You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marcos Saint'Anna <pi...@bol.com.br> on 2004/10/10 01:42:21 UTC
after upgrade
Hello guys,
I'm with a serious problem here, and I need some help, plz!
After the upgrade from version 2.64 to version 3.0.0, SA stopped to
work as before... the most of SPAM going to my server isn't marked as
SPAM... So I noticed that almost all headers had a "USER_IN_WHITELIST"
in it.
---
X-Spam-Status: No, hits=-88.6 required=5.0 tests=BR_RECEIVED_SPAMMER,
FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,HTML_FONT_BIG,HTML_MESSAGE,
HTML_TAG_EXIST_TBODY,INVALID_DATE,MIME_BASE64_TEXT,
MIME_BOUND_NEXTPART,MIME_HTML_ONLY,PLING_PLING,USER_IN_WHITELIST
autolearn=no version=3.0.0
---
I've checked every configuration file as so user_prefs files and
didn't found any whitelist entry.
I'm using SA 3.0.0 with Qmail-scanner 1.23.
This is the command line I'm using:
spamd -d -v -u vpopmail -s /var/log/spamd.log
Thanks in advance!
Best regards
--
Marcos Saint'Anna
pinguimsp@bol.com.br
Re: Re[2]: after upgrade
Posted by Loren Wilton <lw...@earthlink.net>.
I'm not sure what is going on there, but it really looks like you were
running two different configurations, which would imply either different
local.cf values, or you have user rules enabled and got differerent user
rules.
Following is the rules from those two messages. Note that the indented
rules only hit on one or the other try, but not both. The rules tagged with
's' have different scores. This makes me think that either different
scoresets were running (bayes enabled or not enabled, or maybe network tests
or not), or this is just plain coming off of two completely different rule
bases.
Are those Brazillian rules part of the main distro, or are they local rules?
Loren
BILL_1618=1.692,
BR_ADJUST_2=2,
BR_CONGRESSO=3,
BR_MALADIRETA=0.2,
BR_REMOVER_QUOTE=0.8,
BR_SPAMMER_URI=2,
DRUGS_SLEEP=0.107, s
FORGED_MUA_OUTLOOK=3.037, s
FORGED_OUTLOOK_HTML=0.022, s
HTML_MESSAGE=0.001,
MIME_HTML_ONLY=1.158, s
MISSING_MIMEOLE=0, s
USER_IN_WHITELIST=-100,
X_MSMAIL_PRIORITY_HIGH=0.267
BAYES_99=1.886,
BILL_1618=1.895,
BR_ADJUST_2=2,
BR_CONGRESSO=3,
BR_MALADIRETA=0.2,
BR_REMOVER_QUOTE=0.8,
BR_SPAMMER_URI=2,
DRUGS_SLEEP=0.001, s
FORGED_MUA_OUTLOOK=3.92, s
FORGED_OUTLOOK_HTML=0.629, s
HTML_MESSAGE=0.001,
HTML_SHOUTING3=0.019,
MIME_HTML_ONLY=0.177, s
MISSING_MIMEOLE=0.012 s
Re: after upgrade
Posted by Kai Schaetzl <ma...@conactive.com>.
Marcos Saint'Anna wrote on Sun, 10 Oct 2004 16:44:01 -0300:
> As you may see... the configuration files are the same, also the
> binaries are using the same version.
>
So, you are getting slightly different results with spamc and spamassassin
plus the main difference about the USER_IN_WHITELIST? Remove the complete
header from the message and try again. If it still lists USER_IN_WHITELIST
there must be something wrong with your installation, but I don't know
what.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Re[2]: after upgrade
Posted by Marcos Saint'Anna <pi...@bol.com.br>.
Hello Kai,
Thanks for your reply!
I've made the tests you recommended, but got no positive results at
all.
-------------------------------------------------------------------
These are the installed software versions:
# /usr/bin/spamc -V
SpamAssassin Client version 3.0.0
# /usr/bin/spamd -V
SpamAssassin Server version 3.0.0
# /usr/bin/spamassassin -V
SpamAssassin version 3.0.0
-------------------------------------------------------------------
This is the /usr/bin/spamd -d -v -u vpopmail -s /var/log/spamd.log
command line results about the configuration files:
[...]
