You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Paul Wetter <pw...@steamedsoup.com> on 2006/04/25 05:30:38 UTC
Messages Not detected as Spam
For the last week now I have been receiving several very similar messages that are spam and not being detected as spam. I have done an sa-learn on every one of them but they still come in not even being tagged. Is there something wrong with my bayes detection? Is there any way to log what spamassassin is doing to see if it finds anything?
I call spamassassin's spam checks through amavisd-new which controls a couple virtual domains.
Thanks in advance,
Paul
Re: Messages Not detected as Spam
Posted by Paul Wetter <pw...@steamedsoup.com>.
I forgot to note that I have flagged 50+ of these similar emails. It seems to me that something is not working correctly.
----- Original Message -----
From: Paul Wetter
To: users@spamassassin.apache.org
Sent: Monday, April 24, 2006 10:30 PM
Subject: Messages Not detected as Spam
For the last week now I have been receiving several very similar messages that are spam and not being detected as spam. I have done an sa-learn on every one of them but they still come in not even being tagged. Is there something wrong with my bayes detection? Is there any way to log what spamassassin is doing to see if it finds anything?
I call spamassassin's spam checks through amavisd-new which controls a couple virtual domains.
Thanks in advance,
Paul
Re: Messages Not detected as Spam
Posted by Jim Maul <jm...@elih.org>.
Paul Wetter wrote:
> Ok, I added what you said. I think things may be back on the up and in
> operation. Some spam however is still not detected, which brings me to
> my next question.
>
> I have one other question about razor checks. They do not appear to be
> working. If I do a manual check (with the amavis user) it logs the
> message as a spam message in the razor-agent.log file. Yet running the
> same thing through spamassassin does not show any razor checks picking
> it up and also it does not log anything in the razor-agent.log file
> either way.
>
> In local.cf I have the following 3 lines related to razor:
>
> loadplugin Mail::SpamAssassin::Plugin::Razor2
> use_razor2 1
> razor_config /pathtoconfig/.razor/razor-agent.conf
>
> Am I missing something? Is this correct?
>> From what I see my SpamAssassin install is not doing the razor checks.
>
> Thanks in advance.
> -Paul
>
Dont loadplugin statements go in init.pre not local.cf?
Im still on 2.64 so i could be completely wrong on this one...
-Jim
Re: Messages Not detected as Spam
Posted by Paul Wetter <pw...@steamedsoup.com>.
> Paul Wetter wrote:
>> Ok, I added what you said. I think things may be back on the up and in
>> operation. Some spam however is still not detected, which brings me to
>> my next question.
>>
>> I have one other question about razor checks. They do not appear to be
>> working. If I do a manual check (with the amavis user) it logs the
>> message as a spam message in the razor-agent.log file. Yet running the
>> same thing through spamassassin does not show any razor checks picking
>> it up and also it does not log anything in the razor-agent.log file
>> either way.
>>
>> In local.cf I have the following 3 lines related to razor:
>>
>> loadplugin Mail::SpamAssassin::Plugin::Razor2
>
> DO NOT put ANY loadplugin statements in your local.cf, or any other .cf
> file for
> that matter, unless you intentionally want to suppress any rules that go
> with
> the plugin. loadplugin statements belong in .pre files. In this case, edit
> v310.pre and uncomment the existing line for this.
>
> This is VERY important, as .pre files get parsed before the default rules,
> but
> .cf files are parsed after them. If the plugin is not present when the
> default
> rules are parsed, the razor rules will be omitted.
>
You rock man! Everything is working great now! I must have gotten my wires
crossed when reading the docs. I really appreciate the wonderful resources
of these mailing lists.
Have a good one,
Paul
Re: Messages Not detected as Spam
Posted by Matt Kettler <mk...@evi-inc.com>.
Paul Wetter wrote:
> Ok, I added what you said. I think things may be back on the up and in
> operation. Some spam however is still not detected, which brings me to
> my next question.
>
> I have one other question about razor checks. They do not appear to be
> working. If I do a manual check (with the amavis user) it logs the
> message as a spam message in the razor-agent.log file. Yet running the
> same thing through spamassassin does not show any razor checks picking
> it up and also it does not log anything in the razor-agent.log file
> either way.
