| View previous topic :: View next topic |
| Author |
Message |
Ateo
Advocate
Joined: 02 Jun 2003
Posts: 2022
Location: Vegas Baby!
|
 Posted: Tue Jan 08, 2008 6:16 am Post subject: DSPAM + tracking spam/ham/virus |
 |
|
I'm trying to get mailgraph to graph spam and viruses but DSPAM isn't tracking anything. According to dspam.conf: | Quote: | # TrackSources: specify which (if any) source addresses to track and report
# them to syslog (mail.info). |
I've set TrackSources to: | Code: | | TrackSources spam nonspam virus |
but it's not logging mail tagged as spam to the mail log therefore mailgraph cannot graph spam. I've tried this with and without debug support.
Is there a secret to DSPAM logging? |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 08, 2008 8:56 am Post subject: |
|
|
Not sure I can tell you, if it IS a secret. 
Did you build DSPAM with syslog keyword? |
|
| Back to top |
|
|
Ateo
Advocate
Joined: 02 Jun 2003
Posts: 2022
Location: Vegas Baby!
|
| Posted: Tue Jan 08, 2008 3:40 pm Post subject: |
|
|
| magic919 wrote: | Not sure I can tell you, if it IS a secret.
Did you build DSPAM with syslog keyword? |
Yessir I did.
| Code: | | [ebuild R ] mail-filter/dspam-3.8.0-r9 USE="clamav daemon -debug large-domain -ldap mysql -postgres -sqlite syslog -user-homedirs virtual-users" |
|
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 08, 2008 3:55 pm Post subject: |
|
|
Might be a problem with your version.
My mail logs
| Code: |
dspam[16069]: innocent message from 140.211.166.183
|
Run dspam --version and check how it was actually built.
I run R7 and that's ok, as above. |
|
| Back to top |
|
|
Ateo
Advocate
Joined: 02 Jun 2003
Posts: 2022
Location: Vegas Baby!
|
| Posted: Tue Jan 08, 2008 4:36 pm Post subject: |
|
|
Hmm.
I just downgraded to r7. Still not tracking my spam and virus sources. So it's definately not a version thing, it's my configuration... somewhere....
Do you notice anything fishy about my configuration: | Code: | boron dspam # dspam --version
DSPAM Anti-Spam Suite 3.8.0 (agent/library)
Copyright (c) 2002-2006 Jonathan A. Zdziarski
http://dspam.nuclearelephant.com
DSPAM may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the DSPAM distribution kit.
Configuration parameters: '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-storage-driver=hash_drv,mysql_drv' '--with-dspam-home=/var/spool/dspam' '--sysconfdir=/etc/mail/dspam' '--enable-daemon' '--disable-ldap' '--enable-clamav' '--enable-large-scale' '--disable-domain-scale' '--enable-syslog' '--disable-debug' '--disable-bnr-debug' '--enable-long-usernames' '--with-dspam-group=dspam' '--with-dspam-home-group=dspam' '--with-dspam-mode=2511' '--with-logdir=/var/log/dspam' '--enable-virtual-users' '--enable-preferences-extension' '--disable-homedir' '--with-mysql-includes=/usr/include/mysql' '--with-mysql-libraries=/usr/lib/mysql' '--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=prescott -O2 -pipe -fomit-frame-pointer -Wl,-z,now' 'CXXFLAGS=-O2 -mcpu=i686 -pipe -Wl,-z,now' |
Thanks |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 08, 2008 5:13 pm Post subject: |
|
|
Hmmm. Do you have these on?
| Code: |
SystemLog on
UserLog on
|
I'm not saying that's it, just that mine are on. |
|
| Back to top |
|
|
Ateo
Advocate
Joined: 02 Jun 2003
Posts: 2022
Location: Vegas Baby!
|
| Posted: Tue Jan 08, 2008 5:40 pm Post subject: |
|
|
| Yes. Both parameters are uncommented and set to 'on'... |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 08, 2008 5:50 pm Post subject: |
|
|
Is DSPAM still training?
| Code: |
dspam_stats -H
filter:
TP True Positives: 9984
TN True Negatives: 7482
FP False Positives: 79
FN False Negatives: 545
SC Spam Corpusfed: 441
NC Nonspam Corpusfed: 3
TL Training Left: 0
SHR Spam Hit Rate 94.82%
HSR Ham Strike Rate: 1.04%
OCA Overall Accuracy: 96.55%
|
i.e TL !=0
Apparently it won't log. |
|
| Back to top |
|
|
Ateo
Advocate
Joined: 02 Jun 2003
Posts: 2022
Location: Vegas Baby!
|
| Posted: Tue Jan 08, 2008 5:59 pm Post subject: |
|
|
| Still training. "Training Left" for all users is well above 1000. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 08, 2008 6:07 pm Post subject: |
|
|
| That's the reason then. Don't know why... |
|
| Back to top |
|
|
Ateo
Advocate
Joined: 02 Jun 2003
Posts: 2022
Location: Vegas Baby!
|
| Posted: Tue Jan 08, 2008 6:36 pm Post subject: |
|
|
oh oh oh. Ok. I read your previous post (about the training) wrong....
That's retarded that it won't long until it's completely trained.
thanks |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 08, 2008 6:40 pm Post subject: |
|
|
| I didn't know that was the case. I rebuilt mine with logging and it worked. So I did a quick Google and found something. It does seem odd. Maybe JZ decided it should only log once you could really trust the results? Just a thought. |
|
| Back to top |
|
|
|
Networking & Security
