#1  
Old 4th March 2011, 22:36
yucktoufoo yucktoufoo is offline
Member
 
Join Date: Feb 2011
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post
Default No spamassasin headers?

Hi all,

I recently installed ispconfig3 and postfix with spam assassin. Was working fine but today I seem to get a large amount of spam. I checked the headers and there is no X-Spam headers in my email at all.

I checked to see if spam assassin was running, it is and I can connect to the socket. I also telnet to my server and send g-tube which is correctly removed as spam.

I check the size of my emails, they are all less than 100k so should be no problem there.

Its been a while since I looked at spamassassin but IIRC the spam score header should always be present?

Any ideas?
Reply With Quote
Sponsored Links
  #2  
Old 5th March 2011, 14:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Are there any errors in your mail log (in the /var/log/ directory)?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 5th March 2011, 15:44
yucktoufoo yucktoufoo is offline
Member
 
Join Date: Feb 2011
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by falko View Post
Are there any errors in your mail log (in the /var/log/ directory)?
Not that I can see, in fact there is very little reference to spamd in maillog at all. The only entries that are in there are related to me stopping and starting the spamassassin daemon.


Its odd because some stuff is getting scored and is removed from the queue but other emails which are most definitely spam (and would surely be detected by SA) are not. As I mentioned before, no X-Spam headers at all.

Heres a sample email, whether or not you personaly classify it as spam is neither here nor there, it should still have some X-Spam headers right?

Code:
Return-Path: <bounce@first-espot.com>
Delivered-To: _REMOVED_@_REMOVED_.com
Received: from localhost (unknown [127.0.0.1])
        by mailgate._REMOVED_.com (Postfix) with ESMTP id 441F5B2078
        for <_REMOVED_@_REMOVED_.com>; Fri,  4 Mar 2011 20:35:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at _REMOVED_.vm.bytemark.co.uk
Received: from mailgate._REMOVED_.com ([127.0.0.1])
        by localhost (mailgate._REMOVED_.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id POldj2ZarUlq for <_REMOVED_@_REMOVED_.com>;
        Fri,  4 Mar 2011 20:35:42 +0000 (UTC)
Received: from mailer5.first-espot.com (mailer5.first-espot.com [74.118.36.57])
        by mailgate._REMOVED_.com (Postfix) with ESMTP id E7BCAB2075
        for <_REMOVED_@_REMOVED_.com>; Fri,  4 Mar 2011 20:35:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=first-espot.com;
 h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=offersclick@first-espot.com;
 bh=gtgL2j0u5HyMfmXfNvau0aTnsBA=;
 b=ZaQp1l4S44xtThzhJrzBoVwrL0dwyniAulwwXuiw43AM/rc+TAOzTz9FTCHLv3xa4+0DJtbhEyUA
   jQNSyYLjfF4P+dW35bVyXoLWuRPIa5DG0/uC6V9Vx4EC5F5wOw3WCS+AT5k2DrlO0oj+VRaZRK/W
   zWHKS1odc21jHOpf6uY=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=first-espot.com;
 b=mUnIGdvmTto4vAJx20X3YsDBpsvylDlBj+nK2n6l/qiZLwGxzIXoo329bYZmvVbkTge9LBzTdKu+
   sspZRtoTY1NgHgi7ny8HZuY4tZcLs3a2S+p5C1f9DodNl3ob0L3q5Aam0tm7+4LhheEuXF887oML
   sYj+6+ZumiIqI2Ew5UU=;
Received: from cpa3.first-espot.com (10.10.248.250) by mailer5.first-espot.com (PowerMTA(TM) v3.5r13) id he56i011o9gf for <_REMOVED_@_REMOVED_.com>; Fri, 4 Mar 2011 20:35:40 +0000 (envelope-from <bounce@first-espot.com>)
To: "_REMOVED_" <_REMOVED_@_REMOVED_.com>
Subject: Grab a Year's Free Shopping at ASDA
Message-ID: <04c7624b807166269fce00787d6a5e54@cpa3.first-espot.com>
Date: Fri, 04 Mar 2011 19:51:02 +0000
From: "Offersclick" <offersclick@first-espot.com>
Reply-To: reply@first-espot.com
MIME-Version: 1.0
X-Mailer-LID: 4
List-Unsubscribe: <http://www.first-espot.com/emailflow/unsubscribe.php?M=1135762&C=7e5c58392a7cc53e106c2f82371d4145&L=4&N=3884>
X-Mailer-SID: 3884
X-Mailer-Sent-By: 4
X-Mailer: Email Flow::Enterprise 0.5
X-Mailer-Info: AQt4Zlk6LaNhpz96LaOynUIaDUWirzWjMJu1Mlj0
x-job: 3984
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_2138ca8c292b2b5b30c32f302cd4e8f9"
Content-Transfer-Encoding: 8bit

--b1_2138ca8c292b2b5b30c32f302cd4e8f9
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit

This prize is brought to you by Offersclick and Emailinform.
Make sure you hear about great money-saving offers and be in with a chance
to win a year~@~Ys free shopping at ASDA.

Asda is known for its great value, but why not make the price of your
weekly shop ZERO? Win a free YEAR of shopping at family favourite Asda.
Complete this survey to enter the prize draw.

Complete our consumer survey to be automatically entered into our prize
draw AND ensure you get deals and offers in the future tailored to suit
your needs.

http://www.first-espot.com/emailflow/link.php?M=1135762&N=3884&L=308&F=T
Reply With Quote
  #4  
Old 6th March 2011, 00:04
yucktoufoo yucktoufoo is offline
Member
 
Join Date: Feb 2011
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post
Default

A little more digging done. Seems like amavis is loading spamassassin when it starts

Code:
Mar  5 22:33:50 mailgate amavis[3188]: Module Mail::DKIM::Verifier 0.39
Mar  5 22:33:50 mailgate amavis[3188]: Module Mail::Header        2.07
Mar  5 22:33:50 mailgate amavis[3188]: Module Mail::Internet      2.07
Mar  5 22:33:50 mailgate amavis[3188]: Module Mail::SpamAssassin  3.002005
....
....
Mar  5 22:33:50 mailgate amavis[3188]: ANTI-VIRUS code      loaded
Mar  5 22:33:50 mailgate amavis[3188]: ANTI-SPAM code       loaded
Mar  5 22:33:50 mailgate amavis[3188]: ANTI-SPAM-EXT code   NOT loaded
Mar  5 22:33:50 mailgate amavis[3188]: ANTI-SPAM-C code     NOT loaded
Mar  5 22:33:50 mailgate amavis[3188]: ANTI-SPAM-SA code    loaded
Then sent myself a mail and see the following in the log:

Code:
Mar  5 22:59:34 mailgate amavis[3214]: (03214-02) Passed CLEAN, [x.x.x.x] [x.x.x.x] <_REMOVED_@_REMOVED.com> -> <_REMOVED_@_REMOVED.com>, Message-ID: <20110305225917.43D18B20B2@mailgate._REMOVED_.com>, mail_id: YBK5Dg6+Gse8, Hits: 3.962, size: 416, queued_as: A8B28B20B4, 526 ms
I see it has a hit score, not sure if that relates to SA scoring or if its amavis own scoring but I check the headers of the mail and definitely no X-Spam headers still.

What am I missing here? Bound to be something really stupid

Last edited by yucktoufoo; 6th March 2011 at 00:14.
Reply With Quote
  #5  
Old 6th March 2011, 21:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Did you check the SpamAssassin scoes in your amavisd configuration?
Also, have you tried to update SpamAssassin's rules?

Code:
sa-update --no-gpg
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 7th March 2011, 20:35
waters waters is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am having the exact same problem. It seems like all spam is getting through. There is nothing about spamd in the maillog file. I also set up logging for spamd to log to a file and there are only entries about it starting up. I followed the CentOS tutorial: Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1)
Reply With Quote
  #7  
Old 7th March 2011, 22:20
waters waters is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ok, I had set @bypass_spam_checks_maps = ( [ "!.$mydomain","." ] ); in an attempt to not scan outgoing mail, but then it wasn't scanning ANY mail.

So I commented it out, and it is scanning all mail, except now ALL outgoing mail is being tagged as spam.

We have virtual users on many different domains, so how can I bypass spam filtering for all smtp authenticated users?
Reply With Quote
  #8  
Old 8th March 2011, 00:53
yucktoufoo yucktoufoo is offline
Member
 
Join Date: Feb 2011
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post
 
Default

Quote:
Originally Posted by falko View Post
Did you check the SpamAssassin scoes in your amavisd configuration?
Also, have you tried to update SpamAssassin's rules?

Code:
sa-update --no-gpg
Hi Falko,

I already ran sa-update however, I just realised that the amavisd.conf file in /etc is not the one that is read, its the copy in /etc/amavisd. I knew I was missing something stupid.

I have cranked the loglevel up as far as it will go (5) and updated $sa_tag_level_deflt to 0.1. Guess X-Spam headers were not being applied previuously because this was set to 2, I want the headers on all emails so I can analyze what each mail is scoring. Then I will learn SA on my spam and ham accordingly.


@waters - I think that you dont see spamd reference in the logs because amavis is calling the SA libs internally, try turning up the log level in amavisd.conf and then grep maillog for amavis instead.

I guess that spamd does not event need to run (in fact, if you've started spamd you're probably just wasting memory?)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sql ledger using forum.. yurtboy1 General 19 25th December 2010 21:08
MyDNS problem and Iptables problem Gimly General 4 13th August 2009 15:59
No Spam Headers after upgrading to Etch snowfly Server Operation 2 11th October 2007 00:13
ISPConfig, IMAP and sa-learn (spamassasin)? eldaria Server Operation 12 29th March 2007 16:32
KErnel not showing all my memory Jorem Kernel Questions 8 13th April 2006 12:59


All times are GMT +2. The time now is 16:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.