tor, 2003-01-23 kl. 16:14 skrev Harry Putnam: > It seems a minimal first step is being able to track a specific message > thru syslog or whatever log facility spamd is sending info to. > What am I missing here? That is, I should be able to scan the > aproppriate log like: > grep "spamd.*MESSAGE_ID" SOME_LOG > and If I don't get a hit, know with certainty it wasn't processed. > Or conversly, go directly to the exact line and section of syslog > where this message was processed.
This was an interesting posting, thanks Harry. Just a couple of points: Exim 4.12, Spamassassin 2.50 recent CVS, RH Linux 7.2++++ I've been satisfied with what Spamassassin has done, since I went over from 2.4 to 2.50 CVS in September last (very little false positives or negatives). Didn't change the CVS version till last week and noticed the Bayesian addition. Then I began to take it seriously and just (a week or so ago) subscribed to the list. I'd already learned to tweak usr_prefs. No, nada, zilch false positives/negatives any more. Try to separate your Sendmail logs from maillog. I don't know how Sendmail works, I use Exim 4 (have only ever used Exim since 1997) and it has its own logs for all mail. In /var/log/maillog I only have Spamassassin and imapd. With Exim's setup, not a single mail is scanned that I don't tell it to. F.ex. I tell it not to scan outgoing mail and anyway no messages smaller than 2k. Do 'tail -f maillog' to see what happens. If you can't separate Sendmail and spamd, do 'tail -f maillog | grep spamd' Fun to watch things coming in. I run spamd, but the Exim smtp transport calls spamc to scan each incoming mail. There is *nothing* that doesn't get spam-checked that ought to. In the spamd log, look for: Jan 23 16:15:09 billy spamd[25770]: connection from localhost [127.0.0.1] at port 57391 Jan 23 16:15:09 billy spamd[29247]: processing message <411965-22003142314375464@fax_mail> for spamkill:503. Jan 23 16:15:11 billy spamd[29247]: identified spam (15.0/5.0) for spamkill:503 in 2.0 seconds, 34091 bytes. (This was a Dutch computer hardware firm that seems to be going broke - they all are here - and is trying to shift its goods at bargain prices. Spamassassin gave it 37.5 points :-) It gives you the message i.d. to look for in the spam you identify. All my identified spam goes right into a system cesspit, where it's stored. root gets mailed with the subject and can salvage it, if necessary. I give an smtp 550 (administrative prohibition, mail to postmaster will be accepted) to everything on vortex.com's long list of spammers and have my own additional list, but don't bother with any DNSBL or other blocking methods. I do verify whether each mail domain exists before accepting it - I could even check if the sender account exists, first, but that costs bandwidth for both sender and me. All I wanted to point out, is that with the last batches of 2.50 CVS there's no reason why each and every mail you want shouldn't be scanned. Plus that perhaps Sendmail people could give you a couple of tips as regards configuration. With Exim 4 it's all dead easy to set up. Best, Tony -- Tony Earnshaw When all's said and done ... there's nothing left to say or do. e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
