RE: After upgrade the SA to 3.3.1, Mail scanning stop working partially
On Wed, 2010-08-25 at 08:10 +0530, Suhag Desai wrote:
> Aug 25 08:07:12 spd spamd[3776]: spamd: clean message (4.0/5.0) for clamav:46
> in 10.7 seconds, 2792 bytes.
> Aug 25 08:07:12 spd spamd[3776]: spamd: result: . 4 -
> ALL_TRUSTED,HTML_MESSAGE,LOCAL_DEMONSTRATION_RULE,MIME_HTML_MOSTLY,TVD_SPACE_RATIO
>
> scantime=10.7,size=2792,user=clamav,uid=46,required_score=5.0,rhost=spd,raddr=127.0.0.1,rport=59296,mid=<00fb01cb43fe$5e706710$1b5135...@com>,autolearn=no
> It seems that it consider test.cf file (LOCAL_DEMONSTRATION_RULE) while
> processing the mail..but still not consider it as a mail...
SA uses a scoring system. The fact a single rule hit has a score equal
the required_score threshold is irrelevant. The *sum* of all hit rules'
scores is what determines a message to be spam or ham.
ALL_TRUSTED has a score of -1. The other rules account for 0.001 each
(network tests enabled, no Bayes because it hasn't been trained
sufficient.)
So the overall score for that test message is 4.0 (rounded), exactly as
the log shows. Below the required_score threshold.
There is nothing wrong with your SA, it works just as expected.
> > After upgrade the SpamAssassin Server version to 3.3.1, my mail
> > scanning stop working partially.
> > Let me explain in details. When I set the required score to 5.0, mail
> > scanning is not working properly. When I send the mail with “test123”
> > with required score 5, SA not consider it spam but when I set the
> > required score to 4, SA consider it spam the same mail. I have check
> > the same with many other test.
>
> What do the X-Spam headers read SA generates?
>
> You are using a test rule with a score of 5.0, which is the same as the
> required_score threshold. Odds are, there are other rules firing on the
> message a well.
>
> If the sum of these other rules is less than 0, but greater than -1,
> you'd get exactly what you just described.
q.e.d. :)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: After upgrade the SA to 3.3.1, Mail scanning stop working partially
Below is my full local.cf. I already run 'spamassassin --lint' No other rules
are conflicting with test.cf.
[r...@spd spamassassin]# cat local.cf
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
# Add *SPAM* to the Subject header of spam e-mails
#
rewrite_header Subject SPAM-123
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELISTon
# the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TOon
# shortcircuit SUBJECT_IN_BLACKLISTon
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99spam
# shortcircuit BAYES_00ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
below is the spamd logfile entries..
Aug 25 08:07:01 spd spamd[3776]: spamd: connection from spd [127.0.0.1] at port
59296
Aug 25 08:07:01 spd spamd[3776]: spamd: setuid to clamav succeeded
Aug 25 08:07:01 spd spamd[3776]: spamd: processing message
<00fb01cb43fe$5e706710$1b5135...@com> for clamav:46
Aug 25 08:07:12 spd spamd[3776]: spamd: clean message (4.0/5.0) for clamav:46
in 10.7 seconds, 2792 bytes.
Aug 25 08:07:12 spd spamd[3776]: spamd: result: . 4 -
ALL_TRUSTED,HTML_MESSAGE,LOCAL_DEMONSTRATION_RULE,MIME_HTML_MOSTLY,TVD_SPACE_RATIO
scantime=10.7,size=2792,user=clamav,uid=46,required_score=5.0,rhost=spd,raddr=127.0.0.1,rport=59296,mid=<00fb01cb43fe$5e706710$1b5135...@com>,autolearn=no
Aug 25 08:07:12 spd spamd[3775]: prefork: child states: II
It seems that it consider test.cf file (LOCAL_DEMONSTRATION_RULE) while
processing the mail..but still not consider it as a mail...
-Original Message-
From: Karsten Bräckelmann [mailto:guent...@rudersport.de]
Sent: Monday, August 23, 2010 7:40 PM
To: users@spamassassin.apache.org
Subject: Re: After upgrade the SA to 3.3.1, Mail scanning stop working partially
On Mon, 2010-08-23 at 08:16 +0530, Suhag Desai wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail
> scanning stop working partially.
> Below is the setting for local.cf
>
> rewrite_header Subject SPAM
> report_safe 1
> required_score 5.0
> use_bayes 1
> bayes_auto_learn 1
>
> endif # Mail::SpamAssassin::Plugin::Shortcircuit
Is that the exact content of your local.cf? That doesn't even pass lint
testing. Did you do 'spamassassin --lint'?
> Let me explain in details. When I set the required score to 5.0, mail
> scanning is not working properly. When I send the mail with “test123”
> with required score 5, SA not consider it spam but when I set the
> required score to 4, SA consider it spam the same mail. I have check
> the same with many other test.
What do the X-Spam headers read SA generates?
You are using a test rule with a score of 5.0, which is the same as the
required_score threshold. Odds are, there are other rules firing on the
message a well.
If the sum of these other rules is less than 0, but greater than -1,
you'd get exactly what you just described.
> Below is the log
> @40004c71e02d1471a28c simscan:[4698]:CLEAN
> (-1.00/12.00):5.3640s:test123:192.168.10.70:s...@test.com:d...@test.com
> @40004c71e02f35bee364 tcpserver: end 4698 status 0
> @40004c71e02f35bf0e5c tcpserver: status: 0/100
There is no SA logs in there.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: After upgrade the SA to 3.3.1, Mail scanning stop working partially
On Mon, 2010-08-23 at 08:16 +0530, Suhag Desai wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail
> scanning stop working partially.
> Below is the setting for local.cf
>
> rewrite_header Subject SPAM
> report_safe 1
> required_score 5.0
> use_bayes 1
> bayes_auto_learn 1
>
> endif # Mail::SpamAssassin::Plugin::Shortcircuit
Is that the exact content of your local.cf? That doesn't even pass lint
testing. Did you do 'spamassassin --lint'?
> Let me explain in details. When I set the required score to 5.0, mail
> scanning is not working properly. When I send the mail with “test123”
> with required score 5, SA not consider it spam but when I set the
> required score to 4, SA consider it spam the same mail. I have check
> the same with many other test.
What do the X-Spam headers read SA generates?
You are using a test rule with a score of 5.0, which is the same as the
required_score threshold. Odds are, there are other rules firing on the
message a well.
If the sum of these other rules is less than 0, but greater than -1,
you'd get exactly what you just described.
> Below is the log
> @40004c71e02d1471a28c simscan:[4698]:CLEAN
> (-1.00/12.00):5.3640s:test123:192.168.10.70:s...@test.com:d...@test.com
> @40004c71e02f35bee364 tcpserver: end 4698 status 0
> @40004c71e02f35bf0e5c tcpserver: status: 0/100
There is no SA logs in there.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: After upgrade the SA to 3.3.1, Mail scanning stop working partially
On Mon, 2010-08-23 at 07:16 -0500, Daniel McDonald wrote:
> > After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning
> > stop
> > working partially.
>
> This is a known bug.
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419
It is rather unlikely, this would be the reason.
That bug is just an inconsistency between reporting (non-spam) and
rounding (5.0/5.0) when using spamd for scores 4.95 <= score < 5.0.
