Spamassassin issues with Scalix

[kilrathi]

I followed the guide in the knowledgebase to get spamassassin working on my new Scalix install. When i send my users test spam email i get this message in the maillog

Code: Select all

Sep 27 17:23:17 alpha sendmail[4246]: k8RMNHkS004246: from=<**edit**>, size=2822, class=0, nrcpts=1, msgid=<001401c6e283$85ab0a50$3a02010a@lee>, proto=ESMTP, relay=root@localhost
Sep 27 17:23:17 alpha sendmail[4247]: k8RMNHvT004247: from=<**edit**>, size=3000, class=0, nrcpts=1, msgid=<001401c6e283$85ab0a50$3a02010a@lee>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Sep 27 17:23:17 alpha spamd[2781]: connection from localhost [127.0.0.1] at port 32893
Sep 27 17:23:17 alpha spamd[2781]: info: setuid to root succeeded
Sep 27 17:23:17 alpha spamd[2781]: Still running as root: user not specified with -u, not found, or set to root.  Fall back to nobody.
Sep 27 17:23:17 alpha spamd[2781]: processing message <001401c6e283$85ab0a50$3a02010a@lee> for root:99.
Sep 27 17:23:18 alpha spamd[2781]: identified spam (1000.2/5.0) for root:99 in 1.3 seconds, 3269 bytes.
Sep 27 17:23:18 alpha spamd[2781]: result: Y 1000 - GTUBE,HTML_90_100,HTML_MESSAGE scantime=1.3,size=3269,mid=<001401c6e283$85ab0a50$3a02010a@lee>,autolearn=no
Sep 27 17:23:18 alpha sendmail[4247]: k8RMNHvT004247: Milter add: header: X-Spam-Flag: YES
Sep 27 17:23:18 alpha sendmail[4247]: k8RMNHvT004247: Milter add: header: X-Spam-Status: Yes, score=1000.2 required=5.0 tests=GTUBE,HTML_90_100,\n\tHTML_MESSAGE autolearn=no version=3.0.6
Sep 27 17:23:18 alpha sendmail[4247]: k8RMNHvT004247: Milter: data, reject=550 5.7.1 Blocked by SpamAssassin
Sep 27 17:23:18 alpha sendmail[4247]: k8RMNHvT004247: to=<**edit**>, delay=00:00:01, pri=33000, stat=Blocked by SpamAssassin
Sep 27 17:23:18 alpha sendmail[4246]: k8RMNHkS004246: to=<**edit**>, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=32822, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable
Sep 27 17:23:18 alpha sendmail[4246]: k8RMNHkS004246: k8RMNHkT004246: DSN: Service unavailable
Sep 27 17:23:18 alpha sendmail[4247]: k8RMNHvV004247: from=<>, size=4563, class=0, nrcpts=1, msgid=<200609272223.k8RMNHkT004246@**edit**>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Sep 27 17:23:18 alpha spamd[2782]: connection from localhost [127.0.0.1] at port 32894
Sep 27 17:23:18 alpha spamd[2782]: info: setuid to root succeeded
Sep 27 17:23:18 alpha spamd[2782]: Still running as root: user not specified with -u, not found, or set to root.  Fall back to nobody.
Sep 27 17:23:18 alpha spamd[2782]: processing message <200609272223.k8RMNHkT004246@**edit**> for root:99.
Sep 27 17:23:19 alpha spamd[2782]: identified spam (997.7/5.0) for root:99 in 0.2 seconds, 4870 bytes.
Sep 27 17:23:19 alpha spamd[2782]: result: Y 997 - ALL_TRUSTED,GTUBE,HTML_90_100,HTML_MESSAGE,MIME_HTML_MOSTLY scantime=0.2,size=4870,mid=<200609272223.k8RMNHkT004246@**edit**>,autolearn=failed
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvV004247: Milter add: header: X-Spam-Flag: YES
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvV004247: Milter add: header: X-Spam-Status: Yes, score=997.7 required=5.0 tests=ALL_TRUSTED,GTUBE,\n\tHTML_90_100,HTML_MESSAGE,MIME_HTML_MOSTLY autolearn=failed \n\tversion=3.0.6
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvV004247: Milter: data, reject=550 5.7.1 Blocked by SpamAssassin
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvV004247: to=<**edit**>, delay=00:00:01, pri=34563, stat=Blocked by SpamAssassin
Sep 27 17:23:19 alpha sendmail[4246]: k8RMNHkT004246: to=<**edit**>, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=33846, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable
Sep 27 17:23:19 alpha sendmail[4246]: k8RMNHkT004246: k8RMNHkU004246: return to sender: Service unavailable
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvX004247: from=<>, size=6140, class=0, nrcpts=1, msgid=<200609272223.k8RMNHkU004246@**edit**>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Sep 27 17:23:19 alpha spamd[2783]: connection from localhost [127.0.0.1] at port 32895
Sep 27 17:23:19 alpha spamd[2783]: info: setuid to root succeeded
Sep 27 17:23:19 alpha spamd[2783]: Still running as root: user not specified with -u, not found, or set to root.  Fall back to nobody.
Sep 27 17:23:19 alpha spamd[2783]: processing message <200609272223.k8RMNHkU004246@**edit**> for root:99.
Sep 27 17:23:19 alpha spamd[2783]: identified spam (997.7/5.0) for root:99 in 0.2 seconds, 6512 bytes.
Sep 27 17:23:19 alpha spamd[2783]: result: Y 997 - ALL_TRUSTED,GTUBE,HTML_90_100,HTML_MESSAGE,MIME_HTML_MOSTLY scantime=0.2,size=6512,mid=<200609272223.k8RMNHkU004246@**edit**>,autolearn=failed
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvX004247: Milter add: header: X-Spam-Flag: YES
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvX004247: Milter add: header: X-Spam-Status: Yes, score=997.7 required=5.0 tests=ALL_TRUSTED,GTUBE,\n\tHTML_90_100,HTML_MESSAGE,MIME_HTML_MOSTLY autolearn=failed \n\tversion=3.0.6
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvX004247: Milter: data, reject=550 5.7.1 Blocked by SpamAssassin
Sep 27 17:23:19 alpha sendmail[4247]: k8RMNHvX004247: to=<**edit**>, delay=00:00:00, pri=36140, stat=Blocked by SpamAssassin
Sep 27 17:23:19 alpha sendmail[4246]: k8RMNHkU004246: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=34870, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable
Sep 27 17:23:19 alpha sendmail[4246]: k8RMNHkT004246: Losing ./qfk8RMNHkT004246: savemail panic
Sep 27 17:23:19 alpha sendmail[4246]: k8RMNHkT004246: SYSERR(root): savemail: cannot save rejected email anywhere

It can't put the spam mail anywhere. I've checked the aliases file for sendmail, and I've also checked to make sure my users can receive mail to start with. Everything is working fine until spamassassin detects spam.

I'm running Scalix 10 with Redhat Enterprise 4

[btisdall]

It appears (not surprisingly) that the GTUBE is tripping the threshold at which SA blocks the message. SA's then attempting to send a DSN but failing, perhaps because of this:

http://www.splunk.com/base/eventtype:SP ... s=outgoing

[kilrathi]

Still no luck here. I read the link you mentioned and verified my aliases file is indeed correct. the mailer-daemon and the postmaster aliases all point to root. I tried adding different aliases in the /etc/aliases file to possibly give it a place to put rejected mail. Basically what i ended up doing was putting the mailer in a loop. The root mailbox filled up really quick at that point.

So now i'm back to where i started. Sendmail is still panicing when it gets any spam messages at all. It only panics on spam messages. The rest of my users seems to be getting their email ok. I've been googling this problem, and re-checking my setup. I've reinstalled spamass-milter, spamassassin, sendmail, and sendmail-devel. I've followed the knowledge base instructions and still this problem.

Any help is much appreciated.

I'm listing some of the config files involved in this in hopes that someone will notice something i've totally missed.

/etc/sysconfig/spamass-milter

Code: Select all

### Override for your different local config
#SOCKET=/var/run/spamass.sock

### Default parameter for spamass-milter is -f (work in the background)
### you may add another parameters here, see spamass-milter(1)
#EXTRA_FLAGS="-m -r 15"

/etc/aliases

Code: Select all

mailer-daemon:  postmaster
postmaster:     root

/var/opt/scalix/sys/smtpd.cfg

Code: Select all

SMTPFILTER=TRUE
RELAY accept 127.0.0.1
RELAY accept .**edit**
RELAY Log_Reject ALL

/etc/mail/sendmail.cf (edited to only include the important lines)

Code: Select all

# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+

# Input mail filters
O InputMailFilters=Spamassassin

# Milter options
#O Milter.LogLevel
O Milter.macros.connect=b, j, _, {daemon_name}, {if_name}, {if_addr}
O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}
O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr}
O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}

# MAIL FILTER DEFINITIONS
Xspamassassin, S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m

This machine is a brand new install of Redhat ES 4.4 There is nothing custom about any of the packages installed. I downloaded the spamass-milter rpm from [urlhttp://rpmforge.net[/url]. I downloaded the sendmail-devel package from the redhat main site. I've installed Scalix10.

[btisdall]

I think that spamd running as 'nobody' might be the root of the problem, it certainly seems to be permissions-related. Since I use SA via amavis I don't have the right settings to hand (or access to a test system to play with right now), but I would try creating a 'spamd' user with shell /bin/false, homedir /var/lib/spamd. You'll then need to alter the user spamd runs as, which I imagine is set in /etc/sysconfig somewhere, or if not in /etc/init.d/spam(d|assassin).

The cowards way out would be to simply alter your milter flags removing the '-r 15' so that spamass-milter doesn't try to reject any mail...

[squidi]

Hello, I work with kilrathi. We are sharing this problem.

I corrected the spamd running as 'nobody' problem and everything started behaving. Spamd rewrites message subjects, adds X-Spam headers. We still have the problem of when spam is over the -r limit, we get the savemail panic. This isn't a show stopper, we do not want that mail delivered anyway, but it would be nice to dump it into a spam folder for sa-learn to play with. If we specify a folder with the -b address, it put sendmail into a loop trying to deliver the mail to root.

Squidi

[thatitguy]

For what it's worth, I just added an alias for root -> sxadmin in /etc/aliases
root: sxadmin@domain.com
and ran newaliases.

It's working a trick for me.

However... (there's always something, isn't there?)

I'm seeing *every* message that goes through the milter getting an ALL_TRUSTED tag. I've double checked my configs everywhere I can think of and can't seem to find a way out of that; I suspect that it's because of Scalix catching the message before it gets handed off to Sendmail?

Spamassassin is running as the user spamd, spamass-milter is running as the user spamass-milter.

On a realated (?) I'm seeing errors: Oct 2 14:30:28 servername sendmail[pid]: NOQUEUE: SYSERR(sa-milt): can not chdir(/var/spool/mqueue/): Permission denied

This is a Scalix 10 server running on FC4, with Spamass-milter-0.3.1, and SpamAssassin-3.0.6.

Any ideas?
Thanks in advance!

[squidi]

I also noticed that, I'm actually still seeing some permissions errors in .spamassassin/user_prefs folder. I feel like the spamass-milter/spamd installation needs some work.


I think the scalix guys should repackage them with better integration, user creation, and permissions. I think that sounds like the best solution!

Squidi