[Mimedefang] SA suddenly not catching spam

Stephen Smoogen smoogen at lanl.gov
Wed Mar 24 11:07:44 EST 2004 

On Wed, 2004-03-24 at 08:18, Gwendolynn ferch Elydyr wrote:
> On Tue, 23 Mar 2004, Stephen Smoogen wrote:
> > Hmmm puremessage sticks it in /opt normally but I think can be put
> > elsewhere. What OS are you running? If you are running an RPM style
> > distro and want to check the integrity of the RPMS to see if something
> > got written over by puremessage (rpm -V mimedefang)
> 
> I'm running RedHat 9 - but I built both my MD and SA installs, so I can't
> use RPM to check them, unfortunately.
> 
> > The other thing that can happen is if /opt is in the PATH somewhere then
> > puremessage perl might get called before the other perl.
> 
> Running SA in debug mode doesn't show any touches into /opt - but I'm
> still seeing surprisingly low scores [I've modified my default down
> to 4 - but most spam is hovering between 1 and 3, which seems all wet]
> 
> Further poking about yesterday showed that SA alone seems to be handing
> out fairly reasonable scores, but SA in combination with MD is seeing
> hideously low scoring.  It doesn't look to me as though I've turned off
> any SA rules via MD - bayes, dns and rbl checks are all enabled - but
> even after a restart, I'm not having much luck here.
> 

I took the time time to look at my fairly default home box last night,
and seem to be seeing the same things on the scores. Everything is Red
Hat 9 and I am not using puremessage. 

perl modules I have compiled and installed:

perl-Archive-Tar-1.07-1.fdr_rhel.3
perl-Archive-Zip-1.09-1.fdr_rhel.3
perl-Compress-Zlib-1.33-1.fdr_rhel.3
perl-Convert-ASN1-0.18-1.fdr_rhel.3
perl-Digest-1.05-1.fdr_rhel.3
perl-Digest-Nilsimsa-0.06-1.fdr_rhel.3
perl-Digest-SHA1-2.07-1.fdr_rhel.3
perl-FreezeThaw-0.43-1.fdr_rhel.3
perl-HTML-Parser-3.35-1.fdr_rhel.3
perl-HTML-Tagset-3.03-1.fdr_rhel.3
perl-IO-Socket-SSL-0.95-1.fdr_rhel.3
perl-IO-Zlib-1.01-1.fdr_rhel.3
perl-IO-stringy-2.109-1.fdr_rhel.3
perl-MIME-tools-RP-Patched-5.411a-1.fdr_rhel.3
perl-MLDBM-2.01-1.fdr_rhel.3
perl-MailTools-1.60-1.fdr_rhel.3
perl-Net-DNS-0.46-1.fdr_rhel.3
perl-Net_SSLeay.pm-1.25-1.fdr_rhel.3
perl-Time-HiRes-1.56-1.fdr_rhel.3
perl-TimeDate-1.16-1.fdr_rhel.3
perl-Unix-Syslog-0.100-1.fdr_rhel.3
perl-razor-agents-2.36-1.fdr_rhel.3

Default perl modules
perl-5.8.0-88.3
perl-Bit-Vector-6.1-33
perl-CGI-2.81-88.3
perl-CPAN-1.61-88.3
perl-Crypt-SSLeay-0.45-7
perl-DB_File-1.804-88.3
perl-Date-Calc-5.3-3
perl-DateManip-5.40-30
perl-Digest-HMAC-1.01-11
perl-File-MMagic-1.16-3
perl-Filter-1.29-3
perl-Parse-Yapp-1.05-30
perl-SGMLSpm-1.03ii-11
perl-URI-1.21-7
perl-XML-Dumper-0.4-25
perl-XML-Encoding-1.01-23
perl-XML-Grove-0.46alpha-25
perl-XML-Parser-2.31-15
perl-XML-Twig-3.09-3
perl-libwww-perl-5.65-6
perl-libxml-enno-1.02-29
perl-libxml-perl-0.07-28
perl-suidperl-5.8.0-88.3

Mimedefang
mimedefang-2.41-1.fdr_rhel.3
mimedefang-contrib-2.41-1.fdr_rhel.3

/etc/mail/mimedefang is basically the default version for 2.41 with my
email address placed in there, and a 'default' message variable for the
various attachments to be removed.

/etc/mail/spamassassin/sa-mimedefang.cf

required_hits           5.0
ok_locales              en
rewrite_subject 0
report_header 1
use_terse_report 1
skip_rbl_checks 1
score HABEAS_SWE 2.0
use_razor2              1
use_dcc                 0
use_pyzor               1
use_bayes               1
auto_learn              1
bayes_path                              /etc/mail/spamassassin/bayes
bayes_auto_learn_threshold_nonspam      0.5
bayes_auto_learn_threshold_spam         5.5
bayes_learn_to_journal                  1
bayes_journal_max_size                  5120000
bayes_file_mode                         0644
auto_whitelist_path                    
/etc/mail/spamassassin/auto-whitelist
auto_whitelist_file_mode                0644

This is the same as a RHL-7.1 machine I am tracking that has
mimedefang-2.27/spamassassin-2.53. That machine is scoring the same spam
messages at above 12 but the message has a score here of 2.02.

My Spam
X-Spam-Status: No, hits=1.246 required=7
 tests=BIZ_TLD,HTML_MESSAGE,NO_REAL_NAME

The older spam
X-Spam-Status: No, hits=4.769 required=7
tests=BIZ_TLD,GAPPY_SUBJECT,HTML_40_50,HTML_MESSAGE,MIME_HTML_ONLY              
                                
Maybe I have something turned off incorrectly?



> Is anybody running with a spam threshold hovering around 1 or 2 ?
> 
> I'm quite puzzled here.
> 

-- 
Stephen John Smoogen		smoogen at lanl.gov
Los Alamos National Lab  CCN-5 Sched 5/40  PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --

More information about the MIMEDefang mailing list