LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   spamassassin odd behaviour (http://www.linuxquestions.org/questions/linux-software-2/spamassassin-odd-behaviour-427960/)

fedora_user 03-24-2006 06:31 AM

spamassassin odd behaviour
 
Using Postfix, procmail, spamassassin


Out of the blue spamassassin on my server has started flagging up legitimate mail from outside and local domain users(who in the past have been accepted as legitimate emails) as spam. But when it flags it as up as spam and sends it to the spamhandler inbox, the mailís subject are not changing either to the tag specified in the local.cf file. Here is the content of local.cf :

required_hits 6
rewrite_subject 1
subject_tag [*****SPAM*****]
report_safe 0

Very straight forward. The other odd behaviour is that when I look at the headers of the mails arriving in the spamhandler inbox, its below the threshold hits specified above(which is 6). Whilst all this is happening the spamassassin is also collecting illegitimate spam mail, as it should :-/

The contents of .procmailrc:

:0
* ^X-Spam-Status:.*Yes
{
:0
! spamhandler
}

Again, very straightforward.

Iíve now disabled spamassasin as its causing to much disruption to the business. When disabled everyone is getting mail and spam as well obviously

I would really appreciate if someone out there can help me spot this problem. The difficulty is that its manifested itself without having made any prior changes related to mail, other than doing an update on a different server, which is running postfix smtp

Please help!

unSpawn 03-24-2006 08:26 AM

What version of spamassassin?

content of local.cf (..) contents of .procmailrc
These are the full configs? And procmail and spamassassin only process these confs and not ones in other locations? If there are other confs involved please post them.
Can you trail what the logs say for one specific messages? Please use verbose mode for procmail and debugging and testmode for spamassassin.

fedora_user 03-24-2006 10:07 AM

Thank you for your response

version:SpamAssassin version 2.55
The contents of the file are exactly that. Procmail and spamassassin only uses the mentioned confs.

pardon me for my ignorance am trying to get you the data from debuggin however a few problems:
If i set verbose = on in the .procmailrc, where exactly will it create the log? is it in var/log/maillog?

The other thing is I have never used the debug mode before on spamassasin. If i use the command spamassassin -D what arguments am i passing it and where will i see the output for it go?
I hope my newbieness hasnt put you off from answering.....cheers


Thank you

fedora_user 03-24-2006 11:04 AM

Ive manage to get hold of the log for procmail debugging:

[root@puny akhan]# more log
procmail: [10268] Fri Mar 24 16:01:15 2006
procmail: Match on "^X-Spam-Status:.*Yes"
procmail: Executing "/usr/sbin/sendmail,-oi,spamhandler"
procmail: Assigning "LASTFOLDER=/usr/sbin/sendmail -oi spamhandler"
procmail: Notified comsat: "akhan@:/usr/sbin/sendmail -oi spamhandler"
From techsupport@ccls.edu Fri Mar 24 16:01:15 2006
Subject: test
Folder: /usr/sbin/sendmail -oi spamhandler 2645



The procmail file obviously changed to that below:
LOGFILE=$HOME/log
VERBOSE=on
:0
* ^X-Spam-Status:.*Yes
{
:0
! spamhandler
}

Iam just trying to work out the debugging for spamassassing......

fedora_user 03-24-2006 11:20 AM

Please find result below of running spamassassin in debug:
[root@puny akhan]# spamassassin -D --lint
debug: Score set 0 chosen.
debug: running in taint mode? no
debug: ignore: using a test message to lint rules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: using "/root/.spamassassin" for user state dir
debug: bayes: no dbs present, cannot scan: /root/.spamassassin/bayes_toks
debug: Score set 1 chosen.
debug: Initialising learner
debug: debug: Only 0 spam(s) in Bayes DB < 200
debug: bayes: 10527 untie-ing
debug: bayes: 10527 untie-ing db_toks
debug: is Net::DNS::Resolver available? yes
debug: trying (3) nytimes.com...
debug: looking up MX for 'nytimes.com'
debug: MX for 'nytimes.com' exists? 1
debug: MX lookup of nytimes.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.9
debug: running raw-body-text per-line regexp tests; score so far=1.9
debug: running uri tests; score so far=1.9
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=1.9
debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
debug: DCC is not available: dccproc not found
debug: Razor2 is not available
debug: Pyzor is not available: pyzor not found
debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org
debug: all '*To' addrs:
debug: running meta tests; score so far=2.4
debug: is spam? score=2.4 required=6 tests=DATE_MISSING,MISSING_HEADERS,NO_REAL_NAME
debug: bayes: 10527 untie-ing
[root@puny akhan]#


any idea what may be the cause?

unSpawn 03-24-2006 12:53 PM

pardon me for my ignorance am trying to get you the data from debuggin
Well done finding that out all by yourself.


I hope my newbieness hasnt put you off
No.


any idea what may be the cause?
No. Here's what.

Log out of your root account. You should not play around, test or do anything unnecessary for the system as root account user.
Log into an unprivileged account. Look up a message that is guaranteed spam in a mailbox. Copy that mailbox to another name. Open your favourite MUA (Mail User Agent) and delete the other messages. Close. Open that copied mailbox in a texteditor like vi and delete any messages from MAILER-DAEMON, you know, the one that says "This text is part of the internal format" etc, etc. Then delete any spamassassin tags it has. Save, close. Now your spam message is ready for processing.
Use this as procmail recipe:
Code:

VERBOSE=on
LOG="$HOME/spammsg001.log"

:0
| spamassassin --test-mode --debug

:0
spammsg001.mbox

and this as shell file:
Code:

spamassassin --test-mode --debug < spammsg001 2>&1 | tee spammsg001.inner
cat spammsg001 2>&1|formail -s 2>&1|procmail -m spammsg001.rc 2>&1 | tee spammsg001.outer

Note the file "spammsg001" is the file containing the spam. Change name to your spam file. Now execute the shell file and read spammsg001.inner and take note of any errors and the report at the bottom. Just to make sure read spammsg001.outer which should give you output somewhat similar to spammsg001.inner but with the procmail messages (dunno why it wont log to file and I don't care, it's not important). Take your time and post back whatever you got.

fedora_user 03-30-2006 05:54 AM

Hi unSpawn

I am just trying to do the above, and I have recieved some debugging data in the spammsg001.inner file but i get the following in the spammsg001.outer: Couldn't read "spammsg001.rc"

I take this file is suppose to exist. Is it possible you please shed some light on this please.
Much obliged

fedora_user 03-30-2006 05:59 PM

can anybody help??

unSpawn 04-12-2006 06:22 PM

Couldn't read "spammsg001.rc"
The procmail recipe "spammsg001.rc" is the code with the "spamassassin --test-mode --debug" line.


All times are GMT -5. The time now is 11:47 AM.