You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Menno van Bennekom <mv...@xs4all.nl> on 2005/10/13 15:29:48 UTC
Re: spamassassin less effective after upgrade to 3.1.0: some
checks no longer executed ?
Only difference with my 'spamassassin --lint -D' output I saw was that
after the line 'uridnsbl: domains to query' I have a block of 14 lines
with 'dns: checking RBL sbl-xbl.etcetera' that you don't have. Probably
not important. And I can't see your SARE-rules getting loaded, in my
output I see SARE being loaded after the line 'config: using "/<dir>" for
site rules dir'. The v310.pre and init.pre are the same as mine.
Maybe (like already suggested) the user that starts spamassassin could be
checked for having a user_prefs file, or for having permission troubles.
Also with 'cat mail | spamassassin -D' you should be able to see if that
specific mail is checked against DCC and Razor. Again, best to check that
is with the same user that executes spamassassin.
You could also sniff on ports tcp/2703 (razor) and udp/6277 (dcc).
Regards
Menno
Re: spamassassin less effective after upgrade to 3.1.0: some
checks no longer executed ?
Posted by to...@absi.be.
Hi,
problem is solved.
i noticed via solaris' truss tool that mimedefang.pl didn't read
/usr/perl5/5.6.1/etc/mail/spamassassin. And this is the directory that
contained the v310.pre script which by default disables dcc, pyzor and
razor2 (by commenting the loadplugin keyword).
I made /etc/mail/spamassassin a link to above mentioned directory, and now
everything is fine and dandy.
Took me 3 hours of debugging though...
kind regards to all for the help,
gr,
tom.
---------------------------------------------------------------------------
Tom Van Overbeke - ABSI Unix System Engineer
email: tomvo@absi.be
Tel: +32 2 333 40 00 - Fax: +32 2 332 34 69
website: http://www.absi.be
---------------------------------------------------------------------------
"Menno van Bennekom" <mv...@xs4all.nl>
14/10/2005 13:56
Please respond to mvbengro
To: tomvo@absi.be
cc: "Alan Premselaar" <al...@12inch.com>,
users@spamassassin.apache.org
Subject: Re: spamassassin less effective after upgrade to
3.1.0: some checks no longer executed ?
> Tom,
>
> you may want to cross-post this to the mimedefang list. it's likely
> someone there may also be able to help you.
>
> I also run mimedefang but I haven't experienced these types of problems.
> you may want to log in as the defang user and check the path and see if
> there are any suspect entries in your path.
>
> also, if you don't have a recent version of razor installed, I know
> there were issues with older versions running in taint mode so maybe
> it's related to that.
>
> what does your mimedefang-filter file look like? have you checked the
> Changelog and all the required COMPATIBILITY warnings when upgrading
> mimedefang?
>
> HTH
>
> alan
>
Indeed it looks like a mimedefang problem, I have no experience with that
because I use postfix+amavisd.
So your spamassassin --lint -D as mimedefang user now suggests that
Razor/DCC are working. To be absolutely sure you could check a message
(preferably a spam that has a hit in DCC/Razor) with 'cat <msg> |
spamassassin -D'. If you see the normal DCC/Razor actions then
SA/Razor/DCC should be fine.
You could also double-check the permissions of the Razor/DCC dirs, after
upgrades I often have to change dirs+files like /var/dcc and ~/.razor to
the right permissions for the SA-user.
Regards
Menno
Re: spamassassin less effective after upgrade to 3.1.0: some
checks no longer executed ?
Posted by Menno van Bennekom <mv...@xs4all.nl>.
> Tom,
>
> you may want to cross-post this to the mimedefang list. it's likely
> someone there may also be able to help you.
>
> I also run mimedefang but I haven't experienced these types of problems.
> you may want to log in as the defang user and check the path and see if
> there are any suspect entries in your path.
>
> also, if you don't have a recent version of razor installed, I know
> there were issues with older versions running in taint mode so maybe
> it's related to that.
>
> what does your mimedefang-filter file look like? have you checked the
> Changelog and all the required COMPATIBILITY warnings when upgrading
> mimedefang?
>
> HTH
>
> alan
>
Indeed it looks like a mimedefang problem, I have no experience with that
because I use postfix+amavisd.
So your spamassassin --lint -D as mimedefang user now suggests that
Razor/DCC are working. To be absolutely sure you could check a message
(preferably a spam that has a hit in DCC/Razor) with 'cat <msg> |
spamassassin -D'. If you see the normal DCC/Razor actions then
SA/Razor/DCC should be fine.
You could also double-check the permissions of the Razor/DCC dirs, after
upgrades I often have to change dirs+files like /var/dcc and ~/.razor to
the right permissions for the SA-user.
Regards
Menno
Re: spamassassin less effective after upgrade to 3.1.0: some
checks no longer executed ?
Posted by Alan Premselaar <al...@12inch.com>.
tomvo@absi.be wrote:
>
> Hi,
>
> I mentioned earlier that i thought i had found the problem (as user
> defang /usr/local/bin was not found in the path). Now, i'm not so sure
> anymore that this is the real problem. i noticed in the --lint output
> this line:
> [419] dbg: util: running in taint mode? yes
> [419] dbg: util: taint mode: deleting unsafe environment variables,
> resetting PATH
>
> I assume this is because it's running with --lint, i don't know. anyway,
> i created links to /usr/bin, and now spamassassin --lint -D running as
> user defang does all the checks that it should do. But when i restart
> mimedefang (I even rebooted the server just to be sure !), still no
> mention of razor, dcc or pyzor
>
> Fact of the matter is that we call spamassassin via mimedefang, that is
> via perl. Now I don't know much about the internals of how mimedefang
> invokes spamassassin, but i do know that it's not the same as running
> the spamassassin executable.
>
> What I would need, is a way to debug spamassassin when it's called via
> mimedefang, so that I know why it would skip certain checks.
> Currently, I don't know how to do that. My perl skills are not adequate
> enough to figure this one out.
>
> Please help me.
>
> thx,
> tom.
Tom,
you may want to cross-post this to the mimedefang list. it's likely
someone there may also be able to help you.
I also run mimedefang but I haven't experienced these types of problems.
you may want to log in as the defang user and check the path and see if
there are any suspect entries in your path.
also, if you don't have a recent version of razor installed, I know
there were issues with older versions running in taint mode so maybe
it's related to that.
what does your mimedefang-filter file look like? have you checked the
Changelog and all the required COMPATIBILITY warnings when upgrading
mimedefang?
HTH
alan
Re: spamassassin less effective after upgrade to 3.1.0: some
checks no longer executed ?
Posted by to...@absi.be.
Hi,
I mentioned earlier that i thought i had found the problem (as user defang
/usr/local/bin was not found in the path). Now, i'm not so sure anymore
that this is the real problem. i noticed in the --lint output this line:
[419] dbg: util: running in taint mode? yes
[419] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
I assume this is because it's running with --lint, i don't know. anyway, i
created links to /usr/bin, and now spamassassin --lint -D running as user
defang does all the checks that it should do. But when i restart
mimedefang (I even rebooted the server just to be sure !), still no
mention of razor, dcc or pyzor
Fact of the matter is that we call spamassassin via mimedefang, that is
via perl. Now I don't know much about the internals of how mimedefang
invokes spamassassin, but i do know that it's not the same as running the
spamassassin executable.
What I would need, is a way to debug spamassassin when it's called via
mimedefang, so that I know why it would skip certain checks.
Currently, I don't know how to do that. My perl skills are not adequate
enough to figure this one out.
Please help me.
thx,
tom.
---------------------------------------------------------------------------
Tom Van Overbeke - ABSI Unix System Engineer
email: tomvo@absi.be
Tel: +32 2 333 40 00 - Fax: +32 2 332 34 69
website: http://www.absi.be
---------------------------------------------------------------------------
"Menno van Bennekom" <mv...@xs4all.nl>
13/10/2005 15:29
Please respond to mvbengro
To: tomvo@absi.be
cc: users@spamassassin.apache.org
Subject: Re: spamassassin less effective after upgrade to
3.1.0: some checks no longer executed ?
Only difference with my 'spamassassin --lint -D' output I saw was that
after the line 'uridnsbl: domains to query' I have a block of 14 lines
with 'dns: checking RBL sbl-xbl.etcetera' that you don't have. Probably
not important. And I can't see your SARE-rules getting loaded, in my
output I see SARE being loaded after the line 'config: using "/<dir>" for
site rules dir'. The v310.pre and init.pre are the same as mine.
Maybe (like already suggested) the user that starts spamassassin could be
checked for having a user_prefs file, or for having permission troubles.
Also with 'cat mail | spamassassin -D' you should be able to see if that
specific mail is checked against DCC and Razor. Again, best to check that
is with the same user that executes spamassassin.
You could also sniff on ports tcp/2703 (razor) and udp/6277 (dcc).
Regards
Menno
Re: spamassassin less effective after upgrade to 3.1.0: some
checks no longer executed ?
Posted by to...@absi.be.
Hi,
I think i've found it. i followed your suggestion to run spamassassin as
the user it normally runs as (user defang), and when i run with --lint,
defang can't find the executables anymore. they reside in /usr/local/bin,
and that's not in defang's path.
Something has definitely changed here.
I made links for dccproc, razor-check and pyzor to /usr/bin and reran
--lint with user defang. seems to work fine.
then restarted mimedefang and sendmail, but no joy yet...
does this tale sound familiar to anyone ?
I compiled all these progs myself, usually with standard settings, except
sometimes specifying it should run as user defang where appropriate.
tom.
---------------------------------------------------------------------------
Tom Van Overbeke - ABSI Unix System Engineer
email: tomvo@absi.be
Tel: +32 2 333 40 00 - Fax: +32 2 332 34 69
website: http://www.absi.be
---------------------------------------------------------------------------
"Menno van Bennekom" <mv...@xs4all.nl>
13/10/2005 15:29
Please respond to mvbengro
To: tomvo@absi.be
cc: users@spamassassin.apache.org
Subject: Re: spamassassin less effective after upgrade to
3.1.0: some checks no longer executed ?
Only difference with my 'spamassassin --lint -D' output I saw was that
after the line 'uridnsbl: domains to query' I have a block of 14 lines
with 'dns: checking RBL sbl-xbl.etcetera' that you don't have. Probably
not important. And I can't see your SARE-rules getting loaded, in my
output I see SARE being loaded after the line 'config: using "/<dir>" for
site rules dir'. The v310.pre and init.pre are the same as mine.
Maybe (like already suggested) the user that starts spamassassin could be
checked for having a user_prefs file, or for having permission troubles.
Also with 'cat mail | spamassassin -D' you should be able to see if that
specific mail is checked against DCC and Razor. Again, best to check that
is with the same user that executes spamassassin.
You could also sniff on ports tcp/2703 (razor) and udp/6277 (dcc).
Regards
Menno