You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andrea <ml...@vp44.net> on 2017/01/10 21:42:11 UTC
Lot of spam slipping through after OS upgrade
Hi all.
Until last week our mail server had been running Debian Wheezy (installed
circa 2014). Full support for that release was dropped last April so I
decided to take advantage of the lower traffic during the holidays and
upgrade to Jessie.
Since then the amount of spam getting though has increased tenfold.
For example, one mailbox on a very old mailbox (10+ years) now gets on
average 80 spam messages/day that are not blocked by spamassassin because
they score under the threshold. Before the upgrade, I think about 90-95%
of the spam was getting caught.
I tried lowering the cutoff value half a point but the benefits are
marginal.
I am currently running amavisd-new+clamav+spamassassin with postfix as mta
with the following versions:
* SpamAssassin version 3.3.2 running on Perl version 5.20.2
* amavisd-new-2.10.1 (20141025)
* ClamAV 0.99.2
I was very careful during the upgrade process to compare the new config
files that were to be installed by aptitude.
IIRC I ended up keeping all the files from Wheezy because there weren¹t
any substantial differences.
Has anyone experienced a similar issue? Should I be looking at amavisd-new
instead?
Thanks
Re: Lot of spam slipping through after OS upgrade
Posted by Andrea <ml...@vp44.net>.
On 11/01/2017, 09:52, "Matus UHLAR - fantomas" <uh...@fantomas.sk> wrote:
>>>> On 10/01/2017, 23:01, "Reindl Harald" <h....@thelounge.net> wrote:
>>>>> you setup a new server with 3.3.2 in 2017?
>>>>>
>>>>> current is 3.4.1 and i know people running it on Debian for more
>>>>>than a
>>>>> year - sorry but why are you doing that?
>
>>>Am 10.01.2017 um 23:09 schrieb Andrea:
>>>> You¹re right.
>>>> It seems that something was left over from the previous debian
>>>>release:
>>>>
>>>> root@srv1:~# whereis spamassassin
>>>> spamassassin: /usr/bin/spamassassin /etc/spamassassin
>>>> /usr/local/bin/spamassassin /usr/share/spamassassin
>>>> /usr/share/man/man1/spamassassin.1p.gz
>>>>
>>>>
>>>> root@srv1:~# /usr/local/bin/spamassassin -V
>>>> SpamAssassin version 3.3.2
>>>> running on Perl version 5.20.2
>>>>
>>>> root@srv1:~# /usr/bin/spamassassin -V
>>>> SpamAssassin version 3.4.0
>>>> running on Perl version 5.20.2
>
>>>that sounds bad - package managers are supposed to clean leave files and
>>>report package versions
>
>they do. /usr/local/bin/spamassassin is NOT from debian package. debian
>doesn't put package files to /usr/local/bin
>
>I wonder why was there 3.3.2 in /usr/local/ since the wheezy version was
>3.3.2 too.
>
>>>however - did you run "sa-update" after your setup was finished because
>>>otherwise you are *far away* from a proper setup and recent rules
>
>On 10.01.17 23:31, Andrea wrote:
>>I did run sa-update..but now it seems that the concurrent versions issue
>>affects all sa binaries (sa-learn, sa-update, etc).
>>I wonder what went wrong since I followed the Debian upgrade procedures
>>and I _never_ installed anything that wasn’t coming in a package from the
>>official repositories.
>
>seems you did have locally installes SA though (as noted above - anything
>in
>/usr/local is NOT from debian distribution) - did you fix your problem by
>removing it?
>
>if not, did you check configuration files in /etc/spamassassin/ ?
>which spamassassin do you call from master.cf?
>It's possible that locally installed uses files in other directories which
>may have caused your problem
Fixing the binary paths actually did resolve the issue. I am now back at
“acceptable” detection levels.
I’m still trying to figure out where did the outdated packages come from
though
Re: Lot of spam slipping through after OS upgrade
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>> On 10/01/2017, 23:01, "Reindl Harald" <h....@thelounge.net> wrote:
>>>> you setup a new server with 3.3.2 in 2017?
>>>>
>>>> current is 3.4.1 and i know people running it on Debian for more than a
>>>> year - sorry but why are you doing that?
>>Am 10.01.2017 um 23:09 schrieb Andrea:
>>> You�re right.
