LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Spamassassin doesn't scan "internal" mail (https://www.linuxquestions.org/questions/linux-software-2/spamassassin-doesnt-scan-internal-mail-4175588914/)

bagstone 09-07-2016 03:39 AM
Spamassassin doesn't scan "internal" mail
 
After marking spam manually for a long time, I've finally come around to install Spamassassin yesterday. However, for some reason it doesn't scan "internal" mails, i.e., if I send an email to myself it doesn't get evaluated at all. The issue is that sometimes spam fakes my host and thus looks like it's internal - and it's not evaluated either. I've tried to search for this issue but always find the opposite (people complain that Spamassassin by default scans internal email and want to turn it off).

I'm not sure what info you need to help. The server is running Ubuntu 12.04.5 with Postfix+Dovecot, and I used this guide yesterday, so the configs look like that as well:

https://www.digitalocean.com/communi...n-ubuntu-12-04

business_kid 09-11-2016 05:29 PM
Spamassassin & friends usually run from proc mail. When your mail server has a msil for you, it invokes the MDA procmail to deliver it. Procmail starts with the privileges of the mail recipient.
You're obviously using another option, but it's not working on the internal emails. Procmail is probably the best way to go.

bagstone 09-12-2016 07:12 AM
Thanks for your reply!

I remember somewhere in one of the configs or the logs seeing proc mail - I just can't find it anymore (looked through all configs and logs I can think of). Any suggestions for which config files I could post here to help to resolve this? I'm completely in a dead end and don't know where to look anymore to figure out how to get this working properly...

business_kid 09-13-2016 01:51 AM
I don't even know what programs you are running. You never mentioned.

in every mail server setup, there's a line for saying what to do with received mail. On that line invoke procmail. Each user has a ~/.procmailrc, which configures procmail for them.I used it once to
  1. Check the mail with Vipul's razor
  2. Pass it through the DCC (Distributed Checksum Clearinghouse). That is/was an insurance against bulk mail, and some of the mailing lists I was on were soft targets for bulk mail.
  3. Then pass mails to spamc. That was for a normal spam check. I had plenty of extra rulesets installed. Some were very effective, and some useless.
  4. There was a while when I also used some other anti spam test, ( Another razor type test in python) but most of the time mail got delivered to the luser at this point.
Vipul's razor got about 50% of the spam (It works on whether people have reported that mail as spam) DCC got a steady percentage and spamassassin got the rest. It did require regular tuning.

bagstone 09-13-2016 04:31 AM
Hm... I've mentioned Postfix+Dovecot and Spamassassin. Is there anything else? I just Googled to understand the terminology better and it says that if procmail is involved, it should be in Postfix's main.cf in the "mailbox_command" line. It's not the case, in our config it only links to Dovecot.

Also note that I'm not talking about the spam detection as such - I'm pretty happy with how Spamassassin's detection works. My issue is only that for some reason mails that have one of my domains as *sender* don't get scanned at all. Basically, I'm trying to figure out in which of the configurations of Postfix/Dovecot/Spamassassin this filtering happens; where does the MDA decide that certain email shouldn't get scanned.

Oh, one thing to add, because you mentioned "user folders": Email accounts don't have home folders on my system, but everything is set up using a PostgreSQL DB.

Anyways, since I think my issue is with the routing of emails and I've added spamassassin into the loop in one file according to the guide, here's /etc/postfix/master.cf, maybe that helps.

Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#              (yes)  (yes)  (yes)  (never) (100)
# ==========================================================================
smtp      inet  n      -      -      -      -      smtpd
    -o content_filter=spamassassin
spamassassin unix -      n      n      -      -      pipe
    user=spamd argv=/usr/bin/spamc -f -e
    /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#smtp      inet  n      -      -      -      1      postscreen
#smtpd    pass  -      -      -      -      -      smtpd
#dnsblog  unix  -      -      -      -      0      dnsblog
#tlsproxy  unix  -      -      -      -      0      tlsproxy
#submission inet n      -      -      -      -      smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps    inet  n      -      -      -      -      smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n      -      -      -      -      qmqpd
pickup    fifo  n      -      -      60      1      pickup
cleanup  unix  n      -      -      -      0      cleanup
qmgr      fifo  n      -      n      300    1      qmgr
#qmgr    fifo  n      -      -      300    1      oqmgr
tlsmgr    unix  -      -      -      1000?  1      tlsmgr
rewrite  unix  -      -      -      -      -      trivial-rewrite
bounce    unix  -      -      -      -      0      bounce
defer    unix  -      -      -      -      0      bounce
trace    unix  -      -      -      -      0      bounce
verify    unix  -      -      -      -      1      verify
flush    unix  n      -      -      1000?  0      flush
proxymap  unix  -      -      n      -      -      proxymap
proxywrite unix -      -      n      -      1      proxymap
smtp      unix  -      -      -      -      -      smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay    unix  -      -      -      -      -      smtp
        -o smtp_fallback_relay=
#      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq    unix  n      -      -      -      -      showq
error    unix  -      -      -      -      -      error
retry    unix  -      -      -      -      -      error
discard  unix  -      -      -      -      -      discard
local    unix  -      n      n      -      -      local
virtual  unix  -      n      n      -      -      virtual
lmtp      unix  -      -      -      -      -      lmtp
anvil    unix  -      -      -      -      1      anvil
scache    unix  -      -      -      -      1      scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -      n      n      -      -      pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#  lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus    unix  -      n      n      -      -      pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -      n      n      -      -      pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -      n      n      -      -      pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -      n      n      -      -      pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp    unix  -      n      n      -      -      pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -      n      n      -      2      pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman  unix  -      n      n      -      -      pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
dovecot  unix  -      n      n      -      -      pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

business_kid 09-14-2016 01:31 AM
It's been nearly 15 years since I was doing this stuff. Postfix has separate settings for how it handles internal & external or internet mail. It is suspicious of The internet, but trusts internal mail. Google that and fix it. It's probably in the local settings or aliases.


Procmail is for internal Unix mailboxes. Your use of Dovecot effectively means that your user folders are dovecot's folders. I never used dovecot.At that time I was using fetchmail for pop3 from my ISP, and throwing that at postfix. Now I'm on webmail and don't bother with any of it.


All times are GMT -5. The time now is 06:52 PM.