Page 1 of 2

Pyzor Questions

Posted: 25 Jul 2017 13:17
by thewomble
I noticed that the Pyzor on the latest EFA is version 0.7, while version 1.0 is available.

Do you know of a reason to not move to 1.0?

Also where are of the configuration files, I was looking add "pyzor.scrolloutf1.com:24441" as another server to the default.

Re: Pyzor Questions

Posted: 26 Jul 2017 11:33
by pdwalker
Documentation on pyzor can be found here:
http://www.pyzor.org/en/release-1-0-0/config.html

Short answer: create a "servers" file in the .pyzor configuration directory and add in your list of servers:ports, one per line.

You can then test to see if spamassassin works by running this command:

Code: Select all

echo "test" | spamassassin -D pyzor 2>&1 | less
and look for lines like:

Code: Select all

Jul 26 19:29:05.278 [8807] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Jul 26 19:29:05.279 [8807] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin8807DMeMrDtmp
Jul 26 19:29:05.668 [8807] dbg: pyzor: [8819] finished: exit 1
Jul 26 19:29:05.668 [8807] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 2455164 79513
Jul 26 19:29:05.669 [8807] dbg: pyzor: listed: COUNT=2455164/5 WHITELIST=79513
You can also use "pyzor ping" to see if pyzor can connect to a pyzor server successfully. For what it's worth, I was not able to connect to the server you listed above, but that might be normal if it is a private server.

Where does the configuration directory go? I don't know for sure. I assume it will go in the user directory that spamassassin runs under which I guess is postfix, thus would be: /var/spool/postfix/.pyzor

Give it a try and see if it works, and let us know how you get on.

Re: Pyzor Questions

Posted: 26 Jul 2017 11:35
by pdwalker
thewomble wrote: 25 Jul 2017 13:17Do you know of a reason to not move to 1.0?
Other than the fact that efa is developed almost entirely by one person who does it in his spare time? No, none.

I assume that when v4 rolls out, that a lot of the packages will be replaced with newer versions, including pyzor.

Re: Pyzor Questions

Posted: 26 Jul 2017 12:16
by thewomble
With regards to version 1.0 it was more a question of any dependances that anybody was aware of.
I have going to download and have a play and report back once was working.

Pyzor is working, Pyzor ping works.

Tried /var/spool/postfix/.pyzor

also tried /var/spool/MailScanner/spammassassin

but Pyzor ping only reports the default server.

Re: Pyzor Questions

Posted: 26 Jul 2017 14:49
by pdwalker
The configuration file has to be in the home directory of the user. What user are you running pyzor ping as?

Re: Pyzor Questions

Posted: 28 Jul 2017 19:10
by shawniverson
pdwalker wrote: 26 Jul 2017 11:35
Other than the fact that efa is developed almost entirely by one person who does it in his spare time? No, none.

I assume that when v4 rolls out, that a lot of the packages will be replaced with newer versions, including pyzor.
This is true, very true.

Re: Pyzor Questions

Posted: 07 Aug 2017 22:23
by TheGr8Wonder
To add additional Pyzor nodes to your setup, you will need to create a servers file at /var/spool/postifx/.pyzor/servers

Code: Select all

nano /var/spool/postfix/.pyzor/servers
Add the servers you want...

Code: Select all

public.pyzor.org:24441
pyzor.scrolloutf1.com:24441
Save the file. Once saved you'll need to update permissions on it (based on the build.bash script)

Code: Select all

chown -R postfix:apache /var/spool/postfix/.pyzor
chmod -R ug+rwx /var/spool/postfix/.pyzor
The new servers will then be added for checks and reports when dealing with spam.

Re: Pyzor Questions

Posted: 09 Aug 2017 11:12
by pdwalker
for what it is worth, I cannot access pyzor.scrolloutf1.com, but public.pyzor.org works fine.

Re: Pyzor Questions

Posted: 09 Aug 2017 12:47
by TheGr8Wonder
Can you add 'pyzor.nova53.net:24441' to your list and give it a try again?

Re: Pyzor Questions

Posted: 09 Aug 2017 13:29
by pdwalker
That one works.

Who are they?

Re: Pyzor Questions

Posted: 09 Aug 2017 14:31
by TheGr8Wonder
Sent you a PM

Re: Pyzor Questions

Posted: 09 Aug 2017 14:48
by pdwalker
Which raises a question. Does EFA/Mailscanner/Spamassassin submit any hashes to the pyzor server?

Re: Pyzor Questions

Posted: 09 Aug 2017 15:09
by TheGr8Wonder
It will when checking the message at first, to see if it matches. It will not submit new hashes unless you choose the SA option of "SPAM+Report", and it will upload the hash of the spam message to all pyzor servers listed in your server file.

Re: Pyzor Questions

Posted: 09 Aug 2017 16:01
by pdwalker
Thank you, I didn't know that.

Re: Pyzor Questions

Posted: 12 Aug 2017 11:52
by ovizii
TheGr8Wonder wrote: 07 Aug 2017 22:23 To add additional Pyzor nodes to your setup, you will need to create a servers file at /var/spool/postifx/.pyzor/servers

Code: Select all

nano /var/spool/postfix/.pyzor/servers
Add the servers you want...

Code: Select all

public.pyzor.org:24441
pyzor.scrolloutf1.com:24441
Save the file. Once saved you'll need to update permissions on it (based on the build.bash script)

Code: Select all

chown -R postfix:apache /var/spool/postfix/.pyzor
chmod -R ug+rwx /var/spool/postfix/.pyzor
The new servers will then be added for checks and reports when dealing with spam.
After doing that, how do I make sure that servers file is actually being used by EFA? I manually tried running pyzor ping as postfix but couldn't do that so I wondered how to make sure that config is actually being used?

Re: Pyzor Questions

Posted: 12 Aug 2017 13:34
by TheGr8Wonder
You can add another server that is used as well,

Code: Select all

pyzor.nova53.net:24441
You can run this...

Code: Select all

 echo "test" | spamassassin -D pyzor 2>&1 | less
And you should see near the top that you get a "Ok" response from servers listed in that file.

Re: Pyzor Questions

Posted: 12 Aug 2017 13:44
by ovizii
You can run this...
CODE: SELECT ALL
echo "test" | spamassassin -D pyzor 2>&1 | less
And you should see near the top that you get a "Ok" response from servers listed in that file.
thanks but running that line I am running it as root so does it use /var/spool/postfix/.pyzor/servers? I assume it does not.

Re: Pyzor Questions

Posted: 12 Aug 2017 13:51
by TheGr8Wonder
You are correct, it will not work as root. You will need to start a new SSH session with EFA, enter the shell, then run that command without elevating to root first. :)

Re: Pyzor Questions

Posted: 12 Aug 2017 13:53
by TheGr8Wonder
The result you are looking for...

Code: Select all

Aug 12 09:52:26.550 [12987] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 2587478 80480\n (additioanl servers) 
and when the test is done, type this to exit the result

Code: Select all

:q

Re: Pyzor Questions

Posted: 12 Aug 2017 13:56
by ovizii
yes, correct, but it will obviously only look for the servers inside /root.pyzor/server and not inside the servers file we have edited.

Re: Pyzor Questions

Posted: 12 Aug 2017 13:57
by ovizii
TheGr8Wonder wrote: 12 Aug 2017 13:51 You are correct, it will not work as root. You will need to start a new SSH session with EFA, enter the shell, then run that command without elevating to root first. :)
I don't think so, if I don't elevate to root I am using the account which was created when setting up EFA and that is not the account which EFA uses to check mails either.

Re: Pyzor Questions

Posted: 12 Aug 2017 14:24
by TheGr8Wonder
The test command is my bad. It's called via mailscanner directly. the location we modded is that used by postfix and apache, so that is the right one. You will need to reboot the EFA after changing the file, to restart the services, and then check the mail logs. The location does work, however.

Re: Pyzor Questions

Posted: 15 Aug 2017 07:15
by pdwalker
Since pyzor runs as postfix, we have to update the postfix account pyzor configuration file. Here's my complete test run.
[root@efa .pyzor]# su - postfix
This account is currently not available.

[root@efa .pyzor]# chsh postfix
Changing shell for postfix.
New shell [/sbin/nologin]: /bin/bash
Shell changed.

[root@efa .pyzor]# su - postfix

-bash-4.1$ pwd
/var/spool/postfix

-bash-4.1$ vi .pyzor/server
-bash-4.1$ chmod a+r .pyzor/server # may not be necessary, depending on your settings, but doesn't hurt

-bash-4.1$ pyzor ping
public.pyzor.org:24441 (200, 'OK')
pyzor.scrolloutf1.com:24441 (200, 'OK')
pyzor.nova53.net:24441 (200, 'OK')

-bash-4.1$ logout

[root@efa .pyzor]# chsh postfix
Changing shell for postfix.
New shell [/bin/bash]: /sbin/nologin
Shell changed.

[root@efa .pyzor]# su - postfix
This account is currently not available.
The postfix account does not normally allow logins, so I enabled logins while I tested it, and then disabled it immediately afterwards.

Here is the results of the pyzor check after running it on a spam message
Aug 15 15:09:29.313 [4385] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 17 0\npyzor.nova53.net:24441 (200, 'OK') 0 0\npyzor.scrolloutf1.com:24441 (200, 'OK') 12 0
Aug 15 15:09:29.314 [4385] dbg: dns: leaving helper-app run mode
Aug 15 15:09:29.314 [4385] dbg: check: tagrun - tag PYZOR is now ready, value: Reported 29 times.
Aug 15 15:09:29.315 [4385] dbg: pyzor: listed: COUNT=29/5 WHITELIST=0
If you're using multiple pyzor servers, then it might make for better spam detection if we reported the pyzor value (29 reports in this case) rather than true/false. E.g. the greater the number of reports, the more likely it is to be spam.

I've not figured out how to do that yet though.

edit: (found it, that didn't take too long)

short of editing /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Pyzor.pm and changing the return value of "sub pyzor_lookup" from 1 to $pyzor_count after a successful lookup.

Hmmm, I should find the SpamAssassin people and suggest that as a change, or have them add it as a new return value option if requested.

edit 2: submitted: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7458

Re: Pyzor Questions

Posted: 16 Aug 2017 10:55
by efa-user
Looks like a useful addition, and the following is an interesting read regarding how not to sort scores:

http://www.evanmiller.org/how-not-to-so ... ating.html

Re: Pyzor Questions

Posted: 21 Aug 2017 19:12
by thewomble
Wow this as been busy while I been away on leave.

I notice pyzor.nova53.net is listed, is this a look source to add to the setup?

Is the pyzor.scrolloutf1 worth adding for those that have tested it?