You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Slava Garaschenko <sl...@ambernet.kiev.ua> on 2005/02/28 13:14:27 UTC
pyzor
>> Jimmy Hayes are right. It's something strange with pyzor.
Spamassassin is don't use it in daemon mode.
I use spamassassin 3.02 with sendmail with use milter interface at
Fedora Core 1.
To check did phyzor is really work with spamassassin i execute
tcpdump -i eth0 src or dst port 24441
At any phyzor request I must see packets at this port.
Then I try:
spamassassin -D --lint
I see:
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: setuid: helper proc 12529: ruid=0 euid=0
debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0
debug: leaving helper-app run mode
and also tcpdump show:
06:41:48.670154 us.ambernet.kiev.ua.1757 > clapton.quatro.com.24441: udp
165 (DF)
06:41:48.693085 clapton.quatro.com.24441 > us.ambernet.kiev.ua.1757: udp
63 (DF)
This say that phyzor was really called and executed.
But, then I run spamassassin in daemon mode by
/etc/rc.d/init.d/spamassassinstart
I dont' see any request to port 24441 which is used by pyzor.
This means that pyzor completely don't work with spamassassin. At least
then spamassassin is used in daemon mode.
Who know any solutions for this ?
--
Garashchenko Vyacheslav
CEO
AmberNet ISP, Kiev, UKRAINE
e-mail: slava@ambernet.kiev.ua
ICQ: 11379952 (authorisation required)
RIPE: VG299-RIPE
Re: pyzor
Posted by Bill Landry <bi...@pointshare.com>.
----- Original Message -----
From: "Slava Garaschenko" <sl...@ambernet.kiev.ua>
>I use spamassassin at one of the e-mail gateway of my company, and it is
> processing up to 10-20 messages every minutes (peak). Also, i was try to
> execute at the same time
> tcpdump -i eth0 src or dst port 6277
> (for dcc)
> and
> tcpdump -i eth0 src or dst port 24441
> (for pyzor)
> And I see many request to dcc and no any request to pyzor at the same
> time. This say, that network checking is work. But I don't see any
> packets at port 24441, which means (I think) that spamd don't use pyzor...
What pyzor server are you point to? If 217.160.253.84:24441, try instead
66.250.40.33:24441. The pyzor server changed earlier this month:
https://sourceforge.net/mailarchive/forum.php?thread_id=6493585&forum_id=8711.
You can also try "pyzor discover" and that should update you to the new
server.
Bill
Re: pyzor
Posted by Slava Garaschenko <sl...@ambernet.kiev.ua>.
I use spamassassin at one of the e-mail gateway of my company, and it is
processing up to 10-20 messages every minutes (peak). Also, i was try to
execute at the same time
tcpdump -i eth0 src or dst port 6277
(for dcc)
and
tcpdump -i eth0 src or dst port 24441
(for pyzor)
And I see many request to dcc and no any request to pyzor at the same
time. This say, that network checking is work. But I don't see any
packets at port 24441, which means (I think) that spamd don't use pyzor...
here my statistics of mail filtering at this gateway for last ~24 hours:
[root@usa tmp]# MyMail /var/log/maillog
Mon Feb 28 07:48:34 EST 2005
Accepted: 1842
Spamassassin: 9539
By DCC: 4913
Relaying: 11402
SpamCop: 5169
Viruses: 39
Too many rcp: 949
here from config file of sapmassassin (possibly something wrong here ?)
use_pyzor 1
#pyzor_max 10
pyzor_timeout 10
pyzor_path /usr/bin/pyzor
Here the command line for spamd (from /etc/sysconfig/spamassassin)
SPAMDOPTIONS="-d -m6 --max-conn-per-child=25 -u vilter -H
/var/smtp-vilter/tmp"
Matt Kettler wrote:
> At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>
>> But, then I run spamassassin in daemon mode by
>> /etc/rc.d/init.d/spamassassinstart
>> I dont' see any request to port 24441 which is used by pyzor.
>>
>> This means that pyzor completely don't work with spamassassin. At
>> least then spamassassin is used in daemon mode.
>
>
> When you did this test, did you actually feed a message to spamc?
>
> Merely starting spamd does nothing until spamc has a message to check.
--
Garashchenko Vyacheslav
CEO
AmberNet ISP, Kiev, UKRAINE
e-mail: slava@ambernet.kiev.ua
ICQ: 11379952 (authorisation required)
RIPE: VG299-RIPE
Re: pyzor
Posted by Slava Garaschenko <sl...@ambernet.kiev.ua>.
