Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

How to make Spamassassin detect spam mails

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


jayanta.ghosh at rp-sg

Jun 29, 2012, 10:48 PM

Post #1 of 5 (385 views)
Permalink
How to make Spamassassin detect spam mails
Dear List,

We are trying to configure Spamassassin (Version 3.3.1-2) with postfix
(Version 2.6.6-2.1) on RHEL 6.1 (64 bit). In order to integrate postfix with
Spamassassin We did the following changes in the master.cf file :-

We added "-o content_filter=spamassassin" to the following line
smtp inet n - n - - smtpd -o
content_filter=spamassassin

We also added the following lines at the end of master.cf
spamassassin
unix - n n - - pipe
flags=R
user=spamuser
argv=/usr/bin/spamc
-e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}

We also created a system user called spamuser. After the above-mentioned
changes the mails are getting scanned by Spamassassin. We have created a
folder .Spam for a particular user in the mailstore and executed the
following command
sa-learn --no-sync --spam /home/jayanta.ghosh/Maildir/.Spam/{cur,new}

Now the problem is we are not able to make spamassassin detect spam mails.
We have also changed the value of required_hits from 5 to 1 in the file
/etc/mail/spamassassin/local.cf but spamassassin is not detecting any spam.
Please find below the log excerpts

Jun 29 15:12:21 dctest1 authdaemond: authmysql: sysusername=<null>,
sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/,
address=jayanta.ghosh [at] rpsg, fullname=<null>,
maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>
Jun 29 15:12:21 dctest1 authdaemond: authmysql: clearpasswd=cesc,
passwd=<null>
Jun 29 15:12:21 dctest1 authdaemond: Authenticated: sysusername=<null>,
sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/,
address=jayanta.ghosh [at] rpsg, fullname=<null>,
maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>
Jun 29 15:12:21 dctest1 authdaemond: Authenticated: clearpasswd=cesc,
passwd=<null>
Jun 29 15:12:21 dctest1 postfix/smtpd[6729]: 922CFD006C:
client=unknown[10.50.81.45], sasl_method=LOGIN,
sasl_username=jayanta.ghosh [at] rpsg
Jun 29 15:12:22 dctest1 postfix/smtpd[6729]: CEDD2D006C:
client=unknown[10.50.81.45], sasl_method=LOGIN,
sasl_username=jayanta.ghosh [at] rpsg
Jun 29 15:12:22 dctest1 postfix/cleanup[6737]: CEDD2D006C:
message-id=<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos>
Jun 29 15:12:22 dctest1 postfix/qmgr[22419]: CEDD2D006C:
from=<jayanta.ghosh [at] rpsg>, size=1311, nrcpt=1 (queue active)
Jun 29 15:12:22 dctest1 postfix/smtpd[6729]: disconnect from
unknown[10.50.81.45]
Jun 29 15:12:22 dctest1 spamd[6716]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 39955
Jun 29 15:12:22 dctest1 spamd[6716]: spamd: setuid to spamuser succeeded
Jun 29 15:12:22 dctest1 spamd[6716]: spamd: processing message
<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos> for spamuser:504
Jun 29 15:12:24 dctest1 spamd[6716]: spamd: clean message (-1.0/1.0) for
spamuser:504 in 1.1 seconds, 1305 bytes.
Jun 29 15:12:24 dctest1 spamd[6716]: spamd: result: . 0 -
ALL_TRUSTED,HTML_MESSAGE
scantime=1.1,size=1305,user=spamuser,uid=504,required_score=1.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39955,mid=<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos>,autolearn=ham
Jun 29 15:12:24 dctest1 postfix/pickup[5612]: 13163D0077: uid=504
from=<jayanta.ghosh [at] rpsg>
Jun 29 15:12:24 dctest1 postfix/pipe[6739]: CEDD2D006C:
to=<jayanta.ghosh [at] rpsg>, relay=spamassassin, delay=1.2,
delays=0.06/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via spamassassin
service)
Jun 29 15:12:24 dctest1 postfix/qmgr[22419]: CEDD2D006C: removed
Jun 29 15:12:24 dctest1 postfix/cleanup[6737]: 13163D0077:
message-id=<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos>
Jun 29 15:12:24 dctest1 postfix/qmgr[22419]: 13163D0077:
from=<jayanta.ghosh [at] rpsg>, size=1626, nrcpt=1 (queue active)
Jun 29 15:12:24 dctest1 authdaemond: received userid lookup request:
jayanta.ghosh [at] rpsg
Jun 29 15:12:24 dctest1 authdaemond: authmysql: trying this module
Jun 29 15:12:24 dctest1 authdaemond: authmysqllib: connected. Versions:
header 50152, client 50152, server 50152
Jun 29 15:12:24 dctest1 authdaemond: SQL query: SELECT email, "", clear,
uid, gid, homedir, maildir, quota, "", "" FROM postfix_users WHERE email =
'jayanta.ghosh [at] rpsg' AND (access='y')
Jun 29 15:12:24 dctest1 authdaemond: SQL query: SELECT email, "", clear,
uid, gid, homedir, maildir, quota, "", "" FROM postfix_users WHERE email =
'jayanta.ghosh [at] rpsg' AND (access='y')
Jun 29 15:12:24 dctest1 authdaemond: Authenticated: sysusername=<null>,
sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/,
address=jayanta.ghosh [at] rpsg, fullname=<null>,
maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>
Jun 29 15:12:24 dctest1 authdaemond: Authenticated: clearpasswd=cesc,
passwd=<null>
Jun 29 15:12:24 dctest1 authdaemond: Authenticated: clearpasswd=cesc,
passwd=<null>
Jun 29 15:12:24 dctest1 spamd[6708]: prefork: child states: II
Jun 29 15:12:24 dctest1 postfix/pipe[6743]: 13163D0077:
to=<jayanta.ghosh [at] rpsg>, relay=maildrop, delay=0.05,
delays=0.02/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via maildrop
service)


