Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th June 2008, 19:11
Thomas_Powers Thomas_Powers is offline
Junior Member
 
Join Date: Jun 2008
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Ubuntu 8.04 Spamsnake - all SA scores 0.00

Hello HTF guys!!

Let's get this out right now...I be a newbie at the linux world, so the problem here is probably simple to you guys. Anyway, I have followed the step by steps on building the perfect spamsnake on Ubuntu 8.04 (which kicks the snot out of our barracuda for capabilities).

But when I went active, all messages that came in got a spam score of 0.00 so it's letting everything through. When I run the spamassasin lint test, everything is cool and it gets a progressive score in the test of like 5 of so, so I'm a bit stumped as to where to look on this one.

All help is greatly appreciated.

Tom Powers
Reply With Quote
Sponsored Links
  #2  
Old 4th June 2008, 22:10
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Hey Tom,

Glad to hear another user is working with the SpamSnake! I'd be more than happy to help you out. First, are you using Sendmail or Postfix? Do you see the mails in the MailWatch interface? Finally, post the output of mail.log.

Rocky
__________________
Home of the SpamSnake
Reply With Quote
  #3  
Old 4th June 2008, 22:23
Thomas_Powers Thomas_Powers is offline
Junior Member
 
Join Date: Jun 2008
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Good to hear back from you!!

We are using postfix

I see the emails in mailwatch just fine.

Heres the last 100 lines of the mail log. At the top you'll see some of the messages coming in. THen towards the bottom, you'll see a complete reload of postfix after we added a couple domains to hopefully try again once we get an idea of where to go here.

Jun 4 12:00:42 spam postfix/smtpd[20039]: connect from unknown[189.180.17.7]
Jun 4 12:00:43 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from c-76-124-12-154.hsd1.nj.comcast.net[76.124.12.154]: 554 5.7.1 Service unavailable; Client host [76.124.12.154] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=76.124.12.154; from=<terri.quinn@btinternet.com> to=<hicks7@ksfuel.com> proto=ESMTP helo=<c-76-124-12-154.hsd1.nj.comcast.net>
Jun 4 12:00:43 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from c-76-124-12-154.hsd1.nj.comcast.net[76.124.12.154]: 554 5.7.1 Service unavailable; Client host [76.124.12.154] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=76.124.12.154; from=<terri.quinn@btinternet.com> to=<hicks@ksfuel.com> proto=ESMTP helo=<c-76-124-12-154.hsd1.nj.comcast.net>
Jun 4 12:00:43 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from c-76-124-12-154.hsd1.nj.comcast.net[76.124.12.154]: 554 5.7.1 Service unavailable; Client host [76.124.12.154] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=76.124.12.154; from=<terri.quinn@btinternet.com> to=<hawkins@ksfuel.com> proto=ESMTP helo=<c-76-124-12-154.hsd1.nj.comcast.net>
Jun 4 12:00:43 spam postfix/smtpd[20201]: NOQUEUE: reject: RCPT from a104.sub64.net78.udm.net[78.85.64.104]: 504 5.5.2 <fb979068bcb74f4>: Helo command rejected: need fully-qualified hostname; from=<ugdqqm@bonkworld.com> to=<boydd@ksfuel.com> proto=ESMTP helo=<fb979068bcb74f4>
Jun 4 12:00:43 spam postfix/smtpd[20201]: NOQUEUE: reject: RCPT from a104.sub64.net78.udm.net[78.85.64.104]: 504 5.5.2 <fb979068bcb74f4>: Helo command rejected: need fully-qualified hostname; from=<ugdqqm@bonkworld.com> to=<boyd@ksfuel.com> proto=ESMTP helo=<fb979068bcb74f4>
Jun 4 12:00:43 spam postfix/smtpd[20051]: lost connection after DATA (0 bytes) from c-76-124-12-154.hsd1.nj.comcast.net[76.124.12.154]
Jun 4 12:00:43 spam postfix/smtpd[20051]: disconnect from c-76-124-12-154.hsd1.nj.comcast.net[76.124.12.154]
Jun 4 12:00:44 spam postfix/smtpd[20201]: lost connection after DATA (0 bytes) from a104.sub64.net78.udm.net[78.85.64.104]
Jun 4 12:00:44 spam postfix/smtpd[20201]: disconnect from a104.sub64.net78.udm.net[78.85.64.104]
Jun 4 12:00:44 spam postfix/smtpd[20039]: NOQUEUE: reject: RCPT from unknown[189.180.17.7]: 554 5.7.1 Service unavailable; Client host [189.180.17.7] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=189.180.17.7; from=<arver@americanins.com> to=<032ccc57@ksfuel.com> proto=ESMTP helo=<dsl-189-180-17-7.prod-infinitum.com.mx>
Jun 4 12:00:45 spam postfix/smtpd[20039]: lost connection after DATA (0 bytes) from unknown[189.180.17.7]
Jun 4 12:00:45 spam postfix/smtpd[20039]: disconnect from unknown[189.180.17.7]
Jun 4 12:00:45 spam postfix/smtpd[20041]: connect from unknown[88.235.36.128]
Jun 4 12:00:47 spam postfix/smtpd[20059]: warning: 91.134.11.192: hostname 91-134-11-192.niskar.multimedia-bg.net verification failed: Name or service not known
Jun 4 12:00:47 spam postfix/smtpd[20059]: connect from unknown[91.134.11.192]
Jun 4 12:00:48 spam postfix/smtpd[20059]: NOQUEUE: reject: RCPT from unknown[91.134.11.192]: 554 5.7.1 Service unavailable; Client host [91.134.11.192] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=91.134.11.192; from=<ekcinrew1971@BACR.ORG> to=<lawrence|lawrence@ksfuel.com> proto=ESMTP helo=<91-134-11-192.niskar.multimedia-bg.net>
Jun 4 12:00:48 spam postfix/smtpd[20059]: disconnect from unknown[91.134.11.192]
Jun 4 12:00:48 spam postfix/smtpd[20041]: NOQUEUE: reject: RCPT from unknown[88.235.36.128]: 554 5.7.1 Service unavailable; Client host [88.235.36.128] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=88.235.36.128; from=<sly@bondrap.com> to=<bradley@ksfuel.com> proto=ESMTP helo=<dsldevice.lan>
Jun 4 12:00:48 spam postfix/smtpd[20051]: connect from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]
Jun 4 12:00:48 spam postfix/smtpd[20041]: lost connection after DATA (0 bytes) from unknown[88.235.36.128]
Jun 4 12:00:48 spam postfix/smtpd[20041]: disconnect from unknown[88.235.36.128]
Jun 4 12:00:48 spam postfix/smtpd[20045]: connect from pub082136126158.dh-hfc.datazug.ch[82.136.126.158]
Jun 4 12:00:48 spam postfix/smtpd[20278]: warning: 64.199.3.161: address not listed for hostname mail.iabusa.com
Jun 4 12:00:48 spam postfix/smtpd[20278]: connect from unknown[64.199.3.161]
Jun 4 12:00:49 spam postfix/smtpd[20201]: connect from a32-176.adsl.paltel.net[213.6.32.176]
Jun 4 12:00:49 spam postfix/smtpd[20045]: NOQUEUE: reject: RCPT from pub082136126158.dh-hfc.datazug.ch[82.136.126.158]: 554 5.7.1 Service unavailable; Client host [82.136.126.158] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=82.136.126.158; from=<CarissatepidFenton@cottyn.com> to=<blkf@ksfuel.com> proto=SMTP helo=<medion.dzcmts001cpe001.datazug.ch>
Jun 4 12:00:50 spam postfix/smtpd[20045]: lost connection after RCPT from pub082136126158.dh-hfc.datazug.ch[82.136.126.158]
Jun 4 12:00:50 spam postfix/smtpd[20045]: disconnect from pub082136126158.dh-hfc.datazug.ch[82.136.126.158]
Jun 4 12:00:50 spam postfix/smtpd[20201]: NOQUEUE: reject: RCPT from a32-176.adsl.paltel.net[213.6.32.176]: 554 5.7.1 Service unavailable; Client host [213.6.32.176] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=213.6.32.176; from=<Darla-hsomehc@154154.com> to=<caldwell|caldwell@ksfuel.com> proto=ESMTP helo=<a32-176.adsl.paltel.net>
Jun 4 12:00:50 spam postfix/smtpd[20042]: warning: 88.233.113.253: hostname dsl88-233-29181.ttnet.net.tr verification failed: Name or service not known
Jun 4 12:00:50 spam postfix/smtpd[20042]: connect from unknown[88.233.113.253]
Jun 4 12:00:50 spam postfix/smtpd[20277]: connect from unknown[88.235.54.251]
Jun 4 12:00:50 spam postfix/smtpd[20201]: disconnect from a32-176.adsl.paltel.net[213.6.32.176]
Jun 4 12:00:51 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]: 504 5.5.2 <e4ef43843a9b4a7>: Helo command rejected: need fully-qualified hostname; from=<mty@bluefield.com.hk> to=<bradleyd@ksfuel.com> proto=ESMTP helo=<e4ef43843a9b4a7>
Jun 4 12:00:51 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]: 504 5.5.2 <e4ef43843a9b4a7>: Helo command rejected: need fully-qualified hostname; from=<mty@bluefield.com.hk> to=<brewerdd@ksfuel.com> proto=ESMTP helo=<e4ef43843a9b4a7>
Jun 4 12:00:51 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]: 504 5.5.2 <e4ef43843a9b4a7>: Helo command rejected: need fully-qualified hostname; from=<mty@bluefield.com.hk> to=<brewerd@ksfuel.com> proto=ESMTP helo=<e4ef43843a9b4a7>
Jun 4 12:00:51 spam postfix/smtpd[20051]: NOQUEUE: reject: RCPT from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]: 504 5.5.2 <e4ef43843a9b4a7>: Helo command rejected: need fully-qualified hostname; from=<mty@bluefield.com.hk> to=<brewer@ksfuel.com> proto=ESMTP helo=<e4ef43843a9b4a7>
Jun 4 12:05:28 spam postfix/smtpd[20052]: SSL_accept error from 66-194-50-2.static.twtelecom.net[66.194.50.2]: -1
Jun 4 12:05:28 spam postfix/smtpd[20052]: lost connection after STARTTLS from 66-194-50-2.static.twtelecom.net[66.194.50.2]
Jun 4 12:05:28 spam postfix/smtpd[20052]: disconnect from 66-194-50-2.static.twtelecom.net[66.194.50.2]
Jun 4 12:05:49 spam postfix/smtpd[20278]: timeout after EHLO from unknown[64.199.3.161]
Jun 4 12:05:49 spam postfix/smtpd[20278]: disconnect from unknown[64.199.3.161]
Jun 4 12:05:50 spam postfix/smtpd[20042]: timeout after CONNECT from unknown[88.233.113.253]
Jun 4 12:05:50 spam postfix/smtpd[20042]: disconnect from unknown[88.233.113.253]
Jun 4 12:05:50 spam postfix/smtpd[20277]: timeout after CONNECT from unknown[88.235.54.251]
Jun 4 12:05:50 spam postfix/smtpd[20277]: disconnect from unknown[88.235.54.251]
Jun 4 12:05:51 spam postfix/smtpd[20051]: timeout after DATA (0 bytes) from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]
Jun 4 12:05:51 spam postfix/smtpd[20051]: disconnect from ppp78-36-130-123.pppoe.novgorod.dslavangard.ru[78.36.130.123]
Jun 4 12:07:24 spam postfix/qmgr[20005]: 9B648394093: from=<>, size=6061, nrcpt=1 (queue active)
Jun 4 12:07:25 spam postfix/smtp[20422]: 9B648394093: to=<telqdi@eline.com>, relay=mx4.eline.com[204.16.159.164]:25, delay=498, delays=498/0.01/0.21/0.48, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4EA7CA4033)
Jun 4 12:07:25 spam postfix/qmgr[20005]: 9B648394093: removed
Jun 4 12:07:27 spam postfix/anvil[20043]: statistics: max connection rate 8/60s for (smtp:87.21.72.54) at Jun 4 11:59:34
Jun 4 12:07:27 spam postfix/anvil[20043]: statistics: max connection count 4 for (smtp:122.162.83.111) at Jun 4 12:00:07
Jun 4 12:07:27 spam postfix/anvil[20043]: statistics: max cache size 60 at Jun 4 12:00:36
Jun 4 12:15:19 spam MailScanner[20493]: MailScanner E-Mail Virus Scanner version 4.68.8 starting...
Jun 4 12:15:20 spam MailScanner[20493]: Read 817 hostnames from the phishing whitelist
Jun 4 12:15:20 spam MailScanner[20493]: Read 5141 hostnames from the phishing blacklist
Jun 4 12:15:20 spam MailScanner[20493]: Config: calling custom init function MailWatchLogging
Jun 4 12:15:21 spam MailScanner[20493]: Started SQL Logging child
Jun 4 12:15:21 spam MailScanner[20493]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Jun 4 12:15:21 spam MailScanner[20493]: Using SpamAssassin results cache
Jun 4 12:15:22 spam MailScanner[20493]: Connected to SpamAssassin cache database
Jun 4 12:15:22 spam MailScanner[20493]: Enabling SpamAssassin auto-whitelist functionality...
Jun 4 12:15:25 spam MailScanner[20493]: ClamAV scanner using unrar command /usr/bin/unrar
Jun 4 12:15:26 spam MailScanner[20493]: Using locktype = flock
Jun 4 12:16:00 spam MailScanner[20527]: MailScanner E-Mail Virus Scanner version 4.68.8 starting...
Jun 4 12:16:00 spam MailScanner[20527]: Read 817 hostnames from the phishing whitelist
Jun 4 12:16:01 spam MailScanner[20527]: Read 5141 hostnames from the phishing blacklist
Jun 4 12:16:01 spam MailScanner[20527]: Config: calling custom init function MailWatchLogging
Jun 4 12:16:01 spam MailScanner[20527]: Started SQL Logging child
Jun 4 12:16:01 spam MailScanner[20527]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Jun 4 12:16:02 spam MailScanner[20527]: Using SpamAssassin results cache
Jun 4 12:16:02 spam MailScanner[20527]: Connected to SpamAssassin cache database
Jun 4 12:16:02 spam MailScanner[20527]: Enabling SpamAssassin auto-whitelist functionality...
Jun 4 12:16:06 spam MailScanner[20527]: ClamAV scanner using unrar command /usr/bin/unrar
Jun 4 12:16:06 spam MailScanner[20527]: Using locktype = flock
Jun 4 12:48:03 spam postfix/smtpd[21389]: warning: database /etc/postfix/sender_access.db is older than source file /etc/postfix/sender_access
Jun 4 12:48:03 spam postfix/smtpd[21389]: connect from laptop1.ssi.private[10.0.0.44]
Jun 4 12:48:03 spam postfix/smtpd[21389]: lost connection after CONNECT from laptop1.ssi.private[10.0.0.44]
Jun 4 12:48:03 spam postfix/smtpd[21389]: disconnect from laptop1.ssi.private[10.0.0.44]
Jun 4 12:51:23 spam postfix/anvil[21390]: statistics: max connection rate 1/60s for (smtp:10.0.0.44) at Jun 4 12:48:03
Jun 4 12:51:23 spam postfix/anvil[21390]: statistics: max connection count 1 for (smtp:10.0.0.44) at Jun 4 12:48:03
Jun 4 12:51:23 spam postfix/anvil[21390]: statistics: max cache size 1 at Jun 4 12:48:03
Jun 4 14:12:24 spam postfix/smtpd[23678]: warning: database /etc/postfix/sender_access.db is older than source file /etc/postfix/sender_access
Jun 4 14:12:24 spam postfix/smtpd[23678]: connect from laptop1.ssi.private[10.0.0.44]
Jun 4 14:12:24 spam postfix/smtpd[23678]: lost connection after CONNECT from laptop1.ssi.private[10.0.0.44]
Jun 4 14:12:24 spam postfix/smtpd[23678]: disconnect from laptop1.ssi.private[10.0.0.44]
Jun 4 14:15:44 spam postfix/anvil[23679]: statistics: max connection rate 1/60s for (smtp:10.0.0.44) at Jun 4 14:12:24
Jun 4 14:15:44 spam postfix/anvil[23679]: statistics: max connection count 1 for (smtp:10.0.0.44) at Jun 4 14:12:24
Jun 4 14:15:44 spam postfix/anvil[23679]: statistics: max cache size 1 at Jun 4 14:12:24
Reply With Quote
  #4  
Old 4th June 2008, 22:41
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

You're getting the following error
warning: database /etc/postfix/sender_access.db.

You need to postmap it using the following command:

Code:
 
postmap /etc/postfix/sender_access
Then:
Code:
 
postfix reload
Also, make sure you have the following set in your MailScanner.conf file:
Code:
 
Use SpamAssassin = yes
__________________
Home of the SpamSnake

Last edited by Rocky; 4th June 2008 at 22:43.
Reply With Quote
  #5  
Old 4th June 2008, 22:47
Thomas_Powers Thomas_Powers is offline
Junior Member
 
Join Date: Jun 2008
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Error in postmap

OK...I ran the first postmap command and got this reply

postmap: warning: /etc/postfix/sender_access.db, line 0: expected format: key whitespace value

And I confirmed that the Use SpamAssassin entry is in the MailScanner.conf file.

Ideas?

TP
Reply With Quote
  #6  
Old 4th June 2008, 22:48
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

My bad, the command is supposed to be:

Code:
 
postmap /etc/postfix/sender_access
__________________
Home of the SpamSnake
Reply With Quote
  #7  
Old 23rd June 2008, 14:43
hardik hardik is offline
Junior Member
 
Join Date: Jun 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default enable spamassassin automatically while adding website/user

Hi,

I have ISPConfig installed and working fine. I need to enable spam assassin as and when I add website/user in the ISPConfig. How can I do that?

Also I want to get Junk colder created when I add a user.

Thanks,
http://www.netedgetechnology.com
http://www.netedgemonitor.com
Reply With Quote
  #8  
Old 24th June 2008, 17:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by hardik View Post
I need to enable spam assassin as and when I add website/user in the ISPConfig. How can I do that?
You can do this on the Spamfilter & Antivirus tab when you create/modify a user.

Quote:
Originally Posted by hardik View Post
Also I want to get Junk colder created when I add a user.
That's not possible.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Errors after following The Perfect SpamSnake (Ubuntu 8.04) hvrossum HOWTO-Related Questions 21 27th June 2008 17:14
Virtual users... Ubuntu 8.04 spaceuser HOWTO-Related Questions 12 19th June 2008 08:04
Problem on restart bind9 satimis Server Operation 6 30th October 2007 02:01
Log for Debugging jwan Installation/Configuration 5 27th October 2006 14:34
Traffic overview in ISP Manager > ISP Site > Statistics: Overall 0.00 tom Installation/Configuration 2 23rd April 2006 14:17


All times are GMT +2. The time now is 12:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.