Spamassassin Syslog Functionality

Mike Wallace mike at mlrw.com
Mon Aug 3 22:17:41 IST 2009


Here are the relevant parameters from my configuration: 


Detailed Spam Report = yes 
Include Scores In SpamAssassin Report = yes 
Always Include SpamAssassin Report = yes 
Spam Actions = forward spam at mlrw.com header "X-mlrw-MailScanner-Spam-Status: Yes" 
High Scoring Spam Actions = forward spam at mlrw.com header "X-mlrw-MailScanner-High-Spam-Status: Yes" (This will change to drop once I feel that I get no High Score False Positives) 
Non Spam Actions = deliver header "X-mlrw-MailScanner-Spam-Status: No" 

Log Spam = yes 

Log Non Spam = yes 


I have a couple of ideas. 


Could I add a custom function to " Spam Actions", " High Scoring Spam Actions" and " Non Spam Actions" to extract the spam score into a spam log file in addition to what they are doing now? 
or 
Could I use "SpamAssassin Rule Actions" to extract the spam score into a spam log file? 
or 
Since I am using postfix, could I have it extract the sa info before it delivers the message? 


I just want to implement the easiest solution with either minimal or preferably no code development on my part. 


Or do you know of anything like sa-stats that can use the output from MailScanner as is? 


Mike 

----- Original Message ----- 
From: "Jules Field" <MailScanner at ecs.soton.ac.uk> 
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info> 
Sent: Monday, August 3, 2009 4:10:11 PM GMT -05:00 US/Canada Eastern 
Subject: Re: Spamassassin Syslog Functionality 

In which case try the 
Spam Actions = attachment 
spam action, or the settings 
Detailed Spam Report = yes 
Always Include SpamAssassin Report = yes 
in MailScanner.conf. Putting in both the "Always" and "Detailed" 
settings will result in you always getting a list of the rules 
triggered, whether it was found to be spam or not. 

On 03/08/2009 20:39, Mike Wallace wrote: 
> Julian I am not looking at what rules are used, I am looking for what 
> rules are triggered. The sa-stats program is found at 
> http://www.rulesemporium.com/programs/sa-stats.txt 
> 
> Here is the a Sample Output with the type of information I am looking 
> to collect. 
> --------------------- 
> 
> Time Spent Running SA: 1.68 hours 
> Time Spent Processing Spam: 0.29 hours 
> Time Spent Processing Ham: 1.39 hours 
> 
> TOP SPAM RULES FIRED 
> ---------------------------------------------------------------------- 
> RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM 
> ---------------------------------------------------------------------- 
> 1 HTML_MESSAGE 824 77.07 88.13 74.20 
> 2 RAZOR2_CHECK 772 19.61 82.57 3.32 
> 3 RAZOR2_CF_RANGE_51_100 753 18.21 80.53 2.08 
> 4 RAZOR2_CF_RANGE_E8_51_100 713 17.19 76.26 1.91 
> 5 URIBL_BLACK 652 16.03 69.73 2.13 
> 6 MIME_HTML_ONLY 609 29.64 65.13 20.45 
> 
> This type of report is helpful for tuning sa rules. 
> 
> Thanks. 
> 
> Mike 
> 
> ----- Original Message ----- 
> From: "Jules Field" <MailScanner at ecs.soton.ac.uk> 
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info> 
> Sent: Monday, August 3, 2009 2:30:36 PM GMT -05:00 US/Canada Eastern 
> Subject: Re: Spamassassin Syslog Functionality 
> 
> You can find out what SA rules are being used by doing a "MailScanner 
> --debug --debug-sa". 
> That will print the list of rules files it uses. They are the same for 
> every message. 
> 
> On 03/08/2009 19:00, Mike Wallace wrote: 
> > The reason I ask is that I want to run sa-stats to figure out what sa 
> > rules are being used. 
> > 
> > I'm not a Perl expert so I would prefer to not have to modify it to 
> > handle MailScanner's "Log Spam = yes" details in maillog. 
> > 
> > Or, is there an equivalent tool that will use the existing format? 
> > 
> > Thanks. 
> > 
> > Mike 
> > 
> > 
> > On Jul 31, 2009, at 3:54 PM, Mike Wallace wrote: 
> > 
> >> Is there anyway to have MailScanner generate Spamassassin syslog 
> output? 
> >> 
> >> I tried using the "Log Spam" setting in MailScanner but it logs to 
> >> maillog and not a separate log file that the Spamassassin log tools 
> use. 
> >> 
> >> Thanks. 
> >> 
> >> -- 
> >> MailScanner mailing list 
> >> mailscanner at lists.mailscanner.info 
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner 
> >> 
> >> Before posting, read http://wiki.mailscanner.info/posting 
> >> 
> >> Support MailScanner development - buy the book off the website! 
> >> This message has been scanned for viruses and dangerous content by 
> >> MailScanner, and is believed to be clean. 
> >> 
> > 
> 
> Jules 
> 
> -- 
> Julian Field MEng CITP CEng 
> www.MailScanner.info 
> Buy the MailScanner book at www.MailScanner.info/store 
> 
> Need help customising MailScanner? 
> Contact me! 
> Need help fixing or optimising your systems? 
> Contact me! 
> Need help getting you started solving new requirements from your boss? 
> Contact me! 
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner 
> 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean. 
> 
> -- 
> MailScanner mailing list 
> mailscanner at lists.mailscanner.info 
> http://lists.mailscanner.info/mailman/listinfo/mailscanner 
> 
> Before posting, read http://wiki.mailscanner.info/posting 
> 
> Support MailScanner development - buy the book off the website! 
> 
> 
> This message has been scanned for viruses and dangerous content by 
> MailScanner, and is believed to be clean. 
> 

Jules 

-- 
Julian Field MEng CITP CEng 
www.MailScanner.info 
Buy the MailScanner book at www.MailScanner.info/store 

Need help customising MailScanner? 
Contact me! 
Need help fixing or optimising your systems? 
Contact me! 
Need help getting you started solving new requirements from your boss? 
Contact me! 

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 
Follow me at twitter.com/JulesFM and twitter.com/MailScanner 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

-- 
MailScanner mailing list 
mailscanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 


This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090803/eefc5056/attachment-0001.html


More information about the MailScanner mailing list