Kindly guide us how to make spamassassin detect spam mails.

Thanks & Regards,
Jayanta Ghosh

--
View this message in context: http://spamassassin.1065346.n5.nabble.com/How-to-make-Spamassassin-detect-spam-mails-tp100658.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


martin at gregorie

Jun 30, 2012, 4:00 AM

Post #2 of 5 (351 views)
Permalink
Re: How to make Spamassassin detect spam mails [In reply to]
On Fri, 2012-06-29 at 22:48 -0700, Jayanta Ghosh wrote:
> Dear List,
>
> We are trying to configure Spamassassin (Version 3.3.1-2) with postfix
> (Version 2.6.6-2.1) on RHEL 6.1 (64 bit). In order to integrate postfix with
> Spamassassin We did the following changes in the master.cf file :-
>
> We added "-o content_filter=spamassassin" to the following line
> smtp inet n - n - - smtpd -o
> content_filter=spamassassin
>
> We also added the following lines at the end of master.cf
> spamassassin
> unix - n n - - pipe
> flags=R
> user=spamuser
> argv=/usr/bin/spamc
> -e /usr/sbin/sendmail
> -oi -f ${sender} ${recipient}
>
Don't use both spamassassin and spamc:

- running 'spamassassin' causes it to load, initialise, scan the
message, and quit. This is done each time a message is received by
Postfix and so is relatively slow because spamassasin is written in
Perl and is quite big.

- calling spamc, a lightweight C program makes it pass the message to
spamd, a server, for scanning. spamd is a copy of spamassassin that is
loaded at boot time, so has much less overhead than loading and
running it against each message.

Make up your mind which you're going to use, fix that configuration and
remove the one you don't use.

- Are you sure your spamassassin configuration is OK?

- What does 'spamassassin --lint' tell you?

- If you run known spam through 'spamc <spam.mbox' or
'spamassassin <spam.mbox' is it getting marked as spam?
What about known ham?
You should be able to do this as any user.


Martin


duihi77 at gmail

Jun 30, 2012, 4:11 AM

Post #3 of 5 (349 views)
Permalink
Re: How to make Spamassassin detect spam mails [In reply to]
On Saturday, June 30, 2012 at 11:00:54 UTC, martin [at] gregorie confabulated:

> On Fri, 2012-06-29 at 22:48 -0700, Jayanta Ghosh wrote:
>> Dear List,
>>
>> We are trying to configure Spamassassin (Version 3.3.1-2) with postfix
>> (Version 2.6.6-2.1) on RHEL 6.1 (64 bit). In order to integrate postfix with
>> Spamassassin We did the following changes in the master.cf file :-
>>
>> We added "-o content_filter=spamassassin" to the following line
>> smtp inet n - n - - smtpd -o
>> content_filter=spamassassin
>>
>> We also added the following lines at the end of master.cf
>> spamassassin
>> unix - n n - - pipe
>> flags=R
>> user=spamuser
>> argv=/usr/bin/spamc
>> -e /usr/sbin/sendmail
>> -oi -f ${sender} ${recipient}
>>
> Don't use both spamassassin and spamc:

> - running 'spamassassin' causes it to load, initialise, scan the
> message, and quit. This is done each time a message is received by
> Postfix and so is relatively slow because spamassasin is written in
> Perl and is quite big.

> - calling spamc, a lightweight C program makes it pass the message to
> spamd, a server, for scanning. spamd is a copy of spamassassin that is
> loaded at boot time, so has much less overhead than loading and
> running it against each message.

