On 10/16, Frederic De Mees wrote:
> I have found 2 instances of the file 20_head_tests.cf on my server.
> The first stays in /usr/share/spamassassin and contains the following
That's used when you have never run sa-update.
> The second in /var/lib/spamassassin/3.003001/updates_spamassassin_org and
That was downloaded by sa-update. What is the date on the files in that
directory? It should be in the last couple days (because you should be
running sa-update daily from cron).
> contains:
> /
> (?:by|ip)=(?=\d+\.\d+\.\d+\.\d+
> )(?:(?:0|2(?:2[4-9]|[3-5]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\.|(?:\d+\.){0,3}(?!(?:2(?:[0-4]\d|5[0-5])|[01]?\d\d?)\b))/
Yup, that looks like the current one:
header RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ /
(?:by|ip)=(?=\d+\.\d+\.\d+\.\d+
)(?:(?:0|2(?:2[4-9]|[3-5]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\.|(?:\d+\.){0,3}(?!(?:2(?:[0-4]\d|5[0-5])|[01]?\d\d?)\b))/
> So, maybe SA uses the wrong files.
Could be, but I'd guess that's not it. The strace command can be useful
for that.
> The other possibility stays with the spampd policy daemon. With a server
> uptime of several months I cannot remember the last time I stopped and
> restarted the daemon.
That sounds like your problem.
When I was using spampd, I had a "/etc/init.d/spampd restart" after my
sa-update in cron. As is suggested on:
http://wiki.apache.org/spamassassin/IntegratePostfixViaSpampd
--
"I'd rather be happy than right any day."
- Slartiblartfast, The Hitchhiker's Guide to the Galaxy
http://www.ChaosReigns.com
