SA, Erkennung

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

SA, Erkennung

Post by thomas.km » 2005-10-30 10:42

Guten Tag

SA lässt in letzter Zeit immer mehr Spam durch, meine local.cf

required_hits 5.00
rewrite_header Subject *****SPAM*****
fold_headers 1
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_HITS_ required=_REQD_ tests=_TESTSSCORES_ autolearn=_AUTOLEARN_ version=_VERSION_ awl=_AWL_ bayes=_BAYES_ Pyzor=_PYZOR_
#
add_header all Level _STARS(*)_
add_header all Checker-Version Spamassassin _VERSION_ (_SUBVERSION_)
#
use_dcc 1
use_pyzor 1
pyzor_path /usr/bin/pyzor
use_razor2 1
razor_config /etc/razor/razor-agent.conf
razor_timeout 10
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_learn_during_report 1
rbl_timeout 20
ok_languages de en fr
ok_locales all

uri IE_VULN /%([01][0-9a-f]|7f).*@/i
score IE_VULN 100.0
describe IE_VULN Internet Explorer vulnerability
dcc_path /usr/bin/dccproc


Ich nutze die rules_du_jour und die sind up-to-date was ich gerade geprüft habe.
dcc, pyzor, razor nutze ich auch, was kann ich da noch tun?
Die Filter selber anzupassen mit der für mich komplizierten Syntax, traue ich mir nur bedingt zu, weil ich wohl mehr Schaden als Nutzen anrichten würde.

Von 100 Mails sind gut 50 Spam.

Grüsse
Thomas

timeless2
Posts: 416
Joined: 2005-03-04 14:45
Location: Paris

Re: SA, Erkennung

Post by timeless2 » 2005-10-30 14:17

du kannst mal im Quelltext der durchgelassenen Mails schauen, wieviel Punkte er wofür gegeben hat und dementsprechend den Filter anpassen. Trainierst du selbst den Spamassassin mit nicht erkannten Spam-Mails (sa-learn)?

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-30 14:18

nein, das mache ich nicht.
Die Mails werden alle zugestellt, mit rewrite subject...also kann ich mit denen doch dann nichts mehr lernen oder? Geht doch nur wenn die noch in der Box sind..

Wie gesagt, selber anpassen der files traue ich mir nicht zu, da bin ich zu wenig mit vertraut

Aber vielleicht mache ich auch generell was falsch.....bloß was...

manx
Posts: 13
Joined: 2005-05-02 20:29

Re: SA, Erkennung

Post by manx » 2005-10-30 14:24

Hi!

Starte SA mal im Debugmodus -D, (lass eine Mail zustellen) und poste den Output.

Grüße

Manx

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-30 14:35

ich starte SA immer mit /etc/init.d/spamd start

dort funzt ja kein -d, wie mache das nun am besten?
spamc -d start geht auch nicht

