LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-24-2006, 05:31 AM   #1
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Rep: Reputation: 15
spamassassin odd behaviour


Using Postfix, procmail, spamassassin


Out of the blue spamassassin on my server has started flagging up legitimate mail from outside and local domain users(who in the past have been accepted as legitimate emails) as spam. But when it flags it as up as spam and sends it to the spamhandler inbox, the mailís subject are not changing either to the tag specified in the local.cf file. Here is the content of local.cf :

required_hits 6
rewrite_subject 1
subject_tag [*****SPAM*****]
report_safe 0

Very straight forward. The other odd behaviour is that when I look at the headers of the mails arriving in the spamhandler inbox, its below the threshold hits specified above(which is 6). Whilst all this is happening the spamassassin is also collecting illegitimate spam mail, as it should :-/

The contents of .procmailrc:

:0
* ^X-Spam-Status:.*Yes
{
:0
! spamhandler
}

Again, very straightforward.

Iíve now disabled spamassasin as its causing to much disruption to the business. When disabled everyone is getting mail and spam as well obviously

I would really appreciate if someone out there can help me spot this problem. The difficulty is that its manifested itself without having made any prior changes related to mail, other than doing an update on a different server, which is running postfix smtp

Please help!
 
Old 03-24-2006, 07:26 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
What version of spamassassin?

content of local.cf (..) contents of .procmailrc
These are the full configs? And procmail and spamassassin only process these confs and not ones in other locations? If there are other confs involved please post them.
Can you trail what the logs say for one specific messages? Please use verbose mode for procmail and debugging and testmode for spamassassin.
 
Old 03-24-2006, 09:07 AM   #3
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
Thank you for your response

version:SpamAssassin version 2.55
The contents of the file are exactly that. Procmail and spamassassin only uses the mentioned confs.

pardon me for my ignorance am trying to get you the data from debuggin however a few problems:
If i set verbose = on in the .procmailrc, where exactly will it create the log? is it in var/log/maillog?

The other thing is I have never used the debug mode before on spamassasin. If i use the command spamassassin -D what arguments am i passing it and where will i see the output for it go?
I hope my newbieness hasnt put you off from answering.....cheers


Thank you
 
Old 03-24-2006, 10:04 AM   #4
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
Ive manage to get hold of the log for procmail debugging:

[root@puny akhan]# more log
procmail: [10268] Fri Mar 24 16:01:15 2006
procmail: Match on "^X-Spam-Status:.*Yes"
procmail: Executing "/usr/sbin/sendmail,-oi,spamhandler"
procmail: Assigning "LASTFOLDER=/usr/sbin/sendmail -oi spamhandler"
procmail: Notified comsat: "akhan@:/usr/sbin/sendmail -oi spamhandler"
From techsupport@ccls.edu Fri Mar 24 16:01:15 2006
Subject: test
Folder: /usr/sbin/sendmail -oi spamhandler 2645



The procmail file obviously changed to that below:
LOGFILE=$HOME/log
VERBOSE=on
:0
* ^X-Spam-Status:.*Yes
{
:0
! spamhandler
}

Iam just trying to work out the debugging for spamassassing......
 
Old 03-24-2006, 10:20 AM   #5
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
Please find result below of running spamassassin in debug:
[root@puny akhan]# spamassassin -D --lint
debug: Score set 0 chosen.
debug: running in taint mode? no
debug: ignore: using a test message to lint rules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: using "/root/.spamassassin" for user state dir
debug: bayes: no dbs present, cannot scan: /root/.spamassassin/bayes_toks
debug: Score set 1 chosen.
debug: Initialising learner
debug: debug: Only 0 spam(s) in Bayes DB < 200
debug: bayes: 10527 untie-ing
debug: bayes: 10527 untie-ing db_toks
debug: is Net:NS::Resolver available? yes
debug: trying (3) nytimes.com...
debug: looking up MX for 'nytimes.com'
debug: MX for 'nytimes.com' exists? 1
debug: MX lookup of nytimes.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.9
debug: running raw-body-text per-line regexp tests; score so far=1.9
debug: running uri tests; score so far=1.9
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=1.9
debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
debug: DCC is not available: dccproc not found
debug: Razor2 is not available
debug: Pyzor is not available: pyzor not found
debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org
debug: all '*To' addrs:
debug: running meta tests; score so far=2.4
debug: is spam? score=2.4 required=6 tests=DATE_MISSING,MISSING_HEADERS,NO_REAL_NAME
debug: bayes: 10527 untie-ing
[root@puny akhan]#


any idea what may be the cause?
 
Old 03-24-2006, 11:53 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
pardon me for my ignorance am trying to get you the data from debuggin
Well done finding that out all by yourself.


I hope my newbieness hasnt put you off
No.


any idea what may be the cause?
No. Here's what.

Log out of your root account. You should not play around, test or do anything unnecessary for the system as root account user.
Log into an unprivileged account. Look up a message that is guaranteed spam in a mailbox. Copy that mailbox to another name. Open your favourite MUA (Mail User Agent) and delete the other messages. Close. Open that copied mailbox in a texteditor like vi and delete any messages from MAILER-DAEMON, you know, the one that says "This text is part of the internal format" etc, etc. Then delete any spamassassin tags it has. Save, close. Now your spam message is ready for processing.
Use this as procmail recipe:
Code:
VERBOSE=on
LOG="$HOME/spammsg001.log"

:0
| spamassassin --test-mode --debug

:0
spammsg001.mbox
and this as shell file:
Code:
spamassassin --test-mode --debug < spammsg001 2>&1 | tee spammsg001.inner
cat spammsg001 2>&1|formail -s 2>&1|procmail -m spammsg001.rc 2>&1 | tee spammsg001.outer
Note the file "spammsg001" is the file containing the spam. Change name to your spam file. Now execute the shell file and read spammsg001.inner and take note of any errors and the report at the bottom. Just to make sure read spammsg001.outer which should give you output somewhat similar to spammsg001.inner but with the procmail messages (dunno why it wont log to file and I don't care, it's not important). Take your time and post back whatever you got.
 
Old 03-30-2006, 04:54 AM   #7
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
Hi unSpawn

I am just trying to do the above, and I have recieved some debugging data in the spammsg001.inner file but i get the following in the spammsg001.outer: Couldn't read "spammsg001.rc"

I take this file is suppose to exist. Is it possible you please shed some light on this please.
Much obliged
 
Old 03-30-2006, 04:59 PM   #8
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
can anybody help??
 
Old 04-12-2006, 05:22 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
Couldn't read "spammsg001.rc"
The procmail recipe "spammsg001.rc" is the code with the "spamassassin --test-mode --debug" line.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
odd behaviour of wvdial NNP Linux - General 4 08-05-2005 02:58 PM
Very odd behaviour dialing ISP phidor Mandriva 6 05-28-2005 05:36 AM
Odd behaviour on desktop... user00265 Slackware 19 02-26-2005 06:06 PM
Odd Ogg behaviour Misel Linux - Software 3 05-04-2003 03:18 PM
Very odd CPAN behaviour! bluehz Linux - Software 0 07-08-2002 04:59 PM


All times are GMT -5. The time now is 09:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration