Pyzor Questions

General E.F.A. discussion
Post Reply
thewomble
Posts: 20
Joined: 17 Jan 2017 12:52

Pyzor Questions

Post by thewomble » 25 Jul 2017 13:17

I noticed that the Pyzor on the latest EFA is version 0.7, while version 1.0 is available.

Do you know of a reason to not move to 1.0?

Also where are of the configuration files, I was looking add "pyzor.scrolloutf1.com:24441" as another server to the default.

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 26 Jul 2017 11:33

Documentation on pyzor can be found here:
http://www.pyzor.org/en/release-1-0-0/config.html

Short answer: create a "servers" file in the .pyzor configuration directory and add in your list of servers:ports, one per line.

You can then test to see if spamassassin works by running this command:

Code: Select all

echo "test" | spamassassin -D pyzor 2>&1 | less
and look for lines like:

Code: Select all

Jul 26 19:29:05.278 [8807] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Jul 26 19:29:05.279 [8807] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin8807DMeMrDtmp
Jul 26 19:29:05.668 [8807] dbg: pyzor: [8819] finished: exit 1
Jul 26 19:29:05.668 [8807] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 2455164 79513
Jul 26 19:29:05.669 [8807] dbg: pyzor: listed: COUNT=2455164/5 WHITELIST=79513
You can also use "pyzor ping" to see if pyzor can connect to a pyzor server successfully. For what it's worth, I was not able to connect to the server you listed above, but that might be normal if it is a private server.

Where does the configuration directory go? I don't know for sure. I assume it will go in the user directory that spamassassin runs under which I guess is postfix, thus would be: /var/spool/postfix/.pyzor

Give it a try and see if it works, and let us know how you get on.

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 26 Jul 2017 11:35

thewomble wrote:
25 Jul 2017 13:17
Do you know of a reason to not move to 1.0?
Other than the fact that efa is developed almost entirely by one person who does it in his spare time? No, none.

I assume that when v4 rolls out, that a lot of the packages will be replaced with newer versions, including pyzor.

thewomble
Posts: 20
Joined: 17 Jan 2017 12:52

Re: Pyzor Questions

Post by thewomble » 26 Jul 2017 12:16

With regards to version 1.0 it was more a question of any dependances that anybody was aware of.
I have going to download and have a play and report back once was working.

Pyzor is working, Pyzor ping works.

Tried /var/spool/postfix/.pyzor

also tried /var/spool/MailScanner/spammassassin

but Pyzor ping only reports the default server.

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 26 Jul 2017 14:49

The configuration file has to be in the home directory of the user. What user are you running pyzor ping as?

User avatar
shawniverson
Posts: 2280
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Pyzor Questions

Post by shawniverson » 28 Jul 2017 19:10

pdwalker wrote:
26 Jul 2017 11:35

Other than the fact that efa is developed almost entirely by one person who does it in his spare time? No, none.

I assume that when v4 rolls out, that a lot of the packages will be replaced with newer versions, including pyzor.
This is true, very true.
Version 3.0.2.3 released! Update now to keep your eFa secure!

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 07 Aug 2017 22:23

To add additional Pyzor nodes to your setup, you will need to create a servers file at /var/spool/postifx/.pyzor/servers

Code: Select all

nano /var/spool/postfix/.pyzor/servers
Add the servers you want...

Code: Select all

public.pyzor.org:24441
pyzor.scrolloutf1.com:24441
Save the file. Once saved you'll need to update permissions on it (based on the build.bash script)

Code: Select all

chown -R postfix:apache /var/spool/postfix/.pyzor
chmod -R ug+rwx /var/spool/postfix/.pyzor
The new servers will then be added for checks and reports when dealing with spam.

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 09 Aug 2017 11:12

for what it is worth, I cannot access pyzor.scrolloutf1.com, but public.pyzor.org works fine.

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 09 Aug 2017 12:47

Can you add 'pyzor.nova53.net:24441' to your list and give it a try again?

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 09 Aug 2017 13:29

That one works.

Who are they?

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 09 Aug 2017 14:31

Sent you a PM

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 09 Aug 2017 14:48

Which raises a question. Does EFA/Mailscanner/Spamassassin submit any hashes to the pyzor server?

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 09 Aug 2017 15:09

It will when checking the message at first, to see if it matches. It will not submit new hashes unless you choose the SA option of "SPAM+Report", and it will upload the hash of the spam message to all pyzor servers listed in your server file.

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 09 Aug 2017 16:01

Thank you, I didn't know that.

ovizii
Posts: 396
Joined: 11 May 2016 08:08

Re: Pyzor Questions

Post by ovizii » 12 Aug 2017 11:52

TheGr8Wonder wrote:
07 Aug 2017 22:23
To add additional Pyzor nodes to your setup, you will need to create a servers file at /var/spool/postifx/.pyzor/servers

Code: Select all

nano /var/spool/postfix/.pyzor/servers
Add the servers you want...

Code: Select all

public.pyzor.org:24441
pyzor.scrolloutf1.com:24441
Save the file. Once saved you'll need to update permissions on it (based on the build.bash script)

Code: Select all

chown -R postfix:apache /var/spool/postfix/.pyzor
chmod -R ug+rwx /var/spool/postfix/.pyzor
The new servers will then be added for checks and reports when dealing with spam.
After doing that, how do I make sure that servers file is actually being used by EFA? I manually tried running pyzor ping as postfix but couldn't do that so I wondered how to make sure that config is actually being used?

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 12 Aug 2017 13:34

You can add another server that is used as well,

Code: Select all

pyzor.nova53.net:24441
You can run this...

Code: Select all

 echo "test" | spamassassin -D pyzor 2>&1 | less
And you should see near the top that you get a "Ok" response from servers listed in that file.

ovizii
Posts: 396
Joined: 11 May 2016 08:08

Re: Pyzor Questions

Post by ovizii » 12 Aug 2017 13:44

You can run this...
CODE: SELECT ALL
echo "test" | spamassassin -D pyzor 2>&1 | less
And you should see near the top that you get a "Ok" response from servers listed in that file.
thanks but running that line I am running it as root so does it use /var/spool/postfix/.pyzor/servers? I assume it does not.

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 12 Aug 2017 13:51

You are correct, it will not work as root. You will need to start a new SSH session with EFA, enter the shell, then run that command without elevating to root first. :)

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 12 Aug 2017 13:53

The result you are looking for...

Code: Select all

Aug 12 09:52:26.550 [12987] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 2587478 80480\n (additioanl servers) 
and when the test is done, type this to exit the result

Code: Select all

:q

ovizii
Posts: 396
Joined: 11 May 2016 08:08

Re: Pyzor Questions

Post by ovizii » 12 Aug 2017 13:56

yes, correct, but it will obviously only look for the servers inside /root.pyzor/server and not inside the servers file we have edited.

ovizii
Posts: 396
Joined: 11 May 2016 08:08

Re: Pyzor Questions

Post by ovizii » 12 Aug 2017 13:57

TheGr8Wonder wrote:
12 Aug 2017 13:51
You are correct, it will not work as root. You will need to start a new SSH session with EFA, enter the shell, then run that command without elevating to root first. :)
I don't think so, if I don't elevate to root I am using the account which was created when setting up EFA and that is not the account which EFA uses to check mails either.

TheGr8Wonder
Posts: 25
Joined: 01 Jul 2017 02:32

Re: Pyzor Questions

Post by TheGr8Wonder » 12 Aug 2017 14:24

The test command is my bad. It's called via mailscanner directly. the location we modded is that used by postfix and apache, so that is the right one. You will need to reboot the EFA after changing the file, to restart the services, and then check the mail logs. The location does work, however.

pdwalker
Posts: 709
Joined: 18 Mar 2015 09:16

Re: Pyzor Questions

Post by pdwalker » 15 Aug 2017 07:15

Since pyzor runs as postfix, we have to update the postfix account pyzor configuration file. Here's my complete test run.
[root@efa .pyzor]# su - postfix
This account is currently not available.

[root@efa .pyzor]# chsh postfix
Changing shell for postfix.
New shell [/sbin/nologin]: /bin/bash
Shell changed.

[root@efa .pyzor]# su - postfix

-bash-4.1$ pwd
/var/spool/postfix

-bash-4.1$ vi .pyzor/server
-bash-4.1$ chmod a+r .pyzor/server # may not be necessary, depending on your settings, but doesn't hurt

-bash-4.1$ pyzor ping
public.pyzor.org:24441 (200, 'OK')
pyzor.scrolloutf1.com:24441 (200, 'OK')
pyzor.nova53.net:24441 (200, 'OK')

-bash-4.1$ logout

[root@efa .pyzor]# chsh postfix
Changing shell for postfix.
New shell [/bin/bash]: /sbin/nologin
Shell changed.

[root@efa .pyzor]# su - postfix
This account is currently not available.
The postfix account does not normally allow logins, so I enabled logins while I tested it, and then disabled it immediately afterwards.

Here is the results of the pyzor check after running it on a spam message
Aug 15 15:09:29.313 [4385] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 17 0\npyzor.nova53.net:24441 (200, 'OK') 0 0\npyzor.scrolloutf1.com:24441 (200, 'OK') 12 0
Aug 15 15:09:29.314 [4385] dbg: dns: leaving helper-app run mode
Aug 15 15:09:29.314 [4385] dbg: check: tagrun - tag PYZOR is now ready, value: Reported 29 times.
Aug 15 15:09:29.315 [4385] dbg: pyzor: listed: COUNT=29/5 WHITELIST=0
If you're using multiple pyzor servers, then it might make for better spam detection if we reported the pyzor value (29 reports in this case) rather than true/false. E.g. the greater the number of reports, the more likely it is to be spam.

I've not figured out how to do that yet though.

edit: (found it, that didn't take too long)

short of editing /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Pyzor.pm and changing the return value of "sub pyzor_lookup" from 1 to $pyzor_count after a successful lookup.

Hmmm, I should find the SpamAssassin people and suggest that as a change, or have them add it as a new return value option if requested.

edit 2: submitted: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7458

efa-user
Posts: 14
Joined: 27 Jul 2017 10:59

Re: Pyzor Questions

Post by efa-user » 16 Aug 2017 10:55

Looks like a useful addition, and the following is an interesting read regarding how not to sort scores:

http://www.evanmiller.org/how-not-to-so ... ating.html

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests