AWL problems
Wayne
wayne at NIGHTSOL.NET
Wed Apr 27 17:46:57 IST 2005
Im using MS as a gateway and Im seeing this too..
Also don't have another MTA aside from postfix on the server.
Removed sendmail completely.
Im not using ensim and I just noticed a false positive caused by an AWL
score driving up the total SA score.
Checked MailScanner.conf and I have:
SpamAssassin Auto Whitelist = no
Regards,
Wayne
On 27/04/2005 17:18, "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
wrote:
> Of course you could alway build a MS box to act as gateway to the ensim
> thing and do things in a known way.
>
> Should ensim themselves support MS if they are messing with it's config...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Dave Duffner - PSCGi wrote:
>> Martin,
>>
>> Yep, it's put together like TinkerToys and their a
>> bit apathetic lately about supporting anything in real-time.
>> Took 2-4 extra months to get the SA 3.02 patch out of them
>> to bring it up to near-normal.
>>
>> Not sure if they've even worked with Julian on this,
>> would be the most intelligent way to handle it. And Ensim,
>> sadly, is one of the best managed hosting OS'es out there
>> for everyday use, just a mess behind the scenes. Plesk is
>> the next-best option, but you sacrifice certain elements
>> to get others and we haven't been prepared to go that route
>> at this point.
>>
>> Now Ensim shouldn't be calling SA outside of MS, the
>> MS/Sa/ClamAV anti-spam package they started in version 3.7.XX
>> of Ensim Pro is supposed to be self-contained and function
>> as I outlined. If something else, like Sendmail, is calling
>> it up and causing those files to be written per-user, there
>> has to be a way to disable that. But we've got no clue here
>> on where that would be happening, even tailing & top'ing
>> monitoring of the process shows the layout I outlined.
>>
>> So once Sendmail hands it off to MS, it falls into
>> that flow I laid out. I'm not as concerned about the fact
>> it's writing AWL files into User dirs as I am that I've
>> told SA to lay off using that rating and it's still doing
>> it. That would seem to be more within the MS/SA package,
>> not Ensim doing something additional, especially without
>> it being logged where we can find it?
>>
>> MS has been instructed to ignore the AWL, SA has been
>> instructed to ignore it, but when SA is run, it's like it's
>> picking up some other instruction set that's not configured
>> to ignore the AWL? Any thoughts on where that conf file
>> might be or the filename to search the server for to see if
>> that's the case? The prefs file is configured properly, but
>> that's in the MS/SA's root dir. If Ensim deployed additional
>> copies of those somehow and they're not getting updated, that
>> could be the problem. But we're clueless on what to look
>> for to determine if that's the case.
>>
>> Dave
>>
>>
>>
>>> -----Original Message-----
>>> From: MailScanner mailing list
>>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
>>> Sent: Wednesday, April 27, 2005 11:51 AM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: AWL problems
>>>
>>>
>>> Dave
>>>
>>> ah that's the problem then Ensim's calling SA outside of
>>> MS.....yes it gives per user control but can give issues.
>>> (also will be MS 4.36 I guess as 4.41 is latest beta)
>>>
>>> The more I hear about ensim the less i like it, and they
>>> don't give Julian any 'help' just take the code.
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> Dave Duffner - PSCGi wrote:
>>>
>>>> Martin,
>>>>
>>>> Ensim's whacky modification of the MS/SA package in their
>>>> Ensim Pro 4.XX versions (FC 1/2 & RHEL) are not standard by
>>>
>>> any means.
>>>
>>>> I've asked 1,000 times for someone to clarify how the mail
>>>
>>> is passed
>>>
>>>> through the processes to determine which 'entity' gets what when in
>>>> order to fix problems like this and others where it's tagged
>>>> strangely.
>>>>
>>>> Ensim does use a fully chrooted environment, which I know
>>>> drives everyone insane, but may be part of the problem. Not
>>>
>>> sure what
>>>
>>>> Chris is using to know if we match or if he has a totally different
>>>> setup with the same problem.
>>>>
>>>> In my case, I'm told mail is handled as follows:
>>>>
>>>> In to MailScanner (currently 4.63 I believe?)
>>>> MS checks it against my internal and externally
>>>
>>> selected BL's
>>>
>>>> If MS tags it as spam, we changed it to read [Spam-MS]
>>>> If it's tagged, depending on the settings it's delivered
>>>> as an attachment or dumped at that point.
>>>> If it passes cleanly, then it's tossed to SpamAssassin
>>>> (currently the 3.02 patch from Ensim version)
>>>> SA then uses my rulesets to determine if it is to be
>>>> checked and not whitelisted (not AWL'ed)
>>>> If pass, then SA performs my ruleset checks for spam
>>>> (RulesdeJour & custom rulesets, etc.)
>>>> If SA finds it as Spam, tags it [SA-Spam] so we know which
>>>> process did what to it.
>>>> If passed or below the threshold, delivered to User.
>>>>
>>>> Now, from what little I can gather from Ensim folks
>>>
>>> & forums,
>>>
>>>> these processes should be running as 'root'. One thing that never
>>>> surfaced until you mentioned it here was the fact that Ensim (or
>>>> something) is writing a .spamassassin dir in each domain
>>>
>>> and for each
>>>
>>>> user that holds the Bayes & AWL info along with anything
>>>
>>> else specific
>>>
>>>> for that User.
>>>>
>>>> Reason here may be that Ensim Pro gives the option to have
>>>> spam handling done via the GUI either by just the server alone or
>>>> optionally by each User in their GUI. They get to set the
>>>
>>> threshold
>>>
>>>> of spam, personal whitelists, etc. and determine if it should hold
>>>> spam or just delete it if it's been tagged by SA. MS
>>>
>>> tagging is prior
>>>
>>>> to SA handling, so any options picked by the User would
>>>
>>> only apply if
>>>
>>>> SA got to process the mail in question. We have User Spam Controls
>>>> turned on as a percentage of our Users like the more direct
>>>> control and it saves us hassles of 'censorship' if we were
>>>> the only party determining what's spam and what's not.
>>>>
>>>> Again, I did go in and nail the AWL file for the
>>>
>>> account I get
>>>
>>>> MailScanner mail to. That did stop the AWL rating from appearing
>>>> until it had built a file back up. I can't find a spot to stop SA
>>>> from creating that file once I've deleted it, I'm presuming
>>>
>>> that's my
>>>
>>>> whole problem there.
>>>>
>>>> As a side note, I've also noticed MS skipping some
>>>
>>> e-mails, we
>>>
>>>> don't do a volume where that should be happening but I did increase
>>>> some settings that seem to have lowered the skip rate to a level we
>>>> can deal with.
>>>>
>>>> There is an option with this Ensim goofy setup to
>>>
>>> double-run
>>>
>>>> SA if you change the MailScanner.conf file, but we have that set to
>>>> only use the SA prefs file and all those settings in the
>>>
>>> MS.conf file
>>>
>>>> are disabled/commented out, etc. So as far as I can see, the flow
>>>> above is what's happening and MS is the lead application in
>>>
>>> handling
>>>
>>>> mail to be scanned.
>>>>
>>>> Any questions, don't hestitate to fire away!
>>>>
>>>> Thanks,
>>>>
>>>> Dave
>>>>
>>>>
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: MailScanner mailing list
>>>
>>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>>
>>>>> Behalf Of Martin Hepworth
>>>>> Sent: Wednesday, April 27, 2005 11:14 AM
>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>>> Subject: Re: AWL problems
>>>>>
>>>>>
>>>>> Dave
>>>>>
>>>>> the awl will (should) only get created for the user
>>>
>>> MailScanner runs
>>>
>>>>> as.
>>>>>
>>>>> Are you sure you're running SA from the MTA/procmail etc??