>>> It seems that something was left over from the previous debian release:
>>>
>>> root@srv1:~# whereis spamassassin
>>> spamassassin: /usr/bin/spamassassin /etc/spamassassin
>>> /usr/local/bin/spamassassin /usr/share/spamassassin
>>> /usr/share/man/man1/spamassassin.1p.gz
>>>
>>>
>>> root@srv1:~# /usr/local/bin/spamassassin -V
>>> SpamAssassin version 3.3.2
>>> running on Perl version 5.20.2
>>>
>>> root@srv1:~# /usr/bin/spamassassin -V
>>> SpamAssassin version 3.4.0
>>> running on Perl version 5.20.2
>>that sounds bad - package managers are supposed to clean leave files and
>>report package versions
they do. /usr/local/bin/spamassassin is NOT from debian package. debian
doesn't put package files to /usr/local/bin
I wonder why was there 3.3.2 in /usr/local/ since the wheezy version was
3.3.2 too.
>>however - did you run "sa-update" after your setup was finished because
>>otherwise you are *far away* from a proper setup and recent rules
On 10.01.17 23:31, Andrea wrote:
>I did run sa-update..but now it seems that the concurrent versions issue
>affects all sa binaries (sa-learn, sa-update, etc).
>I wonder what went wrong since I followed the Debian upgrade procedures
>and I _never_ installed anything that wasn\u2019t coming in a package from the
>official repositories.
seems you did have locally installes SA though (as noted above - anything in
/usr/local is NOT from debian distribution) - did you fix your problem by
removing it?
if not, did you check configuration files in /etc/spamassassin/ ?
which spamassassin do you call from master.cf?
It's possible that locally installed uses files in other directories which
may have caused your problem
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
Re: Lot of spam slipping through after OS upgrade
Posted by Andrea <ml...@vp44.net>.
On 10/01/2017, 23:11, "Reindl Harald" <h....@thelounge.net> wrote:
>
>
>Am 10.01.2017 um 23:09 schrieb Andrea:
>> On 10/01/2017, 23:01, "Reindl Harald" <h....@thelounge.net> wrote:
>>> you setup a new server with 3.3.2 in 2017?
>>>
>>> current is 3.4.1 and i know people running it on Debian for more than a
>>> year - sorry but why are you doing that?
>>
>> You¹re right.
>> It seems that something was left over from the previous debian release:
>>
>> root@srv1:~# whereis spamassassin
>> spamassassin: /usr/bin/spamassassin /etc/spamassassin
>> /usr/local/bin/spamassassin /usr/share/spamassassin
>> /usr/share/man/man1/spamassassin.1p.gz
>>
>>
>> root@srv1:~# /usr/local/bin/spamassassin -V
>> SpamAssassin version 3.3.2
>> running on Perl version 5.20.2
>>
>> root@srv1:~# /usr/bin/spamassassin -V
>> SpamAssassin version 3.4.0
>> running on Perl version 5.20.2
>
>that sounds bad - package managers are supposed to clean leave files and
>report package versions
>
>however - did you run "sa-update" after your setup was finished because
>otherwise you are *far away* from a proper setup and recent rules
I did run sa-update..but now it seems that the concurrent versions issue
affects all sa binaries (sa-learn, sa-update, etc).
I wonder what went wrong since I followed the Debian upgrade procedures
and I _never_ installed anything that wasn’t coming in a package from the
official repositories.
I’ve moved the older versions out of the way and now it appears fine
(correct me if I’m wrong):
root@srv1:~# /usr/bin/sa-update -D
Jan 10 23:27:13.382 [16300] dbg: logger: adding facilities: all
Jan 10 23:27:13.382 [16300] dbg: logger: logging level is DBG
Jan 10 23:27:13.382 [16300] dbg: generic: SpamAssassin version 3.4.0
Jan 10 23:27:13.382 [16300] dbg: generic: Perl 5.020002, PREFIX=/usr,
DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/spamassassin,
LOCAL_STATE_DIR=/var/lib/spamassassin
Jan 10 23:27:13.382 [16300] dbg: config: timing enabled
Jan 10 23:27:13.383 [16300] dbg: config: score set 0 chosen.
