How can I see all rules applied? - SpamAssassin

This is a discussion on How can I see all rules applied? - SpamAssassin ; Hi all, I now have SA installed at the live machine and it seems to be running ok, at least no bigger issues besides an error loadeding RSA.pm, which I have no idea what it is for? Anyway, it still ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: How can I see all rules applied?

  1. How can I see all rules applied?


    Hi all,

    I now have SA installed at the live machine and it seems to be running ok,
    at least no bigger issues besides an error loadeding RSA.pm, which I have no
    idea what it is for?

    Anyway, it still let's a load of spam through. For testing, I took one of
    those spams out of an inbox and applied spamassassin -D.

    Result: The live-machine did not recognize it as spam, while the
    test-machine did! So my question:

    spamassassin -D only gives me the rules which hit, but omits those which
    fail. Is there a way to further debug?

    Machines have different OS (Linux and OpenBSD) and I am not sure if I can
    just copy over (which I'd love to do)

    What puzzles me:

    [9045] dbg: learn: auto-learn: currently using scoreset 1
    [9045] dbg: learn: auto-learn: message score: -0.001, computed score for
    autolearn: 0.001
    [9045] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001,
    head-points=0.001, learned-points=0
    [9045] dbg: learn: auto-learn? yes, ham (0.001 < 0.1)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    [9045] dbg: learn: initializing learner
    [9045] dbg: learn: learning ham
    [9045] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x9628d2 c)
    implements 'check_wb_list', priority 0
    [9045] dbg: eval: all '*From' addrs: ayomideacton@tvwerk.de
    [9045] dbg: eval: all '*To' addrs: dispo@tvwerk.de
    [9045] dbg: locker: safe_lock: created
    /root/.spamassassin/bayes.lock.proxy1.tvwerk.de.9045
    [9045] dbg: locker: safe_lock: trying to get lock on
    /root/.spamassassin/bayes with 0 retries
    [9045] dbg: locker: safe_lock: link to /root/.spamassassin/bayes.lock: link
    ok
    [9045] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_toks
    [9045] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_seen
    [9045] dbg: bayes: found bayes db version 3
    [9045] dbg: bayes: learned
    '4c3e24e3b7802949631917599dac3b22044927b9@sa_gener ated', atime: 1220534086
    [9045] dbg: bayes: untie-ing
    [9045] dbg: bayes: files locked, now unlocking lock
    [9045] dbg: locker: safe_unlock: unlink /root/.spamassassin/bayes.lock
    [9045] dbg: learn: initializing learner
    [9045] dbg: check: is spam? score=-0.001 required=5
    [9045] dbg: check: tests=HTML_MESSAGE,NO_RECEIVED,NO_RELAYS
    [9045] dbg: check:
    subtests=__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPA RT_ALT,__DOS_HAS_ANY_URI,__EXCLAIM_SUBJ,__FH_HAS_X MSMAIL,__FH_HAS_XPRIORITY,__FRAUD_DBI,__HAS_ANY_UR I,__HAS_MIMEOLE,__HAS_MSGID,__HAS_MSMAIL_PRI,__HAS _SUBJECT,__HAS_X_MAILER,__HTML_LENGTH_0000_1024,__ JM_REACTOR_XMOLE,__MIMEOLE_MS,__MIME_HTML,__MIME_Q P,__MIME_VERSION,__MISSING_REF,__MSGID_DOLLARS_MAY BE,__MSGID_DOLLARS_OK,__MSGID_OK_HEX,__MSGID_OK_HO ST,__MSGID_RANDY,__NONEMPTY_BODY,__OE_MSGID_2,__SA NE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG _EXISTS_HTML,__TOCC_EXISTS,__TVD_BODY,__TVD_MIME_A TT_TP,__UNUSABLE_MSGID,__XM_MS_IN_GENERAL
    X-Spam-ASN:
    X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on proxy1.tvwerk.de
    X-Spam-Level:
    X-Spam-Status: No, score=-0.0 required=5.0 tests=HTML_MESSAGE,NO_RECEIVED,
    NO_RELAYS shortcircuit=no autolearn=ham version=3.2.5
    From: "Ayomide Acton"
    To:
    Subject: The best offer!




    Does that mean, it is considered ham?

    Patrick
    --
    View this message in context: http://www.nabble.com/How-can-I-see-...p19312076.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  2. Re: How can I see all rules applied?

    patrickbaer wrote:
    > Hi all,
    >
    > I now have SA installed at the live machine and it seems to be running ok,
    > at least no bigger issues besides an error loadeding RSA.pm, which I have no
    > idea what it is for?
    >
    > Anyway, it still let's a load of spam through. For testing, I took one of
    > those spams out of an inbox and applied spamassassin -D.
    >
    > Result: The live-machine did not recognize it as spam, while the
    > test-machine did! So my question:
    >
    > spamassassin -D only gives me the rules which hit, but omits those which
    > fail. Is there a way to further debug?
    >
    > Machines have different OS (Linux and OpenBSD) and I am not sure if I can
    > just copy over (which I'd love to do)
    >
    > What puzzles me:
    >
    > [9045] dbg: learn: auto-learn: currently using scoreset 1
    > [9045] dbg: learn: auto-learn: message score: -0.001, computed score for
    > autolearn: 0.001
    > [9045] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001,
    > head-points=0.001, learned-points=0
    > [9045] dbg: learn: auto-learn? yes, ham (0.001 < 0.1)
    > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    >
    > [9045] dbg: learn: initializing learner
    > [9045] dbg: learn: learning ham
    > [9045] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x9628d2 c)
    > implements 'check_wb_list', priority 0
    > [9045] dbg: eval: all '*From' addrs: ayomideacton@tvwerk.de
    > [9045] dbg: eval: all '*To' addrs: dispo@tvwerk.de
    > [9045] dbg: locker: safe_lock: created
    > /root/.spamassassin/bayes.lock.proxy1.tvwerk.de.9045
    > [9045] dbg: locker: safe_lock: trying to get lock on
    > /root/.spamassassin/bayes with 0 retries
    > [9045] dbg: locker: safe_lock: link to /root/.spamassassin/bayes.lock: link
    > ok
    > [9045] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_toks
    > [9045] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_seen
    > [9045] dbg: bayes: found bayes db version 3
    > [9045] dbg: bayes: learned
    > '4c3e24e3b7802949631917599dac3b22044927b9@sa_gener ated', atime: 1220534086
    > [9045] dbg: bayes: untie-ing
    > [9045] dbg: bayes: files locked, now unlocking lock
    > [9045] dbg: locker: safe_unlock: unlink /root/.spamassassin/bayes.lock
    > [9045] dbg: learn: initializing learner
    > [9045] dbg: check: is spam? score=-0.001 required=5
    > [9045] dbg: check: tests=HTML_MESSAGE,NO_RECEIVED,NO_RELAYS
    > [9045] dbg: check:
    > subtests=__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPA RT_ALT,__DOS_HAS_ANY_URI,__EXCLAIM_SUBJ,__FH_HAS_X MSMAIL,__FH_HAS_XPRIORITY,__FRAUD_DBI,__HAS_ANY_UR I,__HAS_MIMEOLE,__HAS_MSGID,__HAS_MSMAIL_PRI,__HAS _SUBJECT,__HAS_X_MAILER,__HTML_LENGTH_0000_1024,__ JM_REACTOR_XMOLE,__MIMEOLE_MS,__MIME_HTML,__MIME_Q P,__MIME_VERSION,__MISSING_REF,__MSGID_DOLLARS_MAY BE,__MSGID_DOLLARS_OK,__MSGID_OK_HEX,__MSGID_OK_HO ST,__MSGID_RANDY,__NONEMPTY_BODY,__OE_MSGID_2,__SA NE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG _EXISTS_HTML,__TOCC_EXISTS,__TVD_BODY,__TVD_MIME_A TT_TP,__UNUSABLE_MSGID,__XM_MS_IN_GENERAL
    > X-Spam-ASN:
    > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on proxy1.tvwerk.de
    > X-Spam-Level:
    > X-Spam-Status: No, score=-0.0 required=5.0 tests=HTML_MESSAGE,NO_RECEIVED,
    > NO_RELAYS shortcircuit=no autolearn=ham version=3.2.5
    > From: "Ayomide Acton"
    > To:
    > Subject: The best offer!
    >
    >
    >
    >
    > Does that mean, it is considered ham?
    >


    the question is why is it a NO_RECEIVED, NO_RELAYS mail? how do you pass
    the message to SA? can you show the message?


