Menu
▾
▴
pyzor-users
|
From: Tom <mai...@ii...> - 2009-06-25 07:47:36
|
Hi, I have setup an postfix + amavis + spamassassin + pyzor all from the debian lenny packages [1]. Everything works fine. But I discovered that the sample spam [2] send through the whole system is not scored with pyzor (but is with razor). Pyzor returns an exit code of 1. [..] /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: razor2: results: spam? 1 /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: razor2: results: engine 8, highest cf score: 0 /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: razor2: results: engine 4, highest cf score: 100 /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: rules: ran eval rule RAZOR2_CHECK ======> got hit (1) /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: rules: ran eval rule RAZOR2_CF_RANGE_E4_51_100 ======> got hit (1) /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: rules: ran eval rule RAZOR2_CF_RANGE_51_100 ======> got hit (1) /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: pyzor: pyzor is available: /usr/bin/pyzor /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: info: entering helper-app run mode /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: pyzor: opening pipe: /usr/bin/pyzor check < /var/lib/amavis/tmp/.spamassassin21828A1Yhoatmp /usr/sbin/amavisd-new[21838]: (21828-01) SA dbg: util: setuid: ruid=108 euid=108 /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: pyzor: [21838] finished: exit=0x0100 /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 0 0 /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: info: leaving helper-app run mode /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: async: select found 1 responses ready (t.o.=0.0) [..] Indeed : # pyzor check < /tmp/gtube.txt public.pyzor.org:24441 (200, 'OK') 151 0 # echo $? 0 and # pyzor check /tmp/.spamassassin21828A1Yhoatmp public.pyzor.org:24441 (200, 'OK') 0 0 # echo $? 1 So what's the differences ? The _headers_ added by postfix/amavis [3]. So is it normal or a well known error in my configuration or worst a bug ? Can someone put my on the right way how to fix that. Cheers, Thomas -- [1] List of packages installed on a Debian 5.0.1 (stable/lenny) ii pyzor 1:0.4.0+cvs20030201-8 spam-catcher using a collaborative filtering network ii amavisd-new 1:2.6.1.dfsg-1 Interface between MTA and virus scanner/content filters ii spamassassin 3.2.5-2 Perl-based spam filter using text analysis [2] : http://spamassassin.apache.org/gtube/gtube.txt [3] : diff /tmp/gtube.txt /tmp/.spamassassin21828A1Yhoatmp 0a1,12 > Return-Path: <ro...@bl...> > X-Envelope-To: <to...@fo...>, > <to...@an...> > X-Amavis-PolicyBank: > Received: by mailhub.anotherfoo.com (Postfix, from userid 0) > id AF9E43D52F; Thu, 25 Jun 2009 08:53:54 +0200 (CEST) > To: to...@an... > Subject: hop > Message-Id: <200...@ma...> > Date: Thu, 25 Jun 2009 08:53:54 +0200 (CEST) > From: ro...@bl... (root) > |
|
From: Tony M. <to...@sp...> - 2009-06-26 01:09:57
|
> I have setup an postfix + amavis + spamassassin + pyzor all from the > debian lenny packages [1]. Everything works fine. But I discovered that > the sample spam [2] send through the whole system is not scored with > pyzor (but is with razor). Pyzor returns an exit code of 1. The SA debugging output you included show that Pyzor was checked: > /usr/sbin/amavisd-new[21828]: (21828-01) SA dbg: pyzor: got response: > public.pyzor.org:24441 (200, 'OK') 0 0 This shows that Pyzor was checked, and that the response was 0 hits and 0 whitelist counts. > Indeed : > # pyzor check < /tmp/gtube.txt > public.pyzor.org:24441 (200, 'OK') 151 0 > # echo $? > 0 > and > # pyzor check /tmp/.spamassassin21828A1Yhoatmp > public.pyzor.org:24441 (200, 'OK') 0 0 > # echo $? > 1 > > So what's the differences ? Your diff shows that it's not additional headers being added - it is replacements headers. The key is the last line, which is blank. The /tmp/.spamassassin21828A1Yhoatmp message has only the headers that are shown in the diff, not those in the original GTUBE sample message. Then the body of the /tmp/.spamassassin21828A1Yhoatmp message is all of the gtube.txt file (i.e. the headers in that file are part of the body as well). That means that the messages are substantially different, so there are different pyzor digests, and therefore different responses. The exit codes simply reflect the results - 0 means "found hits and no whitelist count" and 1 means "found no hits, or a positive whitelist count". If you're asking the larger question about whether GTUBE should always trigger a pyzor hit, I'm not certain, but I lean towards "no". Pyzor is about creating unique hashes for essentially identical messages, and checking how often those have been seen by others. My feeling is that GTUBE checking is therefore not appropriate here (because it's part of a larger message). GTUBE isn't meant to be detected by every anti-spam solution (e.g. DNSBL systems generally provide a 127.0.0.2 checking address for the same purpose), and it is simple to add GTUBE checking to any system that also uses Pyzor (the dominant system being SA, which, of course, already does a GTUBE check). The purpose of GTUBE is to check that the filter is working correctly. It does seem reasonable to provide a similar function in pyzor - but I think this would be best done by providing (on the Pyzor wiki) a couple of complete emails that can be checked - one that is known to have a high hit count, one that is known to have a high whitelist count (and ensure that these results stay constant). If anyone would find that useful, then please open a ticket on the issue tracker, and I'll happily add such functionality (but if no-one needs it, then it's not really worth doing). We could use the sample message provided by SA (http://spamassassin.apache.org/gtube/gtube.txt) as the 'high hit count' example - that would somewhat address both concerns (and in fact it is the case now, since there have been 151 reports of the sample message). Any other message containing the GTUBE string wouldn't (necessarily) have a high hit count, but the example message would. OTOH, maybe that would just be confusing, as here. Cheers, Tony |
|
From: Tom <mai...@ii...> - 2009-06-26 22:44:24
|
Hi Tony, First thank you for your detailed explanations. > We could use the sample message provided by SA > (http://spamassassin.apache.org/gtube/gtube.txt) as the 'high hit > count' example - that would somewhat address both concerns (and in > fact it is the case now, since there have been 151 reports of the > sample message). Any other message containing the GTUBE string > wouldn't (necessarily) have a high hit count, but the example message > would. OTOH, maybe that would just be confusing, as here. Just pinging the service (pyzor ping) doesn't really mean it's well configured in spamassassin and amavis and that it will score SPAM. Maybe because I'm Thomas, I only believe what I see :) So I will open a ticket in TRAC to ask this "pong" feature which will allow us (pessimists and newbies) to test/see if pyzor is correctly enabled in the whole chain. I agree, pyzor worked well out of the box and it was mainly a Pebkac error [1] than a pyzor issue. Now with your explanations I have a far better understanding than before. Thanks. Thomas. [1] : Problem exists between keyboard and chair |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X