Re: Fwd: Large volume of 0.0 scores suddenly
No, no changes. Run a manual check with -D and look for issues. Maybe your sql password changed or something that your install uses? I would also look at the uribl blocked issue. Maybe that started on the 3rd for you? Perhaps your dns server is not working right and causing timeouts. See https://wiki.apache.org/spamassassin/DnsBlocklists under the first faq. Regards, KAM On September 11, 2015 6:12:14 AM AST, Peter Kelly wrote: >Hi, > >Starting on 3rd Sept, I have seen a huge number of 0.0 scores being >returned from spamassassin - see attached screenshot from my logs that >show >I never once received a 0.0 score before 3rd Sept. > >I use version 3.4.0 and process about 20k emails a day through it. I >used >bayes and this has been regularly updated with 1000 ham and spam emails >(every months or so). Autolearning is on, at the default scores (0.1 >and >12.0). > >I have the cronjob enabled to update the rules nightly. Did anything >change >on 3rd Sept that would explain this? Nothing has changed in my >configuration of spamassassin in months. I am now seeing a huge amount >of >0.0 scores and TRUSTED_ALL rules. I have no trusted_networks set, never >have. > >Any help greatly appreciated, > >Peter
Re: Fwd: Large volume of 0.0 scores suddenly
On 09/11/2015 12:12 PM, Peter Kelly wrote: Hi, Starting on 3rd Sept, I have seen a huge number of 0.0 scores being returned from spamassassin - see attached screenshot from my logs that show I never once received a 0.0 score before 3rd Sept. I use version 3.4.0 and process about 20k emails a day through it. I used bayes and this has been regularly updated with 1000 ham and spam emails (every months or so). Autolearning is on, at the default scores (0.1 and 12.0). I have the cronjob enabled to update the rules nightly. Did anything change on 3rd Sept that would explain this? Nothing has changed in my configuration of spamassassin in months. I am now seeing a huge amount of 0.0 scores and TRUSTED_ALL rules. I have no trusted_networks set, never have. You're not giving us much information to help you... pls see: https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/emailed/sa-list-template.txt and try to provide us with as much info as possible. iow, pls help *us* help *you*
Re: Fwd: Large volume of 0.0 scores suddenly
Peter Kelly writes: > [1:multipart/alternative Hide] > > > [1/1:text/plain Hide] > > Hi, > > Starting on 3rd Sept, I have seen a huge number of 0.0 scores being > returned from spamassassin - see attached screenshot from my logs that show > I never once received a 0.0 score before 3rd Sept. Like others said, on 7 days backlog, the score closer to zero was 0.051 I am useing SA 3.4.1 with sa-update daily. Olivier > I use version 3.4.0 and process about 20k emails a day through it. I used > bayes and this has been regularly updated with 1000 ham and spam emails > (every months or so). Autolearning is on, at the default scores (0.1 and > 12.0). > > I have the cronjob enabled to update the rules nightly. Did anything change > on 3rd Sept that would explain this? Nothing has changed in my > configuration of spamassassin in months. I am now seeing a huge amount of > 0.0 scores and TRUSTED_ALL rules. I have no trusted_networks set, never > have. > > Any help greatly appreciated, > > Peter > > [1/2:text/html Show] > > > [2:image/png Show Save:Screen Shot 2015-09-11 at 10.42.16 AM.png (498kB)] > --
Re: Fwd: Large volume of 0.0 scores suddenly
please keep list mail on list... On 09/11/2015 01:17 PM, Peter Kelly wrote: - Please post missed spam samples in pastebin.com - do not post samples to mailing lists I'll post example shortly - What SA version are you using? and on what operating system? 3.4.0 on Ubuntu 14.04 - How are you using SA? (pls specify: amavis, MIMEDefang, a milter, Mailscanner, procmail, Fuglu, etc, etc) Just spamassassin on its own, calling the daemon from an app - Are you using SA in a PC/notebook? or on a server? Server - What plugins are you using? (pls specify: Razor, Pyzor, DCC, etc) Razor, Pyzor - Are you using RBLs? (specify: at SMTP level, only SA's lookups, etc) SA lookups - Are you using any additional rulesets? No - Are you using a local, non forwarding, DNS resolver/caching server ? No - Are you using per/user or site wide Bayes? site-wide - What Bayes backend are you using? (specify: default, SDBM, SQL, Redis, other) default, file - Are you handling mail for a company, personal email, ISP, one domain, many domains, etc? Handling mail for thousands of different companies - we run a SaaS Helpdesk system like Zendesk. We see a huge range of emails and domains. On 11 September 2015 at 11:22, Axb wrote: On 09/11/2015 12:12 PM, Peter Kelly wrote: Hi, Starting on 3rd Sept, I have seen a huge number of 0.0 scores being returned from spamassassin - see attached screenshot from my logs that show I never once received a 0.0 score before 3rd Sept. I use version 3.4.0 and process about 20k emails a day through it. I used bayes and this has been regularly updated with 1000 ham and spam emails (every months or so). Autolearning is on, at the default scores (0.1 and 12.0). I have the cronjob enabled to update the rules nightly. Did anything change on 3rd Sept that would explain this? Nothing has changed in my configuration of spamassassin in months. I am now seeing a huge amount of 0.0 scores and TRUSTED_ALL rules. I have no trusted_networks set, never have. You're not giving us much information to help you... pls see: https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/emailed/sa-list-template.txt and try to provide us with as much info as possible. iow, pls help *us* help *you*
Re: Fwd: Large volume of 0.0 scores suddenly
On 09/11/2015 01:17 PM, Peter Kelly wrote: - How are you using SA? (pls specify: amavis, MIMEDefang, a milter, Mailscanner, procmail, Fuglu, etc, etc) Just spamassassin on its own, calling the daemon from an app an "app"? Pls be more explicit. can you pastebin the output of spamassassin --lint -D - Are you using a local, non forwarding, DNS resolver/caching server ? No you should, to avoid URIBL_BLOCKED (http://uribl.com/refused.shtml)
Re: Fwd: Large volume of 0.0 scores suddenly
Peter Kelly skrev den 2015-09-11 12:12: Any help greatly appreciated, google URIBL_BLOCKED https://www.google.dk/search?q=uribl_blcoked http://uribl.com/refused.shtml plenty of other links to see how and why do you miss a local dns resolver ? if yes you use shared problems and things like your questions come up randomly when more people dont read about it, its free to do nothing :=)
Re: Fwd: Large volume of 0.0 scores suddenly
> On 09/11/2015 01:17 PM, Peter Kelly wrote: > > - Are you using a local, non forwarding, DNS resolver/caching server ? > > > > No > > - Are you handling mail for a company, personal email, ISP, one domain, > > many domains, etc? > > > > Handling mail for thousands of different companies - we run a SaaS > > Helpdesk system like Zendesk. We see a huge range of emails and > > domains. Without a local DNS server I'm amazed you haven't had problems before now. Antony. -- I want to build a machine that will be proud of me. - Danny Hillis, creator of The Connection Machine Please reply to the list; please *don't* CC me.
Re: Fwd: Large volume of 0.0 scores suddenly
Hi Benny, This has nothing to do with URIBL. It has always been blocked for me. I am in the process of paying for their service. It has always been like that, yet the 0.0 scores only started last week. Been running for months before that. Peter On 11 September 2015 at 13:38, Benny Pedersen wrote: > Peter Kelly skrev den 2015-09-11 12:12: > > Any help greatly appreciated, >> > > google URIBL_BLOCKED > > https://www.google.dk/search?q=uribl_blcoked > > http://uribl.com/refused.shtml > > plenty of other links to see how and why > > do you miss a local dns resolver ? > > if yes you use shared problems and things like your questions come up > randomly when more people dont read about it, its free to do nothing :=) >
Re: Fwd: Large volume of 0.0 scores suddenly
Why Antony? What would that do for me other than save hits against URIBL? I am signing up for their paid service so I will not have the URIBL_BLOCKED issue anymore. It does not explain the 0.0 issue I am having anyway. On 11 September 2015 at 13:42, Antony Stone < antony.st...@spamassassin.open.source.it> wrote: > > On 09/11/2015 01:17 PM, Peter Kelly wrote: > > > > - Are you using a local, non forwarding, DNS resolver/caching server ? > > > > > > No > > > > - Are you handling mail for a company, personal email, ISP, one domain, > > > many domains, etc? > > > > > > Handling mail for thousands of different companies - we run a SaaS > > > Helpdesk system like Zendesk. We see a huge range of emails and > > > domains. > > Without a local DNS server I'm amazed you haven't had problems before now. > > > Antony. > > -- > I want to build a machine that will be proud of me. > > - Danny Hillis, creator of The Connection Machine > >Please reply to the > list; > please *don't* CC > me. >
Re: Fwd: Large volume of 0.0 scores suddenly
Peter Kelly skrev den 2015-09-11 15:01: This has nothing to do with URIBL. It has always been blocked for me. I am in the process of paying for their service. It has always been like that, yet the 0.0 scores only started last week. Been running for months before that. so you already have a local dns server, and is now recieving so much spam that you need to pay uribl for dataservice ? wish it was me :=) but my point is that a missing local dns could olso show other problems
Re: Fwd: Large volume of 0.0 scores suddenly
Axb, We have a SaaS app hosted in AWS that takes in 500k emails a month. We parse these emails and convert them into tickets for the customer - they see a Helpdesk system like Zendesk. Every incoming email gets run through spamassassin via the daemon. Here is a link to the output of --lint -D http://pastebin.com/8eM88hX2 On 11 September 2015 at 13:08, Axb wrote: > On 09/11/2015 01:17 PM, Peter Kelly wrote: > >> - How are you using SA? >> (pls specify: amavis, MIMEDefang, a milter, Mailscanner, procmail, >> Fuglu, etc, etc) >> >> Just spamassassin on its own, calling the daemon from an app >> > > an "app"? Pls be more explicit. > > can you pastebin the output of > > spamassassin --lint -D > > > - Are you using a local, non forwarding, DNS resolver/caching server ? >> >> No >> > > you should, to avoid URIBL_BLOCKED > (http://uribl.com/refused.shtml) > > > >
Re: Fwd: Large volume of 0.0 scores suddenly
On 11.09.15 14:13, Peter Kelly wrote: We have a SaaS app hosted in AWS that takes in 500k emails a month. We parse these emails and convert them into tickets for the customer - they see a Helpdesk system like Zendesk. Every incoming email gets run through spamassassin via the daemon. does spamassassin see the whole e-mails, including all headers? the NO_RELAYS test looks like you are not pushing the whole mails to SA, which significantly decreases score. Also, do you have way to train your spamassassin with spam? Since all spams have BAYES_00, you should train them... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
Re: Fwd: Large volume of 0.0 scores suddenly
On 09/11/2015 03:13 PM, Peter Kelly wrote: Axb, We have a SaaS app hosted in AWS that takes in 500k emails a month. We parse these emails and convert them into tickets for the customer - they see a Helpdesk system like Zendesk. Every incoming email gets run through spamassassin via the daemon. Here is a link to the output of --lint -D http://pastebin.com/8eM88hX2 is the app feeding spamd directly or are you using spamc ? or using the API interface? can you get hold of one of those pristine messages and test them manually against spamassasssin ? if the results look massively different, chances is that your app is not doing the right thing and like Matus suspects, SA is not getting the right thing. Rules & scores do change via sa-update so depending on lots of stuff the results may vary, possibly quite a lot. As we don't have a sample msg of yours (pastebin) we can't compare with any other setups... ball over... On 11 September 2015 at 13:08, Axb wrote: On 09/11/2015 01:17 PM, Peter Kelly wrote: - How are you using SA? (pls specify: amavis, MIMEDefang, a milter, Mailscanner, procmail, Fuglu, etc, etc) Just spamassassin on its own, calling the daemon from an app an "app"? Pls be more explicit. can you pastebin the output of spamassassin --lint -D - Are you using a local, non forwarding, DNS resolver/caching server ? No you should, to avoid URIBL_BLOCKED (http://uribl.com/refused.shtml)
Re: Fwd: Large volume of 0.0 scores suddenly
On 09/11/2015 03:13 PM, Peter Kelly wrote:
Axb,
We have a SaaS app hosted in AWS that takes in 500k emails a month. We
parse these emails and convert them into tickets for the customer - they
see a Helpdesk system like Zendesk. Every incoming email gets run through
spamassassin via the daemon.
Here is a link to the output of --lint -Dhttp://pastebin.com/8eM88hX2
btw:
Sep 11 13:14:04.305 [2812] dbg: diag: [...] module not installed:
Encode::Detect ('require' failed)
Sep 11 13:14:04.305 [2812] dbg: diag: [...] module not installed:
Digest::SHA1 ('require' failed)
etc...
suggest you install the "required" modules and see if spamassassin
--lint -D detects them.
missing modules may "disable" features...
