Operating System - Linux
1839143 Members
2721 Online
110136 Solutions
New Discussion

Re: Spamassassin is running but no evidence it's doing anything.

 
Vernon Brown_4
Trusted Contributor

Spamassassin is running but no evidence it's doing anything.

I'm running Spamassassin in the default configuration just as it installs from Fedora core 5. It is on my home mail server that has just a few family members and some friends email accounts. The global setting looks like it is set to replace or insert the tag "[Spam]" in the subject line of filtered mail.

We are all getting spammed to death and I see no evidence of that tag in anyof the spam emails.

spamd is running on the mail server. Local user dir's have .spamassassin directories. But I see no local .cf files in the local .spamassassin directories.

Must I put local .cf files in all the .spamassassin local dir's to make it work??

Thanks for any help !!
20 REPLIES 20
George Liu_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

How do you set the configuration? and what does the log say?
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

I haven't changed anything. It is set up just as it installs from Fedora Core 5. I'm reading the docs at http://spamassassin.apache.org but haven't yet seen a clear indication of just what is necessary to make the thing work.
George Liu_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

what is the required_score?
Do you have whitelist_from?
It is possible those cause the problems.
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

I uncommented the score line and set the value to 1
I have only my own domain in the whitelist as *mydomain.com

I suspect that the mail is not even being read by the filter at all because I don't seem to be able to do anything that will cause a reject.

Thanks for your comments !!
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Followup status:
Discovered that each user dir needs two folders and a file.
.procmail folder to contain the logfile
.spamassassin folder to contain the config file
.procmailrc file to redirect mail to spamc

Now it works; needs tweeking. Most spam still gets through.

Any comments welcome !!
Stuart Browne
Honored Contributor

Re: Spamassassin is running but no evidence it's doing anything.

I found it easier to use a system-wide approach, rather than an individual approach.

I use the 'spamass-milter', with auto-learning baysian filters, as well as making sure I've got SPF, DK/DIM modules installed and enabled, making sure that external RBL's are accessable.

This marks most spam that comes to me (about 98-99%).

Mind you, this is a fairly heavily tweaked FC1 system ;)

I use an almost identical setup at work however (on RHEL4 machines), but due to the nature of the office, have had to set the level much higher to avoid the good 'ol false-positive.
One long-haired git at your service...
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Thanks for the ideas !!

I'll work on the global setup and tighten it down since I'm still passing everything through with a [spam] tag in the subject line. Most users have Outlook Express as their email client and set it to check the subject line for [spam] and discard the mail in their own local spam folder.

Thanks for the clues !!
Steven E. Protter
Exalted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Shalom Vernon/

/etc/procmailrc

My contents

DROPPRIVS=yes

:0fw
| /usr/bin/spamc

MAILDIR=$HOME/mail

:0:
* ^X-Spam-Status: Yes
spam


After adding this my system started eating spam very nicely.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Thanks Steven; I'll try those.

I'm getting about 50% of the spam tagged now. I would like to get closer to 100%.
George Liu_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

lower the required_score
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

I had the score set to the default 5. Now I changed it to 1 to see how that works.

I noticed in the Doc's that some things get a negative score which might offset some positive hits. This seems dangerous since a spamer, knowing what scores a negative, simply puts many of those in their spam.

I wonder if there is a way to disable all negative score tests.
George Liu_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

try to combine other methods such as blocking SPAM black lists.

Also, you may always assign score to any word pattern in your local configuration

Stuart Browne
Honored Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Negative scores are assigned to things like Domain keys passes, SPF matches etc. etc., things that are basically impossible to 'fake'.

Failing that, you can re-assign the scores to be 0 of the affected tests. Below is a list of negative scores that's with SA 3.1.5 (you can check these yourself):

# cd /usr/share/spamassasin
# grep "score.*-" *.cf
50_scores.cf:score ALL_TRUSTED -1.360 -1.440 -1.665 -1.800
50_scores.cf:score RCVD_IN_IADB_VOUCHED 0 -1.825 0 -2.200
50_scores.cf:score BAYES_00 0.0001 0.0001 -2.312 -2.599
50_scores.cf:score BAYES_05 0.0001 0.0001 -1.110 -1.110
50_scores.cf:score BAYES_20 0.0001 0.0001 -0.740 -0.740
50_scores.cf:score BAYES_40 0.0001 0.0001 -0.185 -0.185
50_scores.cf:score NO_RELAYS -0.001
50_scores.cf:score NO_RECEIVED -0.001
50_scores.cf:score USER_IN_WHITELIST -100.000
50_scores.cf:score USER_IN_DEF_WHITELIST -15.000
50_scores.cf:score SUBJECT_IN_WHITELIST -100
50_scores.cf:score USER_IN_DKIM_WHITELIST -100.000
50_scores.cf:score USER_IN_DEF_DKIM_WL -7.500
50_scores.cf:score ENV_AND_HDR_DKIM_MATCH -7.500
50_scores.cf:score USER_IN_DK_WHITELIST -100.000
50_scores.cf:score USER_IN_DEF_DK_WL -7.500
50_scores.cf:score ENV_AND_HDR_DK_MATCH -7.500
50_scores.cf:score USER_IN_SPF_WHITELIST -100.000
50_scores.cf:score USER_IN_DEF_SPF_WL -7.500
50_scores.cf:score ENV_AND_HDR_SPF_MATCH -7.500
50_scores.cf:score USER_IN_WHITELIST_TO -6.000
50_scores.cf:score USER_IN_MORE_SPAM_TO -20.000
50_scores.cf:score USER_IN_ALL_SPAM_TO -100.000
50_scores.cf:score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
50_scores.cf:score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
50_scores.cf:score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
50_scores.cf:score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
50_scores.cf:score HABEAS_CHECKED 0 -0.2 0 -0.2
50_scores.cf:score DKIM_VERIFIED -0.001
50_scores.cf:score DK_VERIFIED -0.001
50_scores.cf:score HASHCASH_20 -0.500
50_scores.cf:score HASHCASH_21 -0.700
50_scores.cf:score HASHCASH_22 -1.000
50_scores.cf:score HASHCASH_23 -2.000
50_scores.cf:score HASHCASH_24 -3.000
50_scores.cf:score HASHCASH_25 -4.000
50_scores.cf:score HASHCASH_HIGH -5.000
50_scores.cf:score SPF_PASS -0.001
50_scores.cf:score SPF_HELO_PASS -0.001
One long-haired git at your service...
Stuart Browne
Honored Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Oh yeah, make sure you 'sa-update' on a regular basis (once a day). This updates the spam patterns.
One long-haired git at your service...
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Thanks for all the help !!

I'm getting close to blocking all of the regular repeat spam. A few of the new ones still get through.

Thanks.
Stuart Browne
Honored Contributor

Re: Spamassassin is running but no evidence it's doing anything.

We just implemented a new set of custom rules (from www.rulesemporium.com) which dropped the spam level that was getting through by another 2/3rds.

My account has approximately 15 aliases pointing to it (i.e. root@, mailer-daemon@, postmaster@), and that's taken the daily spam down from around 100, to less than 30.

Now there are just the occasional stock spam, and that damn spam with that orange arrow *grumble*.

Oh well, it's what you get for having a company policy of SA-level-15-before-reject.. *sighs*.

Good luck ;)
One long-haired git at your service...
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

I'm getting closer, but I goofed. I copied my tested user_prefs from my user .spamassassin dir into the /etc/mail/spamassassin/local.cf dir and removed the tests from my user_prefs. This morning out of 19 spams, it only flagged 4.

Something must need to be restarted. I'm guessing it is sendmail. I'll restart that and see what happens.

Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Ok I did service spamassassin restart
and service sendmail restart.

Ivan Krastev
Honored Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Also see this - http://www.rulesemporium.com/


ti add more rules.


regards,
ivan
Vernon Brown_4
Trusted Contributor

Re: Spamassassin is running but no evidence it's doing anything.

Thanks for the link Ivan