You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jerry Malcolm <te...@malcolms.com> on 2019/09/27 19:14:22 UTC
Setting Threshold
I am setting up SA on an AWS Linux EC2. I am trying to change the
results threshold from 5.0 to 4.0. I went to
/usr/share/spamassassin/local.cf, uncommented and changed:
"required_score 4.0". But when I stop and start the service and process
an email through it, headers still say 5.0 as the threshold. What am I
doing wrong? Is there some other place I need to change it as well?
Thx.
Re: Setting Threshold
Posted by RW <rw...@googlemail.com>.
On Fri, 27 Sep 2019 23:24:49 -0500
Jerry Malcolm wrote:
> Understood. I'm definitely stopping and starting the spamd service.
> (Although it's called the spamassassin service, it is definitely
> starting and stopping spamd.
>
> I've done a ton of digging around. I located:
>
> /usr/lib/systemd/system/spamassassin.service that starts
> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
> writes the log to /var/log/maillog.
>
> In the maillog it says it is loading options from
> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>
> I checked, and that file has required_score 4.0. Yet the rest of the
> log file shows scores of x.x/5.0.
That file is installed by sa-update. I'm not sure whether it's intended
as a sample or as a potential way to change defaults via sa-update, but
you aren't supposed to edit anything in a rule channel directory.
/usr/share/spamassassin/ also contains installed files, I think it's
where the rules went before sa-update. I don't know why there would be
a local.cf there, unless you created it.
The location of local.cf on Linux is usually /etc/mail/spamassassin/ or
maybe /etc/spamassassin/.
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
On 9/28/2019 12:35 AM, Bill Cole wrote:
> On 28 Sep 2019, at 1:21, Jerry Malcolm wrote:
>
>> On 9/27/2019 11:49 PM, Bill Cole wrote:
>>> On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
>>>
>>>> Understood. I'm definitely stopping and starting the spamd
>>>> service. (Although it's called the spamassassin service, it is
>>>> definitely starting and stopping spamd.
>>>>
>>>> I've done a ton of digging around. I located:
>>>>
>>>> /usr/lib/systemd/system/spamassassin.service that starts
>>>> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
>>>> writes the log to /var/log/maillog.
>>>>
>>>> In the maillog it says it is loading options from
>>>> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>>>>
>>>> I checked, and that file has required_score 4.0. Yet the rest of
>>>> the log file shows scores of x.x/5.0.
>>>>
>>>> So I tried adding an option --cf=required_score 4.0 to the options
>>>> file. No change.
>>>>
>>>> Then I tried adding it directly the spamd invocation in the service
>>>> file. No matter how many places I tell it I want 4.0. Something is
>>>> still overriding it to 5.0. Any other places you can think of that
>>>> I can look?
>>>
>>> What are the full command line options for spamd?
>>>
>>> 'ps aux |grep spamd' should tell you the ground truth.
>>>
>> With my extra parameter added....
>
> 'ps aux |grep spamd' should tell you the ground truth.
>
> What is ACTUALLY running matters. Not what you THINK is running
>
> The process has an owner, which matters.
>
> If spamd is running as a user with a user_prefs file, it will be
> loading that.
>
>
The process is running as root. I looked in the cf directory. There's a
user_prefs.template. But I don't see any other user_prefs files.
Re: Setting Threshold
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 28 Sep 2019, at 1:21, Jerry Malcolm wrote:
> On 9/27/2019 11:49 PM, Bill Cole wrote:
>> On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
>>
>>> Understood. I'm definitely stopping and starting the spamd
>>> service. (Although it's called the spamassassin service, it is
>>> definitely starting and stopping spamd.
>>>
>>> I've done a ton of digging around. I located:
>>>
>>> /usr/lib/systemd/system/spamassassin.service that starts
>>> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
>>> writes the log to /var/log/maillog.
>>>
>>> In the maillog it says it is loading options from
>>> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>>>
>>> I checked, and that file has required_score 4.0. Yet the rest of
>>> the log file shows scores of x.x/5.0.
>>>
>>> So I tried adding an option --cf=required_score 4.0 to the options
>>> file. No change.
>>>
>>> Then I tried adding it directly the spamd invocation in the service
>>> file. No matter how many places I tell it I want 4.0. Something is
>>> still overriding it to 5.0. Any other places you can think of that
>>> I can look?
>>
>> What are the full command line options for spamd?
>>
>> 'ps aux |grep spamd' should tell you the ground truth.
>>
> With my extra parameter added....
'ps aux |grep spamd' should tell you the ground truth.
What is ACTUALLY running matters. Not what you THINK is running
The process has an owner, which matters.
If spamd is running as a user with a user_prefs file, it will be loading
that.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Setting Threshold (Resolved)
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>On 28.09.19 00:21, Jerry Malcolm wrote:
>>>With my extra parameter added....
>>>
>>>/usr/bin/perl -T -w /usr/bin/spamd --pidfile /var/run/spamd.pid -D
>>>-d -c -m5 -H --cf=required_score 4.0
>On 9/28/2019 9:38 AM, Matus UHLAR - fantomas wrote:
>>the "required_score 4.0" should be enclosed in quotes of apostrophoes.
>>Or, in config file.
>>
>>further, the empty -H changes how configs are used:
>>
>> "By specifying no argument, spamd will use the spamc caller's
>>home directory
>> instead."
>>
>>so, the calling user $HOME/.spamassassin/user_prefs is used
On 28.09.19 12:20, Jerry Malcolm wrote:
>Apparently, the whole problem was the quotes. I added the quotes to
>the command line options, and it finally works. I didn't try adding
>quotes in the local.cf file. But it makes sense. Note though, that
>the commented "required_score" line in the shipped version of local.cf
>does not have quotes. Perhaps quotes should get added to that file in
>the distribution if they are required.
No.
Quotes must be in startup file, because "required_score 4.0" without quotes
in the command line is understood as two separate arguments, while you need
one argument.
It's different in config file, quotes don't belong there.
>So now at least I know how to set the threshold. But my original
>question has spawned a separate discussion of whether it is the right
>thing do to change the threshold. I got one suggestion that, rather
>than reducing the threshold, I go in and rework the scoring on all of
>the rules in order to get my scores for obvious spam to rank above
>5.0.
No.
Playing with scores is often even worse because scores are balanced
automatically, increasing either could increase false positives.
First you should ask why you only get those scores.
There are plugins like razor2, pyzor, DCC, that can increase scores
dramatically.
Also, using BAYES database helps much, although it requires training.
Since you use the -H parameter above, your users will have each own database
and will need to train it themselves.
>So the real question is.... why are MY scores on spam apparently lower
>than the main population of SA users?
there are always some false negatives. Spammers try hard.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
Re: Setting Threshold (Resolved)
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 28 Sep 2019, at 13:20, Jerry Malcolm wrote:
> On 9/28/2019 9:38 AM, Matus UHLAR - fantomas wrote:
>>>> On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
>>>>> Understood. I'm definitely stopping and starting the spamd
>>>>> service. (Although it's called the spamassassin service, it is
>>>>> definitely starting and stopping spamd.
>>>>>
>>>>> I've done a ton of digging around. I located:
>>>>>
>>>>> /usr/lib/systemd/system/spamassassin.service that starts
>>>>> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
>>>>> writes the log to /var/log/maillog.
>>>>>
>>>>> In the maillog it says it is loading options from
>>>>> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>>>>>
>>>>> I checked, and that file has required_score 4.0. Yet the rest of
>>>>> the log file shows scores of x.x/5.0.
>>>>>
>>>>> So I tried adding an option --cf=required_score 4.0 to the options
>>>>> file. No change.
>>>>>
>>>>> Then I tried adding it directly the spamd invocation in the
>>>>> service file. No matter how many places I tell it I want 4.0.
>>>>> Something is still overriding it to 5.0. Any other places you
>>>>> can think of that I can look?
>>
>>> On 9/27/2019 11:49 PM, Bill Cole wrote:
>>>> What are the full command line options for spamd?
>>>>
>>>> 'ps aux |grep spamd' should tell you the ground truth.
>>
>> On 28.09.19 00:21, Jerry Malcolm wrote:
>>> With my extra parameter added....
>>>
>>> /usr/bin/perl -T -w /usr/bin/spamd --pidfile /var/run/spamd.pid -D
>>> -d -c -m5 -H --cf=required_score 4.0
>>
>> the "required_score 4.0" should be enclosed in quotes of
>> apostrophoes.
>> Or, in config file.
>>
>> further, the empty -H changes how configs are used:
>>
>> "By specifying no argument, spamd will use the spamc caller's
>> home directory
>> instead."
>>
>> so, the calling user $HOME/.spamassassin/user_prefs is used
>
> Matus,
>
> Apparently, the whole problem was the quotes. I added the quotes to
> the command line options, and it finally works. I didn't try adding
> quotes in the local.cf file. But it makes sense. Note though, that
> the commented "required_score" line in the shipped version of local.cf
> does not have quotes. Perhaps quotes should get added to that file
> in the distribution if they are required.
They are not required in a config file. They are only required on a
command line.
> So now at least I know how to set the threshold.
You've found one way, but there's still the puzzle of which config file
is actually being used by spamd, since you changed the threshold in some
file that was clearly NOT the operative local.cf.
> But my original question has spawned a separate discussion of whether
> it is the right thing do to change the threshold. I got one
> suggestion that, rather than reducing the threshold, I go in and
> rework the scoring on all of the rules in order to get my scores for
> obvious spam to rank above 5.0. I appreciate all of the work and
> knowledge by the SA team and contributors that has gone into refining
> the scoring on all of the rules. If I don't have enough background
> to correctly lower the threshold, I definitely don't have the
> background and experience (or time) to rework the scoring on a
> thousand rules.
The default rules, scores, and threshold are not Holy Writ. There is an
automated process backed by human classification of ham and spam corpora
which calculates some rule scores with an assumption of 5 as the
threshold, but I can guarantee that those corpora are not representative
of all mail, of all mail seen by SA, or of all mail handled by any
single system. It is almost certainly true that the SA defaults are not
the best possible fit for any site anywhere, they're just the best
compromise we know how to come up with. In creating rules and
determining whether they are good enough to publish, we have a
substantial bias against false positives, inevitably meaning that SA
will have some false negatives.
Adjusting the threshold is definitely the easiest way to deal with SA
making too many mistakes on one side of the threshold or the other. In
my experience, 4.0 is a reasonable level AFTER you've got Bayes and AWL
or TxRep databases trained.
> So the real question is.... why are MY scores on spam apparently lower
> than the main population of SA users? I gotta believe that most
> users are processing emails just fine with a 5.0 threshold and not
> getting tons of uncaught spam. I have added KAM.cf.
Are you sure that your spamd is actually using the KAM.cf rules? I ask
because of the unresolved question of what config files it is actually
using.
> But I still a large percentage of spam gets scored between 4 and 5.
> I understand that there are a billion different strains of spam and
> the spam that user X receives is different that the spam that user Y
> receives. But my lower scores seem a bit too consistent for that to
> be the only problem.
I've worked with a lot of different mail streams and I think it is
absolutely normal for a site to have that sort of tilt, especially one
with a small number of users.
> Just curious you have a set of test cases that have an expected spam
> score that I could run through my SA and compare, and maybe isolate
> what rules might not be firing for me.
We do not publish test cases because there is really no hope of coming
up with significant coverage in a reasonable number of test cases. The
most common sources of excess false negatives are entirely local issues
such as correctly set *_networks values and having a proper independent
DNS resolver set up so that you can use the "free for most" DNSBL and
URIBL services that block the heaviest users by resolver address.
It is fairly common for people with persistent false negative problems
to ask about them here, usually posting the spam samples to PasteBin to
avoid having messages to the list blocked as spam.
> This is going to be an ongoing research problem for me. Not a
> show-stopper today. But I would like to understand better about my
> situation. I want to use SA as intended.
As a member of the SpamAssassin PMC I think that I'm safe in saying that
the only "as intended" use is "whatever works for your particular
circumstances."
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Setting Threshold (Resolved)
Posted by Jerry Malcolm <te...@malcolms.com>.
On 9/28/2019 9:38 AM, Matus UHLAR - fantomas wrote:
>>> On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
>>>> Understood. I'm definitely stopping and starting the spamd
>>>> service. (Although it's called the spamassassin service, it is
>>>> definitely starting and stopping spamd.
>>>>
>>>> I've done a ton of digging around. I located:
>>>>
>>>> /usr/lib/systemd/system/spamassassin.service that starts
>>>> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
>>>> writes the log to /var/log/maillog.
>>>>
>>>> In the maillog it says it is loading options from
>>>> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>>>>
>>>> I checked, and that file has required_score 4.0. Yet the rest of
>>>> the log file shows scores of x.x/5.0.
>>>>
>>>> So I tried adding an option --cf=required_score 4.0 to the options
>>>> file. No change.
>>>>
>>>> Then I tried adding it directly the spamd invocation in the service
>>>> file. No matter how many places I tell it I want 4.0. Something is
>>>> still overriding it to 5.0. Any other places you can think of that
>>>> I can look?
>
>> On 9/27/2019 11:49 PM, Bill Cole wrote:
>>> What are the full command line options for spamd?
>>>
>>> 'ps aux |grep spamd' should tell you the ground truth.
>
> On 28.09.19 00:21, Jerry Malcolm wrote:
>> With my extra parameter added....
>>
>> /usr/bin/perl -T -w /usr/bin/spamd --pidfile /var/run/spamd.pid -D -d
>> -c -m5 -H --cf=required_score 4.0
>
> the "required_score 4.0" should be enclosed in quotes of apostrophoes.
> Or, in config file.
>
> further, the empty -H changes how configs are used:
>
> "By specifying no argument, spamd will use the spamc caller's home
> directory
> instead."
>
> so, the calling user $HOME/.spamassassin/user_prefs is used
Matus,
Apparently, the whole problem was the quotes. I added the quotes to the
command line options, and it finally works. I didn't try adding quotes
in the local.cf file. But it makes sense. Note though, that the
commented "required_score" line in the shipped version of local.cf does
not have quotes. Perhaps quotes should get added to that file in the
distribution if they are required.
So now at least I know how to set the threshold. But my original
question has spawned a separate discussion of whether it is the right
thing do to change the threshold. I got one suggestion that, rather
than reducing the threshold, I go in and rework the scoring on all of
the rules in order to get my scores for obvious spam to rank above 5.0.
I appreciate all of the work and knowledge by the SA team and
contributors that has gone into refining the scoring on all of the
rules. If I don't have enough background to correctly lower the
threshold, I definitely don't have the background and experience (or
time) to rework the scoring on a thousand rules.
So the real question is.... why are MY scores on spam apparently lower
than the main population of SA users? I gotta believe that most users
are processing emails just fine with a 5.0 threshold and not getting
tons of uncaught spam. I have added KAM.cf. But I still a large
percentage of spam gets scored between 4 and 5. I understand that there
are a billion different strains of spam and the spam that user X
receives is different that the spam that user Y receives. But my lower
scores seem a bit too consistent for that to be the only problem.
Just curious you have a set of test cases that have an expected spam
score that I could run through my SA and compare, and maybe isolate what
rules might not be firing for me.
This is going to be an ongoing research problem for me. Not a
show-stopper today. But I would like to understand better about my
situation. I want to use SA as intended.
Thanks again,
Jerry
Re: Setting Threshold
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
>>>Understood. I'm definitely stopping and starting the spamd
>>>service. (Although it's called the spamassassin service, it is
>>>definitely starting and stopping spamd.
>>>
>>>I've done a ton of digging around. I located:
>>>
>>>/usr/lib/systemd/system/spamassassin.service that starts
>>>/usr/bin/spamd using options file /etc/sysconfig/spamassassin and
>>>writes the log to /var/log/maillog.
>>>
>>>In the maillog it says it is loading options from
>>>/var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>>>
>>>I checked, and that file has required_score 4.0. Yet the rest of
>>>the log file shows scores of x.x/5.0.
>>>
>>>So I tried adding an option --cf=required_score 4.0 to the options
>>>file. No change.
>>>
>>>Then I tried adding it directly the spamd invocation in the
>>>service file. No matter how many places I tell it I want 4.0.
>>>Something is still overriding it to 5.0. Any other places you can
>>>think of that I can look?
>On 9/27/2019 11:49 PM, Bill Cole wrote:
>>What are the full command line options for spamd?
>>
>>'ps aux |grep spamd' should tell you the ground truth.
On 28.09.19 00:21, Jerry Malcolm wrote:
>With my extra parameter added....
>
>/usr/bin/perl -T -w /usr/bin/spamd --pidfile /var/run/spamd.pid -D -d
>-c -m5 -H --cf=required_score 4.0
the "required_score 4.0" should be enclosed in quotes of apostrophoes.
Or, in config file.
further, the empty -H changes how configs are used:
"By specifying no argument, spamd will use the spamc caller's home directory
instead."
so, the calling user $HOME/.spamassassin/user_prefs is used
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
On 9/27/2019 11:49 PM, Bill Cole wrote:
> On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
>
>> Understood. I'm definitely stopping and starting the spamd service.
>> (Although it's called the spamassassin service, it is definitely
>> starting and stopping spamd.
>>
>> I've done a ton of digging around. I located:
>>
>> /usr/lib/systemd/system/spamassassin.service that starts
>> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
>> writes the log to /var/log/maillog.
>>
>> In the maillog it says it is loading options from
>> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>>
>> I checked, and that file has required_score 4.0. Yet the rest of the
>> log file shows scores of x.x/5.0.
>>
>> So I tried adding an option --cf=required_score 4.0 to the options
>> file. No change.
>>
>> Then I tried adding it directly the spamd invocation in the service
>> file. No matter how many places I tell it I want 4.0. Something is
>> still overriding it to 5.0. Any other places you can think of that I
>> can look?
>
> What are the full command line options for spamd?
>
> 'ps aux |grep spamd' should tell you the ground truth.
>
With my extra parameter added....
/usr/bin/perl -T -w /usr/bin/spamd --pidfile /var/run/spamd.pid -D -d -c
-m5 -H --cf=required_score 4.0
Just to make sure after capturing the command line above, I checked an
email that was just processed. It has a header:
Spam: False ; 0.2 / 5.0
Re: Setting Threshold
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 28 Sep 2019, at 0:24, Jerry Malcolm wrote:
> Understood. I'm definitely stopping and starting the spamd service.
> (Although it's called the spamassassin service, it is definitely
> starting and stopping spamd.
>
> I've done a ton of digging around. I located:
>
> /usr/lib/systemd/system/spamassassin.service that starts
> /usr/bin/spamd using options file /etc/sysconfig/spamassassin and
> writes the log to /var/log/maillog.
>
> In the maillog it says it is loading options from
> /var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
>
> I checked, and that file has required_score 4.0. Yet the rest of the
> log file shows scores of x.x/5.0.
>
> So I tried adding an option --cf=required_score 4.0 to the options
> file. No change.
>
> Then I tried adding it directly the spamd invocation in the service
> file. No matter how many places I tell it I want 4.0. Something is
> still overriding it to 5.0. Any other places you can think of that I
> can look?
What are the full command line options for spamd?
'ps aux |grep spamd' should tell you the ground truth.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
Understood. I'm definitely stopping and starting the spamd service.
(Although it's called the spamassassin service, it is definitely
starting and stopping spamd.
I've done a ton of digging around. I located:
/usr/lib/systemd/system/spamassassin.service that starts /usr/bin/spamd
using options file /etc/sysconfig/spamassassin and writes the log to
/var/log/maillog.
In the maillog it says it is loading options from
/var/lib/spamassassin/3.004000/updates_spamassassin_org/local.cf
I checked, and that file has required_score 4.0. Yet the rest of the
log file shows scores of x.x/5.0.
So I tried adding an option --cf=required_score 4.0 to the options
file. No change.
Then I tried adding it directly the spamd invocation in the service
file. No matter how many places I tell it I want 4.0. Something is
still overriding it to 5.0. Any other places you can think of that I
can look?
Thx.
