Spamassassin läuft, aber macht nichts...

Grabber66

New Member
Hallo,

ich habe ein Problem mit SA. Er läuft, prüft auch die Mails, doch macht nicht.

Hier mal ein Header einer Mail:
Code:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 26004 invoked from network); 15 Sep 2008 03:48:57 +0200
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on
	h1037XXX.serverkompetenz.net
Received: from 89-139-159-198.bb.netvision.net.il (HELO ?89.139.159.198?) (89.139.159.198)
	 by meinedamain.de with SMTP; 15 Sep 2008 03:48:56 +0200
Received: from [89.139.159.198] by sbcmx4.prodigy.net; Mon, 15 Sep   Jerusalem Daylight Time
Message-ID: <3e7d7cfb$78d2f1a5$0d8a1b15@temique2003>
From: <[email protected]>
To: <[email protected]>
Subject: Science may fix you!
Date: Mon, 15 Sep   Jerusalem Daylight Time
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Antivirus: AVG for E-mail 7.5.524 [270.6.21/1673]
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; format=flowed; charset=Windows-1252; reply-type=original

http://zetpola.net/v/

meine local.cf
Code:
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

# How many hits before a message is considered spam.
required_score           5.0

# Change the subject of suspected spam
rewrite_header subject         *****SPAM*****

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe             1

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn              1
bayes_path /var/qmail/.spamassassin/bayes
bayes_auto_learn_threshold_spam 6.0
score BAYES_95 0 0 3.50 3.50
score BAYES_99 0 0 4.00 4.00
bayes_file_mode 777

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages            all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              all

urirhssub       URIBL_BLACK  multi.uribl.com.        A   2
body            URIBL_BLACK  eval:check_uridnsbl('URIBL_BLACK')
describe        URIBL_BLACK  Contains an URL listed in the URIBL blacklist
tflags          URIBL_BLACK  net
score           URIBL_BLACK  3.0

urirhssub       URIBL_GREY  multi.uribl.com.        A   4
body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY')
describe        URIBL_GREY  Contains an URL listed in the URIBL greylist
tflags          URIBL_GREY  net
score           URIBL_GREY  0.25

Andere Configs habe ich nicht, doch irgentwie spuckt er mir keine Info im Header aus, ob es Spam ist oder nicht.


Kann mir da jemand weiterhelfen?

THX

P.S.: Wenn es noch verbesserungsvorschläge zur config gibt, bin ich da auch für alles offen.
 
Hallo,

was sagen die Log-Dateien? e.g. /var/log/messages , mail.info,mail.err,syslog
Eventuell schaltest du das Logging bzw. das Debug im SA an.

