AWL problems
    Martin Hepworth 
    martinh at SOLID-STATE-LOGIC.COM
       
    Wed Apr 27 17:30:10 IST 2005
    
    
  
Dave
if MS isn't tagging correctly sounds like  another sendmail might be
still listening on port 25 and moving the email itself. Which would also
explain how SA is getting called outside of MS....
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Dave Duffner - PSCGi wrote:
> Martin,
>
>         Yep, it's put together like TinkerToys and their a
> bit apathetic lately about supporting anything in real-time.
> Took 2-4 extra months to get the SA 3.02 patch out of them
> to bring it up to near-normal.
>
>         Not sure if they've even worked with Julian on this,
> would be the most intelligent way to handle it.  And Ensim,
> sadly, is one of the best managed hosting OS'es out there
> for everyday use, just a mess behind the scenes.  Plesk is
> the next-best option, but you sacrifice certain elements
> to get others and we haven't been prepared to go that route
> at this point.
>
>         Now Ensim shouldn't be calling SA outside of MS, the
> MS/Sa/ClamAV anti-spam package they started in version 3.7.XX
> of Ensim Pro is supposed to be self-contained and function
> as I outlined.  If something else, like Sendmail, is calling
> it up and causing those files to be written per-user, there
> has to be a way to disable that.  But we've got no clue here
> on where that would be happening, even tailing & top'ing
> monitoring of the process shows the layout I outlined.
>
>         So once Sendmail hands it off to MS, it falls into
> that flow I laid out.  I'm not as concerned about the fact
> it's writing AWL files into User dirs as I am that I've
> told SA to lay off using that rating and it's still doing
> it.  That would seem to be more within the MS/SA package,
> not Ensim doing something additional, especially without
> it being logged where we can find it?
>
>         MS has been instructed to ignore the AWL, SA has been
> instructed to ignore it, but when SA is run, it's like it's
> picking up some other instruction set that's not configured
> to ignore the AWL?  Any thoughts on where that conf file
> might be or the filename to search the server for to see if
> that's the case?  The prefs file is configured properly, but
> that's in the MS/SA's root dir.  If Ensim deployed additional
> copies of those somehow and they're not getting updated, that
> could be the problem.  But we're clueless on what to look
> for to determine if that's the case.
>
>         Dave
>
>
>
>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
>>Sent: Wednesday, April 27, 2005 11:51 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: AWL problems
>>
>>
>>Dave
>>
>>ah that's the problem then Ensim's calling SA outside of
>>MS.....yes it gives per user control but can give issues.
>>(also will be MS 4.36 I guess as 4.41 is latest beta)
>>
>>The more I hear about ensim the less i like it, and they
>>don't give Julian any 'help' just take the code.
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>
>>Dave Duffner - PSCGi wrote:
>>
>>>Martin,
>>>
>>>        Ensim's whacky modification of the MS/SA package in their
>>>Ensim Pro 4.XX versions (FC 1/2 & RHEL) are not standard by
>>
>>any means.
>>
>>>I've asked 1,000 times for someone to clarify how the mail
>>
>>is passed
>>
>>>through the processes to determine which 'entity' gets what when in
>>>order to fix problems like this and others where it's tagged
>>>strangely.
>>>
>>>        Ensim does use a fully chrooted environment, which I know
>>>drives everyone insane, but may be part of the problem. Not
>>
>>sure what
>>
>>>Chris is using to know if we match or if he has a totally different
>>>setup with the same problem.
>>>
>>>        In my case, I'm told mail is handled as follows:
>>>
>>>        In to MailScanner (currently 4.63 I believe?)
>>>        MS checks it against my internal and externally
>>
>>selected BL's
>>
>>>        If MS tags it as spam, we changed it to read [Spam-MS]
>>>        If it's tagged, depending on the settings it's delivered
>>>                as an attachment or dumped at that point.
>>>        If it passes cleanly, then it's tossed to SpamAssassin
>>>                (currently the 3.02 patch from Ensim version)
>>>        SA then uses my rulesets to determine if it is to be
>>>                checked and not whitelisted (not AWL'ed)
>>>        If pass, then SA performs my ruleset checks for spam
>>>                (RulesdeJour & custom rulesets, etc.)
>>>        If SA finds it as Spam, tags it [SA-Spam] so we know which
>>>                process did what to it.
>>>        If passed or below the threshold, delivered to User.
>>>
>>>        Now, from what little I can gather from Ensim folks
>>
>>& forums,
>>
>>>these processes should be running as 'root'.  One thing that never
>>>surfaced until you mentioned it here was the fact that Ensim (or
>>>something) is writing a .spamassassin dir in each domain
>>
>>and for each
>>
>>>user that holds the Bayes & AWL info along with anything
>>
>>else specific
>>
>>>for that User.
>>>
>>>        Reason here may be that Ensim Pro gives the option to have
>>>spam handling done via the GUI either by just the server alone or
>>>optionally by each User in their GUI.  They get to set the
>>
>>threshold
>>
>>>of spam, personal whitelists, etc. and determine if it should hold
>>>spam or just delete it if it's been tagged by SA.  MS
>>
>>tagging is prior
>>
>>>to SA handling, so any options picked by the User would
>>
>>only apply if
>>
>>>SA got to process the mail in question.  We have User Spam Controls
>>>turned on as a percentage of our Users like the more direct
>>>control and it saves us hassles of 'censorship' if we were
>>>the only party determining what's spam and what's not.
>>>
>>>        Again, I did go in and nail the AWL file for the
>>
>>account I get
>>
>>>MailScanner mail to.  That did stop the AWL rating from appearing
>>>until it had built a file back up.  I can't find a spot to stop SA
>>>from creating that file once I've deleted it, I'm presuming
>>
>>that's my
>>
>>>whole problem there.
>>>
>>>        As a side note, I've also noticed MS skipping some
>>
>>e-mails, we
>>
>>>don't do a volume where that should be happening but I did increase
>>>some settings that seem to have lowered the skip rate to a level we
>>>can deal with.
>>>
>>>        There is an option with this Ensim goofy setup to
>>
>>double-run
>>
>>>SA if you change the MailScanner.conf file, but we have that set to
>>>only use the SA prefs file and all those settings in the
>>
>>MS.conf file
>>
>>>are disabled/commented out, etc. So as far as I can see, the flow
>>>above is what's happening and MS is the lead application in
>>
>>handling
>>
>>>mail to be scanned.
>>>
>>>        Any questions, don't hestitate to fire away!
>>>
>>>        Thanks,
>>>
>>>        Dave
>>>
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: MailScanner mailing list
>>
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>
>>>>Behalf Of Martin Hepworth
>>>>Sent: Wednesday, April 27, 2005 11:14 AM
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: AWL problems
>>>>
>>>>
>>>>Dave
>>>>
>>>>the awl will (should) only get created for the user
>>
>>MailScanner runs
>>
>>>>as.
>>>>
>>>>Are you sure you're running SA from the MTA/procmail etc??
>>>>
>>>>--
>>>>Martin Hepworth
>>>>Snr Systems Administrator
>>>>Solid State Logic
>>>>Tel: +44 (0)1865 842300
>>>>
>>>>
>>>>Dave Duffner - PSCGi wrote:
>>>>
>>>>
>>>>>       See now he's hitting the same wall I am...
>>>>>
>>>>>       Even deleting the AWL's for the individual accounts, MS is
>>>>>still compiling the AWL file.  And that's with all the
>>>>
>>>>config points
>>>>
>>>>
>>>>>possible turned off, MS indicating that autolearn is disabled.
>>>>>
>>>>>       Since deleting the AWL file in the .spamassassin
>>>>
>>>>dir for each
>>>>
>>>>
>>>>>user, it's lowered the point value back down to 0.0 and
>>
>>then starts
>>
>>>>>averaging it back up.  Julian's ratings for his posts here
>>>>
>>>>that I get
>>>>
>>>>
>>>>>stopped AWL rating it, then started with a 0.0 and as I
>>
>>get more of
>>
>>>>>his posts I think we're up to a 0.9 rating.  Once it sees
>>
>>enough of
>>
>>>>>his posts, it'll be back to tagging his mail until I kill that AWL
>>>>>file in that account's dir again.
>>>>>
>>>>>       Chris may not be that far along in the process yet, but it
>>>>>certainly sounds like he's heading in that direction.
>>>>>
>>>>>       So either we've got a weird bug or there's some
>>>>
>>>>setting being
>>>>
>>>>
>>>>>overridden or hidden somewhere so deep that it's
>>
>>triggering the AWL
>>
>>>>>ratings again.  And with a ton of accounts, that's a
>>
>>serious PIA to
>>
>>>>>have to manually delete AWL files on a constant basis to
>>>>
>>>>kill it off.
>>>>
>>>>
>>>>>       I'm open for any suggestions, scripts, cron jobs or
>>>>
>>>>otherwise
>>>>
>>>>
>>>>>to get that fool thing stopped.  In our case we're using an Ensim
>>>>>Hosting OS, so we're stuck with 3.XX of SA as any upgrades that
>>>>>might've fixed this would either foul up Ensim or be
>>
>>overwritten in
>>
>>>>>the next half-a'ed upgrade or patch from Ensim for the OS.
>>>>>
>>>>>    David J. Duffner
>>>>>    President
>>>>>    PSCGi
>>>>>    Paradise Shore Communications Group
>>>>>    www.pscginternet.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: MailScanner mailing list
>>>>
>>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>>>
>>>>
>>>>>>Behalf Of Martin Hepworth
>>>>>>Sent: Wednesday, April 27, 2005 10:49 AM
>>>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>>Subject: Re: AWL problems
>>>>>>
>>>>>>
>>>>>>Chris
>>>>>>
>>>>>>if you're using SA 3.x this doesn't work. You'll need to
>>>>
>>>>turn it off
>>>>
>>>>
>>>>>>in the SA config files.