Jerry
On 9/27/2019 10:50 PM, David B Funk wrote:
> Jerry,
>
> One other potential point of confusion; when you say:
>> .... But when I stop and start the service and process
>> an email through it, headers still say 5.0 as the threshold.
>
> What particular service did you stop and restart? Specifically did you
> restart just the Apache James service or did you stop & restart the
> spamd daemon?
>
> The spamd daemon is the thing that you need to restart to get it to
> process the config files.
>
>
> On Fri, 27 Sep 2019, David B Funk wrote:
>
>> Jerry,
>>
>> That looks like a functional implementation of the "spamc" client.
>> So that implies your system is using "spamd" daemon for actual
>> processing of the spam. (as opposed to something like "amavis" which
>> directly incorporates the SA scanning engine)
>>
>> Did you restart the spamd daemon after you changed that config file?
>>
>> If you did and the change still isn't working this implies that your
>> spamd system is using a different set of config files -or- there's
>> another config file which is overriding your customization.
>> At startup spamd processes config files in sequence and a setting in
>> a later one will override corresponding values set in an earlier one.
>>
>> Look at your spamd's process list to see if there are any explicit
>> config files specified in the command line arguments.
>>
>> Also you can try starting your spamd with debugging enabled which
>> will cause it to log config file processing.
>>
>> Add the following to your spamd start up command line arguments:
>> --debug config
>>
>> Then restart and look at the logging output to see which config files
>> it's processing and in which order.
>>
>>
>>
>>
>> On Fri, 27 Sep 2019, Jerry Malcolm wrote:
>>
>>> Hi Bill, Thanks for the quick response.
>>>
>>> I'm using Apache James 3.3.0. I investigated the class that calls
>>> spamd. There is a class SpamAssassinInvoker in the James
>>> distribution that actually calls spamd. Relevant code excerpt from
>>> that class is below. It doesn't appear that any threshold info is
>>> being sent on the call.
>>>
>>> out = socket.getOutputStream();
>>> in = new BufferedReader(new
>>> InputStreamReader(socket.getInputStream()));
>>> out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
>>>
>>> // pass the message to spamd
>>> message.writeTo(out);
>>> out.flush();
>>> socket.shutdownOutput();
>>> String s = null;
>>> while ((s = in.readLine()) != null) {
>>>
>>> On 9/27/2019 3:21 PM, Bill Cole wrote:
>>>> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>>>>
>>>>> I am setting up SA on an AWS Linux EC2. I am trying to change the
>>>>> results threshold from 5.0 to 4.0. I went to
>>>>> /usr/share/spamassassin/local.cf, uncommented and changed:
>>>>> "required_score 4.0". But when I stop and start the service and
>>>>> process an email through it, headers still say 5.0 as the
>>>>> threshold. What am I doing wrong? Is there some other place I
>>>>> need to change it as well?
>>>>
>>>> It is certainly possible. How are you integrating SA with your mail
>>>> system, i.e. what software is getting mail that it uses SA to
>>>> filter? Different mechanisms can end up using software-specific or
>>>> user-specific configurations that override local.cf.
>>>>
>>>>
>>>
>>>
>>
>>
>
Re: Setting Threshold
Posted by David B Funk <db...@engineering.uiowa.edu>.
Jerry,
One other potential point of confusion; when you say:
> .... But when I stop and start the service and process
> an email through it, headers still say 5.0 as the threshold.
What particular service did you stop and restart? Specifically did you restart
just the Apache James service or did you stop & restart the spamd daemon?
The spamd daemon is the thing that you need to restart to get it to process the
config files.
On Fri, 27 Sep 2019, David B Funk wrote:
> Jerry,
>
> That looks like a functional implementation of the "spamc" client.
> So that implies your system is using "spamd" daemon for actual processing of
> the spam. (as opposed to something like "amavis" which directly incorporates
> the SA scanning engine)
>
> Did you restart the spamd daemon after you changed that config file?
>
> If you did and the change still isn't working this implies that your spamd
> system is using a different set of config files -or- there's another config
> file which is overriding your customization.
> At startup spamd processes config files in sequence and a setting in a later
> one will override corresponding values set in an earlier one.
>
> Look at your spamd's process list to see if there are any explicit config
> files specified in the command line arguments.
>
> Also you can try starting your spamd with debugging enabled which will cause
> it to log config file processing.
>
> Add the following to your spamd start up command line arguments:
> --debug config
>
> Then restart and look at the logging output to see which config files it's
> processing and in which order.
>
>
>
>
> On Fri, 27 Sep 2019, Jerry Malcolm wrote:
>
>> Hi Bill, Thanks for the quick response.
>>
>> I'm using Apache James 3.3.0. I investigated the class that calls spamd.
>> There is a class SpamAssassinInvoker in the James distribution that
>> actually calls spamd. Relevant code excerpt from that class is below. It
>> doesn't appear that any threshold info is being sent on the call.
>>
>> out = socket.getOutputStream();
>> in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
>> out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
>>
>> // pass the message to spamd
>> message.writeTo(out);
>> out.flush();
>> socket.shutdownOutput();
>> String s = null;
>> while ((s = in.readLine()) != null) {
>>
>> On 9/27/2019 3:21 PM, Bill Cole wrote:
>>> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>>>
>>>> I am setting up SA on an AWS Linux EC2. I am trying to change the
>>>> results threshold from 5.0 to 4.0. I went to
>>>> /usr/share/spamassassin/local.cf, uncommented and changed:
>>>> "required_score 4.0". But when I stop and start the service and process
>>>> an email through it, headers still say 5.0 as the threshold. What am I
>>>> doing wrong? Is there some other place I need to change it as well?
>>>
>>> It is certainly possible. How are you integrating SA with your mail
>>> system, i.e. what software is getting mail that it uses SA to filter?
>>> Different mechanisms can end up using software-specific or user-specific
>>> configurations that override local.cf.
>>>
>>>
>>
>>
>
>
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Setting Threshold
Posted by David B Funk <db...@engineering.uiowa.edu>.
Unfortunately the answer to those questions tends to be OS distro specific.
Usually logs go someplace under "/var/log/" but there's nothing to prevent
your particular distro's creators putting them elsewhere.
The startup stuff is often very OS distro & version specific; is yours an
"init script" based system, or a "systemd" based system (or something else)?
Do this, in a shell execute the command:
cat /etc/os-release
That should output several lines of text that contain data about the specific
distro/version you're running. (if it cannot find /etc/os-release try
/usr/lib/os-release ).
Using that data, you should be able to track down forums/FAQs/wikis specific to
your distro which have answers to those two questions.
On Fri, 27 Sep 2019, Jerry Malcolm wrote:
> Oh yes... and the location of the actual SA startup command file as well.....
>
> Thx
>
> On 9/27/2019 7:01 PM, Jerry Malcolm wrote:
>> Thanks. I'll try all of that. But unfortunately I'm coming into AWS Linux
>> from a Windows background. I'm having a heck of a time finding the
>> configuration and log file folders that linux server implementations seem
>> to like splattering all over the hard drive... :-). Where should I be
>> looking to find the SA log files?
>>
>> Thanks again.
>>
>> Jerry
>>
>> On 9/27/2019 6:46 PM, David B Funk wrote:
>>> Jerry,
>>>
>>> That looks like a functional implementation of the "spamc" client.
>>> So that implies your system is using "spamd" daemon for actual processing
>>> of the spam. (as opposed to something like "amavis" which directly
>>> incorporates the SA scanning engine)
>>>
>>> Did you restart the spamd daemon after you changed that config file?
>>>
>>> If you did and the change still isn't working this implies that your spamd
>>> system is using a different set of config files -or- there's another
>>> config file which is overriding your customization.
>>> At startup spamd processes config files in sequence and a setting in a
>>> later one will override corresponding values set in an earlier one.
>>>
>>> Look at your spamd's process list to see if there are any explicit config
>>> files specified in the command line arguments.
>>>
>>> Also you can try starting your spamd with debugging enabled which will
>>> cause it to log config file processing.
>>>
>>> Add the following to your spamd start up command line arguments:
>>> --debug config
>>>
>>> Then restart and look at the logging output to see which config files it's
>>> processing and in which order.
>>>
>>>
>>>
>>>
>>> On Fri, 27 Sep 2019, Jerry Malcolm wrote:
>>>
>>>> Hi Bill, Thanks for the quick response.
>>>>
>>>> I'm using Apache James 3.3.0. I investigated the class that calls
>>>> spamd. There is a class SpamAssassinInvoker in the James distribution
>>>> that actually calls spamd. Relevant code excerpt from that class is
>>>> below. It doesn't appear that any threshold info is being sent on the
>>>> call.
>>>>
>>>> out = socket.getOutputStream();
>>>> in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
>>>> out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
>>>>
>>>> // pass the message to spamd
>>>> message.writeTo(out);
>>>> out.flush();
>>>> socket.shutdownOutput();
>>>> String s = null;
>>>> while ((s = in.readLine()) != null) {
>>>>
>>>> On 9/27/2019 3:21 PM, Bill Cole wrote:
>>>>> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>>>>>
>>>>>> I am setting up SA on an AWS Linux EC2. I am trying to change the
>>>>>> results threshold from 5.0 to 4.0. I went to
>>>>>> /usr/share/spamassassin/local.cf, uncommented and changed:
>>>>>> "required_score 4.0". But when I stop and start the service and
>>>>>> process an email through it, headers still say 5.0 as the threshold.
>>>>>> What am I doing wrong? Is there some other place I need to change it
>>>>>> as well?
>>>>>
>>>>> It is certainly possible. How are you integrating SA with your mail
>>>>> system, i.e. what software is getting mail that it uses SA to filter?
>>>>> Different mechanisms can end up using software-specific or user-specific
>>>>> configurations that override local.cf.
>>>>>
>>>>>
>>>>
>>>>
>>>
>
>
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
Oh yes... and the location of the actual SA startup command file as
well.....
Thx
On 9/27/2019 7:01 PM, Jerry Malcolm wrote:
> Thanks. I'll try all of that. But unfortunately I'm coming into AWS
> Linux from a Windows background. I'm having a heck of a time finding
> the configuration and log file folders that linux server
> implementations seem to like splattering all over the hard drive...
> :-). Where should I be looking to find the SA log files?
>
> Thanks again.
>
> Jerry
>
> On 9/27/2019 6:46 PM, David B Funk wrote:
>> Jerry,
>>
>> That looks like a functional implementation of the "spamc" client.
>> So that implies your system is using "spamd" daemon for actual
>> processing of the spam. (as opposed to something like "amavis" which
>> directly incorporates the SA scanning engine)
>>
>> Did you restart the spamd daemon after you changed that config file?
>>
>> If you did and the change still isn't working this implies that your
>> spamd system is using a different set of config files -or- there's
>> another config file which is overriding your customization.
>> At startup spamd processes config files in sequence and a setting in
>> a later one will override corresponding values set in an earlier one.
>>
>> Look at your spamd's process list to see if there are any explicit
>> config files specified in the command line arguments.
>>
>> Also you can try starting your spamd with debugging enabled which
>> will cause it to log config file processing.
>>
>> Add the following to your spamd start up command line arguments:
>> --debug config
>>
>> Then restart and look at the logging output to see which config files
>> it's processing and in which order.
>>
>>
>>
>>
>> On Fri, 27 Sep 2019, Jerry Malcolm wrote:
>>
>>> Hi Bill, Thanks for the quick response.
>>>
>>> I'm using Apache James 3.3.0. I investigated the class that calls
>>> spamd. There is a class SpamAssassinInvoker in the James
>>> distribution that actually calls spamd. Relevant code excerpt from
>>> that class is below. It doesn't appear that any threshold info is
>>> being sent on the call.
>>>
>>> out = socket.getOutputStream();
>>> in = new BufferedReader(new
>>> InputStreamReader(socket.getInputStream()));
>>> out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
>>>
>>> // pass the message to spamd
>>> message.writeTo(out);
>>> out.flush();
>>> socket.shutdownOutput();
>>> String s = null;
>>> while ((s = in.readLine()) != null) {
>>>
>>> On 9/27/2019 3:21 PM, Bill Cole wrote:
>>>> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>>>>
>>>>> I am setting up SA on an AWS Linux EC2. I am trying to change the
>>>>> results threshold from 5.0 to 4.0. I went to
>>>>> /usr/share/spamassassin/local.cf, uncommented and changed:
>>>>> "required_score 4.0". But when I stop and start the service and
>>>>> process an email through it, headers still say 5.0 as the
>>>>> threshold. What am I doing wrong? Is there some other place I
>>>>> need to change it as well?
>>>>
>>>> It is certainly possible. How are you integrating SA with your mail
>>>> system, i.e. what software is getting mail that it uses SA to
>>>> filter? Different mechanisms can end up using software-specific or
>>>> user-specific configurations that override local.cf.
>>>>
>>>>
>>>
>>>
>>
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
Thanks. I'll try all of that. But unfortunately I'm coming into AWS
Linux from a Windows background. I'm having a heck of a time finding
the configuration and log file folders that linux server implementations
seem to like splattering all over the hard drive... :-). Where should I
be looking to find the SA log files?
Thanks again.
Jerry
On 9/27/2019 6:46 PM, David B Funk wrote:
> Jerry,
>
> That looks like a functional implementation of the "spamc" client.
> So that implies your system is using "spamd" daemon for actual
> processing of the spam. (as opposed to something like "amavis" which
> directly incorporates the SA scanning engine)
>
> Did you restart the spamd daemon after you changed that config file?