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-30 15:05

Oct 30 15:00:10 host spamd[13702]: logmsg: connection from localhost [127.0.0.1] at port 34251
Oct 30 15:00:10 host spamd[13702]: connection from localhost [127.0.0.1] at port 34251
Oct 30 15:00:10 host spamd[13702]: logmsg: info: setuid to web1p1 succeeded
Oct 30 15:00:10 host spamd[13702]: info: setuid to web1p1 succeeded
Oct 30 15:00:10 host spamd[13702]: debug: config: not parsing, administrator setting: pyzor_path /usr/bin/pyzor
Oct 30 15:00:10 host spamd[13702]: debug: config: SpamAssassin failed to parse line, skipping: pyzor_path /usr/bin/pyzor
Oct 30 15:00:10 host spamd[13702]: debug: config: not parsing, administrator setting: razor_config /etc/razor/razor-agent.conf
Oct 30 15:00:10 host spamd[13702]: debug: config: SpamAssassin failed to parse line, skipping: razor_config /etc/razor/razor-agent.conf
Oct 30 15:00:10 host spamd[13702]: debug: config: not parsing, 'allow_user_rules' is 0: uri IE_VULN /%([01][0-9a-f]|7f).*@/i
Oct 30 15:00:10 host spamd[13702]: debug: config: SpamAssassin failed to parse line, skipping: uri IE_VULN /%([01][0-9a-f]|7f).*@/i
Oct 30 15:00:10 host spamd[13702]: debug: config: not parsing, administrator setting: dcc_path /usr/bin/dccproc
Oct 30 15:00:10 host spamd[13702]: debug: config: SpamAssassin failed to parse line, skipping: dcc_path /usr/bin/dccproc
Oct 30 15:00:10 host spamd[13702]: debug: user has changed
Oct 30 15:00:10 host spamd[13702]: debug: bayes: 13702 tie-ing to DB file R/O /home/mail/web1p1/.spamassassin/bayes_toks
Oct 30 15:00:10 host spamd[13702]: debug: bayes: 13702 tie-ing to DB file R/O /home/mail/web1p1/.spamassassin/bayes_seen
Oct 30 15:00:10 host spamd[13702]: debug: bayes: found bayes db version 3
Oct 30 15:00:10 host spamd[13702]: debug: Score set 3 chosen.
Oct 30 15:00:10 host spamd[13702]: logmsg: processing message <hostzGNs00000b34@mail.domain.org> for web1p1:637.
Oct 30 15:00:10 host spamd[13702]: processing message <hostzGNs00000b34@mail.domain.org> for web1p1:637.
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=127.0.0.1 rdns=localhost helo=localhost by=mail.domain.de ident= envfrom= intl=0 id=08C006B83FF auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: is Net::DNS::Resolver available? yes
Oct 30 15:00:10 host spamd[13702]: debug: Net::DNS version: 0.48
Oct 30 15:00:10 host spamd[13702]: debug: IP is reserved, not looking up PTR: 127.0.0.1
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=127.0.0.1 rdns= helo=mail.domain.de by=localhost ident= envfrom= intl=0 id=13044-02 auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=IP rdns=main.domain.org helo=mail.domain.org by=mail.domain.de ident= envfrom= intl=0 id=E5EB86B8175 auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: looking up PTR record for 'IP'
Oct 30 15:00:10 host spamd[13702]: debug: PTR for 'IP': 'main.domain.org'
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=IP rdns=main.domain.org helo=domain-mail-gateway by=mail.domain.org ident= envfrom= intl=0 id= auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: looking up PTR record for 'IP'
Oct 30 15:00:10 host spamd[13702]: debug: PTR for 'IP': 'main.domain.org'
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=IP rdns=main.domain.org helo=mail.domain.org by=domain-mail-gateway ident= envfrom= intl=0 id= auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=IP rdns=host4.dedicated.hosteurope.de helo=host4.dedicated.hosteurope.de by=mail.domain.org ident= envfrom= intl=0 id= auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: looking up PTR record for 'ip'
Oct 30 15:00:10 host spamd[13702]: debug: PTR for 'ip': 'ip'
Oct 30 15:00:10 host spamd[13702]: debug: received-header: parsed as [ ip=ip rdns=ip helo=nameoffice by=domain-mail-gateway ident= envfrom= intl=0 id= auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: looking up A records for 'mail.domain.de'
Oct 30 15:00:10 host spamd[13702]: debug: A records for 'mail.domain.de': ip
Oct 30 15:00:10 host spamd[13702]: debug: received-header: 'from' 127.0.0.1 has reserved IP
Oct 30 15:00:10 host spamd[13702]: debug: looking up A records for 'mail.domain.de'
Oct 30 15:00:10 host spamd[13702]: debug: A records for 'mail.domain.de': ip
Oct 30 15:00:10 host spamd[13702]: debug: received-header: 'by' mail.domain.de has public IP ip
Oct 30 15:00:10 host spamd[13702]: debug: received-header: relay 127.0.0.1 trusted? yes internal? no
Oct 30 15:00:10 host spamd[13702]: debug: received-header: 'from' 127.0.0.1 has reserved IP
Oct 30 15:00:10 host spamd[13702]: debug: looking up A records for 'localhost'
Oct 30 15:00:10 host spamd[13702]: debug: A records for 'localhost': 127.0.0.1
Oct 30 15:00:10 host spamd[13702]: debug: received-header: relay 127.0.0.1 trusted? yes internal? no
Oct 30 15:00:10 host spamd[13702]: debug: looking up A records for 'mail.domain.de'
Oct 30 15:00:10 host spamd[13702]: debug: A records for 'mail.domain.de': ip
Oct 30 15:00:10 host spamd[13702]: debug: received-header: 'by' mail.domain.de has public IP ip