2004-10-10 18:44:36 [22937] i: debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
2004-10-10 18:44:36 [22937] i: debug: config: read file /etc/mail/spamassassin/init.pre
2004-10-10 18:44:36 [22937] i: debug: using "/usr/share/spamassassin" for default rules dir
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/10_misc.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_body_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_compensate.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_drugs.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_head_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_html_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_phrases.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_porn.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_ratware.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/23_bayes.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/25_hashcash.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/25_spf.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/25_uribl.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/30_text_de.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/30_text_fr.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/30_text_nl.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/30_text_pl.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/50_scores.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/60_whitelist.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /usr/share/spamassassin/regression_tests.cf
2004-10-10 18:44:36 [22937] i: debug: using "/etc/mail/spamassassin" for site rules dir
2004-10-10 18:44:36 [22937] i: debug: config: read file /etc/mail/spamassassin/10_local_report.cf
2004-10-10 18:44:36 [22937] i: debug: config: read file /etc/mail/spamassassin/local.cf
2004-10-10 18:44:36 [22937] i: debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
2004-10-10 18:44:36 [22937] i: debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8404b90)
2004-10-10 18:44:36 [22937] i: debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
2004-10-10 18:44:36 [22937] i: debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8ac0bcc)
2004-10-10 18:44:36 [22937] i: debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
2004-10-10 18:44:36 [22937] i: debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8a96b8c)
[...]
-------------------------------------------------------------------
A message analyse using /usr/bin/spamc < test.txt:
X-Spam-Status: No, hits=-85.7 required=5.0 bayes=0.5 awl=
tests=BILL_1618=1.692,BR_ADJUST_2=2,BR_CONGRESSO=3,BR_MALADIRETA=0.2,
BR_REMOVER_QUOTE=0.8,BR_SPAMMER_URI=2,DRUGS_SLEEP=0.107,
FORGED_MUA_OUTLOOK=3.037,FORGED_OUTLOOK_HTML=0.022,HTML_MESSAGE=0.001,
MIME_HTML_ONLY=1.158,MISSING_MIMEOLE=0,USER_IN_WHITELIST=-100,
X_MSMAIL_PRIORITY_HIGH=0.267 autolearn=spam
version=3.0.0
-------------------------------------------------------------------
This is the /usr/bin/spamassassin -D -p .spamassassin/user_prefs test.txt
command line results about the configuration files:
[...]
debug: using "/usr/share/spamassassin" for default rules dir
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: config: read file /usr/share/spamassassin/regression_tests.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/10_local_report.cf
debug: config: read file /etc/mail/spamassassin/local.cf
debug: using "/root/.spamassassin" for user state dir
debug: using ".spamassassin/user_prefs" for user prefs file
debug: config: read file .spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a76a4c)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8a4e5f0)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a76a4c) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84bbca4) inhibited further callbacks
[...]
-------------------------------------------------------------------
The same message as above, with different results:
X-Spam-Status: Yes, hits=16.5 required=5.0 bayes=1.0000 awl=0.0
tests=BAYES_99=1.886,BILL_1618=1.895,BR_ADJUST_2=2,BR_CONGRESSO=3,
BR_MALADIRETA=0.2,BR_REMOVER_QUOTE=0.8,BR_SPAMMER_URI=2,
DRUGS_SLEEP=0.001,FORGED_MUA_OUTLOOK=3.92,FORGED_OUTLOOK_HTML=0.629,
HTML_MESSAGE=0.001,HTML_SHOUTING3=0.019,MIME_HTML_ONLY=0.177,
MISSING_MIMEOLE=0.012 autolearn=unavailable
version=3.0.0
-------------------------------------------------------------------
As you may see... the configuration files are the same, also the
binaries are using the same version.
I really don't know whats going on... :(
Thanks in advance for your time.
Best regards
--
Marcos Saint'Anna
pinguimsp@bol.com.br
You wrote:
KS> Marcos Saint'Anna wrote on Sun, 10 Oct 2004 02:18:19 -0300:
>> I've already tried to run SA with -D option, but got no answer at
>> all...
>>
KS> So, if you pipe one of those messages with USER_IN_WHITELIST thru
KS> spamassassin -D (not spamd!) it is *not* marked with USER_IN_WHITELIST? If
KS> so, I'd think your spamd is using a different configuration than you think
KS> or you may have some version mix. Did you run a "make test" before
KS> install?
KS> Kai
Re: after upgrade
Posted by Ed Kasky <ed...@esson.net>.
On Sun, 10 Oct 2004, Kai Schaetzl wrote:
> Marcos Saint'Anna wrote on Sun, 10 Oct 2004 02:18:19 -0300:
>
> > I've already tried to run SA with -D option, but got no answer at
> > all...
> >
>
> So, if you pipe one of those messages with USER_IN_WHITELIST thru
> spamassassin -D (not spamd!) it is *not* marked with USER_IN_WHITELIST? If
> so, I'd think your spamd is using a different configuration than you think
> or you may have some version mix. Did you run a "make test" before
> install?
FWIW, that same exact thing happened to me when I first installed SA.
Turns out I had more than one config file...
Ed
. . . . . . . . . . . . . . .
Randomly generated quote:
I distrust those people who know so well what God wants them to
do because I notice it always coincides with their own desires.
-Susan B Anthony, reformer and suffragist (1820-1906)
Re: after upgrade
Posted by Kai Schaetzl <ma...@conactive.com>.
Marcos Saint'Anna wrote on Sun, 10 Oct 2004 02:18:19 -0300:
> I've already tried to run SA with -D option, but got no answer at
> all...
>
So, if you pipe one of those messages with USER_IN_WHITELIST thru
spamassassin -D (not spamd!) it is *not* marked with USER_IN_WHITELIST? If
so, I'd think your spamd is using a different configuration than you think
or you may have some version mix. Did you run a "make test" before
install?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Re[2]: after upgrade
Posted by Marcos Saint'Anna <pi...@bol.com.br>.
Hello Matt,
Thanks for your prompt reply.
I've removed all whitelist_from entries from configuration files, even
those from user_prefs files.
I've already tried to run SA with -D option, but got no answer at
all...
This start happening just after the upgrade. Please note that I've
read several times the INSTALL and UPGRADE instructions before do the
upgrade...
Best regards
--
Marcos Saint'Anna
pinguimsp@bol.com.br
You wrote:
MK> At 08:42 PM 10/9/2004 -0300, Marcos Saint'Anna wrote:
>>SPAM... So I noticed that almost all headers had a "USER_IN_WHITELIST"
>>in it.
>>
>>---
>>X-Spam-Status: No, hits=-88.6 required=5.0 tests=BR_RECEIVED_SPAMMER,
>>
>> FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,HTML_FONT_BIG,HTML_MESSAGE,
>> HTML_TAG_EXIST_TBODY,INVALID_DATE,MIME_BASE64_TEXT,
>>
>> MIME_BOUND_NEXTPART,MIME_HTML_ONLY,PLING_PLING,USER_IN_WHITELIST
>> autolearn=no version=3.0.0
>>---
>>
>>I've checked every configuration file as so user_prefs files and
>>didn't found any whitelist entry.
MK> Did you find *any* whitelist statements at all?
MK> Also be sure to scrutinize ALL the message headers when trying to check
MK> which statement is at fault.
MK> SA's whitelisting system honors more than just From: in whitelist_from*. It
MK> honors Return-Path, Sender, Resent-From and more-or-less any origin
MK> indicating header.
Re: after upgrade
Posted by Matt Kettler <mk...@comcast.net>.
At 08:42 PM 10/9/2004 -0300, Marcos Saint'Anna wrote:
>SPAM... So I noticed that almost all headers had a "USER_IN_WHITELIST"
>in it.
>
>---
>X-Spam-Status: No, hits=-88.6 required=5.0 tests=BR_RECEIVED_SPAMMER,
> FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,HTML_FONT_BIG,HTML_MESSAGE,
> HTML_TAG_EXIST_TBODY,INVALID_DATE,MIME_BASE64_TEXT,
> MIME_BOUND_NEXTPART,MIME_HTML_ONLY,PLING_PLING,USER_IN_WHITELIST
> autolearn=no version=3.0.0
>---
>
>I've checked every configuration file as so user_prefs files and
>didn't found any whitelist entry.
Did you find *any* whitelist statements at all?
Also be sure to scrutinize ALL the message headers when trying to check
which statement is at fault.
SA's whitelisting system honors more than just From: in whitelist_from*. It
honors Return-Path, Sender, Resent-From and more-or-less any origin
indicating header.