>>>>>
>>>>> --
>>>>> Martin Hepworth
>>>>> Snr Systems Administrator
>>>>> Solid State Logic
>>>>> Tel: +44 (0)1865 842300
>>>>>
>>>>>
>>>>> Dave Duffner - PSCGi wrote:
>>>>>
>>>>>
>>>>>> See now he's hitting the same wall I am...
>>>>>>
>>>>>> Even deleting the AWL's for the individual accounts, MS is
>>>>>> still compiling the AWL file. And that's with all the
>>>>>
>>>>> config points
>>>>>
>>>>>
>>>>>> possible turned off, MS indicating that autolearn is disabled.
>>>>>>
>>>>>> Since deleting the AWL file in the .spamassassin
>>>>>
>>>>> dir for each
>>>>>
>>>>>
>>>>>> user, it's lowered the point value back down to 0.0 and
>>>
>>> then starts
>>>
>>>>>> averaging it back up. Julian's ratings for his posts here
>>>>>
>>>>> that I get
>>>>>
>>>>>
>>>>>> stopped AWL rating it, then started with a 0.0 and as I
>>>
>>> get more of
>>>
>>>>>> his posts I think we're up to a 0.9 rating. Once it sees
>>>
>>> enough of
>>>
>>>>>> his posts, it'll be back to tagging his mail until I kill that AWL
>>>>>> file in that account's dir again.
>>>>>>
>>>>>> Chris may not be that far along in the process yet, but it
>>>>>> certainly sounds like he's heading in that direction.
>>>>>>
>>>>>> So either we've got a weird bug or there's some
>>>>>
>>>>> setting being
>>>>>
>>>>>
>>>>>> overridden or hidden somewhere so deep that it's
>>>
>>> triggering the AWL
>>>
>>>>>> ratings again. And with a ton of accounts, that's a
>>>
>>> serious PIA to
>>>
>>>>>> have to manually delete AWL files on a constant basis to
>>>>>
>>>>> kill it off.
>>>>>
>>>>>
>>>>>> I'm open for any suggestions, scripts, cron jobs or
>>>>>
>>>>> otherwise
>>>>>
>>>>>
>>>>>> to get that fool thing stopped. In our case we're using an Ensim
>>>>>> Hosting OS, so we're stuck with 3.XX of SA as any upgrades that
>>>>>> might've fixed this would either foul up Ensim or be
>>>
>>> overwritten in
>>>
>>>>>> the next half-a'ed upgrade or patch from Ensim for the OS.
>>>>>>
>>>>>> David J. Duffner
>>>>>> President
>>>>>> PSCGi
>>>>>> Paradise Shore Communications Group
>>>>>> www.pscginternet.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: MailScanner mailing list
>>>>>
>>>>> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>>>>
>>>>>
>>>>>>> Behalf Of Martin Hepworth
>>>>>>> Sent: Wednesday, April 27, 2005 10:49 AM
>>>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>>> Subject: Re: AWL problems
>>>>>>>
>>>>>>>
>>>>>>> Chris
>>>>>>>
>>>>>>> if you're using SA 3.x this doesn't work. You'll need to
>>>>>
>>>>> turn it off
>>>>>
>>>>>
>>>>>>> in the SA config files.
>>>>>>>
>>>>>>> --
>>>>>>> Martin Hepworth
>>>>>>> Snr Systems Administrator
>>>>>>> Solid State Logic
>>>>>>> Tel: +44 (0)1865 842300
>>>>>>>
>>>>>>>
>>>>>>> Fractal IT Dept. wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Hi everyone,
>>>>>>>>
>>>>>>>> I'm having a problem with ham becoming spam because it
>>>>>
>>>>> receives AWL
>>>>>
>>>>>
>>>>>>>> points. I'm not sure why this is happening, because in my
>>>>>>>> mailscanner.conf file, I have:
>>>>>>>>
>>>>>>>> SpamAssassin Auto Whitelist = no
>>>>>>>>
>>>>>>>> Any thoughts as to what could possibly be causing this?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Chris
>>>>>>
>>>>>>
>>>>>>
>>>>>> I--I
>>>>>> Message scanned by MailScanner, and is believed to be clean.