Oct 30 15:00:10 host spamd[13702]: debug: received-header: relay IP trusted? no internal? no
Oct 30 15:00:10 host last message repeated 3 times
Oct 30 15:00:10 host spamd[13702]: debug: received-header: relay ip trusted? no internal? no
Oct 30 15:00:10 host spamd[13702]: debug: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=localhost helo=localhost by=mail.domain.de ident= envfrom= intl=0 id=08C006B83FF auth= ] [ ip=127.0.0.1 rdns= helo=mail.domain.de by=localhost ident= envfrom= intl=0 id=13044-02 auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: metadata: X-Spam-Relays-Untrusted: [ ip=IP rdns=main.domain.org helo=mail.domain.org by=mail.domain.de ident= envfrom= intl=0 id=E5EB86B8175 auth= ] [ ip=IP rdns=main.domain.org helo=domain-mail-gateway by=mail.domain.org ident= envfrom= intl=0 id= auth= ] [ ip=IP rdns=main.domain.org helo=mail.domain.org by=domain-mail-gateway ident= envfrom= intl=0 id= auth= ] [ ip=IP rdns=host4.dedicated.hosteurope.de helo=host4.dedicated.hosteurope.de by=mail.domain.org ident= envfrom= intl=0 id= auth= ] [ ip=ip rdns=ip helo=nameoffice by=domain-mail-gateway ident= envfrom= intl=0 id= auth= ]
Oct 30 15:00:10 host spamd[13702]: debug: ---- MIME PARSER START ----
Oct 30 15:00:10 host spamd[13702]: debug: main message type: text/plain
Oct 30 15:00:10 host spamd[13702]: debug: parsing normal part
Oct 30 15:00:10 host spamd[13702]: debug: added part, type: text/plain
Oct 30 15:00:10 host spamd[13702]: debug: ---- MIME PARSER END ----
Oct 30 15:00:10 host spamd[13702]: debug: decoding: quoted-printable
Oct 30 15:00:10 host spamd[13702]: debug: Message too short for language analysis
Oct 30 15:00:10 host spamd[13702]: debug: uri found: http://www.domain.de
Oct 30 15:00:10 host spamd[13702]: debug: URIDNSBL: domains to query: domain.de
Oct 30 15:00:10 host spamd[13702]: debug: is Net::DNS::Resolver available? yes
Oct 30 15:00:10 host spamd[13702]: debug: Net::DNS version: 0.48
Oct 30 15:00:10 host spamd[13702]: debug: all '*From' addrs: name.name@domain.org
Oct 30 15:00:10 host spamd[13702]: debug: Running tests for priority: 0
Oct 30 15:00:10 host spamd[13702]: debug: running header regexp tests; score so far=0
Oct 30 15:00:10 host spamd[13702]: debug: SPF: checking HELO (helo=mail.domain.org, ip=IP)
Oct 30 15:00:10 host spamd[13702]: debug: SPF: trimmed HELO down to 'domain.org'
Oct 30 15:00:10 host spamd[13702]: debug: SPF: cannot load or create Mail::SPF::Query module
Oct 30 15:00:10 host spamd[13702]: debug: all '*To' addrs: name.name@domain.de
Oct 30 15:00:10 host spamd[13702]: debug: SPF: relayed through one or more trusted relays, cannot use header-based Envelope-From, skipping
Oct 30 15:00:10 host spamd[13702]: debug: forged-HELO: from=domain.org helo=domain.org by=domain.de
Oct 30 15:00:10 host spamd[13702]: debug: forged-HELO: from=domain.org helo=domain-mail-gateway by=domain.org
Oct 30 15:00:10 host spamd[13702]: debug: forged-HELO: from=hosteurope.de helo=hosteurope.de by=domain.org
Oct 30 15:00:10 host spamd[13702]: debug: running body-text per-line regexp tests; score so far=0
Oct 30 15:00:10 host spamd[13702]: debug: running uri tests; score so far=0
Oct 30 15:00:10 host spamd[13702]: debug: bayes corpus size: nspam = 268, nham = 5063
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *p = "U*name.name D*domain.org D*org"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for RelayInfo = " 0_name.name@domain.de_name.name@domain.org_Sun, 30 Oct 2005 13:59:55 GMT"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *F = "U*name.name D*domain.org D*org"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for To = "U*name.name D*domain.de D*de"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for MIME-Version = " "
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *c = " /plain; charset="iso-8859-1""
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for Content-Transfer-Encoding = " quoted-printable"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *x = " Microsoft Office Outlook, Build 11.0.5510"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for X-MimeOLE = " Produced By Microsoft MimeOLE V6.00.2600.0000"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *M = " DS80 237 209 12zGNs00000b34 mail domain org "
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *RT = " [ ip=127.0.0.1 rdns=localhost helo=localhost by=mail.domain.de ident= envfrom= intl=0 id=08C006B83FF auth= ] [ ip=127.0.0.1 rdns= helo=mail.domain.de by=localhost ident= envfrom= intl=0 id=13044-02 auth= ]"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *RU = " [ ip=IP rdns=main.domain.org helo=mail.domain.org by=mail.domain.de ident= envfrom= intl=0 id=E5EB86B8175 auth= ] [ ip=IP rdns=main.domain.org helo=domain-mail-gateway by=mail.domain.org ident= envfrom= intl=0 id= auth= ] [ ip=IP rdns=main.domain.org helo=mail.domain.org by=domain-mail-gateway ident= envfrom= intl=0 id= auth= ] [ ip=IP rdns=host4.dedicated.hosteurope.de helo=host4.dedicated.hosteurope.de by=mail.domain.org ident= envfrom= intl=0 id= auth= ] [ ip=ip rdns=ip helo=nameoffice by=domain-mail-gateway ident= envfrom= intl=0 id= auth= ]"
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *r = " 87.122.85 ip*ip ([87.122.85 ip*ip ] helo=nameoffice) by domain-mail-gateway ; "
Oct 30 15:00:10 host spamd[13702]: debug: tokenize: header tokens for *r = " 87.122.85 ip*ip ([87.122.85 ip*ip ] helo=nameoffice) by domain-mail-gateway ; host4.dedicated.hosteurope.de (80.237.209 ip*IP ) by mail.domain.org ; "
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*c:plain' => 1.40100518215671e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'UD:de' => 1.91656870079441e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'UD:domain.de' => 2.35026866454065e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*M:domain' => 4.0056585511131e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HContent-Transfer-Encoding:sk:quoted-' => 4.11283541013684e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'name' => 4.17345434799473e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'name' => 4.28309847942043e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'name' => 4.70649986877789e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'name' => 4.71062078627091e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*p:U*name.name' => 4.98563617829673e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'domain' => 5.7472492255101e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'domain' => 5.9837615393171e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'regards' => 6.76644447239341e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*UA:Build' => 8.07686533553521e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*x:Build' => 8.07686533553521e-05
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'viele' => 0.000100541954774808
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'staff' => 0.000105884668372368
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Staff' => 0.000109549989818774
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'kind' => 0.000112764619576609
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*x:Office' => 0.000123366200412749
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*UA:Office' => 0.000123366200412749
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'grsse' => 0.000127457948353471
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'grüsse' => 0.000128064746488931
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'UD:www.domain.de' => 0.000136168058719312
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'www.domain.de' => 0.000136168058719312
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'wwwdomainde' => 0.000136168058719312
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'germany' => 0.000140067690705545
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Germany' => 0.000143811815022721
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Grsse' => 0.00014655407245982
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Grüsse' => 0.000146954384048074
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:helo' => 0.000155446402773765
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'assistant' => 0.000175759555700751
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Assistant' => 0.000176915488326208
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*UA:11.0.5510' => 0.000211727666273121
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*x:11.0.5510' => 0.000211727666273121
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'director' => 0.000215977519068647
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*F:D*org' => 0.000215977519068647
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Director' => 0.000220401474805408
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*F:D*domain.org' => 0.000226908477435681
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:mail.domain.org' => 0.000242233228275552
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:IP' => 0.000242233228275552
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:80.237.209' => 0.000244434348023626
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:ip*IP' => 0.000244434348023626
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:mail.domain.org' => 0.000244434348023626
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:sk:ds80-23' => 0.00024781206817135
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*p:D*org' => 0.00024781206817135
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:sk:domain-ma' => 0.000248958815363258
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:sk:domain-ma' => 0.000248958815363258
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:sk:ds80-23' => 0.000250116225011623
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HRelayInfo:2005' => 0.000252463632097607
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HRelayInfo:GMT' => 0.000252463632097607
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*p:D*domain.org' => 0.000254855518711511
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'administrator' => 0.000275756022552537
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:main.domain.org' => 0.000277176713034518
