You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Gregor Dschung <sa...@dschung.de> on 2008/10/16 11:43:02 UTC
since restart: identified spam doesn't get X-Spam-Headerfields
Hi all,
My mails are piped by postfix to maildrop which forwards the mail to
spamc. The relevant part of /etc/maildroprc is appended. Spamassassin
uses the "report_safe 1" option.
Now since I restarted my server, I've the following issue:
Many mails are scanned and handled as usual. When spamd say "it's spam",
then the spam-mail is attached to a report-mail with the whole
X-Spam-Headerfields. And maildrop can find the "X-Spam-Flag" and throws
the mail in a spamfolder.
But unfortunately, there are some mails, which are identified as spam,
but not attached to a report-mail. So the mail doesn't get the
X-Spam-Headerfields and the "if(/^X-Spam-Flag: *YES/) { ... }"-stanza
won't handled by maildrop. I've no idea, why, I guess 80% of spam is
handled right, but 20% not.
I didn't upgrade spamassassin or maildrop and I didn't touch any
config-file. I'm using spamassassin-3.2.1-r1 and maildrop-2.0.4.
Below is the log of a mail, which is identified as spam, but not handled
like spam. There is no difference in the log to mails which are handled
correctly.
Does anybody have some idea?
Thanks,
Gregor
/ect/maildroprc:
[..]
if ( $SPAMFILTER )
{
if( $SIZE < $SCANSPAMSIZE )
{
exception {
if ( $USESPAMC )
{
# `DOMAIN=$(echo $LOGNAME | cut -s -d@ -f2)`
xfilter "/usr/bin/spamc -f -x -u $LOGNAME"
}
else
{
xfilter "/usr/bin/spamassassin -x"
}
}
}
# check if mail is marked as spam
if(/^X-Spam-Flag: *YES/)
{
exception {
log "identifyed as spam! -> $MAILDIR/.Spam"
MAILDIR = $MAILDIR.Spam/
VSCAN=0
USERFILTER=0
}
}
}
[...]
/var/log/mail.log (I change the domain from my mail-address to
example.com for spam-reasons :( ):
Oct 16 11:14:46 hosting postfix/smtpd[8356]: connect from
77-234-9-159.pppoe.yaroslavl.ru[77.234.9.159]
Oct 16 11:14:48 hosting postfix/smtpd[8356]: 67B9344403D:
client=77-234-9-159.pppoe.yaroslavl.ru[77.234.9.159]
Oct 16 11:14:49 hosting postfix/cleanup[8362]: 67B9344403D:
message-id=<01...@akstcratitemnsdgs>
Oct 16 11:14:49 hosting postfix/qmgr[14724]: 67B9344403D:
from=<ak...@ratite.com>, size=4850, nrcpt=1 (queue active)
Oct 16 11:14:49 hosting spamd[415]: spamd: connection from localhost
[127.0.0.1] at port 35926
Oct 16 11:14:49 hosting spamd[415]: spamd: using default config for
mail@example.com: /var/syscpvmail/.spamassassin/example.com/user_prefs
Oct 16 11:14:49 hosting spamd[415]: spamd: processing message
<01...@akstcratitemnsdgs> for mail@example.com:9997
Oct 16 11:14:50 hosting dccproc[8451]: missing message body; fatal error
Oct 16 11:14:50 hosting postfix/smtpd[8356]: disconnect from
77-234-9-159.pppoe.yaroslavl.ru[77.234.9.159]
Oct 16 11:14:50 hosting spamd[415]: spamd: identified spam (14.8/6.5)
for mail@example.com:9997 in 0.9 seconds, 4827 bytes.
Oct 16 11:14:50 hosting spamd[415]: spamd: result: Y 14 -
BAYES_99,DNS_FROM_SECURITYSAGE,DYN_RDNS_SHORT_HELO_HTML,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_DYNAMIC,UNWANTED_LANGUAGE_BODY
scantime=0.9,size=4827,user=mail@example.com,uid=9997,required_score=6.5,rhost=localhost,raddr=127.0.0.1,rport=35926,mid=<01...@akstcratitemnsdgs>,bayes=1.000000,autolearn=no
Oct 16 11:14:50 hosting spamd[26939]: prefork: child states: II
Oct 16 11:14:50 hosting postfix/pipe[8364]: 67B9344403D:
to=<ma...@example.com>, orig_to=<go...@example.com>, relay=maildrop,
delay=2.1, delays=1.1/0/0/1, dsn=2.0.0, status=sent (delivered via
maildrop service)
Oct 16 11:14:50 hosting postfix/qmgr[14724]: 67B9344403D: removed
Re: since restart: identified spam doesn't get X-Spam-Headerfields
Posted by Gregor Dschung <sa...@dschung.de>.
It seems to be solved. The issue was caused by a full /tmp-Folder ...
Gregor
Gregor Dschung schrieb:
> Hi all,
>
> My mails are piped by postfix to maildrop which forwards the mail to
> spamc. The relevant part of /etc/maildroprc is appended. Spamassassin
> uses the "report_safe 1" option.
>
> Now since I restarted my server, I've the following issue:
> Many mails are scanned and handled as usual. When spamd say "it's spam",
> then the spam-mail is attached to a report-mail with the whole
> X-Spam-Headerfields. And maildrop can find the "X-Spam-Flag" and throws
> the mail in a spamfolder.
> But unfortunately, there are some mails, which are identified as spam,
> but not attached to a report-mail. So the mail doesn't get the
> X-Spam-Headerfields and the "if(/^X-Spam-Flag: *YES/) { ... }"-stanza
> won't handled by maildrop. I've no idea, why, I guess 80% of spam is
> handled right, but 20% not.
> I didn't upgrade spamassassin or maildrop and I didn't touch any
> config-file. I'm using spamassassin-3.2.1-r1 and maildrop-2.0.4.
>
> Below is the log of a mail, which is identified as spam, but not handled
> like spam. There is no difference in the log to mails which are handled
> correctly.
>
> Does anybody have some idea?
>
> Thanks,
> Gregor
>
>
> /ect/maildroprc:
> [..]
> if ( $SPAMFILTER )
> {
> if( $SIZE < $SCANSPAMSIZE )
> {
> exception {
> if ( $USESPAMC )
> {
> # `DOMAIN=$(echo $LOGNAME | cut -s -d@ -f2)`
> xfilter "/usr/bin/spamc -f -x -u $LOGNAME"
> }
> else
> {
> xfilter "/usr/bin/spamassassin -x"
> }
> }
> }
>
> # check if mail is marked as spam
> if(/^X-Spam-Flag: *YES/)
> {
> exception {
> log "identifyed as spam! -> $MAILDIR/.Spam"
> MAILDIR = $MAILDIR.Spam/
> VSCAN=0
> USERFILTER=0
> }
> }
> }
> [...]
>
> /var/log/mail.log (I change the domain from my mail-address to
> example.com for spam-reasons :( ):
> Oct 16 11:14:46 hosting postfix/smtpd[8356]: connect from
> 77-234-9-159.pppoe.yaroslavl.ru[77.234.9.159]
> Oct 16 11:14:48 hosting postfix/smtpd[8356]: 67B9344403D:
> client=77-234-9-159.pppoe.yaroslavl.ru[77.234.9.159]
> Oct 16 11:14:49 hosting postfix/cleanup[8362]: 67B9344403D:
> message-id=<01...@akstcratitemnsdgs>
> Oct 16 11:14:49 hosting postfix/qmgr[14724]: 67B9344403D:
> from=<ak...@ratite.com>, size=4850, nrcpt=1 (queue active)
> Oct 16 11:14:49 hosting spamd[415]: spamd: connection from localhost
> [127.0.0.1] at port 35926
> Oct 16 11:14:49 hosting spamd[415]: spamd: using default config for
> mail@example.com: /var/syscpvmail/.spamassassin/example.com/user_prefs
> Oct 16 11:14:49 hosting spamd[415]: spamd: processing message
> <01...@akstcratitemnsdgs> for mail@example.com:9997
> Oct 16 11:14:50 hosting dccproc[8451]: missing message body; fatal error
> Oct 16 11:14:50 hosting postfix/smtpd[8356]: disconnect from
> 77-234-9-159.pppoe.yaroslavl.ru[77.234.9.159]
> Oct 16 11:14:50 hosting spamd[415]: spamd: identified spam (14.8/6.5)
> for mail@example.com:9997 in 0.9 seconds, 4827 bytes.
> Oct 16 11:14:50 hosting spamd[415]: spamd: result: Y 14 -
> BAYES_99,DNS_FROM_SECURITYSAGE,DYN_RDNS_SHORT_HELO_HTML,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_DYNAMIC,UNWANTED_LANGUAGE_BODY
> scantime=0.9,size=4827,user=mail@example.com,uid=9997,required_score=6.5,rhost=localhost,raddr=127.0.0.1,rport=35926,mid=<01...@akstcratitemnsdgs>,bayes=1.000000,autolearn=no
> Oct 16 11:14:50 hosting spamd[26939]: prefork: child states: II
> Oct 16 11:14:50 hosting postfix/pipe[8364]: 67B9344403D:
> to=<ma...@example.com>, orig_to=<go...@example.com>, relay=maildrop,
> delay=2.1, delays=1.1/0/0/1, dsn=2.0.0, status=sent (delivered via
> maildrop service)
> Oct 16 11:14:50 hosting postfix/qmgr[14724]: 67B9344403D: removed
>