Gruss Alex
 
mail.info
Code:
Sep 17 19:38:01 h10XXXXX spamd[7403]: spamd: connection from h10XXXXX.serverkompetenz.net [127.0.0.1] at port 37041
Sep 17 19:38:01 h10XXXXX spamd[7403]: spamd: setuid to qmaild succeeded
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: not parsing, administrator setting: bayes_path /var/qmail/.spamassassin/bayes
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: bayes_path /var/qmail/.spamassassin/bayes
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: not parsing, administrator setting: bayes_file_mode 777
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: bayes_file_mode 777
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: use_dcc 1
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse, now a plugin, skipping: ok_languages all
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: tflags URIBL_BLACK net
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: tflags URIBL_BLACK net
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: tflags URIBL_GREY net
Sep 17 19:38:01 h10XXXXX spamd[7403]: config: failed to parse line, skipping: tflags URIBL_GREY net
Sep 17 19:38:01 h10XXXXX spamd[7403]: spamd: processing message <01c918fc$e33caf00$40cde558@forster> for qmaild:2020
Sep 17 19:38:02 h10XXXXX spamd[7403]: spamd: clean message (0.1/3.0) for qmaild:2020 in 1.0 seconds, 5181 bytes.
Sep 17 19:38:02 h10XXXXX spamd[7403]: spamd: result: . 0 - TW_ZT scantime=1.0,size=5181,user=qmaild,uid=2020,required_score=3.0,rhost=h10XXXXX.serverkompetenz.net,raddr=127.0.0.1,rport=37041,mid=<01c918fc$e33caf00$40cde558@forster>,autolearn=ham
Sep 17 19:38:02 h10XXXXX spamd[26113]: prefork: child states: II
Sep 17 19:38:02 h10XXXXX qmail-queue[32387]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Sep 17 19:38:02 h10XXXXX qmail-queue[32387]: scan: the message(drweb.tmp.Qv7pI3) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.712689 new msg 38273182
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.712841 info msg 38273182: bytes 5343 from <[email protected]> qp 32395 uid 2020
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.725977 starting delivery 11135: msg 38273182 to local [email protected]
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.726127 status: local 1/10 remote 0/20
Sep 17 19:38:02 h10XXXXX qmail-queue[32399]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Sep 17 19:38:02 h10XXXXX qmail-queue[32399]: scan: the message(drweb.tmp.DCY7k0) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.768375 new msg 38273188
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.768526 info msg 38273188: bytes 5474 from <[email protected]> qp 32400 uid 110
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.778667 starting delivery 11136: msg 38273188 to remote [email protected]
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.778820 status: local 1/10 remote 1/20
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.778887 delivery 11135: success: did_0+1+1/qp_32398/
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.782978 status: local 0/10 remote 1/20
Sep 17 19:38:02 h10XXXXX qmail: 1221673082.783051 end msg 38273182
Sep 17 19:38:03 h10XXXXX qmail: 1221673083.880243 delivery 11136: failure: 205.188.159.216_does_not_like_recipient./Remote_host_said:_550_MAILBOX_NOT_FOUND/Giving_up_on_205.188.159.216./
Sep 17 19:38:03 h10XXXXX qmail: 1221673083.880397 status: local 0/10 remote 0/20
Sep 17 19:38:03 h10XXXXX spamd[7403]: spamd: connection from h10XXXXX.serverkompetenz.net [127.0.0.1] at port 37044
Sep 17 19:38:03 h10XXXXX spamd[7403]: spamd: setuid to qmails succeeded
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: not parsing, administrator setting: bayes_path /var/qmail/.spamassassin/bayes
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: bayes_path /var/qmail/.spamassassin/bayes
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: not parsing, administrator setting: bayes_file_mode 777
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: bayes_file_mode 777
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: use_dcc 1
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse, now a plugin, skipping: ok_languages all
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: tflags URIBL_BLACK net
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: tflags URIBL_BLACK net
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: not parsing, 'allow_user_rules' is 0: tflags URIBL_GREY net
Sep 17 19:38:03 h10XXXXX spamd[7403]: config: failed to parse line, skipping: tflags URIBL_GREY net
Sep 17 19:38:03 h10XXXXX spamd[7403]: spamd: processing message (unknown) for qmails:2522
Sep 17 19:38:04 h10XXXXX spamd[7403]: spamd: clean message (0.1/3.0) for qmails:2522 in 0.8 seconds, 6065 bytes.
Sep 17 19:38:04 h10XXXXX spamd[7403]: spamd: result: . 0 - TW_ZT scantime=0.8,size=6065,user=qmails,uid=2522,required_score=3.0,rhost=h10XXXXX.serverkompetenz.net,raddr=127.0.0.1,rport=37044,mid=(unknown),autolearn=ham
Sep 17 19:38:04 h10XXXXX qmail-queue[32404]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Sep 17 19:38:04 h10XXXXX qmail-queue[32404]: scan: the message(drweb.tmp.Gor0Ca) sent by  to [email protected] should be passed without checks, because contains uncheckable addresses
Sep 17 19:38:04 h10XXXXX spamd[26113]: prefork: child states: II
Sep 17 19:38:04 h10XXXXX qmail: 1221673084.702067 bounce msg 38273188 qp 32402
Sep 17 19:38:04 h10XXXXX qmail: 1221673084.702592 end msg 38273188
Sep 17 19:38:04 h10XXXXX qmail: 1221673084.703914 new msg 38276766
Sep 17 19:38:04 h10XXXXX qmail: 1221673084.704376 info msg 38276766: bytes 6225 from <> qp 32405 uid 2522
Sep 17 19:38:04 h10XXXXX qmail: 1221673084.715061 starting delivery 11137: msg 38276766 to remote [email protected]
Sep 17 19:38:04 h10XXXXX qmail: 1221673084.715540 status: local 0/10 remote 1/20
Sep 17 19:38:05 h10XXXXX qmail: 1221673085.228614 delivery 11137: success: 129.69.211.42_accepted_message./Remote_host_said:_250_2.0.0_Ok:_queued_as_218636BF8/
Sep 17 19:38:05 h10XXXXX qmail: 1221673085.228769 status: local 0/10 remote 0/20
Sep 17 19:38:05 h10XXXXX qmail: 1221673085.229007 end msg 38276766

Hier liegt denke ich der Hund begraben. Doch wo liegt der Fehler, hab ich da einige Berechtigungen nicht / Falsch gesetzt?
Aber trotzdem auch nochmal andere logs

mail.warn
Code:
Sep 17 19:29:45 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 92.96.247.81:61085 (onlinechaot.de)
Sep 17 19:30:01 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 80.35.23.160:53460 (160.red-80-35-23.staticip.rima-tde.net)
Sep 17 19:30:10 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 80.235.35.155:2103 (not defined)
Sep 17 19:31:25 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 213.165.64.20:38149 (mail.gmx.net)
Sep 17 19:32:07 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 189.100.120.181:41527 (bd6478b5.virtua.com.br)
Sep 17 19:32:15 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 200.195.66.71:38618 (not defined)
Sep 17 19:34:55 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 84.132.54.212:2081 (p548436d4.dip.t-dialin.net)
Sep 17 19:35:00 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 71.183.162.168:50071 (pool-71-183-162-168.nycmny.east.verizon.net)
Sep 17 19:35:17 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 213.165.64.20:54988 (mail.gmx.net)
Sep 17 19:37:11 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 88.87.80.16:28671 (host-80-16.elsv-v.ru)
Sep 17 19:37:58 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 88.229.205.64:4333 (dsl88-229-52544.ttnet.net.tr)
Sep 17 19:39:34 h1037552 relaylock: /var/qmail/bin/relaylock: mail from 66.153.215.41:1307 (41.215-net.sccoast.net)

messages ist nicht besonderes drin.
etliche failed logins und meine ftp-logins das war es.
 
Last edited by a moderator:
config: failed to parse line, skipping: bayes_path /var/qmail/.spamassassin/bayes
config: not parsing, administrator setting: bayes_file_mode 777
config: failed to parse line, skipping: use_dcc 1
config: failed to parse, now a plugin, skipping: ok_languages all
...
Für die korrekte Syntax siehe: man Mail::SpamAssassin::Conf
Evtl. fehlt Dir auch die Aktivierung von Plugins.

huschi.
 
Guten Morgen,

ich werf mal paar Ausschnitte meiner local.cf hier rein, hoffe es hilft.

Code:
# Enable the Bayes system
use_bayes               1
bayes_path              /usr/local/share/bayes/bayes
bayes_file_mode         777

use_bayes_rules         1

# Enable Bayes auto-learning
bayes_auto_learn        1
bayes_auto_learn_threshold_spam         4.0
bayes_auto_learn_threshold_nonspam      1.0
#

Code:
use_razor2              1
razor_config            /etc/razor/razor-agent.conf

use_dcc                 1
dcc_home                /var/lib/dcc
dcc_path                /usr/bin/dccproc
add_header all DCC _DCCB_: _DCCR_

use_pyzor               1
pyzor_path              /usr/bin/pyzor

#AWL
use_auto_whitelist      1

Am besten machst du
Code:
sa-update
gibst entweder den Zielpfad an oder kopierst dir die Rules von
Code:
/var/lib/spamassassin/XX.XXX/updates_spamassassin_org/
in dein Config-Verzeichnis, wo deine local.cf auch liegt. Aber bitte vorher das Zielverzeichnis sichern ;-)

Gruss Alex
 
Danke für die Tips.
Ich habe es jetzt wieder ans laufen gebracht.
Ich habe mal SA neu installiert, und siehe da es geht wieder.
Hab allerdings nicht mehr 3.1.9 genommen, sondern 3.1.8.
Evtl lag es daran.

Ich hab jetzt nur noch einproblem mit

Code:
sa-update

Dort kommt immer die meldung, das ich ein update beim tar-Archive brauche.
Lade ich mir das kommt, das Perl nicht aktuell genug ist. Kennst das jemand.
Ich habe auch die "Rulesdujur" (oder so ähnlich) draufgepackt. Reicht das ?
Ich möchte mir ungern das System zerschießen.
 
Back
Top