You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rick van Vliet <sa...@rickvanvliet.com> on 2006/07/17 23:20:35 UTC
Rules getting bypassed?
Hello. New to the list, I have a question that I hope isn't "too newbie".
Running SA 3.1.2 with a qmail server for a small (50) group of users.
Vpopmail handling virtuals, and procmail.
(auto_whitelist is disabled)
I have one user who is getting creamed and no matter how much we do
sa-learn --spam...on the IMAP folder we move his spam into...this user's
mail somehow gets through with low scores, and he's averaging 60 spams a
day, total, with FORTY of those that actually get to his inbox.
Other than changing his email address, how would I teach SA that this is
spam?
Thanks,
Rick
Return-Path: <bo...@bounce.dailycreditnews.com>
X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on
mail.vanmorel.com
X-Spam-Level: **
X-Spam-Status: No, score=2.6 required=4.7
tests=HTML_MESSAGE,MIME_HTML_ONLY, URIBL_OB_SURBL autolearn=no
version=3.1.2
Delivered-To: mashpetcare.com-hphilxx@mashpetcare.com
Received: (qmail 2467 invoked from network); 17 Jul 2006 21:01:23 -0000
Received: from unknown (HELO em02.dailycreditnews.com) (64.41.183.137)
by mail.vanmorel.com with SMTP; 17 Jul 2006 21:01:23 -0000
Dkim-Signature: a=rsa-sha1; c=nowsp; q=dns;
s=em02;d=dailycreditnews.com;
h=To:From:Subject:MIME-Version:Content-Type:Message-id;
b=c+ASXw0v0GIlfl5fMdyH+UCC1SzUhwhsJCgTaeOpbjg4cLoERvP0WZuXcCkp+an5IEroijiKIbJz
MxtbeLXmKEdwnMVHgB+2DXqzNx15oZM+pk6U1UFslGy+Vi9nZSzhhvOTFuDEiE4eaB/F2sc5m5/T
ngrhspMoGBrHknHvZDE=
Domainkey-Signature: a=rsa-sha1; c=nofws; q=dns; s=em02;
d=dailycreditnews.com;
b=ARoBPfQNFWdCMr7vi1TCk30uD+Z4nknYDHHBwG3t9wl40ihcilFq90y2tAGN7dyHkd521vXLEwmn
CsdLmMUDdQ06xECJGr0lgt76XjlbiTPXBrstFCEpjZajk1JGGoTG4axRqUZJ/QFW7xIQxzNtICX9
mR+MbOb/EsDZp2RY0+4=;
Received: from fd02.dailycreditnews.com (192.168.2.220) by
em02.dailycreditnews.com id hnfta20a4ikk for <hp...@mashpetcare.com>;
Mon, 17 Jul 2006 14:01:04 -0700 (envelope-from
<bo...@bounce.dailycreditnews.com>)
Received: by fd02.dailycreditnews.com id hnft900a4ikl for
<hp...@mashpetcare.com>; Mon, 17 Jul 2006 14:01:03 -0700
(envelope-from <bo...@bounce.dailycreditnews.com>)
To: hphilxxx@mashpetcare.com
From: "Daily Credit News" <ne...@dailycreditnews.com>
Reply-To: "Daily Credit News Reply" <re...@dailycreditnews.com>
Re: Rules getting bypassed?
Posted by Rick van Vliet <sa...@rickvanvliet.com>.
jdow wrote:
> From: "Rick van Vliet" <sa...@rickvanvliet.com>
>
>> jdow wrote:
>>> From: "Rick van Vliet" <sa...@rickvanvliet.com>
>>>
>>>
>>>> Hello. New to the list, I have a question that I hope isn't "too
>>>> newbie".
>>>> Running SA 3.1.2 with a qmail server for a small (50) group of users.
>>>> Vpopmail handling virtuals, and procmail.
>>>> (auto_whitelist is disabled)
>>>>
>>>> I have one user who is getting creamed and no matter how much we do
>>>> sa-learn --spam...on the IMAP folder we move his spam into...this
>>>> user's mail somehow gets through with low scores, and he's averaging
>
> Rick, you do not have ANY BAYES_xx rule hitting at all. So Bayes is not
> working. It looks like you have been carefully training individual user's
> BAYES databases but not the global one. You must update the database
> as the UID that owns the database.
Had a few "A-ha" moments, and have figured out how I need to "su" as teh
virtual (vpopmail) user.
Doing some feeding now, and I'll see how things go.
Thanks for everyone's help and suggestions,
Rick
Re: Rules getting bypassed?
Posted by Rick van Vliet <sa...@rickvanvliet.com>.
jdow wrote:
> From: "Rick van Vliet" <sa...@rickvanvliet.com>
>
>> jdow wrote:
>>> From: "Rick van Vliet" <sa...@rickvanvliet.com>
>>>
>>>
>>>> Hello. New to the list, I have a question that I hope isn't "too
>>>> newbie".
>>>> Running SA 3.1.2 with a qmail server for a small (50) group of users.
>>>> Vpopmail handling virtuals, and procmail.
>>>> (auto_whitelist is disabled)
>>>>
>>>> I have one user who is getting creamed and no matter how much we do
>>>> sa-learn --spam...on the IMAP folder we move his spam into...this
>>>> user's mail somehow gets through with low scores, and he's averaging
>>>> 60 spams a day, total, with FORTY of those that actually get to his
>>>> inbox.
>>>>
>>>> Other than changing his email address, how would I teach SA that
>>>> this is spam?
>> I'll look at the INSTALL, and see what I missed in the configuration.
>> (if I can find that ;)
>> Thanks,
>> rick
>
> Rick, you do not have ANY BAYES_xx rule hitting at all. So Bayes is not
> working. It looks like you have been carefully training individual user's
> BAYES databases but not the global one. You must update the database
> as the UID that owns the database.
>
> {^_^}
>
>
OK, Thanks...I think I know what my problem is-I've been su'ing to root,
and running sa-learn as root.
Also, I seem to be running "spamassassin", and not "spamd/spamc".
Is this a problem?
BUT--I'm really not sure how to do it as the vpopmail user, since these
maildirs are owned by vpopmail:vchkpw. (individual users do not have
shell account), and
Any pointers to a reliable guide for getting SA to work with *vpopmail*,
and I'll work on that.
I'm pretty sure was getting BAYES_xx rules hitting before upgrading to
3.1.2....
I'm feeling a little dense, all of a sudden.
thanks,
rick
(And since midnight, this virtual user received 17 msgs, all spam, all
moved into .Spam folder properly by procmail. But still no BAYES_xx rule
mentioned in the headers)
Re: Rules getting bypassed?
Posted by jdow <jd...@earthlink.net>.
From: "Rick van Vliet" <sa...@rickvanvliet.com>
> jdow wrote:
>> From: "Rick van Vliet" <sa...@rickvanvliet.com>
>>
>>
>>> Hello. New to the list, I have a question that I hope isn't "too newbie".
>>> Running SA 3.1.2 with a qmail server for a small (50) group of users.
>>> Vpopmail handling virtuals, and procmail.
>>> (auto_whitelist is disabled)
>>>
>>> I have one user who is getting creamed and no matter how much we do
>>> sa-learn --spam...on the IMAP folder we move his spam into...this
>>> user's mail somehow gets through with low scores, and he's averaging
>>> 60 spams a day, total, with FORTY of those that actually get to his
>>> inbox.
>>>
>>> Other than changing his email address, how would I teach SA that this
>>> is spam?
>>>
>>> Thanks,
>>> Rick
>>>
>>>
>>> Return-Path: <bo...@bounce.dailycreditnews.com>
>>> X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on
>>> mail.vanmorel.com
>>
>> Eliminate his Bayes filter and start over? On the other paw, there is
>> NO Bayes score on his mail as noted below. Are you learning the spam
>> under his account so that his Bayes is the one refreshed? Or do you
>> have a rule that is turning off Bayes for him altogether in his
>> user_prefs?
>>
>> {^_^}
>
> Hmm.
> 1) With vpopmail(virtual) under qmail, there's one user_prefs that
> handles all virtual users.
> *use_bayes 1*
> *bayes_auto_learn 1*
>
> 2) That said, I better look at how I set up Bayes.
> sa-learn /runs/ when I run it...just not sure why it isn't being looked at.
>
> Another virtual users's headers look like this, and it does have an
> "autolearn=":
> X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on
> mail.vanmorel.com
> X-Spam-Level:
> X-Spam-Status: No, score=0.0 required=4.7
> tests=HTML_MESSAGE,MIME_HTML_ONLY, MSGID_FROM_MTA_HEADER autolearn=ham
> version=3.1.2
> Delivered-To: vanmorel.com-anaxx@vanmorel.com
> (This user gets very few spams -- 98% get tagged properly.
>
> But this one also has no Bayes score either, does it?
> Looks like my Bayes component might be suspect?
> I ran the install using the CPAN/perl method. Not sure now what kind of
> configure was involved.
> I'll look at the INSTALL, and see what I missed in the configuration.
> (if I can find that ;)
> Thanks,
> rick
Rick, you do not have ANY BAYES_xx rule hitting at all. So Bayes is not
working. It looks like you have been carefully training individual user's
BAYES databases but not the global one. You must update the database
as the UID that owns the database.
{^_^}
Re: Rules getting bypassed?
Posted by Rick van Vliet <sa...@rickvanvliet.com>.
jdow wrote:
> From: "Rick van Vliet" <sa...@rickvanvliet.com>
>
>
>> Hello. New to the list, I have a question that I hope isn't "too newbie".
>> Running SA 3.1.2 with a qmail server for a small (50) group of users.
>> Vpopmail handling virtuals, and procmail.
>> (auto_whitelist is disabled)
>>
>> I have one user who is getting creamed and no matter how much we do
>> sa-learn --spam...on the IMAP folder we move his spam into...this
>> user's mail somehow gets through with low scores, and he's averaging
>> 60 spams a day, total, with FORTY of those that actually get to his
>> inbox.
>>
>> Other than changing his email address, how would I teach SA that this
>> is spam?
>>
>> Thanks,
>> Rick
>>
>>
>> Return-Path: <bo...@bounce.dailycreditnews.com>
>> X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on
>> mail.vanmorel.com
>
> Eliminate his Bayes filter and start over? On the other paw, there is
> NO Bayes score on his mail as noted below. Are you learning the spam
> under his account so that his Bayes is the one refreshed? Or do you
> have a rule that is turning off Bayes for him altogether in his
> user_prefs?
>
> {^_^}
Hmm.
1) With vpopmail(virtual) under qmail, there's one user_prefs that
handles all virtual users.
*use_bayes 1*
*bayes_auto_learn 1*
2) That said, I better look at how I set up Bayes.
sa-learn /runs/ when I run it...just not sure why it isn't being looked at.
Another virtual users's headers look like this, and it does have an
"autolearn=":
X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on
mail.vanmorel.com
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=4.7
tests=HTML_MESSAGE,MIME_HTML_ONLY, MSGID_FROM_MTA_HEADER autolearn=ham
version=3.1.2
Delivered-To: vanmorel.com-anaxx@vanmorel.com
(This user gets very few spams -- 98% get tagged properly.
But this one also has no Bayes score either, does it?
Looks like my Bayes component might be suspect?
I ran the install using the CPAN/perl method. Not sure now what kind of
configure was involved.
I'll look at the INSTALL, and see what I missed in the configuration.
(if I can find that ;)
Thanks,
rick
Re: Rules getting bypassed?
Posted by jdow <jd...@earthlink.net>.
From: "Rick van Vliet" <sa...@rickvanvliet.com>
> Hello. New to the list, I have a question that I hope isn't "too newbie".
> Running SA 3.1.2 with a qmail server for a small (50) group of users.
> Vpopmail handling virtuals, and procmail.
> (auto_whitelist is disabled)
>
> I have one user who is getting creamed and no matter how much we do
> sa-learn --spam...on the IMAP folder we move his spam into...this user's
> mail somehow gets through with low scores, and he's averaging 60 spams a
> day, total, with FORTY of those that actually get to his inbox.
>
> Other than changing his email address, how would I teach SA that this is
> spam?
>
> Thanks,
> Rick
>
>
> Return-Path: <bo...@bounce.dailycreditnews.com>
> X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on
> mail.vanmorel.com
> X-Spam-Level: **
> X-Spam-Status: No, score=2.6 required=4.7
> tests=HTML_MESSAGE,MIME_HTML_ONLY, URIBL_OB_SURBL autolearn=no
> version=3.1.2
> Delivered-To: mashpetcare.com-hphilxx@mashpetcare.com
> Received: (qmail 2467 invoked from network); 17 Jul 2006 21:01:23 -0000
> Received: from unknown (HELO em02.dailycreditnews.com) (64.41.183.137)
> by mail.vanmorel.com with SMTP; 17 Jul 2006 21:01:23 -0000
> Dkim-Signature: a=rsa-sha1; c=nowsp; q=dns;
> s=em02;d=dailycreditnews.com;
> h=To:From:Subject:MIME-Version:Content-Type:Message-id;
> b=c+ASXw0v0GIlfl5fMdyH+UCC1SzUhwhsJCgTaeOpbjg4cLoERvP0WZuXcCkp+an5IEroijiKIbJz
> MxtbeLXmKEdwnMVHgB+2DXqzNx15oZM+pk6U1UFslGy+Vi9nZSzhhvOTFuDEiE4eaB/F2sc5m5/T
> ngrhspMoGBrHknHvZDE=
> Domainkey-Signature: a=rsa-sha1; c=nofws; q=dns; s=em02;
> d=dailycreditnews.com;
> b=ARoBPfQNFWdCMr7vi1TCk30uD+Z4nknYDHHBwG3t9wl40ihcilFq90y2tAGN7dyHkd521vXLEwmn
> CsdLmMUDdQ06xECJGr0lgt76XjlbiTPXBrstFCEpjZajk1JGGoTG4axRqUZJ/QFW7xIQxzNtICX9
> mR+MbOb/EsDZp2RY0+4=;
> Received: from fd02.dailycreditnews.com (192.168.2.220) by
> em02.dailycreditnews.com id hnfta20a4ikk for <hp...@mashpetcare.com>;
> Mon, 17 Jul 2006 14:01:04 -0700 (envelope-from
> <bo...@bounce.dailycreditnews.com>)
> Received: by fd02.dailycreditnews.com id hnft900a4ikl for
> <hp...@mashpetcare.com>; Mon, 17 Jul 2006 14:01:03 -0700
> (envelope-from <bo...@bounce.dailycreditnews.com>)
> To: hphilxxx@mashpetcare.com
> From: "Daily Credit News" <ne...@dailycreditnews.com>
> Reply-To: "Daily Credit News Reply" <re...@dailycreditnews.com>
Eliminate his Bayes filter and start over? On the other paw, there is
NO Bayes score on his mail as noted below. Are you learning the spam
under his account so that his Bayes is the one refreshed? Or do you
have a rule that is turning off Bayes for him altogether in his
user_prefs?
{^_^}