About UDP for request and TCP for answers I was read here:
http://wiki.apache.org/spamassassin/NetTestFirewallIssues
>>Pyzor uses both udp and tcp port 24441. It looks as though the client
communicates with the server via udp but the server answers back with a
tcp connection.
But as I see by tcpdump now, pyzor is use only udp. Possibly this
information is too old...
Matt Kettler wrote:
> At 10:51 AM 2/28/2005, Slava Garaschenko wrote:
>
>> and tcpdump show:
>> 10:47:59.056563 us.ambernet.kiev.ua.4831 > clapton.quatro.com.24441:
>> udp 165 (DF)
>> 10:47:59.080542 clapton.quatro.com.24441 > us.ambernet.kiev.ua.4831:
>> udp 63 (DF)
>>
>> Only things, with which I was surprised, that I was read that pyzor
>> use UDP for request and tcp for answer, but I see udp only...
>
>
> grepping the code for pyzor 0.4.0, there's no SOCK_STREAM (tcp) in
> use, only SOCK_DGRAM (udp).
>
> I ran grep -ri with several different search strings:
> "tcp", "udp", "stream", "dgram", "connect", "recv", "bind", "accept",
> "listen" and "socket"
>
> In the process I came up with nothing to suggest use of TCP.
> Everything seems to be datagrams sent via sendto and received with
> recvfrom. Unless there's some python wrapper object with a rather
> obscure name, I'd be surprised if there's any support for TCP at all.
>
>
--
Garashchenko Vyacheslav
CEO
AmberNet ISP, Kiev, UKRAINE
e-mail: slava@ambernet.kiev.ua
ICQ: 11379952 (authorisation required)
RIPE: VG299-RIPE
Re: pyzor
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:51 AM 2/28/2005, Slava Garaschenko wrote:
>and tcpdump show:
>10:47:59.056563 us.ambernet.kiev.ua.4831 > clapton.quatro.com.24441: udp
>165 (DF)
>10:47:59.080542 clapton.quatro.com.24441 > us.ambernet.kiev.ua.4831: udp
>63 (DF)
>
>Only things, with which I was surprised, that I was read that pyzor use
>UDP for request and tcp for answer, but I see udp only...
grepping the code for pyzor 0.4.0, there's no SOCK_STREAM (tcp) in use,
only SOCK_DGRAM (udp).
I ran grep -ri with several different search strings:
"tcp", "udp", "stream", "dgram", "connect", "recv", "bind", "accept",
"listen" and "socket"
In the process I came up with nothing to suggest use of TCP. Everything
seems to be datagrams sent via sendto and received with recvfrom. Unless
there's some python wrapper object with a rather obscure name, I'd be
surprised if there's any support for TCP at all.
Re: pyzor
Posted by Slava Garaschenko <sl...@ambernet.kiev.ua>.
What firewall rule do you use for pyzor ? Did it use any other port, not
only 24441 ? Becouse I don't see any packets by
tcpdump. Not request, not answers (in daemon mode).
But then I type
spamassassin -D --lint - all OK:
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: setuid: helper proc 32064: ruid=0 euid=0
debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0
and tcpdump show:
10:47:59.056563 us.ambernet.kiev.ua.4831 > clapton.quatro.com.24441: udp
165 (DF)
10:47:59.080542 clapton.quatro.com.24441 > us.ambernet.kiev.ua.4831: udp
63 (DF)
Only things, with which I was surprised, that I was read that pyzor use
UDP for request and tcp for answer, but I see udp only...
Alan Munday wrote:
> Matt Kettler wrote the following on 28/02/2005 12:32:
>
>> At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>>
>>> But, then I run spamassassin in daemon mode by
>>> /etc/rc.d/init.d/spamassassinstart
>>> I dont' see any request to port 24441 which is used by pyzor.
>>>
>>> This means that pyzor completely don't work with spamassassin. At
>>> least then spamassassin is used in daemon mode.
>>
>>
>>
>> When you did this test, did you actually feed a message to spamc?
>>
>> Merely starting spamd does nothing until spamc has a message to check.
>
>
> Matt
>
> I've been wondering if there has been a problem with pyzor for a while.
>
> On reading this I've just checked my firewall logs for traffic to the
> pyzor servers.
>
> In the last 2 hours there have been 46 requests sent to the servers
> from one spamd daemon.
