Solved

How do I setup Pyzor to be used by Spamassassin?

Posted on 2004-08-17
11
588 Views
Last Modified: 2010-04-20
I am currently running spamassassin together with razor.

I have now also installed pyzor but the only documentation I have found is at :-
https://sourceforge.net/docman/display_doc.php?docid=11885&group_id=50000

There is no documentation about how you are supposed to configure it.
Are you supposed to run your own server or do you use a public server like you do with razor?
0
Comment
Question by:grblades
  • 6
  • 5
11 Comments
 
LVL 20

Expert Comment

by:Gns
Comment Utility
No, no need to run your own server.... You'd aim at setting up a pure pyzor client.
IIRC all you need do is a
pyzor discover
(as the user running spamassassin) and it should "discover" the most suitable server for you (creates the ~/.pyzor/servers file). Spamassassin will know how to run "pyzor check" for you;-)

You should have OK usage instructions in the tarball ... doc/usage.html ... Well, more like an extended man-page, but generally concurs with the above:-).

Good Luck

-- Glenn
0
 
LVL 36

Author Comment

by:grblades
Comment Utility
I have tried that but I have not seen any identified spam which matched a pyzor rule.
I added the following to my spamassassin configuration :-

use_pyzor 1
pyzor_options --homedir /etc/mail/spamassassin/.pyzor
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
And if you do a testrun with "spamassassin --lint -D ...", does it use Pyzor or not?

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
This is a slighty edited excerpt from a run like
# spamassassin -D --lint 2>&1 |less -e
... page down to pyzor....
debug: executable for pyzor was found at /usr/bin/pyzor
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: 66.250.40.33:24441  (200, 'OK')     0       0
debug: leaving helper-app run mode
.... and then we have dcc ....
debug: executable for dccproc was found at /usr/local/bin/dccproc
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC--Metrics: XXXXXX.XXXXXX.XXX 1074; Body=4261 Fuz1=145
897 Fuz2=145897
debug: leaving helper-app run mode
....
And that's about it. If you have that, you're sure you actively _use_ pyzor. Anything else likely indicate an error of some sort... Like not allowing the port (24441) or somesuch.

As it happens some messages don't trigger all of Razor, Pyzor or DCC... Just some.
Give it some time and you'll see Pyzor in action;-).

-- Glenn
0
 
LVL 36

Author Comment

by:grblades
Comment Utility
This is what I get so I guess it is working. I find that about 30% of identified spam is matched by the Razor checks but so far I have got around 50 ideitified spams but none detected by Pyzor.

debug: Current PATH is: /sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/java/bin:/opt/gnome/bin
debug: executable for pyzor was found at /usr/bin/pyzor
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: 66.250.40.33:24441  (200, 'OK')     0       0
debug: leaving helper-app run mode
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 36

Author Comment

by:grblades
Comment Utility
I believe DCC works a little differently in that it matches anything which is sent to lots of people?
So you should use it to help spamassassin think something is spam but also configure the dcc whitelist with any mailing lists people commonly use to avoid them being matched?

What we are currently using is working very well. I think it is detecting around 90-95%.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
> I believe DCC works a little differently in that it matches anything which is sent to lots of people?
Yes.
> So you should use it to help spamassassin think something is spam but also configure the dcc whitelist with any mailing lists people commonly use to avoid them
> being matched?
If the message is likely to reach 10 000+ recipients that all report checksums.... then yes.
You probably can get away without doing the whitelisting bit, but... why not keep it sane, eh?-):-).

> What we are currently using is working very well. I think it is detecting around 90-95%.
We're well above 95%, and that _without_ bayes!

I've no hard figures on how many get caught in each, but... spamassassin with razor, pyzor and dcc in conjunction with a hefty whitelist (that won't ever be seen by any of the "child tools") has greatly improved our accuracy (few->none false positives/negatives).
Establishing the whitelist was a bit tedious but well worth the effort.

-- Glenn
0
 
LVL 36

Author Comment

by:grblades
Comment Utility
Pyzor and Razor have not been working since I configured Pyzor. I have had to set 'use_pyzor 0' to disable it and now Razor has started working again.
Any ideas?
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Not even the linting bit?

-- Glenn
0
 
LVL 36

Author Comment

by:grblades
Comment Utility
The lint showed that it found and was able to query the razor and pyzor servers but it was not actually working for some reason. Maybe spamd just needed a restart and it was a coincidence that it stopped working when it did. I'll try enabling it again next week.
0
 
LVL 20

Accepted Solution

by:
Gns earned 250 total points
Comment Utility
Ok. Never seen any such ... connection... between them, so you might well be right about spamd (I acxtually don't use spamd in any volume solution (just at home), but rather "classic" spamassassin.... Or rather the perl module (since MailScanner is perl):-).

-- Glenn
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now