[Eisfair_dev] antispam v1.9.1 stable für eisfair-1/2

Mo Mär 26 18:37:27 CEST 2012

Hallo Jürgen!

Am 26.03.2012 03:56, schrieb Juergen Edner:
> Im Interesse einer guten Erkennungsrate empfehle
> ich den Parameter zu aktivieren.

Liebend gerne!

> Du kannst dann über das Menü manuell
> Aktualisierungen anstoßen und schauen was dabei herauskommt.

Hmm, da stimmt irgendetwas nicht.

Ich habe antispam bezüglich der Updates wie folgt konfiguriert:

- - - - - - - - - -

ANTISPAM_RULE_UPDATE='yes'            # update rules: yes or no

ANTISPAM_RULE_CHANNEL_N='8'           # number of channels to update
ANTISPAM_RULE_CHANNEL_1_ACTIVE='yes'  # 1. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_1_NAME='updates.spamassassin.org'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_2_ACTIVE='yes'  # 2. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_2_NAME='khop-bl.sa.khopesh.com'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_3_ACTIVE='yes'  # 3. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_3_NAME='khop-blessed.sa.khopesh.com'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_4_ACTIVE='yes'  # 4. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_4_NAME='khop-dynamic.sa.khopesh.com'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_5_ACTIVE='yes'  # 5. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_5_NAME='khop-general.sa.khopesh.com'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_6_ACTIVE='yes'  # 6. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_6_NAME='khop-sc-neighbors.sa.khopesh.com'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_7_ACTIVE='yes'  # 7. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_7_NAME='sought.rules.yerp.org'
                                       #    channel name
ANTISPAM_RULE_CHANNEL_8_ACTIVE='yes'  # 8. activate channel: yes or no
ANTISPAM_RULE_CHANNEL_8_NAME='sa.zmi.at'
                                       #    channel name

ANTISPAM_RULE_KEY_N='4'               # number of gpg keys to download
ANTISPAM_RULE_KEY_1_ACTIVE='yes'      # 1. activate gpg key: yes or no
ANTISPAM_RULE_KEY_1_URL='http://spamassassin.apache.org/updates/GPG.KEY'
                                       #    gpg key url
ANTISPAM_RULE_KEY_1_ID='5244EC45'     #    gpg key id
ANTISPAM_RULE_KEY_2_ACTIVE='yes'      # 2. activate gpg key: yes or no
ANTISPAM_RULE_KEY_2_URL='http://yerp.org/rules/GPG.KEY'
                                       #    gpg key url
ANTISPAM_RULE_KEY_2_ID='6C6191E3'     #    gpg key id
ANTISPAM_RULE_KEY_3_ACTIVE='yes'      # 3. activate gpg key: yes or no
ANTISPAM_RULE_KEY_3_URL='http://khopesh.com/sa/GPG.KEY'
                                       #    gpg key url
ANTISPAM_RULE_KEY_3_ID='E8B493D6'     #    gpg key id
ANTISPAM_RULE_KEY_4_ACTIVE='yes'      # 4. activate gpg key: yes or no
ANTISPAM_RULE_KEY_4_URL='https://sa.zmi.at/sa-update-german/GPG.KEY'
                                       #    gpg key url
ANTISPAM_RULE_KEY_4_ID='40F74481'     #    gpg key id

ANTISPAM_RULE_CRON_SCHEDULE='40 23 * * *'
                                       # cron configuration string

- - - - - - - - - -

Dann habe ich ein Update angestoßen, das ohne Fehlermeldungen durch 
lief. Die diesbezüglichen Log-Meldungen lauten wie folgt:

- - - - - - - - - -

Mar 26 07:18:41 frox spamd[10154]: spamd: server killed by SIGTERM, 
shutting down
Mar 26 07:18:58 frox spamd[1476]: logger: removing stderr method
Mar 26 07:19:23 frox spamd[1478]: rules: meta test FROM_41_FREEMAIL has 
dependency 'NSL_RCVD_FROM_41' with a zero score
Mar 26 07:19:24 frox spamd[1478]: spamd: server started on port 783/tcp 
(running version 3.4.0-r929098)
Mar 26 07:19:24 frox spamd[1478]: spamd: server pid: 1478
Mar 26 07:19:24 frox spamd[1478]: spamd: server successfully spawned 
child process, pid 1636
Mar 26 07:19:24 frox spamd[1478]: spamd: server successfully spawned 
child process, pid 1637
Mar 26 07:19:24 frox spamd[1478]: spamd: server successfully spawned 
child process, pid 1639
Mar 26 07:20:31 frox antispam: rule update: started.
Mar 26 07:21:34 frox antispam: rule update: SA rules have successfully 
been updated.
Mar 26 07:21:50 frox spamd[1478]: spamd: server killed by SIGTERM, 
shutting down
Mar 26 07:21:50 frox antispam: process control has stopped spamd as 
requested!
Mar 26 07:22:04 frox spamd[2652]: logger: removing stderr method
Mar 26 07:22:26 frox spamd[2654]: spamd: server started on port 783/tcp 
(running version 3.4.0-r929098)
Mar 26 07:22:26 frox spamd[2654]: spamd: server pid: 2654
Mar 26 07:22:26 frox spamd[2654]: spamd: server successfully spawned 
child process, pid 2674
Mar 26 07:22:26 frox antispam: process control has restarted spamd!
Mar 26 07:22:26 frox spamd[2654]: spamd: server successfully spawned 
child process, pid 2675
Mar 26 07:22:26 frox spamd[2654]: spamd: server successfully spawned 
child process, pid 2678

- - - - - - - - - -

Nun sieht das aber erneut wie folgt aus, wenn Nachrichten "untersucht" 
werden. Selbst Mails mit Absendern auf der Blacklist gehen einfach glatt 
durch.

- - - - - - - - - -

Mar 26 08:14:06 frox spamd[2674]: spamd: connection from localhost 
[127.0.0.1] at port 55859
Mar 26 08:14:06 frox spamd[2674]: spamd: checking message 
<urn.correios.msg.201203260554167ed479bb625c4002a1a407c0f09d05a7 at 1332741256389.rte-svc-eu-1c-i-02746f74.eu-west-1.amazon.com> 
for nobody:2005
Mar 26 08:14:21 frox spamd[2674]: spamd: clean message (0.0/5.0) for 
nobody:2005 in 15.5 seconds, 14924 bytes.
Mar 26 08:14:21 frox spamd[2674]: spamd: result: . 0 - 
scantime=15.5,size=14924,user=nobody,uid=2005,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55859,mid=<urn.correios.msg.201203260554167ed479bb625c4002a1a407c0f09d05a7 at 1332741256389.rte-svc-eu-1c-i-02746f74.eu-west-1.amazon.com>,autolearn=ham 

Mar 26 11:14:54 frox spamd[2675]: spamd: connection from localhost 
[127.0.0.1] at port 56325
Mar 26 11:14:54 frox spamd[2675]: spamd: checking message 
<4f70326b.83e4cc0a.5fce.ffff8919 at mx.google.com> for nobody:2005
Mar 26 11:15:01 frox spamd[2675]: spamd: clean message (0.0/5.0) for 
nobody:2005 in 7.4 seconds, 4953 bytes.
Mar 26 11:15:01 frox spamd[2675]: spamd: result: . 0 - 
scantime=7.4,size=4953,user=nobody,uid=2005,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56325,mid=<4f70326b.83e4cc0a.5fce.ffff8919 at mx.google.com>,autolearn=ham 

- - - - - - - - - -

Bevor ich die Updates aktiviert habe, lief alles (wieder) tadellos:

- - - - - - - - - -

Mar 25 18:41:57 frox spamd[10332]: spamd: connection from localhost 
[127.0.0.1] at port 53919
Mar 25 18:41:57 frox spamd[10332]: spamd: checking message 
<E5-udqf7cf1-elaine/3/5569-e035 at nlsender13.dlan.cinetic.de> for nobody:2005
Mar 25 18:42:18 frox spamd[10332]: spamd: identified spam (101.7/5.0) 
for nobody:2005 in 20.9 seconds, 26702 bytes.
Mar 25 18:42:18 frox spamd[10332]: spamd: result: Y 101 - 
AWL,BAYES_50,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,T_FRT_PROFILE1,T_FRT_PROFILE2,USER_IN_BLACKLIST 
scantime=20.9,size=26702,user=nobody,uid=2005,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=53919,mid=<E5-udqf7cf1-elaine/3/5569-e035 at nlsender13.dlan.cinetic.de>,bayes=0.500013,autolearn=no 

Mar 25 18:42:18 frox spamd[10329]: spamd: connection from localhost 
[127.0.0.1] at port 53922
Mar 25 18:42:18 frox spamd[10329]: spamd: checking message 
<C233997C-4E4B-409E-BEB4-2B3B12F47BC9 at freenet.de> for nobody:2005
Mar 25 18:42:30 frox spamd[10329]: spamd: clean message (0.1/5.0) for 
nobody:2005 in 11.8 seconds, 13790 bytes.
Mar 25 18:42:30 frox spamd[10329]: spamd: result: . 0 - 
AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,MIME_QP_LONG_LINE,RCVD_IN_DNSWL_NONE,T_RP_MATCHES_RCVD 
scantime=11.8,size=13790,user=nobody,uid=2005,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=53922,mid=<C233997C-4E4B-409E-BEB4-2B3B12F47BC9 at freenet.de>,bayes=0.000000,autolearn=no 

- - - - - - - - - -

Mache ich was falsch?

Soll ich was weiteres testen / posten?

Gruß & Dank

René