>
>
--
Garashchenko Vyacheslav
CEO
AmberNet ISP, Kiev, UKRAINE
e-mail: slava@ambernet.kiev.ua
ICQ: 11379952 (authorisation required)
RIPE: VG299-RIPE
Re: pyzor
Posted by Bill Landry <bi...@pointshare.com>.
----- Original Message -----
From: "Alan Munday" <sp...@brightheadtechnology.com>
> My issue is that although a pyzor discover has updated the servers file,
and shows the new server address Bill pointed out, when called in debug mode
the old address is still being used.
How are you executing SA? If via something like amavisd-new, you may need
to check "/var/amavis/.pyzor/servers" instead of the default location at
"/root/.pyzor/servers".
Bill
Re: pyzor
Posted by Alan Munday <sp...@brightheadtechnology.com>.
Matt Kettler wrote the following on 28/02/2005 15:48:
> Alan,
>
> Slava is running tcpdump, and claims to not see *any* pyzor traffic at
> all, not even the outbound request.
>
> Their problem is almost certainly not due to remote-side timeouts.
>
> The only thing I can think of is the -H parameter to spamd... With no
> parameter the docs claim it will use the spamc caller's home dir for
> razor/pyzor/dcc user config files.
>
> Slava, does the user vilter have a home directory, and rwx permissions
> to it?
>
> Also, what user does spamc get called as?
>
Matt/Bill
My issue is that although a pyzor discover has updated the servers file, and shows the new server address Bill pointed out, when called in debug mode the old address is still being used.
Alan
Re: pyzor
Posted by Matt Kettler <mk...@evi-inc.com>.
At 11:42 AM 2/28/2005, Slava Garaschenko wrote:
>Feb 28 11:29:28 usa spamd[2512]: debug: Pyzor is available: /usr/bin/pyzor
>Feb 28 11:29:28 usa spamd[2512]: debug: entering helper-app run mode
>Feb 28 11:29:28 usa spamd[2519]: debug: setuid: helper proc 2519: ruid=97
>euid=97
>Feb 28 11:29:28 usa spamd[2512]: debug: Pyzor: got response:
>/usr/bin/python2: can't open file '/usr/bin/pyzor'
That doesn't look like a home dir issue, it looks like a file permission
issue.... What are the file perms on /usr/bin/pyzor? Is it world r_x?
Re: pyzor
Posted by Slava Garaschenko <sl...@ambernet.kiev.ua>.
It seems you are right - it is something with home directory...
User vilter have home directory and it is all OK with permissions, but
after I start spamd with -D option I see this:
Feb 28 11:29:28 usa spamd[2512]: debug: Pyzor is available: /usr/bin/pyzor
Feb 28 11:29:28 usa spamd[2512]: debug: entering helper-app run mode
Feb 28 11:29:28 usa spamd[2519]: debug: setuid: helper proc 2519:
ruid=97 euid=97
Feb 28 11:29:28 usa spamd[2512]: debug: Pyzor: got response:
/usr/bin/python2: can't open file '/usr/bin/pyzor'
Feb 28 11:29:28 usa spamd[2512]: debug: leaving helper-app run mode
Feb 28 11:29:28 usa spamd[2512]: debug: Pyzor: couldn't grok response
"/usr/bin/python2: can't open file '/usr/bin/pyzor'"
Feb 28 11:29:28 usa spamd[2512]: debug: DCCifd is available: /var/dcc/dccifd
Feb 28 11:29:28 usa spamd[2512]: debug: entering helper-app run mode
Feb 28 11:29:29 usa spamd[2512]: debug: DCCifd: got response:
X-DCC-Servercave-Metrics: usa.ambernet.kiev.ua 1183; bulk Body=1 Fuz1=1
Fuz2=many
Feb 28 11:29:29 usa spamd[2512]: debug: leaving helper-app run mode
Feb 28 11:29:29 usa spamd[2512]: debug: DCCifd: Listed! BODY: 1 of 500
FUZ1: 1 of 500 FUZ2: 999999 of 500
I don't (now) understand why... Why all OK with DCC for example and not
OK with pyzor... But now I see error, and it's will be help. Thank you !
Matt Kettler wrote:
> Alan,
>
> Slava is running tcpdump, and claims to not see *any* pyzor traffic at
> all, not even the outbound request.
>
> Their problem is almost certainly not due to remote-side timeouts.
>
> The only thing I can think of is the -H parameter to spamd... With no
> parameter the docs claim it will use the spamc caller's home dir for
> razor/pyzor/dcc user config files.
>
> Slava, does the user vilter have a home directory, and rwx permissions
> to it?
>
> Also, what user does spamc get called as?
>
> At 10:07 AM 2/28/2005, Alan Munday wrote:
>
>> Matt Kettler wrote the following on 28/02/2005 12:32:
>>
>>> At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>>>
>>>> But, then I run spamassassin in daemon mode by
>>>> /etc/rc.d/init.d/spamassassinstart
>>>> I dont' see any request to port 24441 which is used by pyzor.
>>>>
>>>> This means that pyzor completely don't work with spamassassin. At
>>>> least then spamassassin is used in daemon mode.
>>>
>>>
>>> When you did this test, did you actually feed a message to spamc?
>>> Merely starting spamd does nothing until spamc has a message to check.
>>
>>
>> Matt
>>
>> I've been wondering if there has been a problem with pyzor for a while.
>>
>> On reading this I've just checked my firewall logs for traffic to the
>> pyzor servers.
>>
>> In the last 2 hours there have been 46 requests sent to the servers
>> from one spamd daemon.
>>
>> Of these there have been no responses from the pyzor servers.
>> While a test using spamassassin -D --lint usually shows a response
>> from pyzor, right now they are timing out.
>>
>> The problem the OP has is probably due to the remote end timing out.
>>
>> I would be interested if anyone knows if there has been a change in
>> status for the pyzor project as I have not seen a hit from them in a
>> long while.
>>
>> regards
>>
>> Alan
>>
>
--
Garashchenko Vyacheslav
CEO
AmberNet ISP, Kiev, UKRAINE
e-mail: slava@ambernet.kiev.ua
ICQ: 11379952 (authorisation required)
RIPE: VG299-RIPE
Re: pyzor
Posted by Alan Munday <sp...@brightheadtechnology.com>.
And my problem, should anyone find this useful:
pyzor discover was correctly updating the servers file for the user account it was called from.
However I have a --homedir set for pyzor in local.cf and as this is not the same dir as the user file hence the failure to update.
Deleting/renaming the servers file in the --homedir and then running spamassasin in debug mode sees this copy of servers being updated correctly.
Alan
Re: pyzor
Posted by Slava Garaschenko <sl...@ambernet.kiev.ua>.
Fixed !!!! Thank you for idea !
After install the pyzor from src, it is set permission for
/usr/bin/pyzor to:
read/write/execute for owner and execute only for group and other.
But pyton is interpreter and it is need to read file for execute.
Then I set /usr/bin/pyzor readable for group and for other, all became OK.
Thank you again for help !
Possilby this question is good candidate for FAQ ? Because I think not
only I have the same problem, but not all users are check how pyzor work
with tcpdump...
Matt Kettler wrote:
> Alan,
>
> Slava is running tcpdump, and claims to not see *any* pyzor traffic at
> all, not even the outbound request.
>
> Their problem is almost certainly not due to remote-side timeouts.
>
> The only thing I can think of is the -H parameter to spamd... With no
> parameter the docs claim it will use the spamc caller's home dir for
> razor/pyzor/dcc user config files.
>
> Slava, does the user vilter have a home directory, and rwx permissions
> to it?
>
> Also, what user does spamc get called as?
>
> At 10:07 AM 2/28/2005, Alan Munday wrote:
>
>> Matt Kettler wrote the following on 28/02/2005 12:32:
>>
>>> At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>>>
>>>> But, then I run spamassassin in daemon mode by
>>>> /etc/rc.d/init.d/spamassassinstart
>>>> I dont' see any request to port 24441 which is used by pyzor.
>>>>
>>>> This means that pyzor completely don't work with spamassassin. At
>>>> least then spamassassin is used in daemon mode.
>>>
>>>
>>> When you did this test, did you actually feed a message to spamc?
>>> Merely starting spamd does nothing until spamc has a message to check.
>>
>>
>> Matt
>>
>> I've been wondering if there has been a problem with pyzor for a while.
>>
>> On reading this I've just checked my firewall logs for traffic to the
>> pyzor servers.
>>
>> In the last 2 hours there have been 46 requests sent to the servers
>> from one spamd daemon.
>>
>> Of these there have been no responses from the pyzor servers.
>> While a test using spamassassin -D --lint usually shows a response
>> from pyzor, right now they are timing out.
>>
>> The problem the OP has is probably due to the remote end timing out.
>>
>> I would be interested if anyone knows if there has been a change in
>> status for the pyzor project as I have not seen a hit from them in a
>> long while.
