You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Philip Seccombe <ph...@turnstone.co.nz> on 2007/02/12 23:42:22 UTC
SpamAssassin using spamc but not using rules correctly? Is my time being wasted changing local.cf etc?
Hi everyone,
I've taken over a mail server from a previous technician and he's
modified qmail to call spamassassin and the problem is I make changes to
local.cf but I don't think they get used.
Reasoning is that mail.info shoes it saying that required score is 5.0
but I've changed this to 4.5
spamassassin --lint -D will say that 4.5 is required:
[21280] dbg: rules: running full-text regexp tests; score so far=1.046
[21280] dbg: check: is spam? score=1.046 required=4.5
[21280] dbg: check:
tests=BAYES_05,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[21280] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,_
_SANE_MSGID,__UNUSABLE_MSGID
/var/log/mail.info shows the following:
Feb 13 11:26:53 nibbler spamd[14048]: spamd: connection from localhost
[127.0.0.1] at port 44594
Feb 13 11:26:53 nibbler spamd[14048]: spamd: checking message
<B0...@bmw_exch.bmw.org.nz> for
f.vesly@curekids.org.nz:1005
Feb 13 11:26:57 nibbler spamd[14048]: spamd: clean message (-2.6/5.0)
for f.vesly@curekids.org.nz:1005 in 3.6 seconds, 1510 bytes.
Feb 13 11:26:57 nibbler spamd[14048]: spamd: result: . -2 - BAYES_00
scantime=3.6,size=1510,user=f.vesly@curekids.org.nz,uid=1005,required_sc
ore=5.0,rhost=localhost,raddr=127.0.0.1,rport=44594,mid=<B001CE0E4EE3A94
782C9D93DBA5E2BFA0203F364@bmw_exch.bmw.org.nz>,bayes=0,autolearn=ham
Feb 13 11:26:57 nibbler spamd[887]: prefork: child states: II
Feb 13 11:26:57 nibbler qmail: 1171319217.234315 new msg 586816
Feb 13 11:26:57 nibbler qmail: 1171319217.234479 info msg 586816: bytes
1849 from <> qp 21157 uid 1008
Feb 13 11:26:57 nibbler qmail-scanner[21149]:
Clear:RC:0(210.54.125.66):SA:0(-2.6/5.0): 3.692409 1492 <>
f.vesly@curekids.org.nz
Out_of_Office_AutoReply:_Booking_for_Kaye_Parker_-_Cure_Kids
<B0...@bmw_exch.bmw.org.nz>
1171319213.21151-0.nibbler:851 orig-nibbler117131921354621149:1492
Feb 13 11:26:57 nibbler qmail: 1171319217.342141 starting delivery
24523: msg 586816 to remote f.vesly@curekids.org.nz
Feb 13 11:26:57 nibbler qmail: 1171319217.342316 status: local 0/10
remote 1/20
Feb 13 11:26:58 nibbler qmail: 1171319218.000917 delivery 24523:
success:
222.154.228.91_accepted_message./Remote_host_said:_250_2.6.0__<B001CE0E4
EE3A94782C9D93DBA5E2BFA0203F364@bmw_exch.bmw.org.nz>_Queued_mail_for_del
ivery/
Feb 13 11:26:58 nibbler qmail: 1171319218.001407 status: local 0/10
remote 0/20
Feb 13 11:26:58 nibbler qmail: 1171319218.001527 end msg 586816
Feb 13 11:27:50 nibbler qmail: 1171319270.425995 new msg 586816
Feb 13 11:27:50 nibbler qmail: 1171319270.426170 info msg 586816: bytes
3960222 from <st...@nzclothing.co.nz> qp 21175 uid 1008
Feb 13 11:27:50 nibbler qmail-scanner[21166]:
Clear:RC:0(219.88.242.4):SA:0(?/?): 22.80491 3959889
stewart@nzclothing.co.nz michele@nzclothing.co.nz
FW:_Phone_call_at_the_club <00...@Stewart>
1171319268.21170-0.nibbler:270 1171319268.21170-1.nibbler:4810
3357.wmv:2926143 orig-nibbler117131924654621166:3959889
Feb 13 11:27:50 nibbler qmail: 1171319270.562702 starting delivery
24524: msg 586816 to local nzclothing.co.nz-michele@nzclothing.co.nz
Feb 13 11:27:50 nibbler qmail: 1171319270.562879 status: local 1/10
remote 0/20
Feb 13 11:27:50 nibbler qmail: 1171319270.631623 delivery 24524:
success: did_0+0+1/
Feb 13 11:27:50 nibbler qmail: 1171319270.632040 status: local 0/10
remote 0/20
Feb 13 11:27:50 nibbler qmail: 1171319270.632160 end msg 586816
Qmail-scanner-queue.pl appears to have the following for spamassassin
(I'm unsure how much this has been edited by the previous technician)
my $spamc_binary='/usr/bin/spamc';
my $spamc_options=' -c ';
my $spamc_subject='';
my $spamassassin_binary='/usr/bin/spamassassin';
my ($sa_comment,$sa_level);
my $sa_symbol='+';
sub spamassassin {
#Only run SA if mail is from a "remote" SMTP client, or
QS_SPAMASSASSIN
#is defined via tcpserver...
if (defined($ENV{'RELAYCLIENT'}) && !defined($ENV{'QS_SPAMASSASSIN'}))
{
&debug("spamassassin: don't scan as RELAYCLIENT implies this was
sent by a local user");
return;
}
#SpamAssassin client scanner
my ($spamassassin_found,$spamassassin_status);
my ($start_spamassassin_time)=[gettimeofday];
my
($sa_tag,$DD,$stop_spamassassin_time,$spamassassin_time,$cmdline_recip,$
sa_fast);
my ($sa_status)=0;
my ($sa_score)=0; my ($sa_max)=0;
if ($msg_size > 250000) {
&debug("spamassassin: message too big - skip it");
$sa_score=$sa_max="?";
$tag_score .= "SA:0($sa_score/$sa_max):";
$sa_comment = "No, hits=$sa_score required=$sa_max" if ($sa_fast);
return;
}
#Cleanup $one_recip so it's usable from the commandline...
#any char that isn't supported to changed into an '_'
($cmdline_recip=$one_recip)=~s/[^0-9a-z\.\_\-\=\+\@]/_/gi;
$cmdline_recip=~/^([0-9a-z\.\_\-\=\+\@]+)$/i;
$cmdline_recip=tolower($1);
$sa_fast=1 if ($spamc_options =~ /\-c /);
$spamc_options="$spamc_options -u \"$cmdline_recip\"" if
($cmdline_recip ne "");
&debug("SA: run $spamc_binary $spamc_options <
$scandir/$wmaildir/new/$file_id");
open(SIN,"<$scandir/$wmaildir/new/$file_id")||&error_condition("cannot
open $scandir/$wmaildir/new/$file_id - $!");
open(SOUT,"|$spamc_binary $spamc_options >
$scandir/$wmaildir/new/$file_id.spamc")||&error_condition("cannot open
for write $scand
ir/$wmaildir/new/$file_id.spamc - $!");
print SOUT "X-Envelope-From: $headers{'MAILFROM'}\n";
while (<SIN>) {
print SOUT;
}
close(SIN)||&error_condition("cannot close
$scandir/$wmaildir/new/$file_id - $!");
close SOUT;
$spamassassin_status=($? >> 8);
$sa_status=$spamassassin_status if ($sa_fast);
open(SA,"<$scandir/$wmaildir/new/$file_id.spamc")||&error_condition("can
not open for read $scandir/$wmaildir/new/$file_id.spamc -
$!");
while (<SA>) {
if ($sa_fast) {
chomp;
($sa_score,$sa_max)=split(/\//,$_,2);
$sa_tag++;
last;
} else {
#X-Spam-Status: No, hits=2.8 required=5.0
if (/^X-Spam-Status: (Yes|No), (hits|score)=(-?[\d\.]*)
required=([\d\.]*)/) {
$sa_tag++;
$sa_status=1 if ($1 eq "Yes");
$sa_score=$3;$sa_max=$4;
}
}
}
close SA ;
$sa_score='?' if (!$sa_score);
$sa_max='?' if (!$sa_max);
if (!$sa_fast && -s "$scandir/$wmaildir/new/$file_id.spamc" &&
$spamassassin_status == 0) {
&debug("SA: overwriting $scandir/$wmaildir/new/$file_id with
$scandir/$wmaildir/new/$file_id.spamc");
rename
("$scandir/$wmaildir/new/$file_id.spamc","$scandir/$wmaildir/new/$file_i
d");
} else {
unlink("$scandir/$wmaildir/new/$file_id.spamc");
}
if ($sa_max > $sa_score || ($sa_score == 0)) {
$tag_score .= "SA:0($sa_score/$sa_max):";
$sa_comment = "No, hits=$sa_score required=$sa_max" if ($sa_fast);
} else {
$tag_score .= "SA:1($sa_score/$sa_max):";
$sa_comment = "Yes, hits=$sa_score required=$sa_max" if ($sa_fast);
&debug("SA: yup, this smells like SPAM");
}
if ($sa_score > 0) {
$sa_score=int($sa_score);
#Keep it RFC compliant
$sa_score=100 if ($sa_score > 100);
my $si=0;
if ($sa_fast) {
while ($si < $sa_score) {
$si++;
$sa_level .= $sa_symbol;
}
}
}
$stop_spamassassin_time=[gettimeofday];
$spamassassin_time = tv_interval ($start_spamassassin_time,
$stop_spamassassin_time);
&debug("spamassassin: finished scan of dir \"$ENV{'TMPDIR'}\" in
$spamassassin_time secs");
}
Does anyone have any idea what on earth is going on here?
I'm not a huge linux guru so I'm a little confused, qmail appears to
download the message, check if it is a virus, then call spamc and check
if it is spam, if it is then it puts it on a pop mailbox on the server
else it forwards the message onto the customers mail server
Appologies on the huge email, I wanted to give as much detail as I could
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: philip@turnstone.co.nz
Web: www.turnstone.co.nz
Re: SpamAssassin using spamc but not using rules correctly? Is my time being wasted changing local.cf etc?
Posted by Bob McClure Jr <bo...@bobcatos.com>.
On Tue, Feb 13, 2007 at 11:42:22AM +1300, Philip Seccombe wrote:
> Hi everyone,
>
>
>
> I've taken over a mail server from a previous technician and he's
> modified qmail to call spamassassin and the problem is I make changes to
> local.cf but I don't think they get used.
>
>
>
> Reasoning is that mail.info shoes it saying that required score is 5.0
> but I've changed this to 4.5
>
> spamassassin --lint -D will say that 4.5 is required:
>
>
>
> [21280] dbg: rules: running full-text regexp tests; score so far=1.046
>
> [21280] dbg: check: is spam? score=1.046 required=4.5
>
> [21280] dbg: check:
> tests=BAYES_05,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
>
> [21280] dbg: check:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,_
> _SANE_MSGID,__UNUSABLE_MSGID
>
>
>
> /var/log/mail.info shows the following:
>
>
>
> Feb 13 11:26:53 nibbler spamd[14048]: spamd: connection from localhost
> [127.0.0.1] at port 44594
Umm, did you restart spamd?
>
> <remainder snipped>
>
>
> Does anyone have any idea what on earth is going on here?
>
> I'm not a huge linux guru so I'm a little confused, qmail appears to
> download the message, check if it is a virus, then call spamc and check
> if it is spam, if it is then it puts it on a pop mailbox on the server
> else it forwards the message onto the customers mail server
>
>
>
> Appologies on the huge email, I wanted to give as much detail as I could
>
>
>
> Kind Regards,
>
> Philip Seccombe
>
> Turnstone Technologies NZ Limited
>
>
>
> Phone: +64 9 970 5550
>
> Fax: +64 9 970 5559
>
> DDI: +64 9 970 5552
>
> Email: philip@turnstone.co.nz
>
> Web: www.turnstone.co.nz
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
This day I call heaven and earth as witnesses against you that I have
set before you life and death, blessings and curses. Now choose life,
so that you and your children may live. Deuteronomy 30:19 (NIV)