LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-08-2009, 04:21 AM   #1
fusion1275
Member
 
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310

Rep: Reputation: 36
Get rid of this spam


Hi all,

I have had spamassassin installed on my mail server now for over 4months and all was fine for about a month then it seemed that everything started to get through and not be tagged by SPAM.

Now I do not get any tagged messages, I run the following command on all new messages in my inbox (which is spam only):

Quote:
sa-learn --showdots --spam /home/fusion/Maildir/cur/*
But still nothing happens. How do I get this fixed?

I've also tried to drop the required_score rate to 4.0 but that hasn't made any difference.

Any suggestions would be very much appreciated.
 
Old 12-08-2009, 04:26 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Is spamassassin running ?
 
Old 12-08-2009, 04:31 AM   #3
fusion1275
Member
 
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310

Original Poster
Rep: Reputation: 36
Quote:
# ps -ef |grep spam
root 1426 1 0 Dec03 ? 00:01:20 /usr/sbin/spamd --create-prefs --max-children 5 --username spamd --helper-home-dir /var/lib/spamassassin/ -s /var/log/spamd.log -d --pidfile=/var/lib/spamassassin/spamd.pid
spamd 1427 1426 0 Dec03 ? 00:01:30 spamd child
spamd 1428 1426 0 Dec03 ? 00:00:00 spamd child
root 10960 10689 0 10:30 pts/0 00:00:00 grep spam
I think so
 
Old 12-08-2009, 04:34 AM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Do you see any pointers in the logfiles ?
Perhaps the conf file is changed by an update?
 
Old 12-08-2009, 04:40 AM   #5
fusion1275
Member
 
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310

Original Poster
Rep: Reputation: 36
This is small section of the log file:

Quote:
Tue Dec 8 00:30:07 2009 [1426] info: prefork: child states: II
Tue Dec 8 04:17:10 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 44176
Tue Dec 8 04:17:10 2009 [1427] info: spamd: processing message <20091208041655.881FB7AE0@Sapphire-home.net> for spamd:5001
Tue Dec 8 04:17:25 2009 [1427] info: spamd: clean message (2.5/4.0) for spamd:5001 in 14.7 seconds, 286517 bytes.
Tue Dec 8 04:17:25 2009 [1427] info: spamd: result: . 2 - AWL,NUMERIC_HTTP_ADDR,RDNS_NONE,URI_HEX,WEIRD_PORT scantime=14.7,size=286517,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=1 27.0.0.1,rport=44176,mid=<20091208041655.881FB7AE0@Sapphire-home.net>,autolearn=no
Tue Dec 8 04:17:25 2009 [1426] info: prefork: child states: II
Tue Dec 8 08:26:19 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 34772
Tue Dec 8 08:26:19 2009 [1427] info: spamd: processing message <23937619.10769851260260761039.JavaMail.em-build@eu-mm-relay.amazon.com> for spamd:5001
Tue Dec 8 08:26:31 2009 [1427] info: spamd: clean message (-11.2/4.0) for spamd:5001 in 11.5 seconds, 79727 bytes.
Tue Dec 8 08:26:31 2009 [1427] info: spamd: result: . -11 - AWL,HTML_MESSAGE,RCVD_IN_DNSWL_MED,RDNS_NONE,SPF_PASS,USER_IN_DEF_SPF_WL scantime=11.5,size=79727,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=12 7.0.0.1,rport=34772,mid=<23937619.10769851260260761039.JavaMail.em-build@eu-mm-relay.amazon.com>,autolearn=ham
Tue Dec 8 08:26:31 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:02:03 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 57454
Tue Dec 8 10:02:03 2009 [1427] info: spamd: processing message <768442513.63965841260266456883@ecmessenger> for spamd:5001
Tue Dec 8 10:02:05 2009 [1427] info: spamd: clean message (0.2/4.0) for spamd:5001 in 1.7 seconds, 9598 bytes.
Tue Dec 8 10:02:05 2009 [1427] info: spamd: result: . 0 - AWL,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RDNS_NONE,SPF_PASS scantime=1.7,size=9598,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127. 0.0.1,rport=57454,mid=<768442513.63965841260266456883@ecmessenger>,autolearn=no
Tue Dec 8 10:02:05 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:07:06 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 38699
Tue Dec 8 10:07:06 2009 [1427] info: spamd: processing message <11573865.1260265905129.JavaMail.ebba@sjcbat103> for spamd:5001
Tue Dec 8 10:07:12 2009 [1427] info: spamd: clean message (-10.4/4.0) for spamd:5001 in 5.5 seconds, 9837 bytes.
Tue Dec 8 10:07:12 2009 [1427] info: spamd: result: . -10 - AWL,HABEAS_ACCREDITED_SOI,HTML_MESSAGE,RCVD_IN_BSP_OTHER,RCVD_IN_DNSWL_MED,RDNS_NONE,SPF_PASS scantime=5.5,size=9837,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127. 0.0.1,rport=38699,mid=<11573865.1260265905129.JavaMail.ebba@sjcbat103>,autolearn=ham
Tue Dec 8 10:07:12 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:17:15 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 42791
Tue Dec 8 10:17:15 2009 [1427] info: spamd: processing message <4B1E26EC.000003A2@omp.communications2.sun.com> for spamd:5001
Tue Dec 8 10:17:17 2009 [1427] info: spamd: clean message (0.1/4.0) for spamd:5001 in 1.7 seconds, 31194 bytes.
Tue Dec 8 10:17:17 2009 [1427] info: spamd: result: . 0 - AWL,HTML_MESSAGE,RDNS_NONE,SPF_PASS scantime=1.7,size=31194,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127 .0.0.1,rport=42791,mid=<4B1E26EC.000003A2@omp.communications2.sun.com>,autolearn=no
Tue Dec 8 10:17:17 2009 [1426] info: prefork: child states: II
Tue Dec 8 10:27:03 2009 [1427] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 57961
Tue Dec 8 10:27:03 2009 [1427] info: spamd: processing message <20091208102650.85729395d216@www.linuxquestions.org> for spamd:5001
Tue Dec 8 10:27:04 2009 [1427] info: spamd: clean message (-0.9/4.0) for spamd:5001 in 1.5 seconds, 2663 bytes.
Tue Dec 8 10:27:04 2009 [1427] info: spamd: result: . 0 - AWL,RCVD_IN_DNSWL_LOW,RDNS_NONE,SPF_PASS scantime=1.5,size=2663,user=spamd,uid=5001,required_score=4.0,rhost=localhost.localdomain,raddr=127. 0.0.1,rport=57961,mid=<20091208102650.85729395d216@www.linuxquestions.org>,autolearn=ham
Upon looking around the log file there seems to be more autolearn=no than I would like. The autolearn=ham are fine as they are one's I have set up to learn. Which looks good to me.

But even when I force it to learn it still doesnt make any difference when a new message from the same sender arrives. Well weird!!
 
Old 12-08-2009, 04:42 AM   #6
fusion1275
Member
 
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310

Original Poster
Rep: Reputation: 36
And this is my local.cf file:

Quote:
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

# Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject *****SPAM*****


# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0


# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.


# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 4.0


# Use Bayesian classifier (default: 1)
#
use_bayes 1


# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1

# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
 
Old 12-08-2009, 05:18 AM   #7
mkp
Member
 
Registered: Jul 2008
Posts: 57

Rep: Reputation: 15
And MTA is? Do you use razor, dcc_proc, pyzor in spamassassin?
 
Old 12-08-2009, 05:28 AM   #8
fusion1275
Member
 
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310

Original Poster
Rep: Reputation: 36
This is the order I am running things on my server:

Quote:
ISP => Fetchmail => Postfix => Spam Assassin => Dovecot => Home client/Web portal
As for razor, dcc_proc, pyzor I am guessing no because I do not know what they are. Can you elaborate for me please.
 
Old 12-08-2009, 05:36 AM   #9
mkp
Member
 
Registered: Jul 2008
Posts: 57

Rep: Reputation: 15
http://razor.sourceforge.net/docs/
http://wiki.apache.org/spamassassin/UsingPyzor
http://wiki.apache.org/spamassassin/UsingDcc

It's very simple to use it. If you want i'll post my local.cf. I use Exim for MTA, so you need to see how Postfix invoke Spamassassin. Post your Postfix config file.

Last edited by mkp; 12-08-2009 at 05:53 AM.
 
Old 12-08-2009, 06:02 AM   #10
fusion1275
Member
 
Registered: Jul 2007
Location: Knaphill, Surrey
Distribution: Linux Mint
Posts: 310

Original Poster
Rep: Reputation: 36
So with the set up I have already, whats wrong with it? I never came across those "add-ons" in any setup guide I found when I was installing and configuring spamassassin.

Or are you saying that I am missing important sections in my setup? Does everyone have these added in there config files?
 
Old 12-08-2009, 06:10 AM   #11
mkp
Member
 
Registered: Jul 2008
Posts: 57

Rep: Reputation: 15
Quote:
Originally Posted by fusion1275 View Post
So with the set up I have already, whats wrong with it? I never came across those "add-ons" in any setup guide I found when I was installing and configuring spamassassin.
Nothing wrong, you need to add them.

Quote:
Originally Posted by fusion1275 View Post
.. Does everyone have these added in there config files?
I don't now, but these rules will help you to fight with spam.
 
Old 12-08-2009, 06:13 AM   #12
mkp
Member
 
Registered: Jul 2008
Posts: 57

Rep: Reputation: 15
Quote:
Originally Posted by fusion1275 View Post
So with the set up I have already, whats wrong with it? I never came across those "add-ons" in any setup guide I found when I was installing and configuring spamassassin.
Nothing wrong, you need to add them.

Quote:
Originally Posted by fusion1275 View Post
.. Does everyone have these added in there config files?
I don't now, but these rules will help you to fight with spam.

I have this in my local.cf:

Code:
razor_config /etc/spamassassin/.razor/razor-agent.conf

#pyzor_options --homedir /etc/spamassassin/.pyzor

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor

# dcc_home      /var/dcc
use_dcc 1
dcc_path /usr/local/bin/dccproc
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 04:18 AM
Anybody know how to get rid of ths spam? sarainboston LinuxQuestions.org Member Success Stories 1 05-02-2007 05:35 AM
Would this be OK to get rid of Spam? eantoranz Linux - Networking 1 09-09-2005 08:49 AM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 08:35 AM
As will get rid of a spam on keywords ukrainet Linux - Newbie 2 12-13-2004 03:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration