Hi all, I recently installed ispconfig3 and postfix with spam assassin. Was working fine but today I seem to get a large amount of spam. I checked the headers and there is no X-Spam headers in my email at all. I checked to see if spam assassin was running, it is and I can connect to the socket. I also telnet to my server and send g-tube which is correctly removed as spam. I check the size of my emails, they are all less than 100k so should be no problem there. Its been a while since I looked at spamassassin but IIRC the spam score header should always be present? Any ideas?
Not that I can see, in fact there is very little reference to spamd in maillog at all. The only entries that are in there are related to me stopping and starting the spamassassin daemon. Its odd because some stuff is getting scored and is removed from the queue but other emails which are most definitely spam (and would surely be detected by SA) are not. As I mentioned before, no X-Spam headers at all. Heres a sample email, whether or not you personaly classify it as spam is neither here nor there, it should still have some X-Spam headers right? Code: Return-Path: <[email protected]> Delivered-To: [email protected]_REMOVED_.com Received: from localhost (unknown [127.0.0.1]) by mailgate._REMOVED_.com (Postfix) with ESMTP id 441F5B2078 for <[email protected]_REMOVED_.com>; Fri, 4 Mar 2011 20:35:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at _REMOVED_.vm.bytemark.co.uk Received: from mailgate._REMOVED_.com ([127.0.0.1]) by localhost (mailgate._REMOVED_.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POldj2ZarUlq for <[email protected]_REMOVED_.com>; Fri, 4 Mar 2011 20:35:42 +0000 (UTC) Received: from mailer5.first-espot.com (mailer5.first-espot.com [74.118.36.57]) by mailgate._REMOVED_.com (Postfix) with ESMTP id E7BCAB2075 for <[email protected]_REMOVED_.com>; Fri, 4 Mar 2011 20:35:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=first-espot.com; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; [email protected]; bh=gtgL2j0u5HyMfmXfNvau0aTnsBA=; b=ZaQp1l4S44xtThzhJrzBoVwrL0dwyniAulwwXuiw43AM/rc+TAOzTz9FTCHLv3xa4+0DJtbhEyUA jQNSyYLjfF4P+dW35bVyXoLWuRPIa5DG0/uC6V9Vx4EC5F5wOw3WCS+AT5k2DrlO0oj+VRaZRK/W zWHKS1odc21jHOpf6uY= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=first-espot.com; b=mUnIGdvmTto4vAJx20X3YsDBpsvylDlBj+nK2n6l/qiZLwGxzIXoo329bYZmvVbkTge9LBzTdKu+ sspZRtoTY1NgHgi7ny8HZuY4tZcLs3a2S+p5C1f9DodNl3ob0L3q5Aam0tm7+4LhheEuXF887oML sYj+6+ZumiIqI2Ew5UU=; Received: from cpa3.first-espot.com (10.10.248.250) by mailer5.first-espot.com (PowerMTA(TM) v3.5r13) id he56i011o9gf for <[email protected]_REMOVED_.com>; Fri, 4 Mar 2011 20:35:40 +0000 (envelope-from <[email protected]>) To: "_REMOVED_" <[email protected]_REMOVED_.com> Subject: Grab a Year's Free Shopping at ASDA Message-ID: <[email protected]> Date: Fri, 04 Mar 2011 19:51:02 +0000 From: "Offersclick" <[email protected]> Reply-To: [email protected] MIME-Version: 1.0 X-Mailer-LID: 4 List-Unsubscribe: <http://www.first-espot.com/emailflow/unsubscribe.php?M=1135762&C=7e5c58392a7cc53e106c2f82371d4145&L=4&N=3884> X-Mailer-SID: 3884 X-Mailer-Sent-By: 4 X-Mailer: Email Flow::Enterprise 0.5 X-Mailer-Info: AQt4Zlk6LaNhpz96LaOynUIaDUWirzWjMJu1Mlj0 x-job: 3984 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_2138ca8c292b2b5b30c32f302cd4e8f9" Content-Transfer-Encoding: 8bit --b1_2138ca8c292b2b5b30c32f302cd4e8f9 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Transfer-Encoding: 8bit This prize is brought to you by Offersclick and Emailinform. Make sure you hear about great money-saving offers and be in with a chance to win a yearâ[email protected]~Ys free shopping at ASDA. Asda is known for its great value, but why not make the price of your weekly shop ZERO? Win a free YEAR of shopping at family favourite Asda. Complete this survey to enter the prize draw. Complete our consumer survey to be automatically entered into our prize draw AND ensure you get deals and offers in the future tailored to suit your needs. http://www.first-espot.com/emailflow/link.php?M=1135762&N=3884&L=308&F=T
A little more digging done. Seems like amavis is loading spamassassin when it starts Code: Mar 5 22:33:50 mailgate amavis[3188]: Module Mail::DKIM::Verifier 0.39 Mar 5 22:33:50 mailgate amavis[3188]: Module Mail::Header 2.07 Mar 5 22:33:50 mailgate amavis[3188]: Module Mail::Internet 2.07 Mar 5 22:33:50 mailgate amavis[3188]: Module Mail::SpamAssassin 3.002005 .... .... Mar 5 22:33:50 mailgate amavis[3188]: ANTI-VIRUS code loaded Mar 5 22:33:50 mailgate amavis[3188]: ANTI-SPAM code loaded Mar 5 22:33:50 mailgate amavis[3188]: ANTI-SPAM-EXT code NOT loaded Mar 5 22:33:50 mailgate amavis[3188]: ANTI-SPAM-C code NOT loaded Mar 5 22:33:50 mailgate amavis[3188]: ANTI-SPAM-SA code loaded Then sent myself a mail and see the following in the log: Code: Mar 5 22:59:34 mailgate amavis[3214]: (03214-02) Passed CLEAN, [x.x.x.x] [x.x.x.x] <[email protected]_REMOVED.com> -> <[email protected]_REMOVED.com>, Message-ID: <[email protected]_REMOVED_.com>, mail_id: YBK5Dg6+Gse8, Hits: 3.962, size: 416, queued_as: A8B28B20B4, 526 ms I see it has a hit score, not sure if that relates to SA scoring or if its amavis own scoring but I check the headers of the mail and definitely no X-Spam headers still. What am I missing here? Bound to be something really stupid
Did you check the SpamAssassin scoes in your amavisd configuration? Also, have you tried to update SpamAssassin's rules? Code: sa-update --no-gpg
I am having the exact same problem. It seems like all spam is getting through. There is nothing about spamd in the maillog file. I also set up logging for spamd to log to a file and there are only entries about it starting up. I followed the CentOS tutorial: Virtual Users And Domains With Postfix, Courier And MySQL (CentOS 5.1)
Ok, I had set @bypass_spam_checks_maps = ( [ "!.$mydomain","." ] ); in an attempt to not scan outgoing mail, but then it wasn't scanning ANY mail. So I commented it out, and it is scanning all mail, except now ALL outgoing mail is being tagged as spam. We have virtual users on many different domains, so how can I bypass spam filtering for all smtp authenticated users?
Hi Falko, I already ran sa-update however, I just realised that the amavisd.conf file in /etc is not the one that is read, its the copy in /etc/amavisd. I knew I was missing something stupid. I have cranked the loglevel up as far as it will go (5) and updated $sa_tag_level_deflt to 0.1. Guess X-Spam headers were not being applied previuously because this was set to 2, I want the headers on all emails so I can analyze what each mail is scoring. Then I will learn SA on my spam and ham accordingly. @waters - I think that you dont see spamd reference in the logs because amavis is calling the SA libs internally, try turning up the log level in amavisd.conf and then grep maillog for amavis instead. I guess that spamd does not event need to run (in fact, if you've started spamd you're probably just wasting memory?)