You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Suhag Desai <sp...@ncode.in> on 2010/08/23 04:46:18 UTC
After upgrade the SA to 3.3.1, Mail scanning stop working partially
After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning
stop working partially.
Below is the test.cf file for checking whether SA working as per the given
score.
[root@spd SPECS]# cd /etc/mail/spamassassin/
[root@spd spamassassin]# cat test.cf
body LOCAL_DEMONSTRATION_RULE /test123/
score LOCAL_DEMONSTRATION_RULE 5
describe LOCAL_DEMONSTRATION_RULE This is a simple test rule
Below is the setting for local.cf
rewrite_header Subject ****SPAM****
report_safe 1
required_score 5.0
use_bayes 1
bayes_auto_learn 1
endif # Mail::SpamAssassin::Plugin::Shortcircuit
Let me explain in details. When I set the required score to 5.0, mail
scanning is not working properly. When I send the mail with "test123" with
required score 5, SA not consider it spam but when I set the required score
to 4, SA consider it spam the same mail. I have check the same with many
other test.
It seems that SA take the score 4 to consider the mail as a SPAM and rewrite
the subject with *****SPAM*******
Below is the log
@400000004c71e02720670564 tcpserver: status: 1/100
@400000004c71e02720b8462c tcpserver: pid 4698 from 192.168.10.70
@400000004c71e02720cb1a7c tcpserver: ok 4698 spd:192.168.30.195:25
:192.168.10.70::61253
@400000004c71e027385ebf7c CHKUSER accepted sender: from
<spd@test.com:spd@test.com:> remote <SPDESAI:unknown:192.168.10.70> rcpt <>
: sender accepted
@400000004c71e02739b381dc CHKUSER accepted rcpt: from
<spd@test.com:spd@test.com:> remote <SPDESAI:unknown:192.168.10.70> rcpt
<ds...@test.com> : found existing recipient
@400000004c71e02739b94a54 policy_check: local spd@test.com -> local
dsp@test.com (AUTHENTICATED SENDER)
@400000004c71e02739bf3dc4 policy_check: policy allows transmission
@400000004c71e02d1471a28c simscan:[4698]:CLEAN
(-1.00/12.00):5.3640s:test123:192.168.10.70:spd@test.com:dsp@test.com
@400000004c71e02f35bee364 tcpserver: end 4698 status 0
@400000004c71e02f35bf0e5c tcpserver: status: 0/100
RE: After upgrade the SA to 3.3.1, Mail scanning stop working
partially
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-08-25 at 08:10 +0530, Suhag Desai wrote:
> Aug 25 08:07:12 spd spamd[3776]: spamd: clean message (4.0/5.0) for clamav:46 in 10.7 seconds, 2792 bytes.
> Aug 25 08:07:12 spd spamd[3776]: spamd: result: . 4 - ALL_TRUSTED,HTML_MESSAGE,LOCAL_DEMONSTRATION_RULE,MIME_HTML_MOSTLY,TVD_SPACE_RATIO scantime=10.7,size=2792,user=clamav,uid=46,required_score=5.0,rhost=spd,raddr=127.0.0.1,rport=59296,mid=<00...@com>,autolearn=no
> It seems that it consider test.cf file (LOCAL_DEMONSTRATION_RULE) while
> processing the mail..but still not consider it as a mail...
SA uses a scoring system. The fact a single rule hit has a score equal
the required_score threshold is irrelevant. The *sum* of all hit rules'
scores is what determines a message to be spam or ham.
ALL_TRUSTED has a score of -1. The other rules account for 0.001 each
(network tests enabled, no Bayes because it hasn't been trained
sufficient.)
So the overall score for that test message is 4.0 (rounded), exactly as
the log shows. Below the required_score threshold.
There is nothing wrong with your SA, it works just as expected.
> > After upgrade the SpamAssassin Server version to 3.3.1, my mail
> > scanning stop working partially.
> > Let me explain in details. When I set the required score to 5.0, mail
> > scanning is not working properly. When I send the mail with “test123”
> > with required score 5, SA not consider it spam but when I set the
> > required score to 4, SA consider it spam the same mail. I have check
> > the same with many other test.
>
> What do the X-Spam headers read SA generates?
>
> You are using a test rule with a score of 5.0, which is the same as the
> required_score threshold. Odds are, there are other rules firing on the
> message a well.
>
> If the sum of these other rules is less than 0, but greater than -1,
> you'd get exactly what you just described.
q.e.d. :)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: After upgrade the SA to 3.3.1, Mail scanning stop working partially
Posted by Suhag Desai <sp...@ncode.in>.
Below is my full local.cf. I already run 'spamassassin --lint' No other rules are conflicting with test.cf.
[root@spd spamassassin]# cat local.cf
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
# Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject ****SPAM-123****
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
below is the spamd logfile entries..
Aug 25 08:07:01 spd spamd[3776]: spamd: connection from spd [127.0.0.1] at port 59296
Aug 25 08:07:01 spd spamd[3776]: spamd: setuid to clamav succeeded
Aug 25 08:07:01 spd spamd[3776]: spamd: processing message <00...@com> for clamav:46
Aug 25 08:07:12 spd spamd[3776]: spamd: clean message (4.0/5.0) for clamav:46 in 10.7 seconds, 2792 bytes.
Aug 25 08:07:12 spd spamd[3776]: spamd: result: . 4 - ALL_TRUSTED,HTML_MESSAGE,LOCAL_DEMONSTRATION_RULE,MIME_HTML_MOSTLY,TVD_SPACE_RATIO scantime=10.7,size=2792,user=clamav,uid=46,required_score=5.0,rhost=spd,raddr=127.0.0.1,rport=59296,mid=<00...@com>,autolearn=no
Aug 25 08:07:12 spd spamd[3775]: prefork: child states: II
It seems that it consider test.cf file (LOCAL_DEMONSTRATION_RULE) while processing the mail..but still not consider it as a mail...
-----Original Message-----
From: Karsten Bräckelmann [mailto:guenther@rudersport.de]
Sent: Monday, August 23, 2010 7:40 PM
To: users@spamassassin.apache.org
Subject: Re: After upgrade the SA to 3.3.1, Mail scanning stop working partially
On Mon, 2010-08-23 at 08:16 +0530, Suhag Desai wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail
> scanning stop working partially.
> Below is the setting for local.cf
>
> rewrite_header Subject ****SPAM****
> report_safe 1
> required_score 5.0
> use_bayes 1
> bayes_auto_learn 1
>
> endif # Mail::SpamAssassin::Plugin::Shortcircuit
Is that the exact content of your local.cf? That doesn't even pass lint
testing. Did you do 'spamassassin --lint'?
> Let me explain in details. When I set the required score to 5.0, mail
> scanning is not working properly. When I send the mail with “test123”
> with required score 5, SA not consider it spam but when I set the
> required score to 4, SA consider it spam the same mail. I have check
> the same with many other test.
What do the X-Spam headers read SA generates?
You are using a test rule with a score of 5.0, which is the same as the
required_score threshold. Odds are, there are other rules firing on the
message a well.
If the sum of these other rules is less than 0, but greater than -1,
you'd get exactly what you just described.
> Below is the log
> @400000004c71e02d1471a28c simscan:[4698]:CLEAN
> (-1.00/12.00):5.3640s:test123:192.168.10.70:spd@test.com:dsp@test.com
> @400000004c71e02f35bee364 tcpserver: end 4698 status 0
> @400000004c71e02f35bf0e5c tcpserver: status: 0/100
There is no SA logs in there.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: After upgrade the SA to 3.3.1, Mail scanning stop working
partially
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2010-08-23 at 08:16 +0530, Suhag Desai wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail
> scanning stop working partially.
> Below is the setting for local.cf
>
> rewrite_header Subject ****SPAM****
> report_safe 1
> required_score 5.0
> use_bayes 1
> bayes_auto_learn 1
>
> endif # Mail::SpamAssassin::Plugin::Shortcircuit
Is that the exact content of your local.cf? That doesn't even pass lint
testing. Did you do 'spamassassin --lint'?
> Let me explain in details. When I set the required score to 5.0, mail
> scanning is not working properly. When I send the mail with “test123”
> with required score 5, SA not consider it spam but when I set the
> required score to 4, SA consider it spam the same mail. I have check
> the same with many other test.
What do the X-Spam headers read SA generates?
You are using a test rule with a score of 5.0, which is the same as the
required_score threshold. Odds are, there are other rules firing on the
message a well.
If the sum of these other rules is less than 0, but greater than -1,
you'd get exactly what you just described.
> Below is the log
> @400000004c71e02d1471a28c simscan:[4698]:CLEAN
> (-1.00/12.00):5.3640s:test123:192.168.10.70:spd@test.com:dsp@test.com
> @400000004c71e02f35bee364 tcpserver: end 4698 status 0
> @400000004c71e02f35bf0e5c tcpserver: status: 0/100
There is no SA logs in there.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: After upgrade the SA to 3.3.1, Mail scanning stop working partially
Posted by Suhag Desai <sp...@ncode.in>.
Still not clear from the link
-----Original Message-----
From: Daniel McDonald [mailto:dan.mcdonald@austinenergy.com]
Sent: Monday, August 23, 2010 5:46 PM
To: spamassassin
Subject: Re: After upgrade the SA to 3.3.1, Mail scanning stop working
partially
On 8/22/10 9:46 PM, "Suhag Desai" <sp...@ncode.in> wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning
stop
> working partially.
>
This is a known bug.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: After upgrade the SA to 3.3.1, Mail scanning stop working
partially
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2010-08-23 at 07:16 -0500, Daniel McDonald wrote:
> > After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning stop
> > working partially.
>
> This is a known bug.
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419
It is rather unlikely, this would be the reason.
That bug is just an inconsistency between reporting (non-spam) and
rounding (5.0/5.0) when using spamd for scores 4.95 <= score < 5.0.
Oh, and it has not been introduced in 3.3, but similarly affects 3.2.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: After upgrade the SA to 3.3.1, Mail scanning stop working
partially
Posted by Daniel McDonald <da...@austinenergy.com>.
On 8/22/10 9:46 PM, "Suhag Desai" <sp...@ncode.in> wrote:
> After upgrade the SpamAssassin Server version to 3.3.1, my mail scanning stop
> working partially.
>
This is a known bug.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6419
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281