Mailing List Archive

Problems qmail + spamassassin + simscan (score 0/0)
Hi,

Sometimes I get spam that has been classified correctly in spamaassin as
spam, but simscan classifies it with a score different from that
processed by the spamd process. Sorry for my English, but I'll try to
explain .. :)

Here's an example:

spamd.log --> Here we see an email that was classified by the spamd
process as suspect (score 14)

2017-03-13 18:10:48.998753500 Mon Mar 13 18:10:48 2017 [23159] info:
spamd: processing message
<20170313204338.06E7118C36B4@vmi108295.contaboserver.net> for qscand:1001
2017-03-13 18:10:51.668508500 Mon Mar 13 18:10:51 2017 [23159] info:
spamd: identified spam (14.5/5.0) for qscand:1001 in 2.7 seconds, 64622
bytes.
2017-03-13 18:10:51.668685500 [23159] info: spamd: result: Y 14 -
BAYES_99,DCC_CHECK,HTML_MIME_NO_HTML_TAG,JAMEF_SUBJ_BOLETO_FATURA,JAMEF_ZIP_ATTACHED,MIME_HTML_ONLY,RDNS_NONE,TROJAN_JAMEF_ZIP,TVD_SPACE_RATIO
scantime=2.7,size=64622,user=qscand,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57553,mid=<20170313204338.06E7118C36B4@vmi108295.contaboserver.net>,bayes=0.999667,autolearn=spam

simscan.log --> However, here we see that the same email, in the simscan
log, received 0/0

2017-03-13 18:10:51.677616500 simscan:[25948]:CLEAN
(0.00/0.00):3.8362s::213.136.86.230:financeiro@admconsultoria.com.br:user@mydomain.com

So I saved the email and executed the command simscam manually (at
command line, as below) with DEBUG option. Note that it also ranked
the same as spam, as it should be:

# env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
/var/qmail/bin/qmail-inject user@mydomain.com < savedspam.txt

<cut>
simscan: calling /usr/bin/spamc spamc -s 1500000
simscan:[16216]:SPAM DROPPED (14.50/5.00):2.8341s:2.via
Boleto:(null):user@server.mydomain.com:user@mydomain.com
simscan: check_spam detected spam refuse message
simscan: Putting the message in quarantine:
/var/qmail/quarantine/msg.1489441975.579680.16217
simscan: Message recorded in quarantine successful
simscan: droping the message
simscan: exit error code: 0
<cut>

So I do not know where else to check for why simscan running
automatically sometimes can not classify a spam, and manually, running
the same command manually, works fine... Strange...

I've enabled the DEBUG option in qmail-smtp.rules (SIMSCAN_DEBUG = "2"),
but I saw nothing abnormal, no error or things like ... I'm going crazy
here ...

Any tips? I really appreciate any hint!!

More information:

simscan version 1.4.0
compile options:
./configure --enable-user=abc --enable-spam=y --enable-spam-hits=5
--enable-clamav=y --enable-clamdscan=/usr/bin/clamdscan
--enable-clamavdb-path=/var/lib/clamav
--enable-workdir=/var/qmail/simscan/work/
--enable-quarantinedir=/var/qmail/simscan/quarantine/ --enable-dropmsg=y
--enable-spamc-args="-s 1500000" --enable-ripmime=/usr/bin/ripmime
--enable-attach=y --enable-per-domain=y
Re: Problems qmail + spamassassin + simscan (score 0/0) [ In reply to ]
I decided to go back to the qmail-scanner, because simscam seems to be
having a problem .. several spam with a score above 14 by spamassassim
stay on simscam as 0/0 .. this is very strange .. on qmail-scanner this
"bug "Does not seem to occur.


