SpamAssassin help needed

[WizmanG]

I have Spamassassin setup and it appears to be working correctly except it isn't rejecting messages marked as spam. Here is an email header from on of the messages that is getting through.

X-Virus-Scan: Scanned by clamdmail 0.13 (no viruses);

Thu, 7 Sep 2006 23:47:39 -0900
X-Mailer: Microsoft Office Outlook, Build 11.0.7418
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1197
Thread-Index: H9qejmzvNloRd4SjHL8qoTqFgQuo2URQ15Td
X-Spam-Flag: YES
X-Spam-Status: Yes, score=8.5 required=4.8 tests=HG_HORMONE,SPF_HELO_PASS,

UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL

autolearn=no version=3.1.5
X-Spam-Level: ********
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on mail.karibe.com

Am I missing something? I thought Scalix would reject messages marked as spam.

Thanks....

[tripleB]

don't know anything about scalix - installed it 2 days ago....

but

spamassassin running on our old mail server did not "reject" the spam - you just told the mta that if mail had the spam flag then deliver to xxx or reject so maybe you have to set it up somewhere else??

[jpreston]

WizmanG,

SpamAssassin can be configured to drop an e-mail, but over all dropping mail is generally NOT the responsibility of the MTA. Please make sure you have SpamAssassin configured properly.

Worse case scenario, use MailWasher!

Hope that helps!

[neronsp]

check your /etc/sysconfig/spamassassin

I think its required_hits

[thatitguy]

I assume you're using spamass-milter?
If so, then you can configure a reject level in the milter:
/etc/sysconfig/spamass-milter

Code: Select all

"EXTRA_FLAGS="-m -r 15"

-m means Don't modify the subject or body of the message
-r 15 means reject the message when the message exceeds a score of 15

For my installations, I hav had issues with the -r flag being problematic with unroutable sender addresses (if you dig in the forum you'll see what I mean); sendmail either panics because it can't deliver the NDR, or it drops things where they don't belong.

I've looked into doing a silent drop, but spamass-milter doesn't support it at this time from what I can tell.

What I've settled on for now is using the -b spambucket@domain.com flag, and adding an alias in /etc/aliases to a script that deals with the messages; the script then forwards the ones with mid scores (5-15) and kills off the ones that are obvious (>15).
/etc/aliases:

Code: Select all

spambucket: "|/usr/local/bin/formail_wrapper_script"

Hope that helps!

[sk8conz]

This sounds like the exact solution I could use.

Any chance of posting the script that deletes the mail with a spam socre >15 and forwards the rest for delivery as normal ?

[jbougeno]

Can anybody post detailed step-by-step instructions on how to install SpamAssassin and connect it to Scalix? I've got both products installed and they test fine when tested independently but they don't seem to be communicating with one another. I've looked on the Internet and also on the Scalix forums but haven't found anything yet that really helps me with this problem.

Thanks.

[thatitguy]

I'll try to carve out the time to write a howto on this tonite and post a url here.

If I can make the time, I'll also post a quick detail of the Spamdigester (http://spamdigester.org), a system that I wrote with a friend of mine that acts as a perimeter e-mail 'firewall' that you can install in front of a Scalix server.

[kmcelwain]

I wrote a small how to for scalix 10, you could search for my username and probably find it.

However, I did switch to MailWasher because I found the end user experience a lot easier to manage. Basically, giving users a web gui to change the Bayesian guessing and maintain their own black and white list.

Plus, it was probably a configuration problem on my part but we receive almost 500,000 messages a month...and 30~40% is junk. As a result, sending messages was horrible....10 to 30 seconds just to send a message, sometimes over a minute. MailWasher....same spam and no delay, plus the install was super easy.

Just a thought and my humble opinion.

[jillrae]

kmcelwain,

What information did you use to configure MailWasher? I would like to use this program for the same reasons you listed. I run my Scalix on a SLES server.

Thanks for any info.

jillrae

[kmcelwain]

First, I followed the install steps for Spamassassin and simply reversed them to uninstall the application. rpm -e will uninstall the actual applications once you have restored the configuration files.

I downloaded the most recent copy of mailwasher from their site

http://internap.dl.sourceforge.net/sourceforge/mailwasher/mailwasher-2.1.9-noldap.bin

It's a bin file (executable) but you have to type
chmod -777 mailwasher-2.1.9-noldap.bin

to let you execute it after you download it.

then you simply type
./mailwasher-2.1.9-noldap.bin

and it should go through the setup....couldn't be any easier.

You can use the LDAP or the noldap version. Basically, if you get the LDAP version you can simply turn it off and let it create the accounts for you.

Then followed the Wiki step by step.
http://www.scalix.com/wiki/index.php?title=HowTos/Mailwasher

***I skipped the loglevel=debug step, why because the log file get REALLY big really fast if you get a lot of SPAM. You can always turn it on if something messes up.


Finally, after you've let it run for a day or two you will want to turn off the auto account creation. Go back and delete all of the bogus accounts and create any accounts it missed.

I would recommend giving the default accounts access to system statistics.....it gives them the pretty user interface with the change password link. My users simply liked it better and I didn't have to hack the interface to give them a change password button. Who really cares if they can see the stats anyway, who knows, they might actually start believing you for a change.

Last step....your Web interface will crash a lot....I mean a lot....at least mine did. Something about the system doesn't like the manual creation and deleting of accounts...they know about it. After I was sure that everyone had started getting used to the system....
I stopped mwi and mpd (in that order)...
ssh'ed into the system....
deleted all quarantined_email files....I think there are 5...
then started mpd and mwi (in that order)
Things haven't crashed since.....YEAH...knock on wood.

These are your friends...use them.
service mwserver-mwi.sh start
service mwserver-mwi.sh stop
service mwserver-mpd.sh start
service mwserver-mpd.sh stop

Hey let me know how it goes and if this was helpful or not

[jillrae]

Karl,

I followed your MailWasher instructions and the Mailwasher How To from the Wiki. WOW. was it ever and easy install and configuration. I am letting it run until I get my first 100 SPAMS. I will let you know how things are going then.

The only difference is the path name to the smtpd.cfg file. The directory structure changed in Scalix for version 11.

Thanks

jillrae

[jillrae]

Karl,

How do I know MW is working properly? I checked the statistics and everything is zero. All MW services are started and I did the sendmail, scalix & tomcat restarts. Hmmmm.

jillrae

[jpreston]

Jillrae,

I would check to see if the mwi* processes are running. Also, in the original HowTo, I recommended setting the log level to debug. It is true that it will eat lots of disk space if you receive a lot of mail, but during the first couple of days, this information can be crucial in determining what is happening where.

At some point this week, I'll be updating the Wiki HowTo to include Scalix 11. I've finished getting my Scalix 11 system completely functional with CentOS 4.4, MailWasher and ClamAV. I know the setup is still largely the same, and in a couple of instances a little easier (yeah, like that could happen?! LOL!).

Anyhow, have you figured out what was going on or do you still need assistance?

Joshua.

[jillrae]

Thanks for the reply. I will keep an eye out for the updated How To. I checked and the MW services are running. I will go back and double check to make sure I edited the correct files and make usre the keyboard didn't make any typos. (Just can't get good keyboards any more! :D ) I will update the progess later this AM.