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Administrator' => 0.000284505552617663
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HX-MimeOLE:V6.00.2600.0000' => 0.000363268062120189
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*M:org' => 0.000680151706700379
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*MI:org' => 0.000697795071335927
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*M:209' => 0.000767475035663338
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*M:DS80' => 0.000767475035663338
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*MI:209' => 0.000767475035663338
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*MI:DS80' => 0.000767475035663338
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:nameoffice' => 0.000778581765557164
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:nameoffice' => 0.000778581765557164
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HRelayInfo:sk:name.' => 0.000895174708818636
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*F:U*name.name' => 0.00119290465631929
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HRelayInfo:Sun' => 0.00130900243309002
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HRelayInfo:Oct' => 0.00444628099173554
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*c:charset' => 0.00941033381539037
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*c:iso-8859-1' => 0.0216357801812165
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'HRelayInfo:sk:name.' => 0.0256190476190476
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:87.122.85' => 0.0489090909090909
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*r:ip*ip' => 0.0489090909090909
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*RU:ip' => 0.0489090909090909
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'H*Ad:U*name.name' => 0.920368586527864
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'network' => 0.0998775207078042
Oct 30 15:00:10 host spamd[13702]: debug: bayes token 'Network' => 0.111667897091205
Oct 30 15:00:10 host spamd[13702]: debug: bayes: score = 0
Oct 30 15:00:10 host spamd[13702]: debug: bayes: 13702 untie-ing
Oct 30 15:00:10 host spamd[13702]: debug: bayes: 13702 untie-ing db_toks
Oct 30 15:00:10 host spamd[13702]: debug: bayes: 13702 untie-ing db_seen
Oct 30 15:00:10 host spamd[13702]: debug: Razor2 is available
Oct 30 15:00:10 host spamd[13702]: debug: entering helper-app run mode
Oct 30 15:00:13 host spamd[13702]: debug: Using results from Razor v2.72
Oct 30 15:00:13 host spamd[13702]: debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0
Oct 30 15:00:13 host spamd[13702]: debug: Found Razor2 part: part=0 engine=8 ct=0 cf=0
Oct 30 15:00:13 host spamd[13702]: debug: leaving helper-app run mode
Oct 30 15:00:13 host spamd[13702]: debug: Razor2 results: spam? 0 highest cf score: 0
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: query for domain.de took 3 seconds to look up (multi.surbl.org.:domain.de)
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries completed: 2 started: 4
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries active: at Sun Oct 30 15:00:13 2005
Oct 30 15:00:13 host spamd[13702]: debug: running raw-body-text per-line regexp tests; score so far=-2.599
Oct 30 15:00:13 host spamd[13702]: debug: running full-text regexp tests; score so far=-2.599
Oct 30 15:00:13 host spamd[13702]: debug: Razor2 is available
Oct 30 15:00:13 host spamd[13702]: debug: Pyzor is available: /usr/bin/pyzor
Oct 30 15:00:13 host spamd[13702]: debug: entering helper-app run mode
Oct 30 15:00:13 host spamd[13755]: debug: changing real uid from 0 to match effective uid 637
Oct 30 15:00:13 host spamd[13755]: debug: setuid: helper proc 13755: ruid=637 euid=637
Oct 30 15:00:13 host spamd[13702]: debug: Pyzor: got response: Traceback (most recent call last):
Oct 30 15:00:13 host spamd[13702]: debug: leaving helper-app run mode
Oct 30 15:00:13 host spamd[13702]: debug: Pyzor: couldn't grok response "Traceback (most recent call last):"
Oct 30 15:00:13 host spamd[13702]: debug: DCCifd is not available: no r/w dccifd socket found.
Oct 30 15:00:13 host spamd[13702]: debug: DCC is not available: no executable dccproc found.
Oct 30 15:00:13 host spamd[13702]: debug: Running tests for priority: 500
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries completed: 4 started: 4
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries active: at Sun Oct 30 15:00:13 2005
Oct 30 15:00:13 host spamd[13702]: debug: RBL: success for 17 of 17 queries
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries completed: 0 started: 0
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries active: DNSBL=4 at Sun Oct 30 15:00:13 2005
Oct 30 15:00:13 host spamd[13702]: debug: waiting 2 seconds for URIDNSBL lookups to complete
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries completed: 0 started: 0
Oct 30 15:00:13 host spamd[13702]: debug: URIDNSBL: queries active: DNSBL=4 at Sun Oct 30 15:00:13 2005
