Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Spamassassin detects spam but don't add X-Spam headers
cyrille at bollu
Nov 25, 2021, 12:58 AM
Post #1 of 10 (1225 views)
Permalink
Hello,

 

Could someone please help me troubleshooting why my spamassassin setup
suddenly stopped adding headers to my messages?

 

My setup consist of a spamd deamon being called from postfix using
spamass-milter. Spamassassin is supposed to add headers (which it did
properly until recently) which are then used later to filter spams through
the use of dovecot sieve filters.

 

My platform is a Debian 10, thus spamassassin 3.4.2-1 and spamass-milter
0.4.0-1+b1

 

I've enabled debugging, and, while I can see spamd working and properly
identifying spam/ham I don't see anything related to header addition, or
message tagging.

 

Example of logs:

 

...

Nov 25 07:27:04 bollu spamd[14716]: learn: auto-learn: message score:
18.269, computed score for autolearn: 16.294
Nov 25 07:27:04 bollu spamd[14716]: learn: auto-learn? ham=0.1, spam=12,
body-points=0.001, head-points=16.293, learned-points=3.7
Nov 25 07:27:04 bollu spamd[14716]: learn: auto-learn: autolearn_force not
flagged for a rule. Body Only Points: 0.001 (3 req'd) / Head Only Points:
16.293 (3 req'd)
Nov 25 07:27:04 bollu spamd[14716]: learn: auto-learn? no: scored as spam
but too few body points (0.001 < 3)
Nov 25 07:27:04 bollu spamd[14716]: check: is spam? score=18.269 required=5
Nov 25 07:27:04 bollu spamd[14716]: check:
tests=ADVANCE_FEE_3_NEW,AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DEAR_BENEFICIARY,FORGED_MUA_OUTLOOK,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_PHISH,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS,MSOE_MID_WRONG_CASE,REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,T_FILL_THIS_FORM_SHORT,UNPARSEABLE_RELAY,UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED
Nov 25 07:27:04 bollu spamd[14716]: check:
subtests=__ADVANCE_FEE_2_NEW,__ADVANCE_FEE_3_NEW,__AFF_LOTTERY,__ANY_OUTLOOK_MUA,__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__AXB_MO_OL_024C2,__AXB_XM_OL_024C2,__BENEFICIARY,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CT_TEXT_PLAIN,__DKIM_DEPENDABLE,__DOS_RCVD_THU,__DOS_RCVD_WED,__ENV_AND_HDR_FROM_MATCH,__FILL_THIS_FORM_LOAN1,__FILL_THIS_FORM_PARTIAL,__FILL_THIS_FORM_PARTIAL,__FILL_THIS_FORM_PARTIAL,__FILL_THIS_FORM_PARTIAL_RAW,__FILL_THIS_FORM_PARTIAL_RAW,__FILL_THIS_FORM_PARTIAL_RAW,__FILL_THIS_FORM_SHORT,__FORGED_OE,__FORM_FRAUD,__FORM_FRAUD_3,__FROM_BANK_LOOSE,__FROM_FULL_NAME,__FROM_MISSPACED,__FROM_MISSP_EH_MATCH,__FROM_MISSP_PHISH,__FROM_MISSP_REPLYTO,__FROM_RUNON,__FROM_RUNON_UNCODED,__FSL_HELO_USER_2,__HAS_ANY_EMAIL,__HAS_DATE,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MIMEOLE,__HAS_MSGID,__HAS_MSMAIL_PRI,__HAS_RCVD,__HAS_REPLY_TO,__HAS_SUBJECT,__HAS_URI,__HAS_XMAIL,__HAS_X_MAILER,__LCL__ENV_AND_HDR_FROM_MATCH,__LOTTO_RELATED,__MIMEOLE_MS,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__NOT_SPOOFED,__NO_INR_YES_REF,__OE_MUA,__REPLYTO_EXISTS,__SANE_MSGID,__SUBJ_NOT_SHORT,__TO_NO_ARROWS_R,__TO_NO_BRKTS_FROM_MSSP,__TO_NO_BRKTS_FROM_RUNON,__TO_NO_BRKTS_MSFT,__TVD_MIME_ATT_TP,__UNPARSEABLE_RELAY_COUNT,__URI_MAILTO,__XM_MSOE6,__XM_MS_IN_GENERAL,__XM_OUTLOOK_EXPRESS,__XPRIO,__XPRIO_MINFP,__YOUR_FUND