>
> If you did and the change still isn't working this implies that your
> spamd system is using a different set of config files -or- there's
> another config file which is overriding your customization.
> At startup spamd processes config files in sequence and a setting in a
> later one will override corresponding values set in an earlier one.
>
> Look at your spamd's process list to see if there are any explicit
> config files specified in the command line arguments.
>
> Also you can try starting your spamd with debugging enabled which will
> cause it to log config file processing.
>
> Add the following to your spamd start up command line arguments:
> --debug config
>
> Then restart and look at the logging output to see which config files
> it's processing and in which order.
>
>
>
>
> On Fri, 27 Sep 2019, Jerry Malcolm wrote:
>
>> Hi Bill, Thanks for the quick response.
>>
>> I'm using Apache James 3.3.0. I investigated the class that calls
>> spamd. There is a class SpamAssassinInvoker in the James
>> distribution that actually calls spamd. Relevant code excerpt from
>> that class is below. It doesn't appear that any threshold info is
>> being sent on the call.
>>
>> out = socket.getOutputStream();
>> in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
>> out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
>>
>> // pass the message to spamd
>> message.writeTo(out);
>> out.flush();
>> socket.shutdownOutput();
>> String s = null;
>> while ((s = in.readLine()) != null) {
>>
>> On 9/27/2019 3:21 PM, Bill Cole wrote:
>>> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>>>
>>>> I am setting up SA on an AWS Linux EC2. I am trying to change the
>>>> results threshold from 5.0 to 4.0. I went to
>>>> /usr/share/spamassassin/local.cf, uncommented and changed:
>>>> "required_score 4.0". But when I stop and start the service and
>>>> process an email through it, headers still say 5.0 as the
>>>> threshold. What am I doing wrong? Is there some other place I
>>>> need to change it as well?
>>>
>>> It is certainly possible. How are you integrating SA with your mail
>>> system, i.e. what software is getting mail that it uses SA to
>>> filter? Different mechanisms can end up using software-specific or
>>> user-specific configurations that override local.cf.
>>>
>>>
>>
>>
>
Re: Setting Threshold
Posted by David B Funk <db...@engineering.uiowa.edu>.
Jerry,
That looks like a functional implementation of the "spamc" client.
So that implies your system is using "spamd" daemon for actual processing of the
spam. (as opposed to something like "amavis" which directly incorporates the SA
scanning engine)
Did you restart the spamd daemon after you changed that config file?
If you did and the change still isn't working this implies that your spamd
system is using a different set of config files -or- there's another config file
which is overriding your customization.
At startup spamd processes config files in sequence and a setting in a later one
will override corresponding values set in an earlier one.
Look at your spamd's process list to see if there are any explicit config files
specified in the command line arguments.
Also you can try starting your spamd with debugging enabled which will cause it
to log config file processing.
Add the following to your spamd start up command line arguments:
--debug config
Then restart and look at the logging output to see which config files it's
processing and in which order.
On Fri, 27 Sep 2019, Jerry Malcolm wrote:
> Hi Bill, Thanks for the quick response.
>
> I'm using Apache James 3.3.0. I investigated the class that calls spamd.
> There is a class SpamAssassinInvoker in the James distribution that actually
> calls spamd. Relevant code excerpt from that class is below. It doesn't
> appear that any threshold info is being sent on the call.
>
> out = socket.getOutputStream();
> in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
> out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
>
> // pass the message to spamd
> message.writeTo(out);
> out.flush();
> socket.shutdownOutput();
> String s = null;
> while ((s = in.readLine()) != null) {
>
> On 9/27/2019 3:21 PM, Bill Cole wrote:
>> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>>
>>> I am setting up SA on an AWS Linux EC2. I am trying to change the results
>>> threshold from 5.0 to 4.0. I went to /usr/share/spamassassin/local.cf,
>>> uncommented and changed: "required_score 4.0". But when I stop and start
>>> the service and process an email through it, headers still say 5.0 as the
>>> threshold. What am I doing wrong? Is there some other place I need to
>>> change it as well?
>>
>> It is certainly possible. How are you integrating SA with your mail system,
>> i.e. what software is getting mail that it uses SA to filter? Different
>> mechanisms can end up using software-specific or user-specific
>> configurations that override local.cf.
>>
>>
>
>
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
Hi Bill, Thanks for the quick response.
I'm using Apache James 3.3.0. I investigated the class that calls
spamd. There is a class SpamAssassinInvoker in the James distribution
that actually calls spamd. Relevant code excerpt from that class is
below. It doesn't appear that any threshold info is being sent on the call.
out = socket.getOutputStream();
in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
out.write("CHECK SPAMC/1.2\r\n\r\n".getBytes());
// pass the message to spamd
message.writeTo(out);
out.flush();
socket.shutdownOutput();
String s = null;
while ((s = in.readLine()) != null) {
On 9/27/2019 3:21 PM, Bill Cole wrote:
> On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
>
>> I am setting up SA on an AWS Linux EC2. I am trying to change the
>> results threshold from 5.0 to 4.0. I went to
>> /usr/share/spamassassin/local.cf, uncommented and changed:
>> "required_score 4.0". But when I stop and start the service and
>> process an email through it, headers still say 5.0 as the threshold.
>> What am I doing wrong? Is there some other place I need to change it
>> as well?
>
> It is certainly possible. How are you integrating SA with your mail
> system, i.e. what software is getting mail that it uses SA to filter?
> Different mechanisms can end up using software-specific or
> user-specific configurations that override local.cf.
>
>
Re: Setting Threshold
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 27 Sep 2019, at 15:14, Jerry Malcolm wrote:
> I am setting up SA on an AWS Linux EC2. I am trying to change the
> results threshold from 5.0 to 4.0. I went to
> /usr/share/spamassassin/local.cf, uncommented and changed:
> "required_score 4.0". But when I stop and start the service and
> process an email through it, headers still say 5.0 as the threshold.
> What am I doing wrong? Is there some other place I need to change it
> as well?
It is certainly possible. How are you integrating SA with your mail
system, i.e. what software is getting mail that it uses SA to filter?
Different mechanisms can end up using software-specific or user-specific
configurations that override local.cf.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Re: Migrating from sendmail to Postfix
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 30 Sep 2019, at 21:28, Ramon F Herrera wrote:
> On 9/29/2019 3:10 PM, Bill Cole wrote:
>
>>
>> Beyond translating configuration, there's one important part of
>> Postfix that has no Sendmail equivalent: the postscreen front-line
>> SMTP screener program. Postscreen implements a greeting pause,
>> weighted parallel DNSBL checking, and optionally a few other
>> spambot-detection tactics. Because it is a unique tool, some
>> distributions do not enable it by default. Make sure you have it set
>> up, because it is an extremely effective and lightweight tool.
>>
>
> Bill: Can you please explain that tool?
The "postscreen" component of Postfix handles the initial connection for
each port 25 (SMTP) session. It is very lightweight and handles a short
list of behavioral tests (most importantly a "greeting pause") and DNSBL
checking that is designed to screen out pure spambots. Only potential
non-spambots are handed off to the real Postfix SMTP server. It screens
out most SMTP clients before the initial greeting is fully sent with no
false positives unless you use sloppy DNSBLs or use its most aggressive
options (which require "good" clients to handle 4xx replies properly.)
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Re: Migrating from sendmail to Postfix
Posted by "@lbutlr" <kr...@kreme.com>.
On Sep 30, 2019, at 7:28 PM, Ramon F Herrera <ra...@forcewise.com> wrote:
> On 9/29/2019 3:10 PM, Bill Cole wrote:
>> Beyond translating configuration, there's one important part of Postfix that has no Sendmail equivalent: the postscreen front-line SMTP screener program. Postscreen implements a greeting pause, weighted parallel DNSBL checking, and optionally a few other spambot-detection tactics. Because it is a unique tool, some distributions do not enable it by default. Make sure you have it set up, because it is an extremely effective and lightweight tool.
>
> Bill: Can you please explain that tool?
There’s good documentation.
<http://www.postfix.org/POSTSCREEN_README.html>
--
No, YOU’RE drunk!
Re: Migrating from sendmail to Postfix
Posted by Ramon F Herrera <ra...@forcewise.com>.
On 9/29/2019 3:10 PM, Bill Cole wrote:
>
> Beyond translating configuration, there's one important part of
> Postfix that has no Sendmail equivalent: the postscreen front-line
> SMTP screener program. Postscreen implements a greeting pause,
> weighted parallel DNSBL checking, and optionally a few other
> spambot-detection tactics. Because it is a unique tool, some
> distributions do not enable it by default. Make sure you have it set
> up, because it is an extremely effective and lightweight tool.
>
Bill: Can you please explain that tool?
TIA,
-Ramon
Re: Migrating from sendmail to Postfix
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 29 Sep 2019, at 12:37, Ramon F Herrera wrote:
> I am vaguely familiar with Postfix. I am told that is as capable as
> ole' sendmail, and much easier to manage.
>
> Any suggestions, tips about that upgrade are most welcome.
As someone who has worked with Sendmail from the dawn of v8 and with
Postfix since v2.4, I must confess that on a standalone basis, in
theory, Sendmail has greater flexibility and can, as a matter of
provable computer science, do things Postfix cannot. However, the
overwhelming bulk of the functional space where Sendmail stands alone
would normally be things no one really wants to do or should do. That is
the product and the price of using a NP-complete programming language
for sendmail.cf. As a practical matter, the fact that Postfix has a
robust set of interfaces for external tools (including Milter software)
means that there's no real difference in capabilities. When I have a
choice, I use Postfix.
The first thing to understand about Postfix is that Postfix is not one
program, it is a suite of closely interdependent programs that handle
distinct aspects of the mail acceptance and delivery process. Its
components and configuration parameters are meticulously documented with
man pages and a collection of about a dozen "readme" files. There's no
ultra-compact programming language composed almost entirely of
punctuation that nothing else in the world uses, so your skill of
hand-editing sendmail.cf will not help you with Postfix. There is an
extremely helpful, well-focused, and civil Postfix Users mailing list
where the primary author, the most active contributor to the code, and
the authors of the two comprehensive books on Postfix are active.
In doing the upgrade, you should start by making sure that you have a
solid understanding of what your Sendmail configuration is. For most
people, that is well-defined in a sendmail.mc that they use to build
sendmail.cf, but since you've written about direct sendmail.cf
modification, you may have a bit more work nailing down what exactly
you're doing with Sendmail so that you can find the Postfix analogs.
Beyond translating configuration, there's one important part of Postfix
that has no Sendmail equivalent: the postscreen front-line SMTP screener
program. Postscreen implements a greeting pause, weighted parallel DNSBL
checking, and optionally a few other spambot-detection tactics. Because
it is a unique tool, some distributions do not enable it by default.
Make sure you have it set up, because it is an extremely effective and
lightweight tool.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Migrating from sendmail to Postfix
Posted by "Kevin A. McGrail" <km...@apache.org>.
Might want to look at centos 8. Just came out last week.
On Sun, Sep 29, 2019, 12:39 Ramon F Herrera <ra...@forcewise.com> wrote:
> Hello all,
>
> Thanks for the help provided. I am glad I am to be back in the
> *SpamAssassin* duties.
>
> Being an old timer, my mail server currently run Linux CentOS 6 and
> sendmail.
>
> I can see that writing on the wall, however, and am preparing a CentOS 7
> computer. I do not foresee much pain on the OS side of the upgrades.
>
> I am vaguely familiar with Postfix. I am told that is as capable as ole'
> sendmail, and much easier to manage.
>
> Any suggestions, tips about that upgrade are most welcome.
>
> TIA,
>
> -Ramon F. Herrera
>
>
>
Migrating from sendmail to Postfix
Posted by Ramon F Herrera <ra...@forcewise.com>.
Hello all,
Thanks for the help provided. I am glad I am to be back in the
**SpamAssassin** duties.
Being an old timer, my mail server currently run Linux CentOS 6 and sendmail.
I can see that writing on the wall, however, and am preparing a CentOS 7
computer. I do not foresee much pain on the OS side of the upgrades.
I am vaguely familiar with Postfix. I am told that is as capable as ole'
sendmail, and much easier to manage.
Any suggestions, tips about that upgrade are most welcome.
TIA,
-Ramon F. Herrera
Re: Something much BETTER that Setting Threshold
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 28 Sep 2019, at 14:14, Ramon F Herrera wrote:
> On 9/28/2019 12:18 PM, Bill Cole wrote:
>
>
>> On 28 Sep 2019, at 7:52, Ramon F Herrera wrote:
>> [...]
>>
>>
>>> Thanks to Dominic for his suggestion, but being a newbie I am going
>>> to start with this approach.
>>
>> I happen to be a sendmail old timer as well and will eventually
>> follow the recommendations to migrate to Postfix.
>>
>> Can a kind soul out there provide the instructions to add TLD
>> rejection to sendmail?
>>
>>
>>
>> Use the access DB. TLD blocking is in the example at
>> <https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html#access_db>
>>
>>
>
> Thanks, Bill.
>
>
> Just to be sure, the lines should look as follows:
>
> icu REJECT
> info REJECT
> site REJECT
> stream REJECT
>
> Right?
Right.
>
> BTW: I guess I have to read the access.db documentation closer. At
> this point I am confused. It seems that both the "From:" and "To:"
> headers are inspected. How is the differentiation made?
Not headers, envelope addresses and client hostname/IP. See
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html#access_db_fine
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Something much BETTER that Setting Threshold
Posted by Ramon F Herrera <ra...@forcewise.com>.
