AWL problems

Stephen Swaney steve.swaney at FSL.COM
Wed Apr 27 17:57:51 IST 2005


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Wayne
> Sent: Wednesday, April 27, 2005 12:47 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: AWL problems
>
> Im using MS as a gateway and Im seeing this too..
> Also don't have another MTA aside from postfix on the server.
> Removed sendmail completely.
>
> Im not using ensim and I just noticed a false positive caused by an AWL
> score driving up the total SA score.
> Checked MailScanner.conf and I have:
> SpamAssassin Auto Whitelist = no
>

As was mentions before in this thread, if you're using SA 3.0x you must set

use_auto_whitelist 0

in your spam.assassin.prefs.conf to actually turn off auto white listng

Steve

Steve Swaney
President
Fortress Systems Ltd.
Phone: 202 338-1670
Cell: 202 352-3262
www.fsl.com
steve.swaney at fsl.com


> Regards,
>  Wayne
>
>
>
> On 27/04/2005 17:18, "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> wrote:
>
> > Of course you could alway build a MS box to act as gateway to the ensim
> > thing and do things in a known way.
> >
> > Should ensim themselves support MS if they are messing with it's
> config...
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> > Dave Duffner - PSCGi wrote:
> >> Martin,
> >>
> >>         Yep, it's put together like TinkerToys and their a
> >> bit apathetic lately about supporting anything in real-time.
> >> Took 2-4 extra months to get the SA 3.02 patch out of them
> >> to bring it up to near-normal.
> >>
> >>         Not sure if they've even worked with Julian on this,
> >> would be the most intelligent way to handle it.  And Ensim,
> >> sadly, is one of the best managed hosting OS'es out there
> >> for everyday use, just a mess behind the scenes.  Plesk is
> >> the next-best option, but you sacrifice certain elements
> >> to get others and we haven't been prepared to go that route
> >> at this point.
> >>
> >>         Now Ensim shouldn't be calling SA outside of MS, the
> >> MS/Sa/ClamAV anti-spam package they started in version 3.7.XX
> >> of Ensim Pro is supposed to be self-contained and function
> >> as I outlined.  If something else, like Sendmail, is calling
> >> it up and causing those files to be written per-user, there
> >> has to be a way to disable that.  But we've got no clue here
> >> on where that would be happening, even tailing & top'ing
> >> monitoring of the process shows the layout I outlined.
> >>
> >>         So once Sendmail hands it off to MS, it falls into
> >> that flow I laid out.  I'm not as concerned about the fact
> >> it's writing AWL files into User dirs as I am that I've
> >> told SA to lay off using that rating and it's still doing
> >> it.  That would seem to be more within the MS/SA package,
> >> not Ensim doing something additional, especially without
> >> it being logged where we can find it?
> >>
> >>         MS has been instructed to ignore the AWL, SA has been
> >> instructed to ignore it, but when SA is run, it's like it's
> >> picking up some other instruction set that's not configured
> >> to ignore the AWL?  Any thoughts on where that conf file
> >> might be or the filename to search the server for to see if
> >> that's the case?  The prefs file is configured properly, but
> >> that's in the MS/SA's root dir.  If Ensim deployed additional
> >> copies of those somehow and they're not getting updated, that
> >> could be the problem.  But we're clueless on what to look
> >> for to determine if that's the case.
> >>
> >>         Dave
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: MailScanner mailing list
> >>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
> >>> Sent: Wednesday, April 27, 2005 11:51 AM
> >>> To: MAILSCANNER at JISCMAIL.AC.UK
> >>> Subject: Re: AWL problems
> >>>
> >>>
> >>> Dave
> >>>
> >>> ah that's the problem then Ensim's calling SA outside of
> >>> MS.....yes it gives per user control but can give issues.
> >>> (also will be MS 4.36 I guess as 4.41 is latest beta)
> >>>
> >>> The more I hear about ensim the less i like it, and they
> >>> don't give Julian any 'help' just take the code.
> >>>
> >>> --
> >>> Martin Hepworth
> >>> Snr Systems Administrator
> >>> Solid State Logic
> >>> Tel: +44 (0)1865 842300
> >>>
> >>>
> >>> Dave Duffner - PSCGi wrote:
> >>>
> >>>> Martin,
> >>>>
> >>>>        Ensim's whacky modification of the MS/SA package in their
> >>>> Ensim Pro 4.XX versions (FC 1/2 & RHEL) are not standard by
> >>>
> >>> any means.
> >>>
> >>>> I've asked 1,000 times for someone to clarify how the mail
> >>>
> >>> is passed
> >>>
> >>>> through the processes to determine which 'entity' gets what when in
> >>>> order to fix problems like this and others where it's tagged
> >>>> strangely.
> >>>>
> >>>>        Ensim does use a fully chrooted environment, which I know
> >>>> drives everyone insane, but may be part of the problem. Not
> >>>
> >>> sure what
> >>>
> >>>> Chris is using to know if we match or if he has a totally different
> >>>> setup with the same problem.
> >>>>
> >>>>        In my case, I'm told mail is handled as follows:
> >>>>
> >>>>        In to MailScanner (currently 4.63 I believe?)
> >>>>        MS checks it against my internal and externally
> >>>
> >>> selected BL's
> >>>
> >>>>        If MS tags it as spam, we changed it to read [Spam-MS]
> >>>>        If it's tagged, depending on the settings it's delivered
> >>>>                as an attachment or dumped at that point.
> >>>>        If it passes cleanly, then it's tossed to SpamAssassin
> >>>>                (currently the 3.02 patch from Ensim version)
> >>>>        SA then uses my rulesets to determine if it is to be
> >>>>                checked and not whitelisted (not AWL'ed)
> >>>>        If pass, then SA performs my ruleset checks for spam
> >>>>                (RulesdeJour & custom rulesets, etc.)
> >>>>        If SA finds it as Spam, tags it [SA-Spam] so we know which
> >>>>                process did what to it.
> >>>>        If passed or below the threshold, delivered to User.
> >>>>
> >>>>        Now, from what little I can gather from Ensim folks
> >>>
> >>> & forums,
> >>>
> >>>> these processes should be running as 'root'.  One thing that never
> >>>> surfaced until you mentioned it here was the fact that Ensim (or
> >>>> something) is writing a .spamassassin dir in each domain
> >>>
> >>> and for each
> >>>
> >>>> user that holds the Bayes & AWL info along with anything
> >>>
> >>> else specific
> >>>
> >>>> for that User.
> >>>>
> >>>>        Reason here may be that Ensim Pro gives the option to have
> >>>> spam handling done via the GUI either by just the server alone or
> >>>> optionally by each User in their GUI.  They get to set the
> >>>
> >>> threshold
> >>>
> >>>> of spam, personal whitelists, etc. and determine if it should hold
> >>>> spam or just delete it if it's been tagged by SA.  MS
> >>>
> >>> tagging is prior
> >>>
> >>>> to SA handling, so any options picked by the User would
> >>>
> >>> only apply if
> >>>
> >>>> SA got to process the mail in question.  We have User Spam Controls
> >>>> turned on as a percentage of our Users like the more direct
> >>>> control and it saves us hassles of 'censorship' if we were
> >>>> the only party determining what's spam and what's not.
> >>>>
> >>>>        Again, I did go in and nail the AWL file for the
> >>>
> >>> account I get
> >>>
> >>>> MailScanner mail to.  That did stop the AWL rating from appearing
> >>>> until it had built a file back up.  I can't find a spot to stop SA
> >>>> from creating that file once I've deleted it, I'm presuming
> >>>
> >>> that's my
> >>>
> >>>> whole problem there.
> >>>>
> >>>>        As a side note, I've also noticed MS skipping some
> >>>
> >>> e-mails, we
> >>>
> >>>> don't do a volume where that should be happening but I did increase
> >>>> some settings that seem to have lowered the skip rate to a level we
> >>>> can deal with.
> >>>>
> >>>>        There is an option with this Ensim goofy setup to
> >>>
> >>> double-run
> >>>
> >>>> SA if you change the MailScanner.conf file, but we have that set to
> >>>> only use the SA prefs file and all those settings in the
> >>>
> >>> MS.conf file
> >>>
> >>>> are disabled/commented out, etc. So as far as I can see, the flow
> >>>> above is what's happening and MS is the lead application in
> >>>
> >>> handling
> >>>
> >>>> mail to be scanned.
> >>>>
> >>>>        Any questions, don't hestitate to fire away!
> >>>>
> >>>>        Thanks,
> >>>>
> >>>>        Dave
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: MailScanner mailing list
> >>>
> >>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> >>>
> >>>>> Behalf Of Martin Hepworth
> >>>>> Sent: Wednesday, April 27, 2005 11:14 AM
> >>>>> To: MAILSCANNER at JISCMAIL.AC.UK
