SA From header checks

[Mike Ray <mr...@xes-inc.com>]

Hello all-

Must be doing something stupid here, but could use a second set of eyes and persons more knowledgeable than myself.

None of my header checks that operate on "From" seem to be working.

SA version 3.4.0-1ubuntu2.1
"spamassassin --lint" does not throw any errors
"spamassassin --lint -D" shows the rule being parsed (I gave it no description and see the warning).

Rawbody rules or rules on other headers (e.g. Subject) work just fine.

Here is a sample one that I stripped down to the basics just to get it to work, based on a very similar one in the documentation (https://wiki.apache.org/spamassassin/WritingRules):

header          PREF_T1                  From =~ /gmail\.com/i
score           PREF_T1                  0.1

I've tried adding a description, setting the score to an integer, removing the regex modifier and adding ".*" to match the whole address with no success.

Anyone see what I'm missing?

Thanks,

Mike Ray

Re: SA From header checks

[Mike Ray <mr...@xes-inc.com>]

----- Original Message -----
> On 08/11/2016 06:03 PM, Mike Ray wrote:
> <.snip.........>
> 
> >
> >
> > However, after I had sent that message, I decided to play around a
> > bit. I had rearranged existing rules in the file yesterday to make
> > sure that my new rules weren't somehow silently destroying file
> > parsing, but I had never added a new rule that I would have expected
> > work (e.g. rawbody). I added one, ran my same update procedure and
> > found that my new rawbody rule was not working, but my gmail rule
> > was! At this point, I started to work off of Martin's idea that I had
> > screwed up the restart process. I manually started restarting
> > processes and found eventually that I do not need to restart
> > spamassassin, but need to restart amavis instead.
> >
> >
> > At this point, I'm wandering outside of SA territory, but I'll ask
> > anyway. Postfix talks to amavis which uses spamassassin (and clamav).
> > I'd be less surprised if I had to restart both amavis and
> > spamassassin, but it seems very weird that I only have to restart
> > amavis for new rules to start working. Perhaps amavis internally
> > restarts spamassassin? Or perhaps spamassassin is already configured
> > to check local.cf for changes? Anyone have an idea about this?
> 
> Amavis uses SA libraries and doesn't need spamd/spamassassin
> (see Amavis docs)
> 
> If you change any SA file you need to reload via Amavis - anything else
> will be ignored.
> 
> 
> 
> 

That would explain it.

Thanks for the help all!

Re: SA From header checks

[Axb <ax...@gmail.com>]

On 08/11/2016 06:03 PM, Mike Ray wrote:
<.snip.........>

>
>
> However, after I had sent that message, I decided to play around a
> bit. I had rearranged existing rules in the file yesterday to make
> sure that my new rules weren't somehow silently destroying file
> parsing, but I had never added a new rule that I would have expected
> work (e.g. rawbody). I added one, ran my same update procedure and
> found that my new rawbody rule was not working, but my gmail rule
> was! At this point, I started to work off of Martin's idea that I had
> screwed up the restart process. I manually started restarting
> processes and found eventually that I do not need to restart
> spamassassin, but need to restart amavis instead.
>
>
> At this point, I'm wandering outside of SA territory, but I'll ask
> anyway. Postfix talks to amavis which uses spamassassin (and clamav).
> I'd be less surprised if I had to restart both amavis and
> spamassassin, but it seems very weird that I only have to restart
> amavis for new rules to start working. Perhaps amavis internally
> restarts spamassassin? Or perhaps spamassassin is already configured
> to check local.cf for changes? Anyone have an idea about this?

Amavis uses SA libraries and doesn't need spamd/spamassassin
(see Amavis docs)

If you change any SA file you need to reload via Amavis - anything else 
will be ignored.

Re: SA From header checks

[Mike Ray <mr...@xes-inc.com>]

----- Original Message -----
> On Wed, 2016-08-10 at 17:04 -0500, Mike Ray wrote:
> > Hello all-
> > 
> > Must be doing something stupid here, but could use a second set of
> > eyes and persons more knowledgeable than myself.
> > 
> > None of my header checks that operate on "From" seem to be working.
> > 
> > SA version 3.4.0-1ubuntu2.1
> > "spamassassin --lint" does not throw any errors
> > "spamassassin --lint -D" shows the rule being parsed (I gave it no
> > description and see the warning).
> > 
> > Rawbody rules or rules on other headers (e.g. Subject) work just
> > fine.
> > 
> > Here is a sample one that I stripped down to the basics just to get
> > it to work, based on a very similar one in the documentation (https:/
> > /wiki.apache.org/spamassassin/WritingRules):
> > 
> > header          PREF_T1                  From =~ /gmail\.com/i
> > score           PREF_T1                  0.1
> > 
> > I've tried adding a description, setting the score to an integer,
> > removing the regex modifier and adding ".*" to match the whole
> > address with no success.
> > 
> > Anyone see what I'm missing?
> > 
> How is it being executed when its run against a message?
> Where is the file defining it relative to local.cf and what is it
> called?
> 
> Why those questions?
> 
> Here's why: I do all rule development on a different machine to my
> production SA setup. On the development machine I use a call to
> 'spamassassin' to do lint checks, but move the *.cf files etc. to a
> conventional spamd setup on the development system to run tests against
> test messages because:
> (a) that's very similar to my live setup. It uses spamc to submit
>     messages from my spam corpus
> (b) this arrangement gives me better indications of how this rule
>     set will perform on the live system.
> 
> Periodically, I see exactly the same problem you're reporting, but it
> is invariably due to one of two reasons:
> (1) I've not uploaded the new .cf files to where the development spamd
>     expects to find them.
> (2) I did upload the files, but didn't restart the development spamd
>     after doing the upload.
> 
> Under short (< 10 message) test runs spamd will be started by the test
> script and will be stoped when it ends, so the second situation won't
> happen, but if I'm doing something else while a much longer whole-
> corpus test is running and I miss the 'sudo' prompt the test script
> issues when it needs to stop spamd at the end of the test run, sudo
> times out and the test script exits leaving spamd running.
> 
> If I don't notice this and just upload modified .cf file(s) before
> starting another test, spamd won't see any revised rules because its
> still running. This causes more or less exactly the effect you're
> you're seeing: changes to rule(s) seem to be silently ignored.
> 
> 
> Martin
> 
> 
> 

I inadvertently sent Martin a direct message, so I include that here:

"The rules are being put directly in /etc/spamassassin/local.cf, which documentation indicates is the proper place for custom rules. I justify it as "safe enough" to mutate that "live" rules since I assign such low scores while debugging. I am using ansible to manage that file and have it hooked into a handler that restarts spamassassin if that file changes, so I am confident that is not the issue."





However, after I had sent that message, I decided to play around a bit. I had rearranged existing rules in the file yesterday to make sure that my new rules weren't somehow silently destroying file parsing, but I had never added a new rule that I would have expected work (e.g. rawbody). I added one, ran my same update procedure and found that my new rawbody rule was not working, but my gmail rule was! At this point, I started to work off of Martin's idea that I had screwed up the restart process. I manually started restarting processes and found eventually that I do not need to restart spamassassin, but need to restart amavis instead. 


At this point, I'm wandering outside of SA territory, but I'll ask anyway. Postfix talks to amavis which uses spamassassin (and clamav). I'd be less surprised if I had to restart both amavis and spamassassin, but it seems very weird that I only have to restart amavis for new rules to start working. Perhaps amavis internally restarts spamassassin? Or perhaps spamassassin is already configured to check local.cf for changes? Anyone have an idea about this?

Re: SA From header checks

[Martin Gregorie <ma...@gregorie.org>]

On Wed, 2016-08-10 at 17:04 -0500, Mike Ray wrote:
> Hello all-
> 
> Must be doing something stupid here, but could use a second set of
> eyes and persons more knowledgeable than myself.
> 
> None of my header checks that operate on "From" seem to be working.
> 
> SA version 3.4.0-1ubuntu2.1
> "spamassassin --lint" does not throw any errors
> "spamassassin --lint -D" shows the rule being parsed (I gave it no
> description and see the warning).
> 
> Rawbody rules or rules on other headers (e.g. Subject) work just
> fine.
> 
> Here is a sample one that I stripped down to the basics just to get
> it to work, based on a very similar one in the documentation (https:/
> /wiki.apache.org/spamassassin/WritingRules):
> 
> header����������PREF_T1������������������From =~ /gmail\.com/i
> score�����������PREF_T1������������������0.1
> 
> I've tried adding a description, setting the score to an integer,
> removing the regex modifier and adding ".*" to match the whole
> address with no success.
> 
> Anyone see what I'm missing?
> 
How is it being executed when its run against a message?�
Where is the file defining it relative to local.cf and what is it
called? �

Why those questions?

Here's why: I do all rule development on a different machine to my
production SA setup. On the development machine I use a call to
'spamassassin' to do lint checks, but move the *.cf files etc. to a
conventional spamd setup on the development system to run tests against
test messages because:
(a) that's very similar to my live setup. It uses spamc to submit
� � messages from my spam corpus
(b) this arrangement gives me better indications of how this rule
� � set will perform on the live system.

Periodically, I see exactly the same problem you're reporting, but it
is invariably due to one of two reasons:
(1) I've not uploaded the new .cf files to where the development spamd
� � expects to find them.
(2) I did upload the files, but didn't restart the development spamd
� � after doing the upload.�

Under short (< 10 message) test runs spamd will be started by the test
script and will be stoped when it ends, so the second situation won't
happen, but if I'm doing something else while a much longer whole-
corpus test is running and I miss the 'sudo' prompt the test script
issues when it needs to stop spamd at the end of the test run, sudo
times out and the test script exits leaving spamd running.�

If I don't notice this and just upload modified .cf file(s) before
starting another test, spamd won't see any revised rules because its
still running. This causes more or less exactly the effect you're
you're seeing: changes to rule(s) seem to be silently ignored.


Martin