On 9/28/2019 12:18 PM, Bill Cole wrote:
> On 28 Sep 2019, at 7:52, Ramon F Herrera wrote:
> [...]
>
>
>> Thanks to Dominic for his suggestion, but being a newbie I am going to
start with this approach.
>
> I happen to be a sendmail old timer as well and will eventually follow the
recommendations to migrate to Postfix.
>
> Can a kind soul out there provide the instructions to add TLD rejection to
sendmail?
>
>
>
> Use the access DB. TLD blocking is in the example at
<https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html#access_db>
>
>
Thanks, Bill.
Just to be sure, the lines should look as follows:
icu REJECT
info REJECT
site REJECT
stream REJECT
Right?
BTW: I guess I have to read the access.db documentation closer. At this point
I am confused. It seems that both the "From:" and "To:" headers are inspected.
How is the differentiation made?
TIA,
-Ramon
Re: Something much BETTER that Setting Threshold
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 28 Sep 2019, at 7:52, Ramon F Herrera wrote:
[...]
> Thanks to Dominic for his suggestion, but being a newbie I am going to
> start with this approach.
>
> I happen to be a sendmail old timer as well and will eventually follow
> the recommendations to migrate to Postfix.
>
> Can a kind soul out there provide the instructions to add TLD
> rejection to sendmail?
Use the access DB. TLD blocking is in the example at
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html#access_db
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Something much BETTER that Setting Threshold
Posted by Ramon F Herrera <ra...@forcewise.com>.
On 9/28/2019 1:53 AM, LuKreme wrote:
> On Sep 27, 2019, at 23:11, Ramon F Herrera
[<ra...@forcewise.com>](mailto:ramon@forcewise.com) wrote:
>
>> What I need is simply to remove all traffic coming from the domains: icu,
info, etc. That simple step would go _a long way_ to solving my SPAM problem.
>
>
>
>
> I do this in postfix helo checks. I reject most tlds before I even get to
the data phase of the smtp transaction.
>
>
>
>
Thanks to Dominic for his suggestion, but being a newbie I am going to start
with this approach.
I happen to be a sendmail old timer as well and will eventually follow the
recommendations to migrate to Postfix.
Can a kind soul out there provide the instructions to add TLD rejection to
sendmail?
TIA,
-Ramon
`
`
`ps: These are the ones that will be targeted:`
bid
date
icu
info
press
pw
site
stream
top
trade
xyz
Re: Something much BETTER that Setting Threshold
Posted by LuKreme <kr...@kreme.com>.
On Sep 27, 2019, at 23:11, Ramon F Herrera <ra...@forcewise.com> wrote:
> What I need is simply to remove all traffic coming from the domains: icu, info, etc. That simple step would go a long way to solving my SPAM problem.
I do this in postfix helo checks. I reject most tlds before I even get to the data phase of the smtp transaction.
Sent from my iPhone
Re: Something much BETTER that Setting Threshold
Posted by Dominic Raferd <do...@timedicer.co.uk>.
On Sat, 28 Sep 2019 at 06:11, Ramon F Herrera <ra...@forcewise.com> wrote:
> I was going to start a new thread about the following, but this is a good point to interject.
> What I need is simply to remove all traffic coming from the domains: icu, info, etc. That simple step would go a long way to solving my SPAM problem.
Instead I suggest you use (and periodically update) Kevin's KAM.cf and
nonKAMrules.cf from http://www.mcgrail.com/downloads/
Re: Something much BETTER that Setting Threshold
Posted by Ramon F Herrera <ra...@forcewise.com>.
On 9/27/2019 11:40 PM, LuKreme wrote:
>
> On Sep 27, 2019, at 13:14, Jerry Malcolm
[<te...@malcolms.com>](mailto:techstuff@malcolms.com) wrote:
>
>
>>
>> I am trying to change the results threshold from 5.0 to 4.0.
>>
>
>
> Do you have a really good reason that you have researched and really
examined for doing this based on years of experience with SpamAssassin? If so,
great.
>
> But otherwise, in nearly all cases, this is a bad idea born out of a
misunderstanding of how SA works.
>
> Hint: for most servers and most users, lowering the threshold will
simply mark legitimate mail as spam, annoying everyone. It is not a panacea to
tag “mo’ spam”.
>
I was going to start a new thread about the following, but this is a good
point to interject.
What I need is simply to remove all traffic coming from the domains: icu,
info, etc. That simple step would go _a long way_ to solving my SPAM problem.
-Ramon
Re: Setting Threshold
Posted by Jerry Malcolm <te...@malcolms.com>.
I've been using SA on a Windows machine (SpamAssassin In A Box) for
about 10 years. I wouldn't call it 'research'. It's simply
administrator and user observation. With the threshold at 5.0 I'm
getting tons of spam unflagged. I was at 4.0 for years on my old
server, and didn't have much of anything misflagged as spam. RIght now
I'm being inundated with uncaught spam. Perhaps there's something else
wrong that's causing the scores for spam to come in so low. If so, I'm
more than happy to address that. But I'm using SA right out of the zip
file, and this is what I'm getting. I have no clue how to make spam
scores on obvious spam increase to put them over the 5.0 threshold.
So I have two choices: a) fix my scoring issue and get the scores of
actual spam a lot higher than they currently are, or b) figure out some
way to change the threshold on this new installation back to what I had
on my old server. Either solution is fine with me. But the option of
having half of the mail dumped into my clients' inboxes be unflagged,
obvious spam is not making any of my clients happy.
Suggestions welcome.
Thx
Jerry
On 9/27/2019 11:40 PM, LuKreme wrote:
> On Sep 27, 2019, at 13:14, Jerry Malcolm <te...@malcolms.com> wrote:
>> I am trying to change the results threshold from 5.0 to 4.0.
> Do you have a really good reason that you have researched and really examined for doing this based on years of experience with SpamAssassin? If so, great.
>
> But otherwise, in nearly all cases, this is a bad idea born out of a misunderstanding of how SA works.
>
> Hint: for most servers and most users, lowering the threshold will simply mark legitimate mail as spam, annoying everyone. It is not a panacea to tag “mo’ spam”.
>
Re: Setting Threshold
Posted by LuKreme <kr...@kreme.com>.
On Sep 27, 2019, at 13:14, Jerry Malcolm <te...@malcolms.com> wrote:
> I am trying to change the results threshold from 5.0 to 4.0.
Do you have a really good reason that you have researched and really examined for doing this based on years of experience with SpamAssassin? If so, great.
But otherwise, in nearly all cases, this is a bad idea born out of a misunderstanding of how SA works.
Hint: for most servers and most users, lowering the threshold will simply mark legitimate mail as spam, annoying everyone. It is not a panacea to tag “mo’ spam”.
--
My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.