  3. Re: Results from test machine, was: Re: How can I see all rules applied?

    patrickbaer wrote:

    > And this is the output from the very same command, ran on the test box:


    The command might be the same, but the message was not. There are
    important differences in the headers (see below).

    Only one of the messages had any "Received:" headers, wich can
    make a big difference for the score. In this case the rules
    RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_XBL RBL and RCVD_IN_PBL RBL hit
    the message with complete headers wich is a score difference of 5.6.

    Another difference between the scores is that one of the messages
    hit more URIBL rules than the other. This couls simply be because
    some time has passed between your two tests, but it could also be
    due to DNS problems.


    The headers for the first message was:
    ---8<---
    From: "Ayomide Acton"
    To:
    Subject: The best offer!
    Date: Thu, 4 Sep 2008 08:14:46 -0500
    Message-ID: <001501c90e90$3329d9b0$4d80adbe@abenalaptop>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0012_01C90E66.4AEF7570"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Office Outlook 11
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
    Status:
    ---8<---

    The headers for the message on the test box was:
    ---8<---
    Return-Path:
    Received: from medusa.tvwerk.de ([unix socket])
    by medusa2 (Cyrus v2.2.13-Debian-2.2.13-10.cb1.1) with LMTPA;
    Thu, 04 Sep 2008 15:15:10 +0200
    X-Sieve: CMU Sieve 2.2
    Received: from proxy.tvwerk.de (proxy1 [10.10.10.2])
    by medusa.tvwerk.de (Postfix) with ESMTP id 2AAD81BD7F22
    for ; Thu, 4 Sep 2008 15:15:10 +0200 (CEST)
    Received: from localhost (localhost [127.0.0.1])
    by proxy.tvwerk.de (Postfix) with ESMTP id 208B43040D6
    for ; Thu, 4 Sep 2008 15:15:10 +0200 (CEST)
    X-Virus-Scanned: amavisd-new at tvwerk.de
    X-Spam-Flag: NO
    X-Spam-Score: 1.491
    X-Spam-Level: *
    X-Spam-Status: No, score=1.491 tagged_above=0 required=5
    tests=[BAYES_05=-1.11, HTML_MESSAGE=0.001,
    RAZOR2_CF_RANGE_51_100=0.5,RAZOR2_CF_RANGE_E8_51_1 00=1.5,
    RAZOR2_CHECK=0.5, RDNS_NONE=0.1]
    Received: from proxy.tvwerk.de ([127.0.0.1])
    by localhost (proxy1.tvwerk.de [127.0.0.1])
    (amavisd-new, port 10024)
    with ESMTP id 4N+6qeb1DG4o for ;
    Thu, 4 Sep 2008 15:14:54 +0200 (CEST)
    Received: from abenalaptop (unknown [190.173.128.77])
    by proxy.tvwerk.de (Postfix) with ESMTP id 7E8E03040CB
    for ; Thu, 4 Sep 2008 15:14:50 +0200 (CEST)
    From: "Ayomide Acton"
    To:
    Subject: The best offer!
    Date: Thu, 4 Sep 2008 08:14:46 -0500
    Message-ID: <001501c90e90$3329d9b0$4d80adbe@abenalaptop>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0012_01C90E66.4AEF7570"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Office Outlook 11
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
    Status:
    ---8<---

    Regards
    /Jonas
    --
    Jonas Eckerman, FSDB & Fruktträdet
    http://whatever.frukt.org/
    http://www.fsdb.org/
    http://www.frukt.org/


  4. Re: How can I see all rules applied?


    I have now came down to a problem with the auto whitelist:

    See the test machine:

    [4998] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    /root/.spamassassin/auto-whitelist
    [4998] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    scores 5/61.821
    [4998] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn score:
    2.602, mean: 12.3642, IP: 190.173.128.77
    [4998] dbg: auto-whitelist: add_score: new count: 6, new totscore: 64.423
    [4998] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    [4998] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    [4998] dbg: locker: safe_unlock: unlink
    /root/.spamassassin/auto-whitelist.lock
    [4998] dbg: auto-whitelist: post auto-whitelist score: 7.4831

    Compared to the live-system:

    [18824] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    /root/.spamassassin/auto-whi
    telist
    [18824] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    scores 6/13.112
    [18824] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn score:
    2.602, mean: 2.18533333
    333333, IP: 190.173.128.77
    [18824] dbg: auto-whitelist: add_score: new count: 7, new totscore: 15.714
    [18824] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    [18824] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    [18824] dbg: locker: safe_unlock: unlink
    /root/.spamassassin/auto-whitelist.lock
    [18824] dbg: auto-whitelist: post auto-whitelist score: 2.39366666666667

    --
    View this message in context: http://www.nabble.com/How-can-I-see-...p19329022.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  5. Re: How can I see all rules applied?

    Hi,

    I am not sure what you think the problem is. If you are refering to the
    different scores then that is to be expected as the two systems are
    using different auto-whitelist databases and will probably have
    different data in them.

    patrickbaer wrote:
    > I have now came down to a problem with the auto whitelist:
    >
    > See the test machine:
    >
    > [4998] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    > /root/.spamassassin/auto-whitelist
    > [4998] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    > scores 5/61.821
    > [4998] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn score:
    > 2.602, mean: 12.3642, IP: 190.173.128.77
    > [4998] dbg: auto-whitelist: add_score: new count: 6, new totscore: 64.423
    > [4998] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    > [4998] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    > [4998] dbg: locker: safe_unlock: unlink
    > /root/.spamassassin/auto-whitelist.lock
    > [4998] dbg: auto-whitelist: post auto-whitelist score: 7.4831
    >
    > Compared to the live-system:
    >
    > [18824] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    > /root/.spamassassin/auto-whi
    > telist
    > [18824] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    > scores 6/13.112
    > [18824] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn score:
    > 2.602, mean: 2.18533333
    > 333333, IP: 190.173.128.77
    > [18824] dbg: auto-whitelist: add_score: new count: 7, new totscore: 15.714
    > [18824] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    > [18824] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    > [18824] dbg: locker: safe_unlock: unlink
    > /root/.spamassassin/auto-whitelist.lock
    > [18824] dbg: auto-whitelist: post auto-whitelist score: 2.39366666666667
    >



    --
    Anthony Pea****
    CHIME, Royal Free & University College Medical School
    WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
    Study Health Informatics - Modular Postgraduate Degree
    http://www.chime.ucl.ac.uk/study-health-informatics/


  6. Re: How can I see all rules applied?


    Hi Anthony,

    I agree. But how can I delete this auto-whitelist? I found two of them in
    /root/.spamassassin/auto-whitelist and
    /var/amavis/.spamassassin/auto-whitelist.

    I even disabled it in /etc/mail/spamassassin/v310.pre

    No avail.


    Anthony Pea**** wrote:
    >
    > Hi,
    >
    > I am not sure what you think the problem is. If you are refering to the
    > different scores then that is to be expected as the two systems are
    > using different auto-whitelist databases and will probably have
    > different data in them.
    >
    > patrickbaer wrote:
    >> I have now came down to a problem with the auto whitelist:
    >>
    >> See the test machine:
    >>
    >> [4998] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    >> /root/.spamassassin/auto-whitelist
    >> [4998] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    >> scores 5/61.821
    >> [4998] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn
    >> score:
    >> 2.602, mean: 12.3642, IP: 190.173.128.77
    >> [4998] dbg: auto-whitelist: add_score: new count: 6, new totscore: 64.423
    >> [4998] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    >> [4998] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    >> [4998] dbg: locker: safe_unlock: unlink
    >> /root/.spamassassin/auto-whitelist.lock
    >> [4998] dbg: auto-whitelist: post auto-whitelist score: 7.4831
    >>
    >> Compared to the live-system:
    >>
    >> [18824] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    >> /root/.spamassassin/auto-whi
    >> telist
    >> [18824] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    >> scores 6/13.112
    >> [18824] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn
    >> score:
    >> 2.602, mean: 2.18533333
    >> 333333, IP: 190.173.128.77
    >> [18824] dbg: auto-whitelist: add_score: new count: 7, new totscore:
    >> 15.714
    >> [18824] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    >> [18824] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    >> [18824] dbg: locker: safe_unlock: unlink
    >> /root/.spamassassin/auto-whitelist.lock
    >> [18824] dbg: auto-whitelist: post auto-whitelist score: 2.39366666666667
    >>

    >
    >
    > --
    > Anthony Pea****
    > CHIME, Royal Free & University College Medical School
    > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
    > Study Health Informatics - Modular Postgraduate Degree
    > http://www.chime.ucl.ac.uk/study-health-informatics/
    >
    >


    --
    View this message in context: http://www.nabble.com/How-can-I-see-...p19329287.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  7. Re: How can I see all rules applied?

    Hi,

    Do you want to disable the AWL or just delete the entries?

    http://spamassassin.apache.org/full/...lugin_AWL.html

    To disable the autowhitelist completely put the following line in your
    local.cf file (usually in /etc/mail/spamassassin)

    use_auto_whitelist 0

    Then restart spamd or whatever system you have to call spamassassin.

    To delete indivual entries you can use the following command:

    spamassassin --remove-addr-from-whitelist ayomideacton@tvwerk.de

    http://spamassassin.apache.org/full/...assin-run.html

    patrickbaer wrote:
    > Hi Anthony,
    >
    > I agree. But how can I delete this auto-whitelist? I found two of them in
    > /root/.spamassassin/auto-whitelist and
    > /var/amavis/.spamassassin/auto-whitelist.
    >
    > I even disabled it in /etc/mail/spamassassin/v310.pre
    >
    > No avail.
    >
    >
    > Anthony Pea**** wrote:
    >> Hi,
    >>
    >> I am not sure what you think the problem is. If you are refering to the
    >> different scores then that is to be expected as the two systems are
    >> using different auto-whitelist databases and will probably have
    >> different data in them.
    >>
    >> patrickbaer wrote:
    >>> I have now came down to a problem with the auto whitelist:
    >>>
    >>> See the test machine:
    >>>
    >>> [4998] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    >>> /root/.spamassassin/auto-whitelist
    >>> [4998] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    >>> scores 5/61.821
    >>> [4998] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn
    >>> score:
    >>> 2.602, mean: 12.3642, IP: 190.173.128.77
    >>> [4998] dbg: auto-whitelist: add_score: new count: 6, new totscore: 64.423
    >>> [4998] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    >>> [4998] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    >>> [4998] dbg: locker: safe_unlock: unlink
    >>> /root/.spamassassin/auto-whitelist.lock
    >>> [4998] dbg: auto-whitelist: post auto-whitelist score: 7.4831
    >>>
    >>> Compared to the live-system:
    >>>
    >>> [18824] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
    >>> /root/.spamassassin/auto-whi
    >>> telist
    >>> [18824] dbg: auto-whitelist: db-based ayomideacton@tvwerk.de|ip=190.173
    >>> scores 6/13.112
    >>> [18824] dbg: auto-whitelist: AWL active, pre-score: 2.602, autolearn
    >>> score:
    >>> 2.602, mean: 2.18533333
    >>> 333333, IP: 190.173.128.77
    >>> [18824] dbg: auto-whitelist: add_score: new count: 7, new totscore:
    >>> 15.714
    >>> [18824] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
    >>> [18824] dbg: auto-whitelist: DB addr list: file locked, breaking lock
    >>> [18824] dbg: locker: safe_unlock: unlink
    >>> /root/.spamassassin/auto-whitelist.lock
    >>> [18824] dbg: auto-whitelist: post auto-whitelist score: 2.39366666666667
    >>>

    >>
    >> --
    >> Anthony Pea****
    >> CHIME, Royal Free & University College Medical School
    >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
    >> Study Health Informatics - Modular Postgraduate Degree
    >> http://www.chime.ucl.ac.uk/study-health-informatics/
    >>
    >>

    >



    --
    Anthony Pea****
    CHIME, Royal Free & University College Medical School
    WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
    Study Health Informatics - Modular Postgraduate Degree
    http://www.chime.ucl.ac.uk/study-health-informatics/


  8. Re: How can I see all rules applied?


    Dear Lord, I am going nuts! I promised my colleagues a new filter three days
    ago. Now they are drowning in spam and I have no idea about what's going on!

