Hi, I sent a GTUBE test and SA didn't register the email as spam. how can I verify if it's up and working?

Also, is there any way to have clamAV send a message to the user instead of just deleting it and sending a message to the av admin? Cause I'm not getting any A/V admin notices so for even though I've sent eicar like a bazillion times.

oh, should probably mention running:

FC5
postfix
dovecot

Hi, I sent a GTUBE test and SA didn't register the email as spam. how can I verify if it's up and working?

Have you enabled Spamassassin for this account? Have you checked the mail headers of the email?

Yes. It is enabled for this account. level is set at 5. Here are some example headers.

Return-Path: <saratogahomeshow.com@reaganpresidentiallibrary.com>
X-Original-To: xxxxxxx@xxxxxxx.org
Delivered-To: xxxxxxx@xxxxxxx.com
Received: from localhost (pool-72-81-13-110.phlapa.east.verizon.net [72.81.13.110])
by xxxxxxx.com (Postfix) with SMTP id 1490428812B
for <xxxxxxx@xxxxxxx.org>; Sat, 6 Jan 2007 09:07:52 -0600 (CST)
Message-ID: <000001c731a3$df5a0f00$0100007f@localhost>
From: "Alec Murphy" <saratogahomeshow.com@reaganpresidentiallibrary.com>
To: <xxxxxxx@xxxxxxx.org>
Subject: Need S0ftware?
Date: Sat, 06 Jan 2007 11:07:43 -0400
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3610
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.1125
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.6/2416/Fri Jan 5 22:54:14 2007



Return-Path: <benannni@yahoo.fr>
X-Original-To: xxxxxxx@xxxxxxx.com
Delivered-To: xxxxxxx@xxxxxxx.com
Received: from smtp8-g19.free.fr (smtp8-g19.free.fr [212.27.42.65])
by xxxxxxx.com (Postfix) with ESMTP id CC49C28812B
for <xxxxxxx@xxxxxxx.com>; Sat, 6 Jan 2007 09:21:15 -0600 (CST)
Received: from imp1-g19.free.fr (imp1-g19.free.fr [212.27.42.1])
by smtp8-g19.free.fr (Postfix) with ESMTP id 29ED254B0;
Sat, 6 Jan 2007 16:21:14 +0100 (CET)
Received: by imp1-g19.free.fr (Postfix, from userid 33)
id 1A6A28919; Sat, 6 Jan 2007 16:21:14 +0100 (CET)
Received: from 80.227.0.153 ([80.227.0.153])
by imp1-g19.free.fr (IMP) with HTTP
for <benanni007@127.0.0.1>; Sat, 06 Jan 2007 16:21:13 +0100
Message-ID: <1168096873.459fbe699b94f@imp1-g19.free.fr>
Date: Sat, 06 Jan 2007 16:21:13 +0100
From: ben anni <benannni@yahoo.fr>
Reply-to: benanni2022@yahoo.fr
Subject: Now contact my secretary
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.5
X-Originating-IP: 80.227.0.153
To: undisclosed-recipients:;
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.6/2416/Fri Jan 5 22:54:14 2007

I installed razor, pyzor, and dcc but still no difference. I was under the impression that the spam score should be in the headers. Is this right? Here's a recent header.