Oct 30 15:00:14 host spamd[13702]: debug: URIDNSBL: query for domain.de took 4 seconds to look up (sbl.spamhaus.org.:76.127.133.83)
Oct 30 15:00:14 host spamd[13702]: debug: URIDNSBL: query for domain.de took 4 seconds to look up (sbl.spamhaus.org.:80.211.237.80)
Oct 30 15:00:14 host spamd[13702]: debug: URIDNSBL: queries completed: 2 started: 0
Oct 30 15:00:14 host spamd[13702]: debug: URIDNSBL: queries active: DNSBL=2 at Sun Oct 30 15:00:14 2005
Oct 30 15:00:15 host spamd[13702]: debug: URIDNSBL: query for domain.de took 5 seconds to look up (sbl.spamhaus.org.:54.216.75.62)
Oct 30 15:00:15 host spamd[13702]: debug: URIDNSBL: query for domain.de took 5 seconds to look up (sbl.spamhaus.org.:232.229.16.84)
Oct 30 15:00:15 host spamd[13702]: debug: URIDNSBL: queries completed: 2 started: 0
Oct 30 15:00:15 host spamd[13702]: debug: URIDNSBL: queries active: at Sun Oct 30 15:00:15 2005
Oct 30 15:00:15 host spamd[13702]: debug: done waiting for URIDNSBL lookups to complete
Oct 30 15:00:15 host spamd[13702]: debug: running meta tests; score so far=-2.599
Oct 30 15:00:15 host spamd[13702]: debug: running header regexp tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: running body-text per-line regexp tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: running uri tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: running raw-body-text per-line regexp tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: running full-text regexp tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: Running tests for priority: 1000
Oct 30 15:00:15 host spamd[13702]: debug: running meta tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: running header regexp tests; score so far=-1.373
Oct 30 15:00:15 host spamd[13702]: debug: lock: 13702 created /home/mail/web1p1/.spamassassin/auto-whitelist.lock.host.server4you.de.13702
Oct 30 15:00:15 host spamd[13702]: debug: lock: 13702 trying to get lock on /home/mail/web1p1/.spamassassin/auto-whitelist with 0 retries
Oct 30 15:00:15 host spamd[13702]: debug: lock: 13702 link to /home/mail/web1p1/.spamassassin/auto-whitelist.lock: link ok
Oct 30 15:00:15 host spamd[13702]: debug: Tie-ing to DB file R/W in /home/mail/web1p1/.spamassassin/auto-whitelist
Oct 30 15:00:15 host spamd[13702]: debug: auto-whitelist (db-based): name.name@domain.org|ip=87.122 scores 15/-13.518
Oct 30 15:00:15 host spamd[13702]: debug: AWL active, pre-score: -1.373, autolearn score: -1.373, mean: -0.9012, IP: ip
Oct 30 15:00:15 host spamd[13702]: debug: add_score: New count: 16, new totscore: -14.891
Oct 30 15:00:15 host spamd[13702]: debug: DB addr list: untie-ing and unlocking.
Oct 30 15:00:15 host spamd[13702]: debug: DB addr list: file locked, breaking lock.
Oct 30 15:00:15 host spamd[13702]: debug: unlock: 13702 unlink /home/mail/web1p1/.spamassassin/auto-whitelist.lock
Oct 30 15:00:15 host spamd[13702]: debug: Post AWL score: -1.1371
Oct 30 15:00:15 host spamd[13702]: debug: running body-text per-line regexp tests; score so far=-1.1371
Oct 30 15:00:15 host spamd[13702]: debug: running uri tests; score so far=-1.1371
Oct 30 15:00:15 host spamd[13702]: debug: running raw-body-text per-line regexp tests; score so far=-1.1371
Oct 30 15:00:15 host spamd[13702]: debug: running full-text regexp tests; score so far=-1.1371
Oct 30 15:00:15 host spamd[13702]: debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1.
Oct 30 15:00:15 host spamd[13702]: debug: auto-learn: message score: -1.1371, computed score for autolearn: 1.57
Oct 30 15:00:15 host spamd[13702]: debug: auto-learn? ham=0.1, spam=12, body-points=0, head-points=0, learned-points=-2.599
Oct 30 15:00:15 host spamd[13702]: debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam
Oct 30 15:00:15 host spamd[13702]: debug: is spam? score=-1.137 required=5
Oct 30 15:00:15 host spamd[13702]: debug: tests=AWL,BAYES_00,MISSING_SUBJECT
Oct 30 15:00:15 host spamd[13702]: debug: subtests=__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CT_TEXT_PLAIN,__FM_NO_FROM,__FM_NO_TO,__HAS_MIMEOLE,__HAS_MSGID,__HAS_OUTLOOK_IN_MAILER,__HAS_RCVD,__HAS_XMAILER,__HAS_X_MAILER,__LOCAL_PP_NONPPURL,__MIME_QP,__MIME_VERSION,__MSGID_OK_HOST,__NONEMPTY_BODY,__RCVD_IN_SORBS,__SANE_MSGID,__SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_CC_NONE,__SARE_HEAD_MIME_VALID,__SARE_META_MURTY3,__SARE_URI_ANY,__TOCC_EXISTS
Oct 30 15:00:15 host spamd[13702]: logmsg: clean message (-1.1/5.0) for web1p1:637 in 5.6 seconds, 2074 bytes.
Oct 30 15:00:15 host spamd[13702]: clean message (-1.1/5.0) for web1p1:637 in 5.6 seconds, 2074 bytes.
Oct 30 15:00:15 host spamd[13702]: logmsg: result: . -1 - AWL,BAYES_00,MISSING_SUBJECT scantime=5.6,size=2074,mid=<hostzGNs00000b34@mail.domain.org>,bayes=0,autolearn=no
Oct 30 15:00:15 host spamd[13702]: result: . -1 - AWL,BAYES_00,MISSING_SUBJECT scantime=5.6,size=2074,mid=<hostzGNs00000b34@mail.domain.org>,bayes=0,autolearn=no
Oct 30 15:00:15 host postfix/local[13689]: 08C006B83FF: to=<web1p1@mail.domain.de>, orig_to=<name.name@domain.de>, relay=local, delay=5, status=sent (delivered to command: procmail -a "$EXTENSION")
Oct 30 15:00:15 host postfix/qmgr[3947]: 08C006B83FF: removed