Oh, and it has not been introduced in 3.3, but similarly affects 3.2.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: After upgrade the SA to 3.3.1, Mail scanning stop working partially
Still not clear from the link -Original Message- From: Daniel McDonald [mailto:dan.mcdon...@austinenergy.com] Sent: Monday, August 23, 2010 5:46 PM To: spamassassin Subject: Re: After upgrade the SA to 3.3.1, Mail scanning stop working partially On 8/22/10 9:46 PM, "Suhag Desai" wrote: > After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning stop > working partially. > This is a known bug. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419 -- Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: After upgrade the SA to 3.3.1, Mail scanning stop working partially
On 8/22/10 9:46 PM, "Suhag Desai" wrote: > After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning stop > working partially. > This is a known bug. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419 -- Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: After upgrade
Cheers Mike, Just the ticket. Paul On Saturday 20 November 2004 17:01, Michael W Cocke wrote: > On Sat, 20 Nov 2004 16:58:48 +, you wrote: > >Hi all, > > I have just upgraded my SA from 2.63 to 3.0.1, this all running on SuSE > > 9.1 Pro. > > > >But I must have cocked something up, but as to what I have no clue. This > > is where the community can offer some insight, Please.. > > > >Upon restarting the daemon I get the following message :- > > > >'The -a option has been removed. Please look at the use_auto_whitelist > > config option instead.' From where and where do I insert the new option > > ?? > > > >TIA, > >Paul > > /etc/sysconfig/spamd > > Mike- > > -- > If you can keep your head while those around you are losing theirs... > You may have a great career as a network administrator ahead! > -- > Please note - Due to the intense volume of spam, we have installed > site-wide spam filters at catherders.com. If email from you bounces, > try non-HTML, non-encoded, non-attachments,
Re: After upgrade
On Sat, 20 Nov 2004 16:58:48 +, you wrote: >Hi all, > I have just upgraded my SA from 2.63 to 3.0.1, this all running on SuSE 9.1 >Pro. > >But I must have cocked something up, but as to what I have no clue. This is >where the community can offer some insight, Please.. > >Upon restarting the daemon I get the following message :- > >'The -a option has been removed. Please look at the use_auto_whitelist config >option instead.' From where and where do I insert the new option ?? > >TIA, >Paul /etc/sysconfig/spamd Mike- -- If you can keep your head while those around you are losing theirs... You may have a great career as a network administrator ahead! -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
Re: after upgrade
Marcos Saint'Anna wrote on Sun, 10 Oct 2004 16:44:01 -0300: > As you may see... the configuration files are the same, also the > binaries are using the same version. > So, you are getting slightly different results with spamc and spamassassin plus the main difference about the USER_IN_WHITELIST? Remove the complete header from the message and try again. If it still lists USER_IN_WHITELIST there must be something wrong with your installation, but I don't know what. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
Re: after upgrade
On Sun, 10 Oct 2004, Kai Schaetzl wrote: > Marcos Saint'Anna wrote on Sun, 10 Oct 2004 02:18:19 -0300: > > > I've already tried to run SA with -D option, but got no answer at > > all... > > > > So, if you pipe one of those messages with USER_IN_WHITELIST thru > spamassassin -D (not spamd!) it is *not* marked with USER_IN_WHITELIST? If > so, I'd think your spamd is using a different configuration than you think > or you may have some version mix. Did you run a "make test" before > install? FWIW, that same exact thing happened to me when I first installed SA. Turns out I had more than one config file... Ed . . . . . . . . . . . . . . . Randomly generated quote: I distrust those people who know so well what God wants them to do because I notice it always coincides with their own desires. -Susan B Anthony, reformer and suffragist (1820-1906)
Re: after upgrade
Marcos Saint'Anna wrote on Sun, 10 Oct 2004 02:18:19 -0300: > I've already tried to run SA with -D option, but got no answer at > all... > So, if you pipe one of those messages with USER_IN_WHITELIST thru spamassassin -D (not spamd!) it is *not* marked with USER_IN_WHITELIST? If so, I'd think your spamd is using a different configuration than you think or you may have some version mix. Did you run a "make test" before install? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
Re: after upgrade
At 08:42 PM 10/9/2004 -0300, Marcos Saint'Anna wrote: SPAM... So I noticed that almost all headers had a "USER_IN_WHITELIST" in it. --- X-Spam-Status: No, hits=-88.6 required=5.0 tests=BR_RECEIVED_SPAMMER, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,HTML_FONT_BIG,HTML_MESSAGE, HTML_TAG_EXIST_TBODY,INVALID_DATE,MIME_BASE64_TEXT, MIME_BOUND_NEXTPART,MIME_HTML_ONLY,PLING_PLING,USER_IN_WHITELIST autolearn=no version=3.0.0 --- I've checked every configuration file as so user_prefs files and didn't found any whitelist entry. Did you find *any* whitelist statements at all? Also be sure to scrutinize ALL the message headers when trying to check which statement is at fault. SA's whitelisting system honors more than just From: in whitelist_from*. It honors Return-Path, Sender, Resent-From and more-or-less any origin indicating header.