> >>>>> Subject: Re: AWL problems
> >>>>>
> >>>>>
> >>>>> Dave
> >>>>>
> >>>>> the awl will (should) only get created for the user
> >>>
> >>> MailScanner runs
> >>>
> >>>>> as.
> >>>>>
> >>>>> Are you sure you're running SA from the MTA/procmail etc??
> >>>>>
> >>>>> --
> >>>>> Martin Hepworth
> >>>>> Snr Systems Administrator
> >>>>> Solid State Logic
> >>>>> Tel: +44 (0)1865 842300
> >>>>>
> >>>>>
> >>>>> Dave Duffner - PSCGi wrote:
> >>>>>
> >>>>>
> >>>>>>       See now he's hitting the same wall I am...
> >>>>>>
> >>>>>>       Even deleting the AWL's for the individual accounts, MS is
> >>>>>> still compiling the AWL file.  And that's with all the
> >>>>>
> >>>>> config points
> >>>>>
> >>>>>
> >>>>>> possible turned off, MS indicating that autolearn is disabled.
> >>>>>>
> >>>>>>       Since deleting the AWL file in the .spamassassin
> >>>>>
> >>>>> dir for each
> >>>>>
> >>>>>
> >>>>>> user, it's lowered the point value back down to 0.0 and
> >>>
> >>> then starts
> >>>
> >>>>>> averaging it back up.  Julian's ratings for his posts here
> >>>>>
> >>>>> that I get
> >>>>>
> >>>>>
> >>>>>> stopped AWL rating it, then started with a 0.0 and as I
> >>>
> >>> get more of
> >>>
> >>>>>> his posts I think we're up to a 0.9 rating.  Once it sees
> >>>
> >>> enough of
> >>>
> >>>>>> his posts, it'll be back to tagging his mail until I kill that AWL
> >>>>>> file in that account's dir again.
> >>>>>>
> >>>>>>       Chris may not be that far along in the process yet, but it
> >>>>>> certainly sounds like he's heading in that direction.
> >>>>>>
> >>>>>>       So either we've got a weird bug or there's some
> >>>>>
> >>>>> setting being
> >>>>>
> >>>>>
> >>>>>> overridden or hidden somewhere so deep that it's
> >>>
> >>> triggering the AWL
> >>>
> >>>>>> ratings again.  And with a ton of accounts, that's a
> >>>
> >>> serious PIA to
> >>>
> >>>>>> have to manually delete AWL files on a constant basis to
> >>>>>
> >>>>> kill it off.
> >>>>>
> >>>>>
> >>>>>>       I'm open for any suggestions, scripts, cron jobs or
> >>>>>
> >>>>> otherwise
> >>>>>
> >>>>>
> >>>>>> to get that fool thing stopped.  In our case we're using an Ensim
> >>>>>> Hosting OS, so we're stuck with 3.XX of SA as any upgrades that
> >>>>>> might've fixed this would either foul up Ensim or be
> >>>
> >>> overwritten in
> >>>
> >>>>>> the next half-a'ed upgrade or patch from Ensim for the OS.
> >>>>>>
> >>>>>>    David J. Duffner
> >>>>>>    President
> >>>>>>    PSCGi
> >>>>>>    Paradise Shore Communications Group
> >>>>>>    www.pscginternet.com
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: MailScanner mailing list
> >>>>>
> >>>>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> >>>>>
> >>>>>
> >>>>>>> Behalf Of Martin Hepworth
> >>>>>>> Sent: Wednesday, April 27, 2005 10:49 AM
> >>>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
> >>>>>>> Subject: Re: AWL problems
> >>>>>>>
> >>>>>>>
> >>>>>>> Chris
> >>>>>>>
> >>>>>>> if you're using SA 3.x this doesn't work. You'll need to
> >>>>>
> >>>>> turn it off
> >>>>>
> >>>>>
> >>>>>>> in the SA config files.
> >>>>>>>
> >>>>>>> --
> >>>>>>> Martin Hepworth
> >>>>>>> Snr Systems Administrator
> >>>>>>> Solid State Logic
> >>>>>>> Tel: +44 (0)1865 842300
> >>>>>>>
> >>>>>>>
> >>>>>>> Fractal IT Dept. wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> Hi everyone,
> >>>>>>>>
> >>>>>>>> I'm having a problem with ham becoming spam because it
> >>>>>
> >>>>> receives AWL
> >>>>>
> >>>>>
> >>>>>>>> points. I'm not sure why this is happening, because in my
> >>>>>>>> mailscanner.conf file, I have:
> >>>>>>>>
> >>>>>>>> SpamAssassin Auto Whitelist = no
> >>>>>>>>
> >>>>>>>> Any thoughts as to what could possibly be causing this?
> >>>>>>>>
> >>>>>>>> Thanks,
> >>>>>>>> Chris
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> I--I
> >>>>>> Message scanned by MailScanner, and is believed to be clean.
> >>>>>> CONFIDENTIALITY NOTICE:  This transmission intended for the
> >>>>>
> >>>>> specified
> >>>>>
> >>>>>
> >>>>>> destination and person.  If this is not you, this
> >>>>>> e-mail must be deleted immediately.     www.pscginternet.com
> >>>>>>
> >>>>>> ------------------------ MailScanner list
> >>>>>
> >>>>> ------------------------ To
> >>>>>
> >>>>>
> >>>>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
> >>>>>> mailscanner' in the body of the email. Before posting, read