Return-Path: <xxxxxxx>
X-Original-To: xxxxxxx
Delivered-To: xxxxxxx
Received: from web55704.mail.re3.yahoo.com (web55704.mail.re3.yahoo.com [216.252.110.35])
by xxxxxxx (Postfix) with SMTP id AAB8C28812D
for <xxxxxxx>; Sat, 6 Jan 2007 13:15:31 -0600 (CST)
Received: (qmail 37248 invoked by uid 60001); 6 Jan 2007 19:15:30 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=m9rNXOGgfuOBowkIFipQXCjjYtA8ZNcJoUhQYi2xhXRf/uqFukXezaSgKfqzKLsNltjDIdnGwOkHncgBROCqfQ4oT5xzOyk zgBVYaVL/KEGoAgjuBbAZYMeKkXpRcbsoa3hiCL3VR36n1RFAJqH1F9egrw 7/QKMoXaHimd2qC18=;
X-YMail-OSG: jqkksZkVM1mDzOOJKBT6svp151z61WhNhxw3jltWa8uDnQN00o Lbr2utmA0ZGM7XcXBvhM5XSpuFtH3ryOtJ0p4SkBgiO63V7pS0 ZAE4F.8Ocptcu9r3gO1OwKAszlZ9yYd8TUN9txGR2e8-
Received: from [xxxxxxx] by web55704.mail.re3.yahoo.com via HTTP; Sat, 06 Jan 2007 11:15:30 PST
Date: Sat, 6 Jan 2007 11:15:30 -0800 (PST)
From: xxxxxxx
Subject: test gtuber
To: xxxxxxx
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-833759254-1168110930=:36580"
Content-Transfer-Encoding: 8bit
Message-ID: <765989.36580.qm@web55704.mail.re3.yahoo.com>
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.88.6/2416/Fri Jan 5 22:54:14 2007

I'm trying to test with spamassassin -t -D < /tmp/spam (/tmp/spam being a mail message) but I can't figure out where mail is stored. Can anyone point me in the right direction?

Hmmm your mail headers are missing the X-Spam stuff..

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on host.aabbccdd.info
X-Spam-Level: *
X-Spam-Status: No, score=2.0 required=5.0 tests=AWL,DNS_FROM_RFC_ABUSE,
DNS_FROM_RFC_POST,HTML_MESSAGE autolearn=no version=3.1.7


Are you sure that Spamassassin is enabled?

re: Can anyone point me in the right direction?

For me (Debian Sarge) it's in /var/mail

errrr, yup. I think anyways. should be like attached pic right? And I'm using FC5. There should be emails waiting (I sent some test from my yahoo account.) but there's nothing in the mail folder. Does it get passed on to elsewhere?

Within your file /etc/default/spamassassin you can verify if spamassassin is allowed to start after a reboot.

To give spamassassin permision to start after a reboot change the line

# Change to one to enable spamd
ENABLED=0

into:

# Change to one to enable spamd
ENABLED=1

Maybe, you did this already but i think it can be helpful to you..

I don't have that. I have these instances of SA. which is the right one for ISPconfig?

/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin
/etc/sysconfig/spamassassin
/etc/rc.d/init.d/spamassassin
/usr/bin/spamassassin

I checked them all and none have the identifier you described.

Oh yes, you're using FC5.

What is within the file /etc/rc.d/init.d/spamassassin ?
Is there something like:

# Defaults - don't touch, edit /etc/default/spamassassin
ENABLED=0

I use Debian, and as the referer line says, i have to enable spamassassin within the file /etc/default/spamassassin so i did.


Maybe the file /etc/default/spamassassin is only for Debian and you have to edit a different file.

Sorry :(

If you give the command net stat -tap, is spamd listening?

ISPConfig uses /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin

Did you get a error when you execute:

/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin

Oh yes, you're using FC5.

What is within the file /etc/rc.d/init.d/spamassassin ?
Is there something like:

# Defaults - don't touch, edit /etc/default/spamassassin
ENABLED=0

Nope. Sorry.

If you give the command net stat -tap, is spamd listening?
That command doesn't work and I'm not sure how to do it with FC5 as I'm still pretty new to this. Real sorry.

Did you get a error when you execute:

/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin
It just sorta sits there with a blinky cursor but here's the debug info I got.