>>>>>>
>>>>>>--
>>>>>>Martin Hepworth
>>>>>>Snr Systems Administrator
>>>>>>Solid State Logic
>>>>>>Tel: +44 (0)1865 842300
>>>>>>
>>>>>>
>>>>>>Fractal IT Dept. wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Hi everyone,
>>>>>>>
>>>>>>>I'm having a problem with ham becoming spam because it
>>>>
>>>>receives AWL
>>>>
>>>>
>>>>>>>points. I'm not sure why this is happening, because in my
>>>>>>>mailscanner.conf file, I have:
>>>>>>>
>>>>>>>SpamAssassin Auto Whitelist = no
>>>>>>>
>>>>>>>Any thoughts as to what could possibly be causing this?
>>>>>>>
>>>>>>>Thanks,
>>>>>>>Chris
>>>>>
>>>>>
>>>>>
>>>>>I--I
>>>>>Message scanned by MailScanner, and is believed to be clean.
>>>>>CONFIDENTIALITY NOTICE:  This transmission intended for the
>>>>
>>>>specified
>>>>
>>>>
>>>>>destination and person.  If this is not you, this
>>>>>e-mail must be deleted immediately.     www.pscginternet.com
>>>>>
>>>>>------------------------ MailScanner list
>>>>
>>>>------------------------ To
>>>>
>>>>
>>>>>unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
>>>>>mailscanner' in the body of the email. Before posting, read
>>>>
>>>>the Wiki
>>>>
>>>>
>>>>>(http://wiki.mailscanner.info/) and the archives
>>>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>
>>>>>Support MailScanner development - buy the book off the website!
>>>>
>>>>************************************************************
>>
>>**********
>>
>>>>This email and any files transmitted with it are confidential and
>>>>intended solely for the use of the individual or entity to
>>
>>whom they
>>
>>>>are addressed. If you have received this email in error
>>
>>please notify
>>
>>>>the system manager.
>>>>
>>>>This footnote confirms that this email message has been
>>
>>swept for the
>>
>>>>presence of computer viruses and is believed to be clean.
>>>>
>>>>************************************************************
>>
>>**********
>>
>>>>------------------------ MailScanner list
>>>>------------------------ To unsubscribe, email
>>
>>jiscmail at jiscmail.ac.uk
>>
>>>>with the words: 'leave mailscanner' in the body of the
>>
>>email. Before
>>
>>>>posting, read the Wiki
>>>>(http://wiki.mailscanner.info/) and the archives
>>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>>Support MailScanner development - buy the book off the website!
>>>>
>>>>I--I
>>>>Message scanned by MailScanner, and is believed to be clean.
>>>>CONFIDENTIALITY NOTICE:  This transmission intended for the
>>
>>specified
>>
>>>>destination and person.  If this is not you, this
>>>>e-mail must be deleted immediately.     www.pscginternet.com
>>>>
>>>
>>>
>>>
>>>I--I
>>>Message scanned by MailScanner, and is believed to be clean.
>>>CONFIDENTIALITY NOTICE:  This transmission intended for the
>>
>>specified
>>
>>>destination and person.  If this is not you, this
>>>e-mail must be deleted immediately.     www.pscginternet.com
>>>
>>>------------------------ MailScanner list
>>
>>------------------------ To
>>
>>>unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
>>>mailscanner' in the body of the email. Before posting, read
>>
>>the Wiki
>>
>>>(http://wiki.mailscanner.info/) and the archives
>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>
>>**********************************************************************
>>
>>This email and any files transmitted with it are confidential
>>and intended solely for the use of the individual or entity
>>to whom they are addressed. If you have received this email
>>in error please notify the system manager.
>>
>>This footnote confirms that this email message has been swept
>>for the presence of computer viruses and is believed to be clean.
>>
>>**********************************************************************
>>
>>------------------------ MailScanner list
>>------------------------ To unsubscribe, email
>>jiscmail at jiscmail.ac.uk with the words: 'leave mailscanner'
>>in the body of the email. Before posting, read the Wiki
>>(http://wiki.mailscanner.info/) and the archives
>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>I--I
>>Message scanned by MailScanner, and is believed to be clean.
>>CONFIDENTIALITY NOTICE:  This transmission intended for the
>>specified destination and person.  If this is not you, this
>>e-mail must be deleted immediately.     www.pscginternet.com
>>
>
>
>
> I--I
> Message scanned by MailScanner, and is believed to be clean.
> CONFIDENTIALITY NOTICE:  This transmission intended for the
> specified destination and person.  If this is not you, this
> e-mail must be deleted immediately.     www.pscginternet.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
    
    
More information about the MailScanner
mailing list