> >>>>>
> >>>>> the Wiki
> >>>>>
> >>>>>
> >>>>>> (http://wiki.mailscanner.info/) and the archives
> >>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>>>>
> >>>>>> Support MailScanner development - buy the book off the website!
> >>>>>
> >>>>> ************************************************************
> >>>
> >>> **********
> >>>
> >>>>> This email and any files transmitted with it are confidential and
> >>>>> intended solely for the use of the individual or entity to
> >>>
> >>> whom they
> >>>
> >>>>> are addressed. If you have received this email in error
> >>>
> >>> please notify
> >>>
> >>>>> the system manager.
> >>>>>
> >>>>> This footnote confirms that this email message has been
> >>>
> >>> swept for the
> >>>
> >>>>> presence of computer viruses and is believed to be clean.
> >>>>>
> >>>>> ************************************************************
> >>>
> >>> **********
> >>>
> >>>>> ------------------------ MailScanner list
> >>>>> ------------------------ To unsubscribe, email
> >>>
> >>> jiscmail at jiscmail.ac.uk
> >>>
> >>>>> with the words: 'leave mailscanner' in the body of the
> >>>
> >>> email. Before
> >>>
> >>>>> posting, read the Wiki
> >>>>> (http://wiki.mailscanner.info/) and the archives
> >>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>>>
> >>>>> Support MailScanner development - buy the book off the website!
> >>>>>
> >>>>> I--I
> >>>>> Message scanned by MailScanner, and is believed to be clean.
> >>>>> CONFIDENTIALITY NOTICE:  This transmission intended for the
> >>>
> >>> specified
> >>>
> >>>>> destination and person.  If this is not you, this
> >>>>> e-mail must be deleted immediately.     www.pscginternet.com
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> I--I
> >>>> Message scanned by MailScanner, and is believed to be clean.
> >>>> CONFIDENTIALITY NOTICE:  This transmission intended for the
> >>>
> >>> specified
> >>>
> >>>> destination and person.  If this is not you, this
> >>>> e-mail must be deleted immediately.     www.pscginternet.com
> >>>>
> >>>> ------------------------ MailScanner list
> >>>
> >>> ------------------------ To
> >>>
> >>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
> >>>> mailscanner' in the body of the email. Before posting, read
> >>>
> >>> the Wiki
> >>>
> >>>> (http://wiki.mailscanner.info/) and the archives
> >>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>>
> >>>> Support MailScanner development - buy the book off the website!
> >>>
> >>> **********************************************************************
> >>>
> >>> This email and any files transmitted with it are confidential
> >>> and intended solely for the use of the individual or entity
> >>> to whom they are addressed. If you have received this email
> >>> in error please notify the system manager.
> >>>
> >>> This footnote confirms that this email message has been swept
> >>> for the presence of computer viruses and is believed to be clean.
> >>>
> >>> **********************************************************************
> >>>
> >>> ------------------------ MailScanner list
> >>> ------------------------ To unsubscribe, email
> >>> jiscmail at jiscmail.ac.uk with the words: 'leave mailscanner'
> >>> in the body of the email. Before posting, read the Wiki
> >>> (http://wiki.mailscanner.info/) and the archives
> >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>
> >>> Support MailScanner development - buy the book off the website!
> >>>
> >>> I--I
> >>> Message scanned by MailScanner, and is believed to be clean.
> >>> CONFIDENTIALITY NOTICE:  This transmission intended for the
> >>> specified destination and person.  If this is not you, this
> >>> e-mail must be deleted immediately.     www.pscginternet.com
> >>>
> >>
> >>
> >>
> >> I--I
> >> Message scanned by MailScanner, and is believed to be clean.
> >> CONFIDENTIALITY NOTICE:  This transmission intended for the
> >> specified destination and person.  If this is not you, this
> >> e-mail must be deleted immediately.     www.pscginternet.com
> >>
> >> ------------------------ MailScanner list ------------------------
> >> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the website!
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> > --
> > ** Email Scanned by Elive's Virus Scanning Service -
> > http://www.elive.net **
> >
> >
> >
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list