    I have this test-machine with a fresh installation of postfix, spamassassin
    and amavisd and it works like a charme. I have a catch rate of no less than
    99.6% on this machine and not a single false negative!

    Now on the crappy live box, absolutely NOTHING works as it should. I just
    tried, in my despair, to apply a custom rule, but no way it will accept
    them! Added it to local.cf, no work. Added a new file to
    /var/lib/spamassassin.../20_test.cf, no work. Spamassassin parses the rule,
    yes, but it doesn't apply the score!

    Pleeeeeeeeease, what the hell is going on there and how can I find out how
    to solve it? I have no idea where to go from here any more...

    --
    View this message in context: http://www.nabble.com/How-can-I-see-...p19331058.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  9. Re: How can I see all rules applied?

    On Fri, 2008-09-05 at 06:18 -0700, patrickbaer wrote:

    > Now on the crappy live box, absolutely NOTHING works as it should. I just
    > tried, in my despair, to apply a custom rule, but no way it will accept
    > them! Added it to local.cf, no work. Added a new file to
    > /var/lib/spamassassin.../20_test.cf, no work. Spamassassin parses the rule,
    > yes, but it doesn't apply the score!


    Did you run sa-compile? then you will need to run sa-compile each time
    you change a body rule.

    Are you re-starting amavisd when you make the changes? Amavisd-new
    daemonizes the spamassassin libraries. Only when it is restarted will
    it load any new rules.

    And finally, have you checked that the amavisd user is able to read the
    files you are modifying?


    --
    Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
    Austin Energy
    http://www.austinenergy.com


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iEYEABECAAYFAkjBNSUACgkQGvhCU13z7IjHqwCfV8p32IOsWd Yaz5krtRzxWTm8
    xTkAmwR2AjPpziEWu7hS5LhvDwtLBQ+f
    =0G0J
    -----END PGP SIGNATURE-----


  10. Re: How can I see all rules applied?

    Hi,

    The obvious answer is to look at what is different between the two boxes.

    You then need to work out which bit of the email pathway is not working.
    It might be that spamassassin is working like a charm, but some other
    part of the chain is not doing its job.

    You should understand that spamassassin only scans and scores a message,
    it does not do anything about removing, archiving etc. In your case
    that should be done by amavisd.

    If it is a problem with amavisd or postfix you will be better served
    asking in mailing lists related to those pieces of software.

    But to test spamassassin, run the following command from a command line:

    spamassassin --lint --debug

    and look for errors.

    Then, get an example email with full headers in a text file and feed it
    in to spamassassin manually, like:

    spamassassin --test < test-email.eml

    If you get any errors from either of these people here will probably be
    able to help you out.

    patrickbaer wrote:
    > Dear Lord, I am going nuts! I promised my colleagues a new filter three days
    > ago. Now they are drowning in spam and I have no idea about what's going on!
    >
    > I have this test-machine with a fresh installation of postfix, spamassassin
    > and amavisd and it works like a charme. I have a catch rate of no less than
    > 99.6% on this machine and not a single false negative!
    >
    > Now on the crappy live box, absolutely NOTHING works as it should. I just
    > tried, in my despair, to apply a custom rule, but no way it will accept
    > them! Added it to local.cf, no work. Added a new file to
    > /var/lib/spamassassin.../20_test.cf, no work. Spamassassin parses the rule,
    > yes, but it doesn't apply the score!
    >
    > Pleeeeeeeeease, what the hell is going on there and how can I find out how
    > to solve it? I have no idea where to go from here any more...
    >