Jan 10 23:27:13.387 [16300] dbg: generic: sa-update version svn1475932
Jan 10 23:27:13.388 [16300] dbg: generic: using update directory:
/var/lib/spamassassin/3.004000
Jan 10 23:27:13.549 [16300] dbg: diag: perl platform: 5.020002 linux
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Digest::SHA, version 5.93
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
HTML::Parser, version 3.71
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: Net::DNS,
version 0.81
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
NetAddr::IP, version 4.075
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Time::HiRes, version 1.9726
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Archive::Tar, version 1.96
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: IO::Zlib,
version 1.10
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module not installed:
Digest::SHA1 ('require' failed)
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
MIME::Base64, version 3.14
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: DB_File,
version 1.831
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: Net::SMTP,
version 2.33
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: Mail::SPF,
version v2.009
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: Geo::IP,
version 1.45
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Razor2::Client::Agent, version 2.84
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
IO::Socket::IP, version 0.29
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
IO::Socket::INET6, version 2.72
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
IO::Socket::SSL, version 2.002
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Compress::Zlib, version 2.064
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: Mail::DKIM,
version 0.4
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: DBI,
version 1.631
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Getopt::Long, version 2.42
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
LWP::UserAgent, version 6.06
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed: HTTP::Date,
version 6.02
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Encode::Detect, version 1.01
Jan 10 23:27:13.550 [16300] dbg: diag: [...] module installed:
Net::Patricia, version 1.22
Jan 10 23:27:13.551 [16300] dbg: gpg: Searching for 'gpg'
Jan 10 23:27:13.551 [16300] dbg: util: current PATH is:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Jan 10 23:27:13.551 [16300] dbg: util: executable for gpg was found at
/usr/bin/gpg
Jan 10 23:27:13.551 [16300] dbg: gpg: found /usr/bin/gpg
Jan 10 23:27:13.551 [16300] dbg: gpg: release trusted key id list:
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
0C2B1D7175B852C64B3CDC716C55397824F434CE
Jan 10 23:27:13.552 [16300] dbg: channel: attempting channel
updates.spamassassin.org
Jan 10 23:27:13.552 [16300] dbg: channel: using existing directory
/var/lib/spamassassin/3.004000/updates_spamassassin_org
Jan 10 23:27:13.552 [16300] dbg: channel: channel cf file
/var/lib/spamassassin/3.004000/updates_spamassassin_org.cf
Jan 10 23:27:13.552 [16300] dbg: channel: channel pre file
/var/lib/spamassassin/3.004000/updates_spamassassin_org.pre
Jan 10 23:27:13.552 [16300] dbg: channel: metadata version = 1776525, from
file /var/lib/spamassassin/3.004000/updates_spamassassin_org.cf
Jan 10 23:27:13.562 [16300] dbg: dns: 0.4.3.updates.spamassassin.org =>
1776525, parsed as 1776525
Jan 10 23:27:13.563 [16300] dbg: channel: current version is 1776525, new
version is 1776525, skipping channel
Jan 10 23:27:13.563 [16300] dbg: diag: updates complete, exiting with code
1
Re: Lot of spam slipping through after OS upgrade
Posted by Andrea <ml...@vp44.net>.
On 10/01/2017, 23:01, "Reindl Harald" <h....@thelounge.net> wrote:
>
>Am 10.01.2017 um 22:42 schrieb Andrea:
>> Until last week our mail server had been running Debian Wheezy
>>(installed
>> circa 2014). Full support for that release was dropped last April so I
>> decided to take advantage of the lower traffic during the holidays and
>> upgrade to Jessie.
>>
>> Since then the amount of spam getting though has increased tenfold.
>> For example, one mailbox on a very old mailbox (10+ years) now gets on
>> average 80 spam messages/day that are not blocked by spamassassin
>>because
>> they score under the threshold. Before the upgrade, I think about 90-95%
>> of the spam was getting caught.
>> I tried lowering the cutoff value half a point but the benefits are
>> marginal.
>>
>> I am currently running amavisd-new+clamav+spamassassin with postfix as
>>mta
>> with the following versions:
>>
>> * SpamAssassin version 3.3.2 running on Perl version 5.20.2
>
>you setup a new server with 3.3.2 in 2017?
>
>current is 3.4.1 and i know people running it on Debian for more than a
>year - sorry but why are you doing that?
You¹re right.
It seems that something was left over from the previous debian release:
root@srv1:~# whereis spamassassin
spamassassin: /usr/bin/spamassassin /etc/spamassassin
/usr/local/bin/spamassassin /usr/share/spamassassin
/usr/share/man/man1/spamassassin.1p.gz
root@srv1:~# /usr/local/bin/spamassassin -V
SpamAssassin version 3.3.2
running on Perl version 5.20.2
root@srv1:~# /usr/bin/spamassassin -V
SpamAssassin version 3.4.0
running on Perl version 5.20.2