You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by David Minard <da...@cit.uws.edu.au> on 2006/05/11 09:32:08 UTC
SpamAssassin 3.1.1 Not Tagging Anything As Spam Anymore
G'day All,
I'm hoping for enlightenment with a peculiar problem I'm having with
SpamAssassin 3.1.1, on a fresh install of Fedora Core 4, fully
patched. I'm using sendmail and the latest MailScanner.
I'm having trouble with SpamAssassin. When I first install it and
test it, things seem to go well. Mail gets tagged as follows:
May 3 16:28:40 jarjar MailScanner[4732]: Message k436SX2M005191 from
111.222.111.222 (david@our.domain.org) to our.domain.org is spam
, SpamAssassin (score=17.613, required 6, ALL_TRUSTED -1.44,
HTML_MESSAGE 0.00, MSGID_DOLLARS 2.16, RATWARE_MS_HASH 1.38,
URIBL_AB_SUR
BL 3.31, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09,
URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
May 3 16:34:24 jarjar MailScanner[5317]: Message k436YNXb005322 from
111.222.111.222 (david@our.domain.org) to our.domain.org is spam
, SpamAssassin (score=17.613, required 6, ALL_TRUSTED -1.44,
HTML_MESSAGE 0.00, MSGID_DOLLARS 2.16, RATWARE_MS_HASH 1.38,
URIBL_AB_SUR
BL 3.31, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09,
URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
May 3 16:37:15 jarjar MailScanner[5317]: Message k436bAr0005350 from
111.222.111.222 (david@our.domain.org) to our.domain.org is spam
, SpamAssassin (score=17.109, required 6, ALL_TRUSTED -1.44,
HTML_IMAGE_ONLY_12 1.64, HTML_MESSAGE 0.00, HTML_OBFUSCATE_05_10
1.17, HT
ML_SHORT_LINK_IMG_1 0.28, INFO_TLD 0.81, MSGID_DOLLARS 2.16,
RATWARE_MS_HASH 1.38, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62,
URIBL_SC_
SURBL 3.60, URIBL_WS_SURBL 1.53)
Then after 5 or so non-spam e-mails going through the server I start
to see:
May 3 16:39:16 jarjar MailScanner[5317]: Message k436dCIW005370 from
111.222.111.222 (david@our.domain.org) to another.domain.org is not s
pam, SpamAssassin (score=-1.44, required 6, autolearn=not spam,
ALL_TRUSTED -1.44)
May 4 04:02:14 jarjar MailScanner[5317]: Message k43I23TJ010337 from
127.0.0.1 (root@mailserver.our.domain.org) to mailserver.our.domain.org
is not spam, SpamAssassin (score=-0.89, required 6, autolearn=not
spam, ALL_TRUSTED -1.44, NO_REAL_NAME 0.55)
Then not too many e-mails after that, I get this (for all e-mails
spam or otherwise (including GTUBE)):
May 4 04:10:40 jarjar MailScanner[10918]: Message k43IAZSd011141
from 127.0.0.1 (root@mailserver.our.domain.org) to
mailserver.our.domain.org
is not spam, SpamAssassin (score=0, required 6, autolearn=not spam)
May 4 11:02:59 jarjar MailScanner[10918]: Message k4412muZ013842
from 111.222.111.222 (david@our.domain.org) to our.domain.org is not
spam, SpamAssassin (score=0, required 6, autolearn=not spam)
Somehow something in SpamAssassin has decided that anything going to
or from our network is not spam. I even cut the new mail server over
live (temporarily) hoping that new mail coming from the outside world
would trigger SpamAssassin into life, but it doesn't. We get the
"SpamAssassin (score=0, required 6, autolearn=not spam)" tag.
I'm still running an older version of Mail Scanner and SpamAssassin
on the current production mail server, and it's picking up mail as
spam without a problem, but the new one, scanning the same e-mails,
does not tag them.
Has anyone come across something like this? I've spent hours
searching for something similar but haven't found anything.
In desperation I've done things like sa-learn --clear. Put
unwhitelist_* options in spamassassin/mailscanner.cf. Nothing
changed. I've even scoured the whole file system looking for any .db
related to spamassassin, bayes etc and remove the databases I found.
No difference. I've re-installed the test server from scratch, re-
installed/configured sendmail, MailScanner, and Spamassassin, and
things start working well again, then deteriorate to where nothing
gets tagged as spam again.
Help !
David.
[Sometimes waking up just isn't worth the insult of the day to come.]
Scanned by SCIT E-Mail Gateway http://www.cit.uws.edu.au
Re: SpamAssassin 3.1.1 Not Tagging Anything As Spam Anymore
Posted by David Minard <da...@cit.uws.edu.au>.
Thanks for getting back to me so quickly...
You're right about me not showing stuff coming in from the outside
world.... The previous build of the server, MailScanner,
SpamAssassin did have some, but I lost them when I neuked the
server..... I'll get the server in live again to see what happens.
From memory, I know it didn't make any difference. (the only
problem with doing this is it means that I have to down the
production mail server to do it :-( - firewalls !!! I'll have to do
it after hours or on a weekend though.
1) I pretty much had the old config files side by side when going
through the new one.
2) MailScanner conf: - pretty standard stuff
Spam Checks = yes
Spam List = ORDB-RBL SBL+XBL NJABL SORBS-SPAM CBL
Spam Domain List = SORBS-BADCONF SORBS-NOMAIL
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 2
Spam List Timeout = 10
Max Spam List Timeouts = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = yes
Ignore Spam Whitelist If Recipients Exceed = 10
Use SpamAssassin = yes
Max SpamAssassin Size = 30k
Required SpamAssassin Score = 6
High SpamAssassin Score = 10
SpamAssassin Auto Whitelist = no # Usually I'd have this on
but I turned it off because of the problems
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/
SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
The actual SpamAssassin config files are pretty much out of the
box. Just changed the bayes_ignore_header stuff to match what I've
got in MailScanner....
The strangest thing with it all is, that it all starts off seemingly
working, showing scores, blocking spam, then it stops without changes
to anything by me. I'm pretty sure MailScanner is calling
SpamAssassin okay.
Running "spamassassin -D --lint" as the MailScanner user worked
fine. No errors - Except :
[2721] dbg: diag: module not installed: Razor2::Client::Agent
('require' failed)
[2721] dbg: diag: module not installed: IO::Socket::INET6 ('require'
failed)
[2721] dbg: diag: module not installed: IO::Socket::SSL ('require'
failed)
But this has been the case throughout the whole exercise...
After making change to MailScanner I restart (stop/start) it each
time - learned that one pretty quickly :-)
David Minard.
Ph: 0247 360 155
Fax: 0247 360 770
School of Computing & Mathematics
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith South DC
NSW 1797
[Sometimes waking up just isn't worth the insult of the day to come.]
On 11/05/2006, at 5:50 PM, jdow wrote:
> From: "David Minard" <da...@cit.uws.edu.au>
>
>> G'day All,
>> I'm hoping for enlightenment with a peculiar problem I'm having
>> with SpamAssassin 3.1.1, on a fresh install of Fedora Core 4,
>> fully patched. I'm using sendmail and the latest MailScanner.
>> I'm having trouble with SpamAssassin. When I first install it
>> and test it, things seem to go well. Mail gets tagged as follows:
>> May 3 16:28:40 jarjar MailScanner[4732]: Message k436SX2M005191
>> from 111.222.111.222 (david@our.domain.org) to our.domain.org is
>> spam
>> , SpamAssassin (score=17.613, required 6, ALL_TRUSTED -1.44,
>> HTML_MESSAGE 0.00, MSGID_DOLLARS 2.16, RATWARE_MS_HASH 1.38,
>> URIBL_AB_SUR
>> BL 3.31, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL
>> 1.09, URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
>> May 3 16:34:24 jarjar MailScanner[5317]: Message k436YNXb005322
>> from 111.222.111.222 (david@our.domain.org) to our.domain.org is
>> spam
>> , SpamAssassin (score=17.613, required 6, ALL_TRUSTED -1.44,
>> HTML_MESSAGE 0.00, MSGID_DOLLARS 2.16, RATWARE_MS_HASH 1.38,
>> URIBL_AB_SUR
>> BL 3.31, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL
>> 1.09, URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
>> May 3 16:37:15 jarjar MailScanner[5317]: Message k436bAr0005350
>> from 111.222.111.222 (david@our.domain.org) to our.domain.org is
>> spam
>> , SpamAssassin (score=17.109, required 6, ALL_TRUSTED -1.44,
>> HTML_IMAGE_ONLY_12 1.64, HTML_MESSAGE 0.00, HTML_OBFUSCATE_05_10
>> 1.17, HT
>> ML_SHORT_LINK_IMG_1 0.28, INFO_TLD 0.81, MSGID_DOLLARS 2.16,
>> RATWARE_MS_HASH 1.38, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62,
>> URIBL_SC_
>> SURBL 3.60, URIBL_WS_SURBL 1.53)
>
> If this is sending to yourself using your own sendmail and all that
> then the ALL_TRUSTED makes some sense here.
>
>
>> Then after 5 or so non-spam e-mails going through the server I
>> start to see:
>> May 3 16:39:16 jarjar MailScanner[5317]: Message k436dCIW005370
>> from 111.222.111.222 (david@our.domain.org) to another.domain.org
>> is not s
>> pam, SpamAssassin (score=-1.44, required 6, autolearn=not spam,
>> ALL_TRUSTED -1.44)
>> May 4 04:02:14 jarjar MailScanner[5317]: Message k43I23TJ010337
>> from 127.0.0.1 (root@mailserver.our.domain.org) to
>> mailserver.our.domain.org
>> is not spam, SpamAssassin (score=-0.89, required 6, autolearn=not
>> spam, ALL_TRUSTED -1.44, NO_REAL_NAME 0.55)
>
> Ah - you are configured to test your OUTGOING path?
>
>> Then not too many e-mails after that, I get this (for all e-mails
>> spam or otherwise (including GTUBE)):
>> May 4 04:10:40 jarjar MailScanner[10918]: Message k43IAZSd011141
>> from 127.0.0.1 (root@mailserver.our.domain.org) to
>> mailserver.our.domain.org
>> is not spam, SpamAssassin (score=0, required 6, autolearn=not spam)
>> May 4 11:02:59 jarjar MailScanner[10918]: Message k4412muZ013842
>> from 111.222.111.222 (david@our.domain.org) to our.domain.org is not
>> spam, SpamAssassin (score=0, required 6, autolearn=not spam)
>> Somehow something in SpamAssassin has decided that anything going
>> to or from our network is not spam. I even cut the new mail
>> server over live (temporarily) hoping that new mail coming from
>> the outside world would trigger SpamAssassin into life, but it
>> doesn't. We get the "SpamAssassin (score=0, required 6,
>> autolearn=not spam)" tag.
>
> I don't see anything that indicates email coming in from outside your
> domain.
>
>> I'm still running an older version of Mail Scanner and
>> SpamAssassin on the current production mail server, and it's
>> picking up mail as spam without a problem, but the new one,
>> scanning the same e-mails, does not tag them.
>> Has anyone come across something like this? I've spent hours
>> searching for something similar but haven't found anything.
>> In desperation I've done things like sa-learn --clear. Put
>> unwhitelist_* options in spamassassin/mailscanner.cf. Nothing
>> changed. I've even scoured the whole file system looking for
>> any .db related to spamassassin, bayes etc and remove the
>> databases I found. No difference. I've re-installed the test
>> server from scratch, re- installed/configured sendmail,
>> MailScanner, and Spamassassin, and things start working well
>> again, then deteriorate to where nothing gets tagged as spam again.
>> Help !
>
> 1) Compare your MailScanner configuration with that of a machine known
> to work.
> 2) How are you running SpamAssassin from within MailScanner - options
> and the like?
>
> You MAY have to get help from the MailScanner folks regarding calling
> your version of SpamAssassin.
>
> It ALMOST looks like you are running SpamAssassin inside a jail and
> it cannot find any of its configuration files at all. Are you sure
> MailScanner can even find SpamAssassin? Use "su -l" as root to get
> logged in as the account under which MailScanner runs. Then see if
> it can run a "SpamAssassin -D --lint".
>
> When you make changes make sure you restart (not just reload)
> MailScanner.
>
> {^_^}
>
> Scanned by SCIT E-Mail Gateway http://www.cit.uws.edu.au
>
Scanned by SCIT E-Mail Gateway http://www.cit.uws.edu.au
Re: SpamAssassin 3.1.1 Not Tagging Anything As Spam Anymore
Posted by jdow <jd...@earthlink.net>.
From: "David Minard" <da...@cit.uws.edu.au>
> G'day All,
>
> I'm hoping for enlightenment with a peculiar problem I'm having with
> SpamAssassin 3.1.1, on a fresh install of Fedora Core 4, fully
> patched. I'm using sendmail and the latest MailScanner.
>
> I'm having trouble with SpamAssassin. When I first install it and
> test it, things seem to go well. Mail gets tagged as follows:
>
> May 3 16:28:40 jarjar MailScanner[4732]: Message k436SX2M005191 from
> 111.222.111.222 (david@our.domain.org) to our.domain.org is spam
> , SpamAssassin (score=17.613, required 6, ALL_TRUSTED -1.44,
> HTML_MESSAGE 0.00, MSGID_DOLLARS 2.16, RATWARE_MS_HASH 1.38,
> URIBL_AB_SUR
> BL 3.31, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09,
> URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
>
> May 3 16:34:24 jarjar MailScanner[5317]: Message k436YNXb005322 from
> 111.222.111.222 (david@our.domain.org) to our.domain.org is spam
> , SpamAssassin (score=17.613, required 6, ALL_TRUSTED -1.44,
> HTML_MESSAGE 0.00, MSGID_DOLLARS 2.16, RATWARE_MS_HASH 1.38,
> URIBL_AB_SUR
> BL 3.31, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62, URIBL_SBL 1.09,
> URIBL_SC_SURBL 3.60, URIBL_WS_SURBL 1.53)
>
> May 3 16:37:15 jarjar MailScanner[5317]: Message k436bAr0005350 from
> 111.222.111.222 (david@our.domain.org) to our.domain.org is spam
> , SpamAssassin (score=17.109, required 6, ALL_TRUSTED -1.44,
> HTML_IMAGE_ONLY_12 1.64, HTML_MESSAGE 0.00, HTML_OBFUSCATE_05_10
> 1.17, HT
> ML_SHORT_LINK_IMG_1 0.28, INFO_TLD 0.81, MSGID_DOLLARS 2.16,
> RATWARE_MS_HASH 1.38, URIBL_JP_SURBL 3.36, URIBL_OB_SURBL 2.62,
> URIBL_SC_
> SURBL 3.60, URIBL_WS_SURBL 1.53)
If this is sending to yourself using your own sendmail and all that
then the ALL_TRUSTED makes some sense here.
> Then after 5 or so non-spam e-mails going through the server I start
> to see:
>
> May 3 16:39:16 jarjar MailScanner[5317]: Message k436dCIW005370 from
> 111.222.111.222 (david@our.domain.org) to another.domain.org is not s
> pam, SpamAssassin (score=-1.44, required 6, autolearn=not spam,
> ALL_TRUSTED -1.44)
>
> May 4 04:02:14 jarjar MailScanner[5317]: Message k43I23TJ010337 from
> 127.0.0.1 (root@mailserver.our.domain.org) to mailserver.our.domain.org
> is not spam, SpamAssassin (score=-0.89, required 6, autolearn=not
> spam, ALL_TRUSTED -1.44, NO_REAL_NAME 0.55)
Ah - you are configured to test your OUTGOING path?
> Then not too many e-mails after that, I get this (for all e-mails
> spam or otherwise (including GTUBE)):
>
>
> May 4 04:10:40 jarjar MailScanner[10918]: Message k43IAZSd011141
> from 127.0.0.1 (root@mailserver.our.domain.org) to
> mailserver.our.domain.org
> is not spam, SpamAssassin (score=0, required 6, autolearn=not spam)
> May 4 11:02:59 jarjar MailScanner[10918]: Message k4412muZ013842
> from 111.222.111.222 (david@our.domain.org) to our.domain.org is not
> spam, SpamAssassin (score=0, required 6, autolearn=not spam)
>
> Somehow something in SpamAssassin has decided that anything going to
> or from our network is not spam. I even cut the new mail server over
> live (temporarily) hoping that new mail coming from the outside world
> would trigger SpamAssassin into life, but it doesn't. We get the
> "SpamAssassin (score=0, required 6, autolearn=not spam)" tag.
I don't see anything that indicates email coming in from outside your
domain.
> I'm still running an older version of Mail Scanner and SpamAssassin
> on the current production mail server, and it's picking up mail as
> spam without a problem, but the new one, scanning the same e-mails,
> does not tag them.
>
> Has anyone come across something like this? I've spent hours
> searching for something similar but haven't found anything.
>
> In desperation I've done things like sa-learn --clear. Put
> unwhitelist_* options in spamassassin/mailscanner.cf. Nothing
> changed. I've even scoured the whole file system looking for any .db
> related to spamassassin, bayes etc and remove the databases I found.
> No difference. I've re-installed the test server from scratch, re-
> installed/configured sendmail, MailScanner, and Spamassassin, and
> things start working well again, then deteriorate to where nothing
> gets tagged as spam again.
>
> Help !
1) Compare your MailScanner configuration with that of a machine known
to work.
2) How are you running SpamAssassin from within MailScanner - options
and the like?
You MAY have to get help from the MailScanner folks regarding calling
your version of SpamAssassin.
It ALMOST looks like you are running SpamAssassin inside a jail and
it cannot find any of its configuration files at all. Are you sure
MailScanner can even find SpamAssassin? Use "su -l" as root to get
logged in as the account under which MailScanner runs. Then see if
it can run a "SpamAssassin -D --lint".
When you make changes make sure you restart (not just reload) MailScanner.
{^_^}