    --
    Anthony Pea****
    CHIME, Royal Free & University College Medical School
    WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
    Study Health Informatics - Modular Postgraduate Degree
    http://www.chime.ucl.ac.uk/study-health-informatics/


  11. Re: How can I see all rules applied?




    McDonald, Dan wrote:
    >
    > On Fri, 2008-09-05 at 06:18 -0700, patrickbaer wrote:
    >
    >> Now on the crappy live box, absolutely NOTHING works as it should. I just
    >> tried, in my despair, to apply a custom rule, but no way it will accept
    >> them! Added it to local.cf, no work. Added a new file to
    >> /var/lib/spamassassin.../20_test.cf, no work. Spamassassin parses the
    >> rule,
    >> yes, but it doesn't apply the score!

    >
    >>Did you run sa-compile? then you will need to run sa-compile each time
    >>you change a body rule.

    >
    > I just tried, just to make sure. But it failed with an error with e2c (?)
    >
    >
    >>Are you re-starting amavisd when you make the changes? Amavisd-new
    >>daemonizes the spamassassin libraries. Only when it is restarted will
    >>it load any new rules.

    >
    > Yes, but it also fails when I sent the email from the command line (see
    > above)
    >
    >
    > And finally, have you checked that the amavisd user is able to read the
    > files you are modifying?
    >
    > Of course
    >
    > As I am now pi.... for various reasons, I'll put my desktop machine (the
    > testbox) in the DMZ and enable it in the other mailserver, then report
    > back.
    >
    > I'll just add it to the current config: localhost:25 => localhost:10024 =>
    > external:10024 => localhost:10025
    >
    >
    > --
    > Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
    > Austin Energy
    > http://www.austinenergy.com
    >
    >
    >
    >


    --
    View this message in context: http://www.nabble.com/How-can-I-see-...p19331798.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  12. Re: How can I see all rules applied?

    patrickbaer wrote:
    > Dear Lord, I am going nuts! I promised my colleagues a new filter three days
    > ago. Now they are drowning in spam and I have no idea about what's going on!
    >
    > I have this test-machine with a fresh installation of postfix, spamassassin
    > and amavisd and it works like a charme. I have a catch rate of no less than
    > 99.6% on this machine and not a single false negative!
    >
    > Now on the crappy live box, absolutely NOTHING works as it should. I just
    > tried, in my despair, to apply a custom rule, but no way it will accept
    > them! Added it to local.cf, no work. Added a new file to
    > /var/lib/spamassassin.../20_test.cf, no work. Spamassassin parses the rule,
    > yes, but it doesn't apply the score!
    >
    > Pleeeeeeeeease, what the hell is going on there and how can I find out how
    > to solve it? I have no idea where to go from here any more...
    >


    the first thing is to clam down. then try to explain in a way that _we_
    understand what problem you have. saying "nothing works" is meaningless.

    if a spam message is missed, then save it to a file. Please save an
    unalatered message (if your mailer or an internal exchange modifies the
    message, it is useless). then post a copy somewhere so that we can test
    it on our systems (try pastebin, or use your own web server). also run
    'spamassassin -t < message.file' on both servers (please use the same
    message file) and see the results. once again, use an unmodified message
    (it's ok if few headers are added by amavisd-new or your MTA/MDA after
    filtering).

    if AWL is causing you problems, disable it and _restart_ amavisd-new.

    when you train SA, make sure you train it as the same user that
    amavisd-new uses. if using mysql for Bayes, force a single user:
    bayes_sql_override_username spamassassin
    (do this in your local.cf).

    when you modify a rule, a .cf or a .pre file, you need to reload
    amavisd-new. if you use sa-compile, run it before reloading amavisd-new
    or testing.


  13. Re: Results from test machine, was: Re: How can I see all rulesapplied?


    I removed the [#####]s from the beginning of the live and the test debugs and
    opened them in KDiff3 and it becomes really apparent around like 57 in on
    file and 108 in the other that they aren't both running the same tests. One
    appears to only be running 10_default_prefs.cf.

    --
    View this message in context: http://www.nabble.com/How-can-I-see-...p19377389.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


+ Reply to Thread