On 7/22/2009 10:57 AM, MySQL Student wrote:
Hi,
Are spamd and amavisd-new mutually exclusive?
I'm also trying to use sa-stats.pl, and it is reporting zeros because
I've just learned it relies on spamd, which I'm apparently not using.
Try amavis-logwatch too. Since you're running amavis, you'll get extra
stuff too.
You'll have to strip out your non-standard quarantine tags at the end of
the SPAM lines. See the quick and dirty sed expression below, which
you'll need to modify to suit your needs.
Sorry about the wrapping below. I turned of additional output w/switches:
$ sed 's/, quarantine spam.*$//' maillog | amavis-logwatch --l bayes=0
--notimings
===========================================================================
SpamAssassin Rule Hits: Spam
---------------------------------------------------------------------------
Rank Hits % Msgs % Spam % Ham Score Rule
---- ---- ------ ------ ----- ----- ----
1 1 0.00% 0.00% 0.00% FORGED_YAHOO_RCVD
2 1 0.00% 0.00% 0.00% REPTO_QUOTE_YAHOO
3 1 0.00% 0.00% 0.00% RCVD_NUMERIC_HELO
4 1 0.00% 0.00% 0.00% RCVD_DOUBLE_IP_LOOSE
5 1 0.00% 0.00% 0.00% HEAD_ILLEGAL_CHARS
6 1 0.00% 0.00% 0.00% HTML_TAG_BALANCE_BODY
7 1 0.00% 0.00% 0.00% TVD_RCVD_IP
8 1 0.00% 0.00% 0.00% BODY_8BITS
9 1 0.00% 0.00% 0.00% RDNS_NONE
10 1 0.00% 0.00% 0.00% RCVD_IN_XBL
11 1 0.00% 0.00% 0.00% BAYES_99
12 1 0.00% 0.00% 0.00% MIME_HTML_ONLY_MULTI
13 1 0.00% 0.00% 0.00% TVD_RCVD_IP4
14 1 0.00% 0.00% 0.00% SUBJECT_NEEDS_ENCODING
15 1 0.00% 0.00% 0.00% MPART_ALT_DIFF
16 1 0.00% 0.00% 0.00% RCVD_HELO_IP_MISMATCH
17 1 0.00% 0.00% 0.00% HTML_MESSAGE
18 1 0.00% 0.00% 0.00% SUBJ_ILLEGAL_CHARS
19 1 0.00% 0.00% 0.00% FROM_ILLEGAL_CHARS
20 1 0.00% 0.00% 0.00% MIME_HTML_ONLY
...
===========================================================================
Here is the relevant log information from line in my mail.log:
Jul 22 00:01:24 mail02 amavis[30729]: (30729-266) SPAM,
<dkghsghs...@yahoo.com> -> <j...@mydomain.com>, Yes, hits=40.6
tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_99, BODY_8BITS,
BOTNET, FORGED_YAHOO_RCVD, FROM_ILLEGAL_CHARS, HEAD_ILLEGAL_CHARS,
HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_TAG_BALANCE_BODY,
MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI, MPART_ALT_DIFF, MSGID_RANDY,
RCVD_DOUBLE_IP_LOOSE, RCVD_HELO_IP_MISMATCH, RCVD_IN_XBL,
RCVD_NUMERIC_HELO, RDNS_NONE, REPTO_QUOTE_YAHOO,
SUBJECT_NEEDS_ENCODING, SUBJ_ILLEGAL_CHARS, TVD_RCVD_IP, TVD_RCVD_IP4,
quarantine spam-d55bdeb21a3775a8f250921df74e14d7-20090722-000123-30729-266
(spam-quarantine)
Jul 22 00:01:24 mail02 amavis[30729]: (30729-266) TIMING [total 785
ms] - SMTP EHLO: 1 (0%), SMTP pre-MAIL: 1 (0%), create email.txt: 0
(0%), SMTP pre-DATA-flush: 1 (0%), SMTP DATA: 80 (10%), body hash: 0
(0%), mime_decode: 6 (1%), get-file-type: 13 (2%), decompose_part: 1
(0%), parts: 0 (0%), AV-scan-1: 4 (0%), AV-scan-2: 6 (1%), SA msg
read: 13 (2%), SA parse: 2 (0%), SA check: 519 (66%), write-header: 25
(3%), save-to-local-mailbox: 8 (1%), delete email.txt: 105
(13%),unlink-1-files: 0 (0%), rundown: 0 (0%)
Can sa-stats.pl be configured to parse this output? Other ideas?
Thanks,
Alex