Nov 25 07:27:04 bollu spamd[14716]: spamd: identified spam (18.3/5.0) for
cyrille:65534 in 0.6 seconds, 4435 bytes.
Nov 25 07:27:04 bollu spamd[14716]: spamd: result: Y 18 -
ADVANCE_FEE_3_NEW,AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DEAR_BENEFICIARY,FORGED_MUA_OUTLOOK,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_PHISH,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS,MSOE_MID_WRONG_CASE,REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,T_FILL_THIS_FORM_SHORT,UNPARSEABLE_RELAY,UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED
scantime=0.6,size=4435,user=cyrille,uid=65534,required_score=5.0,rhost=::1,raddr=::1,rport=36368,mid=<20211124140722.7F7D780887CE0@mail.daesangagung.co.id>,bayes=1.000000,autolearn=no
autolearn_force=no
Nov 25 07:27:04 bollu spamd[14716]: check: tagrun - tag DKIMDOMAIN is still
blocking action 0
Nov 25 07:27:04 bollu spamd[14716]: config: copying current conf from
backup
Nov 25 07:27:04 bollu postfix/qmgr[1008]: 31DF9E086E:
from=<info@daesangagung.co.id>, size=4418, nrcpt=1 (queue active)
Nov 25 07:27:04 bollu postfix/smtpd[10172]: disconnect from
mail.daesangagung.co.id[117.54.218.101] ehlo=2 starttls=1 mail=1 rcpt=1
data=1 quit=1 commands=7
Nov 25 07:27:04 bollu dovecot: lmtp(10164): Connect from local
Nov 25 07:27:04 bollu postfix/lmtp[10163]: 31DF9E086E:
to=<foobar@bollu.be>, relay=bollu.be[private/dovecot-lmtp], delay=0.98,
delays=0.97/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <foobar@bollu.be>
mFa9Osg6n2G0JwAAPk7Pew Saved)
Nov 25 07:27:04 bollu dovecot: lmtp(foobar)<10164><mFa9Osg6n2G0JwAAPk7Pew>:
sieve: msgid=<20211124140722.7F7D780887CE0@mail.daesangagung.co.id>: stored
mail into mailbox 'INBOX'
Nov 25 07:27:04 bollu dovecot: lmtp(10164): Disconnect from local: Client
has quit the connection (state=READY)
Nov 25 07:27:04 bollu postfix/qmgr[1008]: 31DF9E086E: removed
Nov 25 07:27:05 bollu spamd[14716]: timing: total 627 ms -
signal_user_changed: 1.75 (0.3%), parse: 1.14 (0.2%),
extract_message_metadata: 38 (6.1%), get_uri_detail_list: 1.14 (0.2%),
tests_pri_-1000: 15 (2.4%), tests_pri_-950: 1.92 (0.3%), tests_pri_-900:
2.3 (0.4%), tests_pri_-400: 23 (3.6%), check_bayes: 20 (3.2%), b_tokenize:
7 (1.1%), b_tok_get_all: 4.9 (0.8%), b_comp_prob: 4.5 (0.7%),
b_tok_touch_all: 0.51 (0.1%), b_finish: 1.55 (0.2%), tests_pri_0: 473
(75.4%), check_dkim_signature: 0.85 (0.1%), check_dkim_adsp: 355 (56.6%),
poll_dns_idle: 312 (49.7%), check_spf: 1.37 (0.2%), check_pyzor: 0.38
(0.1%), tests_pri_500: 11 (1.7%), get_report: 0.60 (0.1%), copy_config: 46
(7.4%)
 

Eventualy, I can see in my dovecot Maildir that the messages don't have the
X-Spam headers since November 17th.

 

Additional note: If I run spamassassin from the command line on one of my
received messages, the resulting message has the X-Spam headers

 

Can someone help me? I have no idea what's going wrong, and no idea how to
troubleshoot further.