>
> In local.cf I have the following 3 lines related to razor:
>
> loadplugin Mail::SpamAssassin::Plugin::Razor2
DO NOT put ANY loadplugin statements in your local.cf, or any other .cf file for
that matter, unless you intentionally want to suppress any rules that go with
the plugin. loadplugin statements belong in .pre files. In this case, edit
v310.pre and uncomment the existing line for this.
This is VERY important, as .pre files get parsed before the default rules, but
.cf files are parsed after them. If the plugin is not present when the default
rules are parsed, the razor rules will be omitted.
Re: Messages Not detected as Spam
Posted by Paul Wetter <pw...@steamedsoup.com>.
Probably would also like this output, i think:
[root@mail ~]# spamassassin -D --lint 2>&1 | grep -i razor
[4398] dbg: diag: module installed: Razor2::Client::Agent, version 2.75
[4398] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[4398] dbg: plugin: fixed relative path:
/usr/share/spamassassin/updates_spamassassin_org/25_razor2.cf
[4398] dbg: config: using
"/usr/share/spamassassin/updates_spamassassin_org/25_razor2.cf" for included
file
[4398] dbg: config: read file
/usr/share/spamassassin/updates_spamassassin_org/25_razor2.cf
[4398] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[4398] dbg: razor2: razor2 is available, version 2.75
[4398] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Razor2=HASH(0x912f2c0)
> Ok, I added what you said. I think things may be back on the up and in
> operation. Some spam however is still not detected, which brings me to my
> next question.
>
> I have one other question about razor checks. They do not appear to be
> working. If I do a manual check (with the amavis user) it logs the
> message as a spam message in the razor-agent.log file. Yet running the
> same thing through spamassassin does not show any razor checks picking it
> up and also it does not log anything in the razor-agent.log file either
> way.
>
> In local.cf I have the following 3 lines related to razor:
>
> loadplugin Mail::SpamAssassin::Plugin::Razor2
> use_razor2 1
> razor_config /pathtoconfig/.razor/razor-agent.conf
>
> Am I missing something? Is this correct?
> From what I see my SpamAssassin install is not doing the razor checks.
>
> Thanks in advance.
> -Paul
>
> ----- Original Message -----
> From: "Matt Kettler" <mk...@evi-inc.com>
> To: "Paul Wetter" <pw...@steamedsoup.com>
> Cc: "Matt Kettler" <mk...@comcast.net>;
> <us...@spamassassin.apache.org>
> Sent: Tuesday, April 25, 2006 2:14 PM
> Subject: Re: Messages Not detected as Spam
>
>
>> Paul Wetter wrote:
>>>>
>>>>
>>>>
>>> To answer your questions:
>>> 1. I ran spamassassin -t as root.
>>> amavis runs as a different user.
>>> I do have bayes_path in the local.cf file. The line should read as
>>> follows correct?
>>> bayes_path /firstpartofpath/.spamassassin/bayes
>>
>> Yes. If /firstpartofpath/ doesn't start with ~/ then you'll also need to
>> add
>> bayes_file_mode 0777. Otherwise the bayes DB will change ownership when
>> you run
>> sa-learn and may not be R/W to the amavis process.
>>
>>
>>>
>>> 2. I have $sa_local_tests_only = 0 and I get other spam reports that
>>> show several RCVD_IN_ checks that hit.
>>> Also when I do sa-learn with the spam I use the path from above to learn
>>> the spam.
>>
>
>
>
>
Re: Messages Not detected as Spam
Posted by Paul Wetter <pw...@steamedsoup.com>.
Ok, I added what you said. I think things may be back on the up and in
operation. Some spam however is still not detected, which brings me to my
next question.
I have one other question about razor checks. They do not appear to be
working. If I do a manual check (with the amavis user) it logs the message
as a spam message in the razor-agent.log file. Yet running the same thing
through spamassassin does not show any razor checks picking it up and also
it does not log anything in the razor-agent.log file either way.
In local.cf I have the following 3 lines related to razor:
loadplugin Mail::SpamAssassin::Plugin::Razor2
use_razor2 1
razor_config /pathtoconfig/.razor/razor-agent.conf
Am I missing something? Is this correct?
