. Thanks. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 10:16 AM To: Tan, William; users@spamassassin.apache.org Subject: Re: Problem with bayes autolearn on 3.0.0 At 09:39 AM 9/27/2004 -0400, Tan, William wrote: >I'm having a problem with autolearn on a newly installed system. It >seems >as though the Bayes database is not recognized. I get messages about >autolearn failing like this: > >Sep 27 02:16:00 host spamd[2113]: result: Y 22 - >COMBINED_FROM,DCC_CHECK,DIGEST_MULTIPLE,MIME_BOUND_DD_DIGITS,RAZOR2_CF_ RANGE_51_100,RAZOR2_CHECK,SARE_HEAD_SPAM,SPF_HELO_PASS,URIBL_AB_SURBL,UR IBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,X_MESSAGE_INFO >scantime=11.5,size=1533,mid=<[EMAIL PROTECTED]>,autolear n=failed > autolearn=failed does not usualy mean a catastrophic failure. If another process is already writing the bayes database, SA will skip learning rather than logjam your mail queue waiting for the lock. This is a "failure" of a one-shot, non-critical operation. However, if *all* of your messages get failed, and none are ever autolearned at all, you might have a bayes DB the spamd process can't get RW access to.
Problem with bayes autolearn on 3.0.0
I'm having a problem with autolearn on a newly installed system. It seems as though the Bayes database is not recognized. I get messages about autolearn failing like this: Sep 27 02:16:00 host spamd[2113]: result: Y 22 - COMBINED_FROM,DCC_CHECK,DIGEST_MULTIPLE,MIME_BOUND_DD_DIGITS,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,SARE_HEAD_SPAM,SPF_HELO_PASS,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,X_MESSAGE_INFO scantime=11.5,size=1533,mid=<[EMAIL PROTECTED]>,autolearn=failed I'm running SpamAssassin 3.0.0 as a content filter for postfix 2.1.5 on Fedora Core Release 2. DB_File is installed. I tried rebuilding & syncing the bayes database. I started spamd in debug mode (as root), and got this from syslog: Sep 27 09:00:00 host spamd[1881]: debug: config: read file /usr/share/spamassassin/23_bayes.cf Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 tie-ing to DB file R/O /etc/mail/spamassassin/bayes_toks Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 tie-ing to DB file R/O /etc/mail/spamassassin/bayes_seen Sep 27 09:00:01 host spamd[1881]: debug: bayes: found bayes db version 3 Sep 27 09:00:01 host spamd[1881]: debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 untie-ing Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 untie-ing db_toks Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 untie-ing db_seen Sep 27 09:00:01 host spamd[1881]: debug: bayes: no dbs present, cannot tie DB R/O: /tmp/spamd-1881-init/.spamassassin/bayes_toks I believe that the last line is representative of my problem. I did upgrade an existing system which is not having any problems. Can anyone lend any advice? Thanks in advance. Other info: [EMAIL PROTECTED] spamassassin]# ls -l bayes* -rw-rw-rw- 1 root root 12288 Sep 27 07:09 bayes_seen -rw-rw-rw- 1 root root 12288 Sep 27 07:09 bayes_toks William W. Tan Chief Technology Officer Eze Castle Integration, Inc. 50 Federal St., Suite 400 Boston, MA 02110 (617) 217-3006 [EMAIL PROTECTED]
Problem with autolearn on v3.0.0
I'm having a problem with autolearn on a newly installed system. It seems as though the Bayes database is not recognized. I get messages about autolearn failing like this: Sep 27 02:16:00 host spamd[2113]: result: Y 22 - COMBINED_FROM,DCC_CHECK,DIGEST_MULTIPLE,MIME_BOUND_DD_DIGITS,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,SARE_HEAD_SPAM,SPF_HELO_PASS,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,X_MESSAGE_INFO scantime=11.5,size=1533,mid=<[EMAIL PROTECTED]>,autolearn=failed I'm running SpamAssassin 3.0.0 as a content filter for postfix 2.1.5 on Fedora Core Release 2. DB_File is installed. I started spamd in debug mode (as root), and got this from syslog: Sep 27 09:00:00 host spamd[1881]: debug: config: read file /usr/share/spamassassin/23_bayes.cf Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 tie-ing to DB file R/O /etc/mail/spamassassin/bayes_toks Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 tie-ing to DB file R/O /etc/mail/spamassassin/bayes_seen Sep 27 09:00:01 host spamd[1881]: debug: bayes: found bayes db version 3 Sep 27 09:00:01 host spamd[1881]: debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 untie-ing Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 untie-ing db_toks Sep 27 09:00:01 host spamd[1881]: debug: bayes: 1881 untie-ing db_seen Sep 27 09:00:01 host spamd[1881]: debug: bayes: no dbs present, cannot tie DB R/O: /tmp/spamd-1881-init/.spamassassin/bayes_toks I believe that the last line is representative of my problem. I did upgrade an existing system which is not having any problems. Can anyone lend any advice? Other info: [EMAIL PROTECTED] spamassassin]# ls -l bayes* -rw-rw-rw- 1 root root 12288 Sep 27 07:09 bayes_seen -rw-rw-rw- 1 root root 12288 Sep 27 07:09 bayes_toks William W. Tan Chief Technology Officer Eze Castle Integration, Inc. 50 Federal St., Suite 400 Boston, MA 02110 (617) 217-3006 [EMAIL PROTECTED]