You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tony Lay <to...@gmail.com> on 2005/01/26 19:20:38 UTC
logs and probably-spam almost-certainly-spam directories
Hey Gang,
I am trying to establish system wide spam filtering, but only a few
users need it right now. So I have the flexibility to go either way.
I think that's where my problem stems…I might have some clutter from
trying things out that is causing this not to work…or I got my wires
crossed on invoking.
SpamAssassin 3.0.1
FreeBSD 5.3.1
The filter appears to be working but I'm concerned that mails are
getting bounced as opposed to being filtered to my user's spam boxes.
So before we get into more detail shouldn't a users .procmailrc work
above and beyond the basic system setup?
Here's some info on the setup:
Spamassassin directory and permissions
/etc/mail/spamassassin
-rw-rw-r-- 1 root spam 935 Jan 21 11:17 init.pre
-rw-rw-r-- 1 root spam 234 Jan 26 12:33 razor-agent.log
drwxrwsr-x 2 root spam 512 Jan 26 12:34 .razor
-rw-rw-r-- 1 root spam 1360 Jan 26 12:38 local.cf
razor-client and razor-admin run as root
/etc/mail/.razor
-rw-rw-r-- 1 root spam 429 Jan 26 12:33 server.joy.cloudmark.com.conf
-rw-rw-r-- 1 root spam 38 Jan 26 12:33 servers.nomination.lst
-rw-rw-r-- 1 root spam 14 Jan 26 12:33 servers.discovery.lst
-rw-rw-r-- 1 root spam 83 Jan 26 12:33 servers.catalogue.lst
-rw-rw-r-- 1 root spam 664 Jan 26 12:34 razor-agent.log
-rw--w---- 1 root spam 90 Jan 26 12:34 identity-ru6o_L61rv
lrwxr-xr-x 1 root wheel 19 Jan 26 12:34 identity -> identity-ru6o_L61rv
-rw-rw-r-- 1 root spam 779 Jan 26 12:39 razor-agent.conf
spamd is running (will eventually be spamc)
phoenix# ps -awx | grep spam
8611 ?? Is 0:00.44 /usr/local/bin/spamd -c -d -r
/var/run/spamd.pid (perl)
8616 ?? I 0:00.00 spamd child (perl)
8617 ?? I 0:00.00 spamd child (perl)
8618 ?? I 0:00.00 spamd child (perl)
8619 ?? I 0:00.00 spamd child (perl)
8620 ?? I 0:00.00 spamd child (perl)
users who are being filtered have the following:
###########
#.procmailrc#
###########
DROPPRIVS=yes
* < 256000
| spamassassin
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
almost-certainly-spam
:0:
* ^X-Spam-Status: Yes
probably-spam
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
###########
# .forward #
###########
"|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 #username"
Again, mail appears to be filtered for the user. I see headers
showing messages are being checked. I see autolearning isn't working
but I'll cross that bridge when I get to it.
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on SomeAddress
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_BY_IP
autolearn=failed version=3.0.1
The client is IMP (horde) and I already have everything set up in
there for reporting.
$conf['spam']['reporting'] = true;
$conf['spam']['program'] = '/usr/local/bin/spamassassin -x -C
/etc/mail/spamassassin -r';
$conf['notspam']['reporting'] = true;
$conf['notspam']['program'] = '/usr/local/bin/spamassassin -C
/etc/mail/spamassassin -k';
I don't see anything relevant in
/var/log/maillog
/var/log/messages
and I've looked in and around the user and system .spamassassin and
.razor directories and don't see any logging. I wouldn't be freaking
out but one guy gets 200 spams a day and it's down to a dull roar and
I need to know where they are going so that we can verify that we
aren't getting false positives.
In summary I'd like to know where to dig and would appreciate any
advice on a basic setup for a few users. If anybody has time to
assist I can divulge more details as needed.
Regards,
-Tony
Re: logs and probably-spam almost-certainly-spam directories
Posted by Thomas Arend <ml...@arend-whv.info>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Mittwoch, 26. Januar 2005 19:20 schrieb Tony Lay:
> Hey Gang,
>
> I am trying to establish system wide spam filtering, but only a few
> users need it right now. So I have the flexibility to go either way.
> I think that's where my problem stems…I might have some clutter from
> trying things out that is causing this not to work…or I got my wires
> crossed on invoking.
>
> SpamAssassin 3.0.1
> FreeBSD 5.3.1
>
[..]
> users who are being filtered have the following:
>
> ###########
> #.procmailrc#
> ###########
>
> DROPPRIVS=yes
>
# Check if procmailrc is working correct include
LOGFILE=$HOME/.procmail.log
VERBOSE=ON
# You should include
:0 fw: spamassassin.lock
* < 256000
> | spamassassin
BTW: Using spamc with spamd is faster than spamassassin
> :0:
> * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
> almost-certainly-spam
>
> :0:
>
> * ^X-Spam-Status: Yes
> probably-spam
>
> :0
>
> * ^^rom[ ]
> {
> LOG="*** Dropped F off From_ header! Fixing up. "
>
> :0 fhw
> :
> | sed -e '1s/^/F/'
>
> }
>
[..]
Cheers
Thomas
> Regards,
>
> -Tony
- --
icq:133073900
http://www.t-arend.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFB/M1AHe2ZLU3NgHsRAtbjAJoDQdgFFMbtUUvncHBQLeWFlyiTMgCfUPPI
4yb8hKqPr+TUFDflTbhmy3M=
=FrN2
-----END PGP SIGNATURE-----
Re: logs and probably-spam almost-certainly-spam directories
Posted by Matt Kettler <mk...@evi-inc.com>.
At 01:20 PM 1/26/2005, Tony Lay wrote:
>I am trying to establish system wide spam filtering, but only a few
>users need it right now. So I have the flexibility to go either way.
>I think that's where my problem stems
I might have some clutter from
>trying things out that is causing this not to work
or I got my wires
>crossed on invoking.
>
>SpamAssassin 3.0.1
>FreeBSD 5.3.1
>
>The filter appears to be working but I'm concerned that mails are
>getting bounced as opposed to being filtered to my user's spam boxes.
>So before we get into more detail shouldn't a users .procmailrc work
>above and beyond the basic system setup?
If you're calling from procmail, bouncing is not happening. It's too late
in the game for that.
From looking at the procmail.cf you have, all the high-scoring spam
messages are being redirected from your user's mailbox into a separate
mailbox called "almost-certainly-spam". All tagged spam is being redirected
to "probably-spam".
Check /var/spool/mail, or wherever your system normally spools delivered mail.