Em 13-03-2017 19:15, Rejaine Monteiro escreveu:
>
> Hi,
>
> Sometimes I get spam that has been classified correctly in spamaassin
> as spam, but simscan classifies it with a score different from that
> processed by the spamd process. Sorry for my English, but I'll try to
> explain .. :)
>
> Here's an example:
>
> spamd.log --> Here we see an email that was classified by the spamd
> process as suspect (score 14)
>
> 2017-03-13 18:10:48.998753500 Mon Mar 13 18:10:48 2017 [23159] info:
> spamd: processing message
> <20170313204338.06E7118C36B4@vmi108295.contaboserver.net> for qscand:1001
> 2017-03-13 18:10:51.668508500 Mon Mar 13 18:10:51 2017 [23159] info:
> spamd: identified spam (14.5/5.0) for qscand:1001 in 2.7 seconds,
> 64622 bytes.
> 2017-03-13 18:10:51.668685500 [23159] info: spamd: result: Y 14 -
> BAYES_99,DCC_CHECK,HTML_MIME_NO_HTML_TAG,JAMEF_SUBJ_BOLETO_FATURA,JAMEF_ZIP_ATTACHED,MIME_HTML_ONLY,RDNS_NONE,TROJAN_JAMEF_ZIP,TVD_SPACE_RATIO
> scantime=2.7,size=64622,user=qscand,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57553,mid=<20170313204338.06E7118C36B4@vmi108295.contaboserver.net>,bayes=0.999667,autolearn=spam
>
>
> simscan.log --> However, here we see that the same email, in the
> simscan log, received 0/0
>
> 2017-03-13 18:10:51.677616500 simscan:[25948]:CLEAN
> (0.00/0.00):3.8362s::213.136.86.230:financeiro@admconsultoria.com.br:user@mydomain.com
>
> So I saved the email and executed the command simscam manually (at
> command line, as below) with DEBUG option. Note that it also ranked
> the same as spam, as it should be:
>
> # env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
> /var/qmail/bin/qmail-inject user@mydomain.com < savedspam.txt
>
> <cut>
> simscan: calling /usr/bin/spamc spamc -s 1500000
> simscan:[16216]:SPAM DROPPED (14.50/5.00):2.8341s:2.via
> Boleto:(null):user@server.mydomain.com:user@mydomain.com
> simscan: check_spam detected spam refuse message
> simscan: Putting the message in quarantine:
> /var/qmail/quarantine/msg.1489441975.579680.16217
> simscan: Message recorded in quarantine successful
> simscan: droping the message
> simscan: exit error code: 0
> <cut>
>
> So I do not know where else to check for why simscan running
> automatically sometimes can not classify a spam, and manually, running
> the same command manually, works fine... Strange...
>
> I've enabled the DEBUG option in qmail-smtp.rules (SIMSCAN_DEBUG =
> "2"), but I saw nothing abnormal, no error or things like ... I'm
> going crazy here ...
>
> Any tips? I really appreciate any hint!!
>
> More information:
>
> simscan version 1.4.0
> compile options:
> ./configure --enable-user=abc --enable-spam=y --enable-spam-hits=5
> --enable-clamav=y --enable-clamdscan=/usr/bin/clamdscan
> --enable-clamavdb-path=/var/lib/clamav
> --enable-workdir=/var/qmail/simscan/work/
> --enable-quarantinedir=/var/qmail/simscan/quarantine/
> --enable-dropmsg=y --enable-spamc-args="-s 1500000"
> --enable-ripmime=/usr/bin/ripmime --enable-attach=y --enable-per-domain=y

--
Rejaine da Silveira Monteiro
Suporte-TI
Tel: (31) 2102-8854
Jamef Encomendas Urgentes - Matriz - Belo Horizonte/MG
www.jamef.com.br
Re: Problems qmail + spamassassin + simscan (score 0/0) [ In reply to ]
qmail-scanner is crazy too?

Tue, 14 Mar 2017 17:40:00 BRT:3511: qmail-scanner:
*Clear:RC:0(194.67.222.61):SA:1(7.7/5.0)*: 1.740696 9914
tlepolemus@partalli.com user@mydomain.com.br
Instantly_erect,_instant_respect
<qyr1-q3qRwMXNPUJCgCOwtrdjcUswVS9bDzzxpXOejs.nsuEl60B9RNjQ0A-GTBbeE2CgXdDS2525pG
....

Why "Clear" if SA score is 7.7 ?? Why not going to quaratine ( my
$sa_quarantine_over='5'; )

qmail-queue.log is:

Tue, 14 Mar 2017 17:40:00 BRT:3511: *S**A: yup, this smells like SPAM
(score=7.7 required=5.0)*
Tue, 14 Mar 2017 17:40:00 BRT:3511: spamassassin: finished scan of dir
"/var/spool/qscan/tmp/server14895239985893511" in 1.698798 secs
Tue, 14 Mar 2017 17:40:00 BRT:3511: scanloop: finished scan of
"/var/spool/qscan/tmp/server14895239985893511"...
Tue, 14 Mar 2017 17:40:00 BRT:3511: ini_sc: scanning message took
1.735613 seconds
Tue, 14 Mar 2017 17:40:00 BRT:3511: q_r: fork off child into
/var/qmail/bin/qmail-queue...
Tue, 14 Mar 2017 17:40:00 BRT:3525: q_r: xstatus=0
Tue, 14 Mar 2017 17:40:00 BRT:3511: *qmail-scanner:
Clear:RC:0(194.67.222.61):SA:1(7.7/5.0): *1.740696 9914
tlepolemus@partalli.com user@mydomain.com.br
Instantly_erect,_instant_respect
<qyr1-q3qRwMXNPUJCgCOwtrdjcUswVS9bDzzxpXOejs.nsuEl60B9RNjQ0A-GTBbeE2CgXdDS2525pG
1489523999.3513-0.server:3508 1489523999.3513-1.server:5515
Tue, 14 Mar 2017 17:40:00 BRT:3511: cleanup: /usr/bin/rm -rf
/var/spool/qscan/tmp/server14895239985893511/
/var/spool/qscan/working/new/server14895239985893511
Tue, 14 Mar 2017 17:40:00 BRT:3511: all finished. Total of 1.783561 secs