 

Best regards,

--

 

Cyrille Bollu
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
dbuergin at gluet
Nov 25, 2021, 1:20 PM
Post #2 of 10 (1224 views)
Permalink
First we would need to see the spamd config,
SpamAssassin config, spamass-milter config
to see how it is all wired up.
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
cyrille at bollu
Nov 26, 2021, 12:26 AM
Post #3 of 10 (1224 views)
Permalink
Hi,

 

Here's my config. It's quite a default one: I didn't change much (I show
you below what I've changed)

 

Best regards,

 

Cyrille

 

============= CONFIG ==============

root@bollu:/etc# grep -v '^#' default/spamassassin | grep -v '^$'
OPTIONS="-D --create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
CRON=0

root@bollu:/etc# grep -v '^#' default/spamass-milter | grep -v '^$'
OPTIONS="-u spamass-milter -i 127.0.0.1 -- -s 10485760"
OPTIONS="${OPTIONS} -r 10"

root@bollu:/etc/spamassassin# grep -v '^#' local.cf | grep -v '^$'
rewrite_header Subject *****SPAM*****
report_safe 1
ok_languages fr
score UNWANTED_LANGUAGE_BODY 0.5
body NA_DOLLARS                      
 /\b(?:\d{1,3})?Million\b.{0,40}\b(?:Canadian Dollar?s?|US\$|U\.? ?S\.?
Dollar)/i
describe NA_DOLLARS            Talks about a million North American
dollars
score NA_DOLLARS 1
body US_DOLLARS_3              
/(?:\$|usd).?\d{1,3}[,.]\d{3}[,.]\d{3}(?:[,.]\d\d)?/i
describe US_DOLLARS_3           Mentions millions of $
($NN,NNN,NNN.NN)
score US_DOLLARS_3 1
body MILLION_USD               /Million\b.{0,40}\b(?:United States?
Dollars?|USD)/i
describe MILLION_USD           Talks about millions of dollars
score MILLION_USD 1
use_bayes 1
bayes_path /var/spamassassin/bayes
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
endif # Mail::SpamAssassin::Plugin::Shortcircuit
 

root@bollu:/etc/spamassassin# grep loadplugin v3*
v310.pre:#loadplugin Mail::SpamAssassin::Plugin::DCC
v310.pre:loadplugin Mail::SpamAssassin::Plugin::Pyzor
v310.pre:loadplugin Mail::SpamAssassin::Plugin::Razor2
v310.pre:loadplugin Mail::SpamAssassin::Plugin::SpamCop
v310.pre:#loadplugin Mail::SpamAssassin::Plugin::AntiVirus
v310.pre:#loadplugin Mail::SpamAssassin::Plugin::AWL
v310.pre:loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
v310.pre:loadplugin Mail::SpamAssassin::Plugin::TextCat
v310.pre:#loadplugin Mail::SpamAssassin::Plugin::AccessDB
v310.pre:loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
v310.pre:loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
v310.pre:loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
v312.pre:loadplugin Mail::SpamAssassin::Plugin::DKIM
v320.pre:loadplugin Mail::SpamAssassin::Plugin::Check
v320.pre:loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
v320.pre:loadplugin Mail::SpamAssassin::Plugin::URIDetail
v320.pre:# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
v320.pre:loadplugin Mail::SpamAssassin::Plugin::Bayes
v320.pre:loadplugin Mail::SpamAssassin::Plugin::BodyEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::DNSEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::HTMLEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::HeaderEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::MIMEEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::RelayEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::URIEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::WLBLEval
v320.pre:loadplugin Mail::SpamAssassin::Plugin::VBounce
v320.pre:# loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
v320.pre:# loadplugin Mail::SpamAssassin::Plugin::ASN
v320.pre:loadplugin Mail::SpamAssassin::Plugin::ImageInfo
v330.pre:#loadplugin Mail::SpamAssassin::Plugin::PhishTag
v330.pre:loadplugin Mail::SpamAssassin::Plugin::FreeMail
v340.pre:loadplugin Mail::SpamAssassin::Plugin::AskDNS
v341.pre:# loadplugin Mail::SpamAssassin::Plugin::TxRep
v341.pre:# loadplugin Mail::SpamAssassin::Plugin::URILocalBL
v341.pre:# loadplugin Mail::SpamAssassin::Plugin::PDFInfo
v342.pre:# loadplugin Mail::SpamAssassin::Plugin::HashBL
v342.pre:# loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
v342.pre:# loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof
v342.pre:# loadplugin Mail::SpamAssassin::Plugin::Phishing
 

============ CUSTOM CONFIG =================

 

I've all my /etc folder configured as a git repository, so I can tell what
I've changed in there:

 

root@bollu:/etc/spamassassin# git log .
commit 7763102701ef1b56a14655f36836fbb6480e048f
Author: root <root@bollu.be>
Date:   Mon Sep 13 11:52:16 2021 +0000

   Enables spamassassin's bayes filter

   Signed-off-by: root <root@bollu.be>

commit 2531d9229ba68340dca952abead56d3c3e494ab0
Author: root <root@bollu.be>
Date:   Thu Aug 19 08:21:42 2021 +0000

   Adds some spamassassin rules to raise score of mails talking
   about money

   Signed-off-by: root <root@bollu.be>

commit cbf49cf46807a1a34fcf8a6cd88efa1d254b949a
Author: root <root@bollu.be>
Date:   Sun Aug 15 18:24:50 2021 +0000

   Increases spamassassin 'score by 0.5 when email language is not french

   Signed-off-by: root <root@bollu.be>

commit 3a0d5fdc33750e78b0661cf2096a99bd1a88cc40
Author: root <root@bollu.be>
Date:   Fri Jul 30 20:19:58 2021 +0000

   apt install spamassassin spamc

   Signed-off-by: root <root@bollu.be>
root@bollu:/etc/spamassassin#
 

root@bollu:/etc/spamassassin# git show
cbf49cf46807a1a34fcf8a6cd88efa1d254b949a
commit cbf49cf46807a1a34fcf8a6cd88efa1d254b949a
Author: root <root@bollu.be>
Date:   Sun Aug 15 18:24:50 2021 +0000

   Increases spamassassin 'score by 0.5 when email language is not french

   Signed-off-by: root <root@bollu.be>

diff --git a/spamassassin/local.cf b/spamassassin/local.cf
index 95bc494..46dd18b 100644
--- a/spamassassin/local.cf
+++ b/spamassassin/local.cf
@@ -9,15 +9,19 @@

#   Add *****SPAM***** to the Subject header of spam e-mails
#
-# rewrite_header Subject *****SPAM*****
+rewrite_header Subject *****SPAM*****

#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
-# report_safe 1
+report_safe 1

+# Adds some points when email is not in french
+ok_languages fr
+score UNWANTED_LANGUAGE_BODY 0.5
+
#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
diff --git a/spamassassin/v310.pre b/spamassassin/v310.pre
index 56e5b2f..55f3e83 100644
--- a/spamassassin/v310.pre
+++ b/spamassassin/v310.pre
@@ -50,7 +50,7 @@ loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold

# TextCat - language guesser
#
-#loadplugin Mail::SpamAssassin::Plugin::TextCat
+loadplugin Mail::SpamAssassin::Plugin::TextCat

# AccessDB - lookup from-addresses in access database
#
root@bollu:/etc/spamassassin#
 

 

root@bollu:/etc/spamassassin# git show
2531d9229ba68340dca952abead56d3c3e494ab0
commit 2531d9229ba68340dca952abead56d3c3e494ab0
Author: root <root@bollu.be>
Date:   Thu Aug 19 08:21:42 2021 +0000

   Adds some spamassassin rules to raise score of mails talking
   about money

   Signed-off-by: root <root@bollu.be>

diff --git a/spamassassin/local.cf b/spamassassin/local.cf
index 46dd18b..beb906c 100644
--- a/spamassassin/local.cf
+++ b/spamassassin/local.cf
@@ -22,6 +22,19 @@ report_safe 1
ok_languages fr
score UNWANTED_LANGUAGE_BODY 0.5

+# From /usr/share/spamassassin/20_phrases.cf where it is disabled
+body NA_DOLLARS                      
 /\b(?:\d{1,3})?Million\b.{0,40}\b(?:Canadian Dollar?s?|US\$|U\.? ?S\.?
Dollar)/i
+describe NA_DOLLARS            Talks about a million North American
dollars
+score NA_DOLLARS 1
+
+body US_DOLLARS_3              
/(?:\$|usd).?\d{1,3}[,.]\d{3}[,.]\d{3}(?:[,.]\d\d)?/i
+describe US_DOLLARS_3           Mentions millions of $
($NN,NNN,NNN.NN)
+score US_DOLLARS_3 1
+
+body MILLION_USD               /Million\b.{0,40}\b(?:United States?
Dollars?|USD)/i
+describe MILLION_USD           Talks about millions of dollars
+score MILLION_USD 1
+
#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
root@bollu:/etc/spamassassin#
 

 

root@bollu:/etc/spamassassin# git show
7763102701ef1b56a14655f36836fbb6480e048f
commit 7763102701ef1b56a14655f36836fbb6480e048f
Author: root <root@bollu.be>
Date:   Mon Sep 13 11:52:16 2021 +0000

   Enables spamassassin's bayes filter

   Signed-off-by: root <root@bollu.be>

diff --git a/spamassassin/local.cf b/spamassassin/local.cf
index beb906c..68d05e3 100644
--- a/spamassassin/local.cf
+++ b/spamassassin/local.cf
@@ -53,8 +53,9 @@ score MILLION_USD 1

#   Use Bayesian classifier (default: 1)
#
-# use_bayes 1
+use_bayes 1

+bayes_path /var/spamassassin/bayes

#   Bayesian classifier auto-learning (default: 1)
#
root@bollu:/etc/spamassassin#
 

 

root@bollu:/etc/default# git log spamassassin
commit 3a0d5fdc33750e78b0661cf2096a99bd1a88cc40
Author: root <root@bollu.be>
Date:   Fri Jul 30 20:19:58 2021 +0000

   apt install spamassassin spamc

   Signed-off-by: root <root@bollu.be>

root@bollu:/etc/default# git log spamass-milter
commit 4a2aa3d983fc313505a29a042a955471b3b94e96
Author: root <root@bollu.be>
Date:   Mon Sep 13 11:52:43 2021 +0000

   Raises spamassassin's max email size

   Signed-off-by: root <root@bollu.be>

commit 59420d519cdda489896d2a4a4968f9dce7df38ae
Author: root <root@bollu.be>
Date:   Fri Jul 30 20:24:39 2021 +0000

   Configure spamass-milter to reject email with a spam score > 10

   Signed-off-by: root <root@bollu.be>

commit 5fc427ed0c4a222a1da4ca8441ef6782354695ce
Author: root <root@bollu.be>
Date:   Fri Jul 30 20:21:08 2021 +0000

   apt install spamass-milter

   Signed-off-by: root <root@bollu.be>

root@bollu:/etc/default# git show 59420d519cdda489896d2a4a4968f9dce7df38ae
commit 59420d519cdda489896d2a4a4968f9dce7df38ae
Author: root <root@bollu.be>
Date:   Fri Jul 30 20:24:39 2021 +0000

   Configure spamass-milter to reject email with a spam score > 10

   Signed-off-by: root <root@bollu.be>

diff --git a/default/spamass-milter b/default/spamass-milter
index 8922fb5..e36083d 100644
--- a/default/spamass-milter
+++ b/default/spamass-milter
@@ -12,7 +12,7 @@
OPTIONS="-u spamass-milter -i 127.0.0.1"

# Reject emails with spamassassin scores > 15.
-#OPTIONS="${OPTIONS} -r 15"
+OPTIONS="${OPTIONS} -r 10"

# Do not modify Subject:, Content-Type: or body.
#OPTIONS="${OPTIONS} -m"

root@bollu:/etc/default# git show 4a2aa3d983fc313505a29a042a955471b3b94e96
commit 4a2aa3d983fc313505a29a042a955471b3b94e96
Author: root <root@bollu.be>
Date:   Mon Sep 13 11:52:43 2021 +0000

   Raises spamassassin's max email size

   Signed-off-by: root <root@bollu.be>

diff --git a/default/spamass-milter b/default/spamass-milter
index e36083d..18646cd 100644
--- a/default/spamass-milter
+++ b/default/spamass-milter
@@ -9,7 +9,7 @@

# Default, use the spamass-milter user as the default user, ignore
# messages from localhost
-OPTIONS="-u spamass-milter -i 127.0.0.1"
+OPTIONS="-u spamass-milter -i 127.0.0.1 -- -s 10485760"

# Reject emails with spamassassin scores > 15.
OPTIONS="${OPTIONS} -r 10"
root@bollu:/etc/default#
 

 
"David Bürgin" dbuergin@gluet.ch – 25 novembre 2021 22:20
 

> First we would need to see the spamd config,
> SpamAssassin config, spamass-milter config
> to see how it is all wired up.
>
>  

-- 
 

Cyrille Bollu
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
dbuergin at gluet
Nov 26, 2021, 1:02 AM
Post #4 of 10 (1224 views)
Permalink
And does Postfix connect via the milter and spamc, or does it call
spamassassin directly? For example, I have this in /etc/postfix/main.cf:

smtpd_milters =
...
unix:spamassassin/spamassassin-milter.sock

Another thing to try is enable more logging in spamass-milter to see
what it’s doing.

What should happen technically is that Postfix connects to the milter,
the milter uses spamc to communicate with SpamAssassin/spamd, and
finally the milter will add the new headers it receives from
SpamAssassin.
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
dbuergin at gluet
Nov 26, 2021, 4:19 AM
Post #5 of 10 (1224 views)
Permalink
> What should happen technically is that Postfix connects to the milter,
> the milter uses spamc to communicate with SpamAssassin/spamd, and
> finally the milter will add the new headers it receives from
> SpamAssassin.

To expand a little bit on this, the crucial thing is that all components
can communicate properly via sockets. That is, for every component you
must configure where it can reach the next component. And make sure
user/permissions match, too.

My setup on Ubuntu 20.04 looks something like this:

Postfix

?

SpamAssassin Milter (https://crates.io/crates/spamassassin-milter)
/var/spool/postfix/spamassassin/spamassassin-milter.sock

? spamc

spamd (SpamAssassin)
/run/spamassassin/spamd.sock
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
cyrille at bollu
Nov 26, 2021, 4:53 AM
Post #6 of 10 (1224 views)
Permalink
Hello,

 

postfix communicates with spamassassin via a milter:

 

# milter settings (for DKIM, spam filters,...)
smtpd_milters = unix:/opendkim/opendkim.sock,local:spamass/spamass.sock
non_smtpd_milters = $smtpd_milters
 

As said, I can see logs in mail.log that show messages being processed and
correctly identified as spam/ham. 

 

Example from a few minutes ago:

 

Nov 26 12:45:06 bollu spamd[30993]: learn: auto-learn: adding head_only
points 0.01
Nov 26 12:45:06 bollu spamd[30993]: learn: auto-learn: message score:
3.264, computed score for autolearn: 3.337
Nov 26 12:45:06 bollu spamd[30993]: learn: auto-learn? ham=0.1, spam=12,
body-points=1.911, head-points=1.425, learned-points=0.8
Nov 26 12:45:06 bollu spamd[30993]: learn: auto-learn? no: inside
auto-learn thresholds, not considered ham or spam
Nov 26 12:45:06 bollu spamd[30993]: check: is spam? score=3.264 required=5
Nov 26 12:45:06 bollu spamd[30993]: check:
tests=BAYES_50,FSL_HELO_NON_FQDN_1,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MIME_QP_LONG_LINE,MISSING_MID,RDNS_NONE,SPF_PASS,T_REMOTE_IMAGE,UNPARSEABLE_RELAY,URIBL_BLOCKED
Nov 26 12:45:06 bollu spamd[30993]: check:
subtests=__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BUGGED_IMG,__COMMENT_EXISTS,__CT,__CTE,__CTYPE_HTML,__DKIM_DEPENDABLE,__DOS_BODY_FRI,__DOS_DIRECT_TO_MX,__DOS_HAS_ANY_URI,__DOS_RCVD_FRI,__DOS_REF_TODAY,__DOS_SINGLE_EXT_RELAY,__ENV_AND_HDR_FROM_MATCH,__FB_NUM_PERCNT,__FROM_FULL_NAME,__HAS_ANY_URI,__HAS_DATE,__HAS_FROM,__HAS_RCVD,__HAS_SUBJECT,__HAS_TO,__HAS_URI,__HELO_NO_DOMAIN,__HTML_LINK_IMAGE,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__LCL__ENV_AND_HDR_FROM_MATCH,__LOCAL_PP_NONPPURL,__MAIL_LINK,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__NAKED_TO,__NONEMPTY_BODY,__NOT_A_PERSON,__NOT_SPOOFED,__NUMBERS_IN_SUBJ,__RDNS_NONE,__REMOTE_IMAGE,__STY_INVIS,__SUBJ_NOT_SHORT,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TOCC_EXISTS,__TO_NO_ARROWS_R,__TO_NO_BRKTS_HTML_ONLY,__TO_NO_BRKTS_NORDNS_HTML,__TO_NO_BRKTS_PCNT,__UNPARSEABLE_RELAY_COUNT,__UNSUB_LINK,__URI_12LTRDOM
Nov 26 12:45:06 bollu spamd[30993]: spamd: clean message (3.3/5.0) for
cyrpub:65534 in 0.3 seconds, 9763 bytes.
Nov 26 12:45:06 bollu spamd[30993]: spamd: result: . 3 -
BAYES_50,FSL_HELO_NON_FQDN_1,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MIME_QP_LONG_LINE,MISSING_MID,RDNS_NONE,SPF_PASS,T_REMOTE_IMAGE,UNPARSEABLE_RELAY,URIBL_BLOCKED
scantime=0.3,size=9763,user=cyrpub,uid=65534,required_score=5.0,rhost=::1,raddr=::1,rport=35132,mid=(unknown),bayes=0.500416,autolearn=no
autolearn_force=no
Nov 26 12:45:06 bollu spamd[30993]: check: tagrun - tag DKIMDOMAIN is still
blocking action 0
Nov 26 12:45:06 bollu spamd[30993]: config: copying current conf from
backup
Nov 26 12:45:06 bollu spamd[30993]: netset: cache trusted_networks
hits/attempts: 9/10, 90.0 %
Nov 26 12:45:06 bollu spamd[30993]: timing: total 349 ms -
signal_user_changed: 2.4 (0.7%), parse: 1.17 (0.3%),
extract_message_metadata: 27 (7.7%), get_uri_detail_list: 1.92 (0.5%),
tests_pri_-1000: 20 (5.7%), tests_pri_-950: 1.83 (0.5%), tests_pri_-900:
1.88 (0.5%), tests_pri_-400: 15 (4.4%), check_bayes: 13 (3.8%), b_tokenize:
6 (1.8%), b_tok_get_all: 2.9 (0.8%), b_comp_prob: 1.11 (0.3%),
b_tok_touch_all: 0.08 (0.0%), b_finish: 1.51 (0.4%), tests_pri_0: 113
(32.3%), check_spf: 13 (3.8%), poll_dns_idle: 89 (25.5%),
check_dkim_signature: 0.68 (0.2%), check_dkim_adsp: 24 (7.0%), check_pyzor:
0.27 (0.1%), tests_pri_500: 93 (26.5%), copy_config: 48 (13.8%)
Nov 26 12:45:06 bollu spamd[30991]: prefork: child 30993: entering state 1
Nov 26 12:45:06 bollu spamd[30991]: prefork: new lowest idle kid: 30993
Nov 26 12:45:06 bollu spamd[30991]: prefork: child reports idle
Nov 26 12:45:06 bollu spamd[30991]: prefork: child states: II
Nov 26 12:45:06 bollu spamd[30993]: prefork: sysread(8) not ready, wait max
300.0 secs
Nov 26 12:45:31 bollu spamd[30994]: prefork: periodic ping from spamd
parent
 

Ha!? While pasting I stumble upon the following line:

 

Nov 26 12:45:06 bollu spamd[30993]: check: tagrun - tag DKIMDOMAIN is still
blocking action 0

 

Maybe a trail?

 

Best regards,

 

Cyrille

 
"David Bürgin" dbuergin@gluet.ch – 26 novembre 2021 13:20
 

>> What should happen technically is that Postfix connects to the milter,
>> the milter uses spamc to communicate with SpamAssassin/spamd, and
>> finally the milter will add the new headers it receives from
>> SpamAssassin.
>
> To expand a little bit on this, the crucial thing is that all components
> can communicate properly via sockets. That is, for every component you
> must configure where it can reach the next component. And make sure
> user/permissions match, too.
>
> My setup on Ubuntu 20.04 looks something like this:
>
> Postfix
>
> ?
>
> SpamAssassin Milter (crates.io/crates/spamassassin-milter[1])
> /var/spool/postfix/spamassassin/spamassassin-milter.sock
>
> ? spamc
>
> spamd (SpamAssassin)
> /run/spamassassin/spamd.sock
>
>  

-- 
 

Cyrille Bollu



Links:
------
[1] https://crates.io/crates/spamassassin-milter
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
uhlar at fantomas
Nov 26, 2021, 5:13 AM
Post #7 of 10 (1224 views)
Permalink
On 26.11.21 12:53, Cyrille Bollu wrote:
>postfix communicates with spamassassin via a milter:
>
>?
>
># milter settings (for DKIM, spam filters,...)
>smtpd_milters = unix:/opendkim/opendkim.sock,local:spamass/spamass.sock
>non_smtpd_milters = $smtpd_milters
>?
>
>As said, I can see logs in mail.log that show messages being processed and
>correctly identified as spam/ham.?

what parameters is spamass-milter run with?
-M by any chance?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
cyrille at bollu
Nov 26, 2021, 5:31 AM
Post #8 of 10 (1224 views)
Permalink
No no:

 

root@bollu:/home/debian# ps -eaf | grep spamass-milter
spamass+   673     1  0 13:06 ?        00:00:00
/usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
/var/spool/postfix/spamass/spamass.sock -u spamass-milter -d
func,misc,net,poll,rcpt,spamc,str,uori -i 127.0.0.1 -- -s 10485760 -r 10
root      1815  1172  0 13:30 pts/0    00:00:00 grep spamass-milter
root@bollu:/home/debian#
 

 
"Matus UHLAR - fantomas" uhlar@fantomas.sk – 26 novembre 2021 14:14
 

> On 26.11.21 12:53, Cyrille Bollu wrote:
>> postfix communicates with spamassassin via a milter:
>>
>>  
>>
>> # milter settings (for DKIM, spam filters,...)
>> smtpd_milters = unix:/opendkim/opendkim.sock,local:spamass/spamass.sock
>> non_smtpd_milters = $smtpd_milters
>>  
>>
>> As said, I can see logs in mail.log that show messages being processed
>> and
>> correctly identified as spam/ham. 
>
> what parameters is spamass-milter run with?
> -M by any chance?
>  

-- 
 

Cyrille Bollu
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
dbuergin at gluet
Nov 26, 2021, 5:43 AM
Post #9 of 10 (1224 views)
Permalink
Cyrille Bollu:
> spamass+   673     1  0 13:06 ?        00:00:00 /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p /var/spool/postfix/spamass/spamass.sock -u spamass-milter -d func,misc,net,poll,rcpt,spamc,str,uori -i 127.0.0.1 -- -s 10485760 -r 10

-r 10 is in the wrong place.

You need to put it before the ‘--’.
Re: Spamassassin detects spam but don't add X-Spam headers [ In reply to ]
cyrille at bollu
Nov 27, 2021, 3:51 AM
Post #10 of 10 (1213 views)
Permalink
Hi,

 

That was the problem, thanks David!

 

Apparently I hadn't restarted spamassassin properly when making this change
because it dates from September the 13th while spamassassin stopped tagging
my messages since November 11th only.

 

Thanks all, 

 

Cyrille 

 
"David Bürgin" dbuergin@gluet.ch – 26 novembre 2021 14:43
 

> Cyrille Bollu:
>> spamass+   673     1  0 13:06 ?        00:00:00
>> /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid[1] -f -p
>> /var/spool/postfix/spamass/spamass.sock -u spamass-milter -d
>> func,misc,net,poll,rcpt,spamc,str,uori -i 127.0.0.1[2] -- -s 10485760
>> -r 10
>
> -r 10 is in the wrong place.
>
> You need to put it before the ‘--’.
>
>  

-- 
 

Cyrille Bollu



Links:
------
[1] http://spamass.pid
[2] http://127.0.0.1

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal