Spam Assassin Issue

[JonathanC]

Hello everyone,

We have had scalix up and running for about 2 weeks now and we really love it! We are trying to get SpamAssassin to work to our liking. I wasn't able to find anything similar to this on the forum so I apologize if this was already addressed. We are running Scalix 10 on RHEL4 with SpamAssassin 3.0.5. We are finding that it blocks spam but it appears to delete it. We would just like the subject of the email to be marked as "[SPAM]" and have it deliver to the recipient so we can create some rules. I would think this is possible but can't figure out how to do it. Thanks in advance!!

~ Jon

[ScalixSupport]

What options are you using to run spamassassin and spamass-milter ?

Cheers

Dave

[JonathanC]

Hi Dave,

Thanks for the quick response. Forgive me as I am a linux and scalix newbie....how do I check the options?

Thanks again,
Jon

[ScalixSupport]

The files are in /etc/sysconfig and will be called spamassassin and spamass-milter. The man pages for each of those commands will give you details.

I'm a little concerned how, if you have not looked at these files and so will not have changed any of the defaults, you determined that mail was being deleted.

Cheers

Dave

[JonathanC]

Hi Dave,

Spamassassin options are as follows:
# Options to spamd
SPAMDOPTIONS="-d -c -m5 -H"

Spamass-Milter options are (all commented):
### Override for your different local config
#SOCKET=/var/run/spamass.sock

### Default parameter for spamass-milter is -f (work in the background)
### you may add another parameters here, see spamass-milter(1)
#EXTRA_FLAGS="-m -r 15"

If these emails are not being deleted, is there a way to determine where they are going?

Thanks.

[ScalixSupport]

Have you followed the configuration instructions from the technote in the knowledgebase ?

Cheers

Dave

[JonathanC]

Yes....to a "T"

We followed KB article 126747. We did not receive any errors when restarting any of the services. The only difference is when I do the chkconfig --list|grep'spamassassin\|spamass-milter' I get the following:

spamassassin 0:off 1:off 2:off 3:off 4:off 5:on 6:off
spamass-milter 0:off 1:off 2:off 3:off 4:off 5:on 6:off

Which is different that what is says in the KB article:

spamassassin 0:off 1:off 2:off 3:on 4:on 5:on 6:off
spamass-milter 0:off 1:off 2:off 3:on 4:on 5:on 6:off

Would that make any difference?

[ScalixSupport]

Init level 5 is graphical, level 3 is not. It's usual to have the services running at both levels.

Cheers

Dave

[JonathanC]

OK - I can work on adjusting those values but that wouldn't have any effect on the issue that we are having would it?

[ScalixSupport]

The flow of mail, when SMTPFILTER=TRUE is enabled in smtpd.cfg, is through the SMTP Relay to sendmail, from sendmail to unix.in, from unix.in to the Service Router.

You can see mail getting into Sendmail and being passed to unix.in by looking in /var/log/maillog.

For the flow from unix.in to the service router and local delivery, you need to enable auditing on the router and local delivery services, restart those services and then look in /var/opt/scalix/logs/audit. Details are in chapter 22 of the Administration Guide.

Cheers

Dave

[JonathanC]

When a message that comes in at spam we see the following in our log:

Mar 10 13:48:11 mail sendmail[7190]: k2AImBvR007190: from=<anyuser@yahoo.com>, size=1176, class=0, nrcpts=1, msgid=<20060310184958.71732.qmail@web50807.mail.yahoo.com>, proto=ESMTP, relay=root@localhost
Mar 10 13:48:12 mail sendmail[7191]: k2AImCa4007191: from=<anyuser@yahoo.com>, size=1366, class=0, nrcpts=1, msgid=<20060310184958.71732.qmail@web50807.mail.yahoo.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Mar 10 13:48:12 mail spamd[7154]: connection from localhost.localdomain [127.0.0.1] at port 33266
Mar 10 13:48:12 mail spamd[7154]: info: setuid to root succeeded
Mar 10 13:48:12 mail spamd[7154]: Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody.
Mar 10 13:48:12 mail spamd[7154]: processing message <20060310184958.71732.qmail@web50807.mail.yahoo.com> for root:99.
Mar 10 13:48:13 mail spamd[7154]: identified spam (101.4/5.0) for root:99 in 1.2 seconds, 1594 bytes.
Mar 10 13:48:13 mail spamd[7154]: result: Y 101 - DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_WHOIS,FROM_ENDS_IN_NUMS,USER_IN_BLACKLIST scantime=1.2,size=1594,mid=<20060310184958.71732.qmail@web50807.mail.yahoo.com>,autolearn=no
Mar 10 13:48:13 mail sendmail[7191]: k2AImCa4007191: Milter add: header: X-Spam-Flag: YES
Mar 10 13:48:13 mail sendmail[7191]: k2AImCa4007191: Milter add: header: X-Spam-Status: Yes, score=101.4 required=5.0 tests=DNS_FROM_RFC_ABUSE,\n\tDNS_FROM_RFC_WHOIS,FROM_ENDS_IN_NUMS,USER_IN_BLACKLIST autolearn=no \n\tversion=3.0.5
Mar 10 13:48:13 mail sendmail[7191]: k2AImCa4007191: Milter: data, reject=550 5.7.1 Blocked by SpamAssassin
Mar 10 13:48:13 mail sendmail[7191]: k2AImCa4007191: to=<somesuer@mydomain.net>, delay=00:00:01, pri=31366, stat=Blocked by SpamAssassin

[ScalixSupport]

101.4 is a pretty impressive score for spam and certainly got some appreciative whistles here in the office :-) Is there a reason why you want to even accept it into your mail server ?

The spamass-milter setting -r dictates when spamass-milter will reject the mail. You should check /etc/init.d/spamass-milter as I believe the default is 15, i.e. a score of 15 or higher will be rejected.

You could change this value to 2000 (or any arbitrary high number) if you wanted to but I strongly advise against it.

If you do change the value, you will need to restart the spamass-milter service for the change to be picked up.

Cheers

Dave

[JonathanC]

I think my posts may be misunderstood. We just want to have all messages received into the server and any messages that are higher than the threshold (15) be tagged with [SPAM]. For instance....if someone sent a message like this:

From: Someone@yahoo.com
Subject: Hello
Message: Hi, this is a test

If the message is determined that it is spam, the end user should see it as this:

From: Someone@yahoo.com
Subject: [SPAM] Hello
Message: Hi, this is a test

This way, in outlook, they can create rules that state if [SPAM] is in the subject field, move message to "Junk Mail" folder.

Thank you so much for your help Dave.

[ScalixSupport]

In that case, you need to look through the man page for Mail::SpamAssassin::Conf as this gives details on how /etc/mail/spamassassin/local.cf can be configured to do all of this.

In conjunction, you will need to modify the spamass-milter options so that the -m option is removed. This allows SpamAssassin to rewrite the subject.

The rest of the configuration is up to you depending upon your business need but I strongly recommend you reading the man page for the options that are available.

Cheers

Dave

[burhankhalid]

I'm having a different problem than this, using the knowledge base article. I get the following error in my /var/log/maillog:

Code: Select all

Mar 12 12:55:15 avalon sendmail[5894]: k2C9tFCh005894: Milter (spamassassin): error connecting to filter: Connection refused by /var/run/spamassassin/spamd.pid
Mar 12 12:55:15 avalon sendmail[5894]: k2C9tFCh005894: Milter (spamassassin): to error state


I'm not sure what is the problem here. I installed spamassassin and spamass-milter from yum (using FC4). Followed the KB article 126747 -- but have been stuck with this problem. Any ideas?

Configuration files are as follows:

/etc/sysconfig/spamassassin

Code: Select all

# Options to spamd
SPAMDOPTIONS="-d -c -m5 -H"


/etc/sysconfig/spamass-milter

Code: Select all

### Override for your different local config
#SOCKET=/var/run/spamass-milter/spamass-milter.sock

### Standard parameters for spamass-milter are:
### -P /var/run/spamass-milter.pid (PID file)
###
### Note that the -f parameter for running the milter in the background
### is not required because the milter runs in a wrapper script that
### backgrounds itself
###
### You may add another parameters here, see spamass-milter(1)
#EXTRA_FLAGS="-m -r 15"


The sendmail configuration file has been edited as per the KB article.