timeless2
Posts: 416
Joined: 2005-03-04 14:45
Location: Paris

Re: SA, Erkennung

Post by timeless2 » 2005-10-30 19:51

wenn du imap-Postfächer hast, kannst du die nicht erkannten Spam-Mails z.B. in einen extra Ordner schieben und dann mit dem Befehl "sa-learn" trainieren, dann filtert SA spezifischer.

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-30 20:01

habe nur pop3 auf dem server laufen.

timeless2
Posts: 416
Joined: 2005-03-04 14:45
Location: Paris

Re: SA, Erkennung

Post by timeless2 » 2005-10-30 23:11

mir ist leider keine Funktion bekannt, mit der man einfach Spam abschalten könnte. Entweder du beschäftigst dich eingänglich mit den Filterregeln und versuchst diese an deine Bedürfnisse anzupassen oder du musst den Filter selbst trainieren (am besten beides). Du kannst hierfür auch eine gefakte E-Mailadresse einrichten, an die garantiert nur Spam geschickt wird und damit trainieren, oder du machst das mit dem Verzeichnis per IMAP (zum Trainieren braucht man aber eine größere Menge E-Mails, bis das überhaupt aktiv wird, ~300 jeweils HAM und SPAM).

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-31 08:17

wollte sa-learn mal einsetzen.

In wwwrun waren 5 SPAM Mails

sa-learn --spam --showdots /var/mail/wwwrun
.
Learned from 1 message(s) (1 message(s) examined).


Wieso nur 1 message? Es liegen 5 Mails dort drin.

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-31 08:25

Ok, es ist ja nur ein file, in dem die 5 Mails gespeichert sind. Also meint SA, es hat von einem file gelernt, wieviele Mails dort drin sind, zeigt er dann wohl nicht an?

Wo werden die Ergebnisse eigentlich gespeichert? (will ja schauen das das gepasst hat)

thomas.km
Posts: 364
Joined: 2003-09-14 11:35
Location: Schleswig-Holstein

Re: SA, Erkennung

Post by thomas.km » 2005-10-31 09:21

ok, disre.

hatte vergessen den schalter --mbox zu nutzen.