missing "X-Bogosity" line

Matthias Andree matthias.andree at gmx.de
Mon Oct 28 15:15:24 CET 2002 

David Relson <relson at osagesoftware.com> writes:

> As happens several times a day, a spam message snuck past bogofilter.
> As I moved it to my spam-fixups (for reprocessing via "bogofilter -S"),
> I noticed that the message was missing its "X-Bogosity:" header.
>
> Looking at my syslog I notice that the normal bogofilter log message is
> also missing.
>
> Here're the log entries for this message:
>
> Oct 25 18:00:08 nic postfix/smtpd[30788]: connect from unknown[157.238.181.133]
> Oct 25 18:00:08 nic postfix/smtpd[30788]: A2AF727EB8:
> client=unknown[157.238.181.133]
> Oct 25 18:00:09 nic postfix/cleanup[30790]: A2AF727EB8:
> message-id=<20021025220008.A2AF727EB8 at example.com>
> Oct 25 18:00:09 nic postfix/smtpd[30788]: disconnect from
> unknown[157.238.181.133]
> Oct 25 18:00:09 nic postfix/qmgr[23166]: A2AF727EB8:
> from=<Dreammates at CHOICEOFFERS.VIRTUAL3.NET>, size=1847, nrcpt=1 (queue
> active)
> Oct 25 18:00:11 nic postfix/local[30792]: A2AF727EB8:
> to=<eric at example.com>, relay=local, delay=3, status=sent
     ------
> ("|/usr/bin/procmail -Y -a $DOMAIN")

Does eric have bogofilter in his ~/.procmailrc? If so, please turn up
procmail's logging.

Could you show your or Eric's procmail configuration (at least the
bogofilter related parts of it)? I suspect that procmail might fail to
run bogofilter properly, or bogofilter fail, and what you are now seeing
is an artifact of procmail's extremely nasty "fall through" behaviour,
if one line fails, it will happily proceed to the next rule nonetheless,
and most people forget to add a proper error handling, which might look
like this:

          :0fw
          | bogofilter -u -e -p

          # if bogofilter failed, return the mail to the queue, the MTA will
          # retry to deliver it later
          # 75 is the value for EX_TEMPFAIL in /usr/include/sysexits.h
          :0e
          { EXITCODE=75 HOST }

However, I did not test the locking.

> Oct 25 18:02:28 nic postfix/local[30912]: EAB3627EB8:
> to=<relson at example.com>, relay=local, delay=1, status=sent
> ("|/usr/bin/procmail -Y -a $DOMAIN")
>
> One coincidence I noticed is that the message came in at 18:00:09 and
> every hour I run a script to do spam-fixups, i.e. feed mis-classified
> messages back into the wordlists.  One of the script's actions is to
> dump the wordlists (using bogofilter).  I often notice the script
> running because I hear the server's disk running for a while (multiple
> seconds).
>
> Could there be a locking issue?

Hard to tell. Do we currently log locking failures with the syslog
option enabled?

> Has anyone else noticed messages missing expected "X-Bogosity" lines?

Not yet.

-- 
Matthias Andree

More information about the bogofilter-dev mailing list