[5058] dbg: logger: adding facilities: all
[5058] dbg: logger: logging level is DBG
[5058] dbg: generic: SpamAssassin version 3.1.0
[5058] dbg: config: score set 0 chosen.
[5058] dbg: util: running in taint mode? yes
[5058] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH
[5058] dbg: util: PATH included '/usr/kerberos/sbin', keeping
[5058] dbg: util: PATH included '/usr/kerberos/bin', keeping
[5058] dbg: util: PATH included '/usr/local/sbin', keeping
[5058] dbg: util: PATH included '/usr/local/bin', keeping
[5058] dbg: util: PATH included '/sbin', keeping
[5058] dbg: util: PATH included '/bin', keeping
[5058] dbg: util: PATH included '/usr/sbin', keeping
[5058] dbg: util: PATH included '/usr/bin', keeping
[5058] dbg: util: PATH included '/root/bin', which doesn't exist, dropping
[5058] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
[5058] dbg: dns: is Net::DNS::Resolver available? yes
[5058] dbg: dns: Net::DNS version: 0.59
[5058] dbg: dns: name server: 4.2.2.1, family: 2, ipv6: 0
[5058] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[5058] dbg: config: read file /etc/mail/spamassassin/init.pre
[5058] dbg: config: read file /etc/mail/spamassassin/v310.pre
[5058] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[5058] dbg: config: using "/usr/share/spamassassin" for default rules dir
[5058] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[5058] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[5058] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[5058] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[5058] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[5058] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[5058] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[5058] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[5058] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[5058] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[5058] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[5058] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[5058] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[5058] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[5058] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf
[5058] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[5058] dbg: config: read file /etc/mail/spamassassin/local.cf
[5058] dbg: config: using "/root/.spamassassin" for user state dir
[5058] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file
[5058] dbg: config: read file /root/.spamassassin/user_prefs
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xaa71b0 8)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xaa8987 0)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xaaac218)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[5058] dbg: pyzor: network tests on, attempting Pyzor
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0xaac3690)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[5058] dbg: reporter: network tests on, attempting SpamCop
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0xab45bf8 )
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0xab5483c)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HAS H(0xacf523c)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH( 0xacf5c98)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xad02 894)
[5058] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[5058] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad0 fa0c)
[5058] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[5058] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[5058] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[5058] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[5058] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[5058] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
[5058] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[5058] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad0 fa0c) implements 'finish_parsing_end'
[5058] dbg: replacetags: replacing tags
[5058] dbg: replacetags: done replacing tags
[5058] dbg: config: using "/root/.spamassassin" for user state dir
[5058] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
[5058] dbg: config: score set 1 chosen.
[5058] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
[5058] dbg: dns: testing resolver nameservers: 4.2.2.1, 4.2.2.2
[5058] dbg: dns: trying (3) google.com...
[5058] dbg: dns: looking up NS for 'google.com'
/usr/bin/perl: symbol lookup error: /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Net/DNS/DNS.so: undefined symbol: Perl_sv_2uv_flags

Answer! It's a bug!

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218916

It's apparently a PERL issue and updating to 5.8.8-5 resolves. It's all better now!

hmmmm, but now I don't seem to be getting any mail. Can anyone tell me what this means? It's from my maillog.

Jan 7 10:26:00 mailserver postfix/local[8271]: BFB0E28812D: to=<web3_spamtrap@mailserver.com>, orig_to=<spamtrap@mailserver.com>, relay=local, delay=18, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 7 10:26:00 mailserver postfix/qmgr[8241]: BFB0E28812D: removed

This means the mail has been delivered to the mailbox of the user: web3_spamtrap. You should be able to find it in there. The log shows all has worked as expected (status=sent).

I never get it. Should the email be deleted because of Eicar if the A/V option is not checked? How do I tell what happens to the email after postfix is done with it?

What's the output of netstat -tap, and is Maildir enabled or disabled in your ISPConfig settings?

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 1735/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 1892/smbd
tcp 0 0 *:sunrpc *:* LISTEN 1380/portmap
tcp 0 0 *:ndmp *:* LISTEN 2410/perl
tcp 0 0 *:hosts2-ns *:* LISTEN 2107/ispconfig_http
tcp 0 0 192.168.69.70:domain *:* LISTEN 6289/named
tcp 0 0 xxxxxxx.com:domain *:* LISTEN 6289/named
tcp 0 0 *:32886 *:* LISTEN 1398/rpc.statd
tcp 0 0 xxxxxxx.com:ipp *:* LISTEN 22728/cupsd
tcp 0 0 *:smtp *:* LISTEN 18877/master
tcp 0 0 xxxxxxx.com:rndc *:* LISTEN 6289/named
tcp 0 0 *:microsoft-ds *:* LISTEN 1892/smbd
tcp 0 0 *:imaps *:* LISTEN 1762/dovecot
tcp 0 0 *:pop3s *:* LISTEN 1762/dovecot
tcp 0 0 *:pop3 *:* LISTEN 1762/dovecot
tcp 0 0 *:imap *:* LISTEN 1762/dovecot
tcp 0 0 *:http *:* LISTEN 16767/httpd
tcp 0 0 *:ftp *:* LISTEN 32534/proftpd: (acc
tcp 0 0 *:ssh *:* LISTEN 1628/sshd
tcp 0 0 ::1:rndc *:* LISTEN 6289/named
tcp 0 0 *:https *:* LISTEN 16767/httpd
tcp 0 0 ::ffff:192.168.69.70:http dsl88-226-19608.t:instantia TIME_WAIT -
tcp 0 0 ::ffff:192.168.69.70:http host86-134-89-52.:zymed-zpp TIME_WAIT -
tcp 0 0 ::ffff:192.168.69.70:http dsl88-226-19608.:nmasoverip TIME_WAIT -
tcp 0 0 ::ffff:192.168.69.70:http host86-134-89-52.range:gris TIME_WAIT -
tcp 0 0 ::ffff:192.168.69.70:http dsl88-226-19608.ttn:hacl-qs TIME_WAIT -
tcp 0 0 ::ffff:192.168.69.70:ssh rrcs-24-153-135-122.s:54113 ESTABLISHED 27977/0
tcp 0 0 ::ffff:192.168.69.70:http crawl-66-249-65-135.g:61355 TIME_WAIT -
and yes. MailDir is enabled as I ended up migrating mail from a different type of mailserver. I do get mail to some accounts. I should probably add that I have added this to my postfix main.conf:
smtpd_helo_required = yes
disable_vrfy_command = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
#unknown_address_reject_code = 554
#unknown_client_reject_code = 554
#unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
#unknown_relay_recipient_reject_code = 554
#unknown_sender_reject_code = 554
#unknown_virtual_alias_reject_code = 554
#unknown_virtual_mailbox_reject_code = 554
#unverified_recipient_reject_code = 554
#unverified_sender_reject_code = 554

smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
permit
I commented some stuff out to see if it helped in allowing mail to come through. Mostly, I just wanted the RBL's but wasn't sure how to put it.

Looks ok.

hmmmm, but now I don't seem to be getting any mail. Can anyone tell me what this means? It's from my maillog.

Jan 7 10:26:00 mailserver postfix/local[8271]: BFB0E28812D: to=<web3_spamtrap@mailserver.com>, orig_to=<spamtrap@mailserver.com>, relay=local, delay=18, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 7 10:26:00 mailserver postfix/qmgr[8241]: BFB0E28812D: removed
What's in the .procmailrc file of the web3_spamtrap user?

MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
ORGMAIL=$MAILDIR

INCLUDERC=/var/www/web3/user/web3_spamtrap/.mailsize.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.quota.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.antivirus.rc
INCLUDERC=/var/www/web3/user/web3_spamtrap/.local-rules.rc
INCLUDERC=/var/www/web3/user/web3_spamtrap/.html-trap.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.spamassassin.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.autoresponder.rc
~

INCLUDERC=/var/www/web3/user/web3_spamtrap/.local-rules.rc
INCLUDERC=/var/www/web3/user/web3_spamtrap/.html-trap.rc

Please disable Mailscan in that user's ISPConfig settings. I'm not sure, but it is possible that Mailscan deletes the Eicar test virus.

Daisy,

Small note on your main.cf (postfix),

remove:
reject_rbl_client relays.ordb.org,


ordb.org is no more (gone)!

Thanks for all the tips. Everything seems to be working well now. I've actually gotten complaints about it being TOO strict from friends who's stupid ISP's have gotten their mailservers blacklisted.

One last question, I opted to have the subject rewritten but, instead of just getting a changed subject, I get a whole new email with the old email as an attachment. If I try to forward this on to my account at spamcop, they can't find the headers. Should the headers be changed so? What's going on?

One last question, I opted to have the subject rewritten but, instead of just getting a changed subject, I get a whole new email with the old email as an attachment.
That's strange. :confused: Did you disable Mailscan?

Yep. mailscan and antivirus are disabled. only spamfilter, Rewrite Subject, and Use URIBL are checked. I just disabled all my rbl client rejects so I'll grab the next spam that comes in and post the headers. to show you what I mean.

ok, so here's what I get:
Received: from localhost by mysite.com
with SpamAssassin (version 3.1.7);
Wed, 24 Jan 2007 07:03:06 -0600
From: "CSS" <mlijghev@co.th>
To: me@mysite.com
Subject: ***SPAM*** All you favorite games
Date: Wed, 24 Jan 2007 20:05:03 -0700
Message-Id: <27F12A03C4C9013.E79BA94F3A@co.th>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mysite.com
X-Spam-Level: *******************************
X-Spam-Status: Yes, score=31.6 required=5.0 tests=DATE_IN_FUTURE_12_24,
DCC_CHECK,DIGEST_MULTIPLE,HELO_DYNAMIC_IPADDR,HTML _FONT_BIG,
HTML_MESSAGE,MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_ RANGE_51_100,
RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_10 0,RAZOR2_CHECK,
RCVD_IN_NJABL_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,UR IBL_OB_SURBL,
URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam version=3.1.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45B7590A.A8B2BAE2"

This is a multi-part message in MIME format.

------------=_45B7590A.A8B2BAE2
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "mysite.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Only from the most noble of all casinos you could except
such a Regal gift: 300% Bonus on your First Deposit!!! Deposit 100 €/$
and Play with 400 €/$!!! And on top of that, a service at such a level
you would not find in the best Royal Families of Europe. [...]

Content analysis details: (31.6 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
0.3 HTML_FONT_BIG BODY: HTML tag for a big font size
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[124.120.75.104 listed in combined.njabl.org]
1.1 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: royal-casinos.net]
3.3 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: royal-casinos.net]
3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: royal-casinos.net]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: royal-casinos.net]
2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: royal-casinos.net]
3.6 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: royal-casinos.net]
0.2 DIGEST_MULTIPLE Message hits more than one network digest check

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_45B7590A.A8B2BAE2
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Return-Path: <mlijghev@co.th>
X-Original-To: me@mysite.com
Delivered-To: me@mysite.com
Received: from ppp-124.120.75.104.revip2.asianet.co.th (ppp-124.120.75.104.revip2.asianet.co.th [124.120.75.104])
by mysite.com (Postfix) with ESMTP id 6D93728812D
for <me@mysite.com>; Wed, 24 Jan 2007 07:02:54 -0600 (CST)
From: "CSS" <mlijghev@co.th>
To: me@mysite.com
Subject: All you favorite games
Date: Wed, 24 Jan 2007 20:05:03 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0004_01C73FF2.EF359450"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Acc/8u81fpkgH5tzTVSodtW9OyefTg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <27F12A03C4C9013.E79BA94F3A@co.th>

------=_NextPart_000_0004_01C73FF2.EF359450
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>

</HEAD>
<BODY><p align=3D"center"><font face=3D"Arial, Helvetica, sans-serif"><b>
<font size=3D"+1" color=3D"#00CC00" face=3D"Courier New, Courier, mono">Only from the most noble of all<br>
casinos you could except such a Regal gift:</font><br><br>

<font size=3D"+2" color=3D"#FF0000">300% Bonus on your <font color=3D"#0000FF">First Deposit!!!</font></font><br><br>

<font style=3D"font-size:13pt" color=3D"#000000">Deposit 100 €/$ and Play with 400 €/$!!!</font><br>
And on top of that, a service at such a<br>
level you would not find in the best<br>
Royal Families of Europe.<br><br>

<a href=3D"http://royal-casinos.net"> Come and play at Royal VIP Casino!!! </a></b></font><br><br>

If you didn’t sign up click <a href=3D"http://royal-casinos.net/unsub.php">here</a>
</p>
</BODY></HTML>

------=_NextPart_000_0004_01C73FF2.EF359450--


------------=_45B7590A.A8B2BAE2--
if I click on the attachment and view that email, it shows this:
Return-Path: <mlijghev@co.th>
X-Original-To: me@mysite.com
Delivered-To: me@mysite.com
Received: from ppp-124.120.75.104.revip2.asianet.co.th (ppp-124.120.75.104.revip2.asianet.co.th [124.120.75.104])
by mysite.com (Postfix) with ESMTP id 6D93728812D
for <me@mysite.com>; Wed, 24 Jan 2007 07:02:54 -0600 (CST)
From: "CSS" <mlijghev@co.th>
To: me@mysite.com
Subject: All you favorite games
Date: Wed, 24 Jan 2007 20:05:03 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0004_01C73FF2.EF359450"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Acc/8u81fpkgH5tzTVSodtW9OyefTg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <27F12A03C4C9013.E79BA94F3A@co.th>

------=_NextPart_000_0004_01C73FF2.EF359450
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>

</HEAD>
<BODY><p align=3D"center"><font face=3D"Arial, Helvetica, sans-serif"><b>
<font size=3D"+1" color=3D"#00CC00" face=3D"Courier New, Courier, mono">Only from the most noble of all<br>
casinos you could except such a Regal gift:</font><br><br>

<font size=3D"+2" color=3D"#FF0000">300% Bonus on your <font color=3D"#0000FF">First Deposit!!!</font></font><br><br>

<font style=3D"font-size:13pt" color=3D"#000000">Deposit 100 €/$ and Play with 400 €/$!!!</font><br>
And on top of that, a service at such a<br>
level you would not find in the best<br>
Royal Families of Europe.<br><br>

<a href=3D"http://royal-casinos.net"> Come and play at Royal VIP Casino!!! </a></b></font><br><br>

If you didn’t sign up click <a href=3D"http://royal-casinos.net/unsub.php">here</a>
</p>
</BODY></HTML>

------=_NextPart_000_0004_01C73FF2.EF359450--

I forwarded both as an attachment to spamcop and the first, the one that had been altered got me the "No source IP address found, cannot proceed." error message from spamcop that I've been getting. The second parsed ok. Now, I'm thinking that having to open the email (not using a preview pane) and then opening an attached email, and then forwarding the now opened attachment of the email is a bit of a hassle. Is this working right or do I have some setting wrong?

Is this working right or do I have some setting wrong?
I've never had this problem, so I don't know why it isn't working for you. Maybe some kind of encoding problem?

? encoding?

Hi Till
I am not getting X-Spam headers and spam is ot being filtered.
Spamassassin is on in ISPConfig.
You mentioned that the path is - /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin
My install is not in that path but is this one -
/home/admispconfig/ispconfig/tools/spamassassin/usr/local/bin/spamassassin
Would that be why my Spamassassin is not working? If so, how do I fix it?
If not, any suggestions as to what to check?
One other thing. I am a bit confused as to whether a Spamassassin daemon should be running?? I get the impression it shouldn't be and that Spamassassin is called when an email arrives and needs to be scanned. Is that right?
Thanks
Cambo

Please open the file /root/ispconfig/isp/conf/spamassassin.rc.master and change the path to spamassassin from /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin to /home/admispconfig/ispconfig/tools/spamassassin/usr/local/bin/spamassassin

Then edit your mailuser in ISPConfig (eg. change the quota valuse) and hit save so ISPConfig rewrites the user configuration with the new spamassassin.rc file. Then test if Spamassassin works now for you.

Hi Till

Your solution was the correct one (as usual). :)
I am not sure why my Spamassassin path was differerent as I just followed the Perfect Install, however it all works now, so its all good.
Thanks for your help.
Cambo