Em 14-03-2017 12:37, Rejaine Monteiro escreveu:
>
> I decided to go back to the qmail-scanner, because simscam seems to be
> having a problem .. several spam with a score above 14 by spamassassim
> stay on simscam as 0/0 .. this is very strange .. on qmail-scanner
> this "bug "Does not seem to occur.
>
>
> Em 13-03-2017 19:15, Rejaine Monteiro escreveu:
>>
>> Hi,
>>
>> Sometimes I get spam that has been classified correctly in spamaassin
>> as spam, but simscan classifies it with a score different from that
>> processed by the spamd process. Sorry for my English, but I'll try to
>> explain .. :)
>>
>> Here's an example:
>>
>> spamd.log --> Here we see an email that was classified by the spamd
>> process as suspect (score 14)
>>
>> 2017-03-13 18:10:48.998753500 Mon Mar 13 18:10:48 2017 [23159] info:
>> spamd: processing message
>> <20170313204338.06E7118C36B4@vmi108295.contaboserver.net> for
>> qscand:1001
>> 2017-03-13 18:10:51.668508500 Mon Mar 13 18:10:51 2017 [23159] info:
>> spamd: identified spam (14.5/5.0) for qscand:1001 in 2.7 seconds,
>> 64622 bytes.
>> 2017-03-13 18:10:51.668685500 [23159] info: spamd: result: Y 14 -
>> BAYES_99,DCC_CHECK,HTML_MIME_NO_HTML_TAG,JAMEF_SUBJ_BOLETO_FATURA,JAMEF_ZIP_ATTACHED,MIME_HTML_ONLY,RDNS_NONE,TROJAN_JAMEF_ZIP,TVD_SPACE_RATIO
>> scantime=2.7,size=64622,user=qscand,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=57553,mid=<20170313204338.06E7118C36B4@vmi108295.contaboserver.net>,bayes=0.999667,autolearn=spam
>>
>>
>> simscan.log --> However, here we see that the same email, in the
>> simscan log, received 0/0
>>
>> 2017-03-13 18:10:51.677616500 simscan:[25948]:CLEAN
>> (0.00/0.00):3.8362s::213.136.86.230:financeiro@admconsultoria.com.br:user@mydomain.com
>>
>> So I saved the email and executed the command simscam manually (at
>> command line, as below) with DEBUG option. Note that it also
>> ranked the same as spam, as it should be:
>>
>> # env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2
>> /var/qmail/bin/qmail-inject user@mydomain.com < savedspam.txt
>>
>> <cut>
>> simscan: calling /usr/bin/spamc spamc -s 1500000
>> simscan:[16216]:SPAM DROPPED (14.50/5.00):2.8341s:2.via
>> Boleto:(null):user@server.mydomain.com:user@mydomain.com
>> simscan: check_spam detected spam refuse message
>> simscan: Putting the message in quarantine:
>> /var/qmail/quarantine/msg.1489441975.579680.16217
>> simscan: Message recorded in quarantine successful
>> simscan: droping the message
>> simscan: exit error code: 0
>> <cut>
>>
>> So I do not know where else to check for why simscan running
>> automatically sometimes can not classify a spam, and manually,
>> running the same command manually, works fine... Strange...
>>
>> I've enabled the DEBUG option in qmail-smtp.rules (SIMSCAN_DEBUG =
>> "2"), but I saw nothing abnormal, no error or things like ... I'm
>> going crazy here ...
>>
>> Any tips? I really appreciate any hint!!
>>
>> More information:
>>
>> simscan version 1.4.0
>> compile options:
>> ./configure --enable-user=abc --enable-spam=y --enable-spam-hits=5
>> --enable-clamav=y --enable-clamdscan=/usr/bin/clamdscan
>> --enable-clamavdb-path=/var/lib/clamav
>> --enable-workdir=/var/qmail/simscan/work/
>> --enable-quarantinedir=/var/qmail/simscan/quarantine/
>> --enable-dropmsg=y --enable-spamc-args="-s 1500000"
>> --enable-ripmime=/usr/bin/ripmime --enable-attach=y
>> --enable-per-domain=y
>

--
Rejaine da Silveira Monteiro
Suporte-TI
Tel: (31) 2102-8854
Jamef Encomendas Urgentes - Matriz - Belo Horizonte/MG
www.jamef.com.br