>>
>> regards
>>
>> Alan
>>
>
--
Garashchenko Vyacheslav
CEO
AmberNet ISP, Kiev, UKRAINE
e-mail: slava@ambernet.kiev.ua
ICQ: 11379952 (authorisation required)
RIPE: VG299-RIPE
Re: pyzor
Posted by Matt Kettler <mk...@comcast.net>.
Alan,
Slava is running tcpdump, and claims to not see *any* pyzor traffic at all,
not even the outbound request.
Their problem is almost certainly not due to remote-side timeouts.
The only thing I can think of is the -H parameter to spamd... With no
parameter the docs claim it will use the spamc caller's home dir for
razor/pyzor/dcc user config files.
Slava, does the user vilter have a home directory, and rwx permissions to it?
Also, what user does spamc get called as?
At 10:07 AM 2/28/2005, Alan Munday wrote:
>Matt Kettler wrote the following on 28/02/2005 12:32:
>>At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>>
>>>But, then I run spamassassin in daemon mode by
>>>/etc/rc.d/init.d/spamassassinstart
>>>I dont' see any request to port 24441 which is used by pyzor.
>>>
>>>This means that pyzor completely don't work with spamassassin. At least
>>>then spamassassin is used in daemon mode.
>>
>>When you did this test, did you actually feed a message to spamc?
>>Merely starting spamd does nothing until spamc has a message to check.
>
>Matt
>
>I've been wondering if there has been a problem with pyzor for a while.
>
>On reading this I've just checked my firewall logs for traffic to the
>pyzor servers.
>
>In the last 2 hours there have been 46 requests sent to the servers from
>one spamd daemon.
>
>Of these there have been no responses from the pyzor servers.
>While a test using spamassassin -D --lint usually shows a response from
>pyzor, right now they are timing out.
>
>The problem the OP has is probably due to the remote end timing out.
>
>I would be interested if anyone knows if there has been a change
>in status for the pyzor project as I have not seen a hit from them in a
>long while.
>
>regards
>
>Alan
>
Re: pyzor
Posted by Alan Munday <sp...@brightheadtechnology.com>.
martin smith wrote the following on 28/02/2005 15:33:
> Just found this, could be the cause of some of the problems.
>
> 2005-02-04
> The public server changed its address; please re-run 'pyzor discover' to
> find the new server.
>
> http://pyzor.sourceforge.net/
>
> Martin
>
Martin
As the date shows, this is an old notice. However I did run a discover before I did the testing.
Nothing coming back from the pyzor servers.
Alan
RE: pyzor
Posted by martin smith <ma...@ntlworld.com>.
Just found this, could be the cause of some of the problems.
2005-02-04
The public server changed its address; please re-run 'pyzor discover' to
find the new server.
http://pyzor.sourceforge.net/
Martin
Re: pyzor
Posted by Alan Munday <sp...@brightheadtechnology.com>.
Matt Kettler wrote the following on 28/02/2005 12:32:
> At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>
>> But, then I run spamassassin in daemon mode by
>> /etc/rc.d/init.d/spamassassinstart
>> I dont' see any request to port 24441 which is used by pyzor.
>>
>> This means that pyzor completely don't work with spamassassin. At
>> least then spamassassin is used in daemon mode.
>
>
> When you did this test, did you actually feed a message to spamc?
>
> Merely starting spamd does nothing until spamc has a message to check.
Matt
I've been wondering if there has been a problem with pyzor for a while.
On reading this I've just checked my firewall logs for traffic to the pyzor servers.
In the last 2 hours there have been 46 requests sent to the servers from one spamd daemon.
Of these there have been no responses from the pyzor servers.
While a test using spamassassin -D --lint usually shows a response from pyzor, right now they are timing out.
The problem the OP has is probably due to the remote end timing out.
I would be interested if anyone knows if there has been a change in status for the pyzor project as I have not seen a hit from them in a long while.
regards
Alan
Re: pyzor
Posted by Matt Kettler <mk...@comcast.net>.
At 07:14 AM 2/28/2005, Slava Garaschenko wrote:
>But, then I run spamassassin in daemon mode by
>/etc/rc.d/init.d/spamassassinstart
>I dont' see any request to port 24441 which is used by pyzor.
>
>This means that pyzor completely don't work with spamassassin. At least
>then spamassassin is used in daemon mode.
When you did this test, did you actually feed a message to spamc?
Merely starting spamd does nothing until spamc has a message to check.