>From what I see my SpamAssassin install is not doing the razor checks.
Thanks in advance.
-Paul
----- Original Message -----
From: "Matt Kettler" <mk...@evi-inc.com>
To: "Paul Wetter" <pw...@steamedsoup.com>
Cc: "Matt Kettler" <mk...@comcast.net>;
<us...@spamassassin.apache.org>
Sent: Tuesday, April 25, 2006 2:14 PM
Subject: Re: Messages Not detected as Spam
> Paul Wetter wrote:
>>>
>>>
>>>
>> To answer your questions:
>> 1. I ran spamassassin -t as root.
>> amavis runs as a different user.
>> I do have bayes_path in the local.cf file. The line should read as
>> follows correct?
>> bayes_path /firstpartofpath/.spamassassin/bayes
>
> Yes. If /firstpartofpath/ doesn't start with ~/ then you'll also need to
> add
> bayes_file_mode 0777. Otherwise the bayes DB will change ownership when
> you run
> sa-learn and may not be R/W to the amavis process.
>
>
>>
>> 2. I have $sa_local_tests_only = 0 and I get other spam reports that
>> show several RCVD_IN_ checks that hit.
>> Also when I do sa-learn with the spam I use the path from above to learn
>> the spam.
>
Re: Messages Not detected as Spam
Posted by Matt Kettler <mk...@evi-inc.com>.
Paul Wetter wrote:
>>
>>
>>
> To answer your questions:
> 1. I ran spamassassin -t as root.
> amavis runs as a different user.
> I do have bayes_path in the local.cf file. The line should read as
> follows correct?
> bayes_path /firstpartofpath/.spamassassin/bayes
Yes. If /firstpartofpath/ doesn't start with ~/ then you'll also need to add
bayes_file_mode 0777. Otherwise the bayes DB will change ownership when you run
sa-learn and may not be R/W to the amavis process.
>
> 2. I have $sa_local_tests_only = 0 and I get other spam reports that
> show several RCVD_IN_ checks that hit.
> Also when I do sa-learn with the spam I use the path from above to learn
> the spam.
Re: Messages Not detected as Spam
Posted by Paul Wetter <pw...@steamedsoup.com>.
> Paul Wetter wrote:
>> Here is what I get when I reproduce the email:
>> X-Spam-Status: No, hits=0.002 tagged_above=-1 required=1.5
>> tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
>>
>>
>> spamassassin -t gives me this:
>>
>> Content analysis details: (9.1 points, 2.5 required)
>>
>> pts rule name description
>> ---- ----------------------
>> --------------------------------------------------
>> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
>> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
>> lines
>> 0.0 HTML_MESSAGE BODY: HTML included in message
>> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
>> [score: 1.0000]
>> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
>> [Blocked - see
>> <http://www.spamcop.net/bl.shtml?81.121.100.79>]
>> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
>> [81.121.100.79 listed in
>> sbl-xbl.spamhaus.org]
>>
>>
>> They are very different!
>> Where do we go from here?
>>
>
> Question 1: what user are you running spamassassin -t as?
> Is it the same user that amavis runs as?
> Do you have a bayes_path statement in your local.cf?
>
> If the answer to the last two is "no" then you're using two different
> bayes DBs.
> SA determines what bayes database to use based on the home directory of
> the
> environment that executes it. It does not attempt to parse the "To:"
> header or
> anything like that.
>
> Question 2: do you have sa_local_tests_only = 1 in your amavisd.conf? If
> so, all
> the RCVD_IN_* tests are disabled.
>
>
>
To answer your questions:
1. I ran spamassassin -t as root.
amavis runs as a different user.
I do have bayes_path in the local.cf file. The line should read as
follows correct?
bayes_path /firstpartofpath/.spamassassin/bayes
2. I have $sa_local_tests_only = 0 and I get other spam reports that
show several RCVD_IN_ checks that hit.
Also when I do sa-learn with the spam I use the path from above to learn
the spam.
Thanks again.
Re: Messages Not detected as Spam
Posted by Matt Kettler <mk...@evi-inc.com>.
Paul Wetter wrote:
> Here is what I get when I reproduce the email:
> X-Spam-Status: No, hits=0.002 tagged_above=-1 required=1.5
> tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
>
>
> spamassassin -t gives me this:
>
> Content analysis details: (9.1 points, 2.5 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
> lines
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> [score: 1.0000]
> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see
> <http://www.spamcop.net/bl.shtml?81.121.100.79>]
> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> [81.121.100.79 listed in sbl-xbl.spamhaus.org]
>
>
> They are very different!
> Where do we go from here?
>
Question 1: what user are you running spamassassin -t as?
Is it the same user that amavis runs as?
Do you have a bayes_path statement in your local.cf?
If the answer to the last two is "no" then you're using two different bayes DBs.
SA determines what bayes database to use based on the home directory of the
environment that executes it. It does not attempt to parse the "To:" header or
anything like that.
Question 2: do you have sa_local_tests_only = 1 in your amavisd.conf? If so, all
the RCVD_IN_* tests are disabled.
Re: Messages Not detected as Spam
Posted by Vincent Li <vi...@gmail.com>.
On 24-Apr-06, at 9:25 PM, Paul Wetter wrote:
> Here is what I get when I reproduce the email:
> X-Spam-Status: No, hits=0.002 tagged_above=-1 required=1.5
> tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
>
>
> spamassassin -t gives me this:
>
> Content analysis details: (9.1 points, 2.5 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> 0.0 UNPARSEABLE_RELAY Informational: message has unparseable
> relay lines
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to
> 100%
> [score: 1.0000]
> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see
> <http://www.spamcop.net/bl.shtml?81.121.100.79>]
> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> [81.121.100.79 listed in
> sbl-xbl.spamhaus.org]
>
>
> They are very different!
> Where do we go from here?
>
> Thanks again!!
> -Paul
In http://www.ijs.si/software/amavisd/#faq, SpamAssassin returns a
different score section has more details about what might go wrong
Vincent
Systems Administrator
Biomedical Research Centre
University of BC
Re: Messages Not detected as Spam
Posted by Paul Wetter <pw...@steamedsoup.com>.
Here is what I get when I reproduce the email:
X-Spam-Status: No, hits=0.002 tagged_above=-1 required=1.5
tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
spamassassin -t gives me this:
Content analysis details: (9.1 points, 2.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?81.121.100.79>]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[81.121.100.79 listed in sbl-xbl.spamhaus.org]
They are very different!
Where do we go from here?
Thanks again!!
-Paul
----- Original Message -----
From: "Matt Kettler" <mk...@comcast.net>
To: "Paul Wetter" <pw...@steamedsoup.com>
Cc: <us...@spamassassin.apache.org>
Sent: Monday, April 24, 2006 10:46 PM
Subject: Re: Messages Not detected as Spam
> Paul Wetter wrote:
>> For the last week now I have been receiving several very similar
>> messages that are spam and not being detected as spam. I have done an
>> sa-learn on every one of them but they still come in not even being
>> tagged. Is there something wrong with my bayes detection? Is there
>> any way to log what spamassassin is doing to see if it finds anything?
>>
>> I call spamassassin's spam checks through amavisd-new which controls a
>> couple virtual domains.
>
> First step, try running one of them manually through spamassassin -t..
> what rule hits do you get? (post the X-Spam-Status SA generates).
>
> Next step, modify amavis to always add an X-Spam-Status header (ie: set
> tagged_above to -1000.). Compare the results, or post here along with
> the above..
>
>
>
>
>
Re: Messages Not detected as Spam
Posted by Matt Kettler <mk...@comcast.net>.
Paul Wetter wrote:
> For the last week now I have been receiving several very similar
> messages that are spam and not being detected as spam. I have done an
> sa-learn on every one of them but they still come in not even being
> tagged. Is there something wrong with my bayes detection? Is there
> any way to log what spamassassin is doing to see if it finds anything?
>
> I call spamassassin's spam checks through amavisd-new which controls a
> couple virtual domains.
First step, try running one of them manually through spamassassin -t..
what rule hits do you get? (post the X-Spam-Status SA generates).
Next step, modify amavis to always add an X-Spam-Status header (ie: set
tagged_above to -1000.). Compare the results, or post here along with
the above..