>>>>>> CONFIDENTIALITY NOTICE: This transmission intended for the
>>>>>
>>>>> specified
>>>>>
>>>>>
>>>>>> destination and person. If this is not you, this
>>>>>> e-mail must be deleted immediately. www.pscginternet.com
>>>>>>
>>>>>> ------------------------ MailScanner list
>>>>>
>>>>> ------------------------ To
>>>>>
>>>>>
>>>>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
>>>>>> mailscanner' in the body of the email. Before posting, read
>>>>>
>>>>> the Wiki
>>>>>
>>>>>
>>>>>> (http://wiki.mailscanner.info/) and the archives
>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>> ************************************************************
>>>
>>> **********
>>>
>>>>> This email and any files transmitted with it are confidential and
>>>>> intended solely for the use of the individual or entity to
>>>
>>> whom they
>>>
>>>>> are addressed. If you have received this email in error
>>>
>>> please notify
>>>
>>>>> the system manager.
>>>>>
>>>>> This footnote confirms that this email message has been
>>>
>>> swept for the
>>>
>>>>> presence of computer viruses and is believed to be clean.
>>>>>
>>>>> ************************************************************
>>>
>>> **********
>>>
>>>>> ------------------------ MailScanner list
>>>>> ------------------------ To unsubscribe, email
>>>
>>> jiscmail at jiscmail.ac.uk
>>>
>>>>> with the words: 'leave mailscanner' in the body of the
>>>
>>> email. Before
>>>
>>>>> posting, read the Wiki
>>>>> (http://wiki.mailscanner.info/) and the archives
>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>> I--I
>>>>> Message scanned by MailScanner, and is believed to be clean.
>>>>> CONFIDENTIALITY NOTICE: This transmission intended for the
>>>
>>> specified
>>>
>>>>> destination and person. If this is not you, this
>>>>> e-mail must be deleted immediately. www.pscginternet.com
>>>>>
>>>>
>>>>
>>>>
>>>> I--I
>>>> Message scanned by MailScanner, and is believed to be clean.
>>>> CONFIDENTIALITY NOTICE: This transmission intended for the
>>>
>>> specified
>>>
>>>> destination and person. If this is not you, this
>>>> e-mail must be deleted immediately. www.pscginternet.com
>>>>
>>>> ------------------------ MailScanner list
>>>
>>> ------------------------ To
>>>
>>>> unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
>>>> mailscanner' in the body of the email. Before posting, read
>>>
>>> the Wiki
>>>
>>>> (http://wiki.mailscanner.info/) and the archives
>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>
>>> **********************************************************************
>>>
>>> This email and any files transmitted with it are confidential
>>> and intended solely for the use of the individual or entity
>>> to whom they are addressed. If you have received this email
>>> in error please notify the system manager.
>>>
>>> This footnote confirms that this email message has been swept
>>> for the presence of computer viruses and is believed to be clean.
>>>
>>> **********************************************************************
>>>
>>> ------------------------ MailScanner list
>>> ------------------------ To unsubscribe, email
>>> jiscmail at jiscmail.ac.uk with the words: 'leave mailscanner'
>>> in the body of the email. Before posting, read the Wiki
>>> (http://wiki.mailscanner.info/) and the archives
>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> I--I
>>> Message scanned by MailScanner, and is believed to be clean.
>>> CONFIDENTIALITY NOTICE: This transmission intended for the
>>> specified destination and person. If this is not you, this
>>> e-mail must be deleted immediately. www.pscginternet.com
>>>
>>
>>
>>
>> I--I
>> Message scanned by MailScanner, and is believed to be clean.
>> CONFIDENTIALITY NOTICE: This transmission intended for the
>> specified destination and person. If this is not you, this
>> e-mail must be deleted immediately. www.pscginternet.com
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> ** Email Scanned by Elive's Virus Scanning Service -
> http://www.elive.net **
>
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list