Spamassasin ingnores whitelist

[Mysterious]

Hi,
i set up spamassasin like described in the wiki: http://www.scalix.com/wiki/index.php?ti ... amAssassin

The filtering of spam workes fine but it seems that spamassasin ignores my whitelist.

If i start the script manually i can see he is adding the email from the non-spam folder with sa-learn --ham to the whitelist but the next email coming from this sender still has a score higher than 3 and is marked as possible spam.

May spamassasin ignores the whitelist? The whitelist is at

Code: Select all

/home/spamd/.spamassassin/auto-whitelist


I can see that there are many email-adresses inside

But where can i see if he scanns this list when an email comes in?

Would be nice if someone can help me a bit finding the mistake

Greetings Armin

[dougp23]

Is spamd running as user spamd, or is running as root?

Check your maillog, look for permission errors.

[Mysterious]

this is the output of all spamd processes;

Code: Select all

[root@scalix /]# ps aux |grep spam
root      3403  0.0  0.9  31416  4968 ?        Ss   Apr17   0:18 /usr/bin/spamd -d -c -x -m5 -H -u spamd -r /var/run/spamd.pid
root      3457  0.0  0.1  43932   716 ?        Ssl  Apr17   1:25 spamass-milter -p /var/run/spamass-milter/spamass-milter.sock -f
spamd    30097  0.0  4.5  37376 23784 ?        S    Apr21   0:07 spamd child
spamd    14697  0.2  4.8  36772 25624 ?        S    05:20   1:38 spamd child
root     17499  0.0  0.1   3880   668 ttyp0    R+   16:11   0:00 grep spam


An normal incoming spam looks like this:

Code: Select all

pr 24 15:21:09 scalix spamd[3403]: prefork: child states: II
Apr 24 15:21:10 scalix sendmail[17128]: m3ODL82K017120: to=<m.hanswurst@mydomain.de>, delay=00:00:01, xdelay=00:00:01, mailer=scalix_mime, pri=122792, relay=scalix, dsn=2.0.0, stat=Sent (Ok)
Apr 24 15:23:21 scalix sendmail[17141]: m3ODNLgB017141: from=<LaurelhermesBassett@yahoo.com>, size=1101, class=0, nrcpts=1, msgid=11ec701c8a616$85bc9880$0201a8c0@kbb584c9241864, proto=ESMTP, daemon=MTA, rel$
Apr 24 15:23:21 scalix spamd[14697]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50513
Apr 24 15:23:21 scalix spamd[14697]: spamd: processing message <11ec701c8a616$85bc9880$0201a8c0@kbb584c9241864> for root:501
Apr 24 15:23:22 scalix spamd[14697]: spamd: identified spam (16.0/5.0) for root:501 in 0.4 seconds, 1438 bytes.
Apr 24 15:23:22 scalix spamd[14697]: spamd: result: Y 15 - BAYES_95,DATE_IN_FUTURE_03_06,FORGED_MUA_OUTLOOK,FORGED_YAHOO_RCVD,INVALID_MSGID,REPLICA_WATCH scantime=0.4,size=1438,user=root,uid=501,required_sc$
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter add: header: X-Spam-Flag: YES
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter add: header: X-Spam-Status: Yes, score=16.0 required=5.0 tests=BAYES_95,\n\tDATE_IN_FUTURE_03_06,FORGED_MUA_OUTLOOK,FORGED_YAHOO_RCVD,INVALID_M$
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter add: header: X-Spam-Level: ***************
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on scalix.mydomain.de
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter change: header Subject: from Replica Rolex Swiss Watches    to [SPAM] Replica Rolex Swiss Watches
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter change: header Content-Type: from text/plain;\n\tformat=flowed;\n\tcharset="iso-8859-1";\n\treply-type=original to multipart/mixed; boundary="-$
Apr 24 15:23:22 scalix sendmail[17141]: m3ODNLgB017141: Milter message: body replaced
Apr 24 15:23:22 scalix spamd[3403]: prefork: child states: II



My /etc/sysconfig/spamasassin looks like this:

Code: Select all

# Options to spamd
SPAMDOPTIONS="-d -c -x -m5 -H -u spamd"



Cant see any error here...??? Or dos the first provess have to run as user spamd? Wher e can i set this?

[dougp23]

check your spamass-milter file (prob in /etc/init.d)

try giving it the same -u spamd flag. spamass-milter fires off spamc, which scans individual emails, and right now it's running as root on your system. So chances are, it's looking at a whitelist under root.

You could always try editing the user_prefs under /root/.spamassassin and whitelist an address there, and see if it goes through ok.

[Mysterious]

Okay i tested a bit:

First test:
I deleted the items under /root/.spamasassin/* , put 2 spam emails in my spam folder and started the spamdetection bashscript (from the wiki). After that the files have been newly created under /root/spamasassin/

Second test:
I deleted the items under /home/spamd/.spamassasin/* and then send me an email. After spamasassin scanned the email it created an auto-whitelist file under /home/spamd/.spamasassin/

This says to me that the script learns the auto-whitelist under root, but the incomming mails are scanned to the whitelist-file under /home/spamd/.

What do i have to change now. Think i should change it in such a way that the command "sa-learn" which is called from my bash-script uses /home/spamd/.spamasassin as its folder.
What do i have to change? The user which runs the script, or the user under which sa-learn is run? And the main question how do i do this under centos5 (RHEL5-clone).

Thanks for your help.

Greetings Mysterious

[dougp23]

Your spamass-milter is running as root, so when an individual message is scanned, it calls spamc. Spamc, called by the milter as root, will run as root.

My spamass-milter looks like this:

### Default variables
SOCKET="/var/run/spamass.sock"
EXTRA_FLAGS="-m -r 5. -u spamu"

So now the milter runs as user spamu, as does spamassassin.

I just finished a little writeup on this at my blog:
http://swifttide.com/blog