Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-08-2009, 04:21 AM
|
#1
|
Member
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310
Rep:
|
Get rid of this spam
Hi all,
I have had spamassassin installed on my mail server now for over 4months and all was fine for about a month then it seemed that everything started to get through and not be tagged by SPAM.
Now I do not get any tagged messages, I run the following command on all new messages in my inbox (which is spam only):
Quote:
sa-learn --showdots --spam /home/fusion/Maildir/cur/*
|
But still nothing happens. How do I get this fixed?
I've also tried to drop the required_score rate to 4.0 but that hasn't made any difference.
Any suggestions would be very much appreciated.
|
|
|
12-08-2009, 04:26 AM
|
#2
|
LQ 5k Club
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529
|
Is spamassassin running ?
|
|
|
12-08-2009, 04:31 AM
|
#3
|
Member
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310
Original Poster
Rep:
|
Quote:
# ps -ef |grep spam
root 1426 1 0 Dec03 ? 00:01:20 /usr/sbin/spamd --create-prefs --max-children 5 --username spamd --helper-home-dir /var/lib/spamassassin/ -s /var/log/spamd.log -d --pidfile=/var/lib/spamassassin/spamd.pid
spamd 1427 1426 0 Dec03 ? 00:01:30 spamd child
spamd 1428 1426 0 Dec03 ? 00:00:00 spamd child
root 10960 10689 0 10:30 pts/0 00:00:00 grep spam
|
I think so
|
|
|
12-08-2009, 04:34 AM
|
#4
|
LQ 5k Club
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529
|
Do you see any pointers in the logfiles ?
Perhaps the conf file is changed by an update?
|
|
|
12-08-2009, 04:40 AM
|
#5
|
Member
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310
Original Poster
Rep:
|
This is small section of the log file:
Quote:
Tue Dec 8 00:30:07 2009 [1426] info: prefork: child states: II
Tue Dec 8 04:17:10 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 44176
Tue Dec 8 04:17:10 2009 [1427] info: spamd: processing message <20091208041655.881FB7AE0@Sapphire-home.net> for spamd:5001
Tue Dec 8 04:17:25 2009 [1427] info: spamd: clean message (2.5/4.0) for spamd:5001 in 14.7 seconds, 286517 bytes.
Tue Dec 8 04:17:25 2009 [1427] info: spamd: result: . 2 - AWL,NUMERIC_HTTP_ADDR,RDNS_NONE,URI_HEX,WEIRD_PORT scantime=14.7,size=286517,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=1 27.0.0.1,rport=44176,mid=<20091208041655.881FB7AE0@Sapphire-home.net>,autolearn=no
Tue Dec 8 04:17:25 2009 [1426] info: prefork: child states: II
Tue Dec 8 08:26:19 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 34772
Tue Dec 8 08:26:19 2009 [1427] info: spamd: processing message <23937619.10769851260260761039.JavaMail.em-build@eu-mm-relay.amazon.com> for spamd:5001
Tue Dec 8 08:26:31 2009 [1427] info: spamd: clean message (-11.2/4.0) for spamd:5001 in 11.5 seconds, 79727 bytes.
Tue Dec 8 08:26:31 2009 [1427] info: spamd: result: . -11 - AWL,HTML_MESSAGE,RCVD_IN_DNSWL_MED,RDNS_NONE,SPF_PASS,USER_IN_DEF_SPF_WL scantime=11.5,size=79727,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=12 7.0.0.1,rport=34772,mid=<23937619.10769851260260761039.JavaMail.em-build@eu-mm-relay.amazon.com>,autolearn=ham
Tue Dec 8 08:26:31 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:02:03 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 57454
Tue Dec 8 10:02:03 2009 [1427] info: spamd: processing message <768442513.63965841260266456883@ecmessenger> for spamd:5001
Tue Dec 8 10:02:05 2009 [1427] info: spamd: clean message (0.2/4.0) for spamd:5001 in 1.7 seconds, 9598 bytes.
Tue Dec 8 10:02:05 2009 [1427] info: spamd: result: . 0 - AWL,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RDNS_NONE,SPF_PASS scantime=1.7,size=9598,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127. 0.0.1,rport=57454,mid=<768442513.63965841260266456883@ecmessenger>,autolearn=no
Tue Dec 8 10:02:05 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:07:06 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 38699
Tue Dec 8 10:07:06 2009 [1427] info: spamd: processing message <11573865.1260265905129.JavaMail.ebba@sjcbat103> for spamd:5001
Tue Dec 8 10:07:12 2009 [1427] info: spamd: clean message (-10.4/4.0) for spamd:5001 in 5.5 seconds, 9837 bytes.
Tue Dec 8 10:07:12 2009 [1427] info: spamd: result: . -10 - AWL,HABEAS_ACCREDITED_SOI,HTML_MESSAGE,RCVD_IN_BSP_OTHER,RCVD_IN_DNSWL_MED,RDNS_NONE,SPF_PASS scantime=5.5,size=9837,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127. 0.0.1,rport=38699,mid=<11573865.1260265905129.JavaMail.ebba@sjcbat103>,autolearn=ham
Tue Dec 8 10:07:12 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:17:15 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 42791
Tue Dec 8 10:17:15 2009 [1427] info: spamd: processing message <4B1E26EC.000003A2@omp.communications2.sun.com> for spamd:5001
Tue Dec 8 10:17:17 2009 [1427] info: spamd: clean message (0.1/4.0) for spamd:5001 in 1.7 seconds, 31194 bytes.
Tue Dec 8 10:17:17 2009 [1427] info: spamd: result: . 0 - AWL,HTML_MESSAGE,RDNS_NONE,SPF_PASS scantime=1.7,size=31194,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127 .0.0.1,rport=42791,mid=<4B1E26EC.000003A2@omp.communications2.sun.com>,autolearn=no
Tue Dec 8 10:17:17 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:27:03 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 57961
Tue Dec 8 10:27:03 2009 [1427] info: spamd: processing message <20091208102650.85729395d216@www.linuxquestions.org> for spamd:5001
Tue Dec 8 10:27:04 2009 [1427] info: spamd: clean message (-0.9/4.0) for spamd:5001 in 1.5 seconds, 2663 bytes.
Tue Dec 8 10:27:04 2009 [1427] info: spamd: result: . 0 - AWL,RCVD_IN_DNSWL_LOW,RDNS_NONE,SPF_PASS scantime=1.5,size=2663,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127. 0.0.1,rport=57961,mid=<20091208102650.85729395d216@www.linuxquestions.org>,autolearn=ham
|
Upon looking around the log file there seems to be more autolearn=no than I would like. The autolearn=ham are fine as they are one's I have set up to learn. Which looks good to me.
But even when I force it to learn it still doesnt make any difference when a new message from the same sender arrives. Well weird!!
|
|
|
12-08-2009, 04:42 AM
|
#6
|
Member
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310
Original Poster
Rep:
|
And this is my local.cf file:
Quote:
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject *****SPAM*****
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 4.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
|
|
|
|
12-08-2009, 05:18 AM
|
#7
|
Member
Registered: Jul 2008
Posts: 57
Rep:
|
And MTA is? Do you use razor, dcc_proc, pyzor in spamassassin?
|
|
|
12-08-2009, 05:28 AM
|
#8
|
Member
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310
Original Poster
Rep:
|
This is the order I am running things on my server:
Quote:
ISP => Fetchmail => Postfix => Spam Assassin => Dovecot => Home client/Web portal
|
As for razor, dcc_proc, pyzor I am guessing no because I do not know what they are. Can you elaborate for me please.
|
|
|
12-08-2009, 06:02 AM
|
#10
|
Member
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310
Original Poster
Rep:
|
So with the set up I have already, whats wrong with it? I never came across those "add-ons" in any setup guide I found when I was installing and configuring spamassassin.
Or are you saying that I am missing important sections in my setup? Does everyone have these added in there config files?
|
|
|
12-08-2009, 06:10 AM
|
#11
|
Member
Registered: Jul 2008
Posts: 57
Rep:
|
Quote:
Originally Posted by fusion1275
So with the set up I have already, whats wrong with it? I never came across those "add-ons" in any setup guide I found when I was installing and configuring spamassassin.
|
Nothing wrong, you need to add them.
Quote:
Originally Posted by fusion1275
.. Does everyone have these added in there config files?
|
I don't now, but these rules will help you to fight with spam.
|
|
|
12-08-2009, 06:13 AM
|
#12
|
Member
Registered: Jul 2008
Posts: 57
Rep:
|
Quote:
Originally Posted by fusion1275
So with the set up I have already, whats wrong with it? I never came across those "add-ons" in any setup guide I found when I was installing and configuring spamassassin.
|
Nothing wrong, you need to add them.
Quote:
Originally Posted by fusion1275
.. Does everyone have these added in there config files?
|
I don't now, but these rules will help you to fight with spam.
I have this in my local.cf:
Code:
razor_config /etc/spamassassin/.razor/razor-agent.conf
#pyzor_options --homedir /etc/spamassassin/.pyzor
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
# dcc_home /var/dcc
use_dcc 1
dcc_path /usr/local/bin/dccproc
|
|
|
All times are GMT -5. The time now is 12:01 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|