You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Payal Rathod <pa...@scriptkitchen.com> on 2005/05/02 09:09:35 UTC
bayes problem
Hi,
I am looking after a friend's email server till he returns from his
vacation. In his local.cf (SA 2.61 and yes I know it is time for
upgrade) file he has,
bayes_path /etc/mail/spamassassin/bayes
use_bayes 1
score BAYES_50 0.001
Also bayes is well trained with,
-rw------- 1 root root 5263360 May 2 01:58 bayes_seen
-rw------- 1 root root 4210688 May 2 01:58 bayes_toks
All the spam mails are forwared to an account 'spam'.
Lately his users had started complaining that they received more spam
than ever, so I checked his spam folder and grepped for bayes in
headers. Surprisingly, out of 500 mails none showed bayes in headers.
Does that mean bayes has stopped working?
# sa-learn --dump magic
0.000 0 2 0 non-token data: bayes db version
0.000 0 13061 0 non-token data: nspam
0.000 0 31377 0 non-token data: nham
0.000 0 128804 0 non-token data: ntokens
0.000 0 1114158622 0 non-token data: oldest atime
0.000 0 1115016277 0 non-token data: newest atime
0.000 0 1115016659 0 non-token data: last journal
sync atime
0.000 0 1114797900 0 non-token data: last expiry
atime
0.000 0 639290 0 non-token data: last expire
atime delta
0.000 0 36759 0 non-token data: last expire
reduction count
What must be wrong?
With warm regards,
-Payal
Raising the score...
Posted by Kevin Morwood <ke...@morwood.ca>.
Hello,
I have an old email address that a few contacts still use to reach me.
I've tried to get everyone up to date on the new address but no luck.
That's not really the issue though...
The reason I changed addresses was that the spam that was coming in was
all addressed to the old address. I see that SA has a concept of
'blacklist_to' but that will probably be overkill...right?
If I set up whitelists for the people who I know...and who still use my
old adress...and blacklist all other mail that is addressed to this
address...will that work?
Is there a better way...besides begging these contacts to finally update
their address books? :)
TIA,
Kevin
Re: bayes problem
Posted by Matt Kettler <mk...@evi-inc.com>.
Payal Rathod wrote:
>On Mon, May 02, 2005 at 02:11:19PM -0400, Matt Kettler wrote:
>
>
>>How is SA called? from procmail, or something else?
>>
>>
>
>For .qmail file with a script ifspamh
>
>
>
>>One major problem I see is that the bayes files have permissions of 400,
>>but the bayes DB is site-wide. You generally need to use bayes_file_mode
>>
>>
>[...]
>
>Right. Do I need 777 or just 744?
>
>
In general 777. All users that need to access the bayes DB need to be
able to write to it, and create/delete temporary files and lock files.
This happens most extensively in the event of opportunistic expiry or
autolearning.
In your case I might do 744, just because the box isn't yours and the
admin might not want world-writable files (in which case he shouldn't be
using a global bayes DB).
However, 744 is really a half-baked solution and won't eliminate bayes
problems.
>
>
>>As for receiving more spam than ever. Well, you're using SA 2.61,
>>which
>>IS massively outdated. Spam is a moving target, and SpamAssassin does
>>require reasonably frequent updates to keep abreast of changing
>>trends.
>>
>>
>
>How safe is it to change to the new version? His is a live server and we
>don't want to risk anything at all.
>
>
I wouldn't be doing extensive upgrades on a box you don't normally
administer. However, you should let him know that all versions from 2.60
through 2.63 are vulnerable to a DoS attack if a person sends you a
maliciously crafted email (it's a bug in the mime decoder which was
fixed in 2.64, as well as 3.0.0)
Re: bayes problem
Posted by Payal Rathod <pa...@scriptkitchen.com>.
On Mon, May 02, 2005 at 02:11:19PM -0400, Matt Kettler wrote:
> How is SA called? from procmail, or something else?
For .qmail file with a script ifspamh
>
> One major problem I see is that the bayes files have permissions of 400,
> but the bayes DB is site-wide. You generally need to use bayes_file_mode
[...]
Right. Do I need 777 or just 744?
> As for receiving more spam than ever. Well, you're using SA 2.61,
> which
> IS massively outdated. Spam is a moving target, and SpamAssassin does
> require reasonably frequent updates to keep abreast of changing
> trends.
How safe is it to change to the new version? His is a live server and we
don't want to risk anything at all.
With warm regards,
-Payal
Re: bayes problem
Posted by Matt Kettler <mk...@evi-inc.com>.
Payal Rathod wrote:
>Hi,
>I am looking after a friend's email server till he returns from his
>vacation. In his local.cf (SA 2.61 and yes I know it is time for
>upgrade) file he has,
>bayes_path /etc/mail/spamassassin/bayes
>use_bayes 1
>score BAYES_50 0.001
>
>Also bayes is well trained with,
>-rw------- 1 root root 5263360 May 2 01:58 bayes_seen
>-rw------- 1 root root 4210688 May 2 01:58 bayes_toks
>
>All the spam mails are forwared to an account 'spam'.
>Lately his users had started complaining that they received more spam
>than ever, so I checked his spam folder and grepped for bayes in
>headers. Surprisingly, out of 500 mails none showed bayes in headers.
>Does that mean bayes has stopped working?
>
Almost certainly. Or, it might only be working for root.
How is SA called? from procmail, or something else?
One major problem I see is that the bayes files have permissions of 400,
but the bayes DB is site-wide. You generally need to use bayes_file_mode
0777 when you specify a bayes_path in your local.cf. (If all users are
to use the same bayes DB, they all must be able to read/write the files
and have rwx to directories. Since these are deleted/recreated by SA
constantly you can't just use chmod)
If any non-root userID is used when invoking spamassassin, then the
bayes DB will not be accessible.
If he's using a MTA layer tool that always scans as root, this shouldn't
be a problem. However, if he's letting the user's procmailrc call
spamassassin or spamc this could be very troublesome. It's also trouble
if his MTA layer tool deprivleges itself to a non-root userid.
As for receiving more spam than ever. Well, you're using SA 2.61, which
IS massively outdated. Spam is a moving target, and SpamAssassin does
require reasonably frequent updates to keep abreast of changing trends.
I'll admit I'm using 2.64, but I'm also using the Mail::SpamCopURI
addon, and extensive custom rule tuning to keep up with it. Using an
out-of-the box 2.61 setup, even with bayes, hitrate is going to suffer.