> Make up your mind which you're going to use, fix that configuration and
> remove the one you don't use.

> - Are you sure your spamassassin configuration is OK?

> - What does 'spamassassin --lint' tell you?

> - If you run known spam through 'spamc <spam.mbox' or
> 'spamassassin <spam.mbox' is it getting marked as spam?
> What about known ham?
> You should be able to do this as any user.

The OP is just using spamc. If memory serves, the tests the OP was
performing were from the server spamassassin was installed on.
Therefore, the spam score will be on the negative side instead of a
positive number.

--
If at first you don't succeed...
...so much for skydiving.


duihi77 at gmail

Jun 30, 2012, 4:12 AM

Post #4 of 5 (350 views)
Permalink
Re: How to make Spamassassin detect spam mails [In reply to]
Try your testing from somewhere else. Your test appears to have been
performed from the server itself. Your logs below show ALL_TRUSTED in
the spamassassin results.

On Saturday, June 30, 2012 at 05:48:15 UTC, jayanta.ghosh [at] rp-sg confabulated:

> Dear List,

> We are trying to configure Spamassassin (Version 3.3.1-2) with postfix
> (Version 2.6.6-2.1) on RHEL 6.1 (64 bit). In order to integrate postfix with
> Spamassassin We did the following changes in the master.cf file :-

> We added "-o content_filter=spamassassin" to the following line
> smtp inet n - n - - smtpd -o
> content_filter=spamassassin

> We also added the following lines at the end of master.cf
> spamassassin
> unix - n n - - pipe
> flags=R
> user=spamuser
> argv=/usr/bin/spamc
> -e /usr/sbin/sendmail
> -oi -f ${sender} ${recipient}

> We also created a system user called spamuser. After the above-mentioned
> changes the mails are getting scanned by Spamassassin. We have created a
> folder .Spam for a particular user in the mailstore and executed the
> following command
> sa-learn --no-sync --spam /home/jayanta.ghosh/Maildir/.Spam/{cur,new}

> Now the problem is we are not able to make spamassassin detect spam mails.
> We have also changed the value of required_hits from 5 to 1 in the file
> /etc/mail/spamassassin/local.cf but spamassassin is not detecting any spam.
> Please find below the log excerpts

> Jun 29 15:12:21 dctest1 authdaemond: authmysql: sysusername=<null>,
> sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/,
> address=jayanta.ghosh [at] rpsg, fullname=<null>,
> maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>
> Jun 29 15:12:21 dctest1 authdaemond: authmysql: clearpasswd=cesc,
> passwd=<null>
> Jun 29 15:12:21 dctest1 authdaemond: Authenticated: sysusername=<null>,
> sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/,
> address=jayanta.ghosh [at] rpsg, fullname=<null>,
> maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>
> Jun 29 15:12:21 dctest1 authdaemond: Authenticated: clearpasswd=cesc,
> passwd=<null>
> Jun 29 15:12:21 dctest1 postfix/smtpd[6729]: 922CFD006C:
> client=unknown[10.50.81.45], sasl_method=LOGIN,
> sasl_username=jayanta.ghosh [at] rpsg
> Jun 29 15:12:22 dctest1 postfix/smtpd[6729]: CEDD2D006C:
> client=unknown[10.50.81.45], sasl_method=LOGIN,
> sasl_username=jayanta.ghosh [at] rpsg
> Jun 29 15:12:22 dctest1 postfix/cleanup[6737]: CEDD2D006C:
> message-id=<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos>
> Jun 29 15:12:22 dctest1 postfix/qmgr[22419]: CEDD2D006C:
> from=<jayanta.ghosh [at] rpsg>, size=1311, nrcpt=1 (queue active)
> Jun 29 15:12:22 dctest1 postfix/smtpd[6729]: disconnect from
> unknown[10.50.81.45]
> Jun 29 15:12:22 dctest1 spamd[6716]: spamd: connection from
> localhost.localdomain [127.0.0.1] at port 39955
> Jun 29 15:12:22 dctest1 spamd[6716]: spamd: setuid to spamuser succeeded
> Jun 29 15:12:22 dctest1 spamd[6716]: spamd: processing message
> <78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos> for spamuser:504
> Jun 29 15:12:24 dctest1 spamd[6716]: spamd: clean message (-1.0/1.0) for
> spamuser:504 in 1.1 seconds, 1305 bytes.
> Jun 29 15:12:24 dctest1 spamd[6716]: spamd: result: . 0 -
> ALL_TRUSTED,HTML_MESSAGE
> scantime=1.1,size=1305,user=spamuser,uid=504,required_score=1.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39955,mid=<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos>,autolearn=ham
> Jun 29 15:12:24 dctest1 postfix/pickup[5612]: 13163D0077: uid=504
> from=<jayanta.ghosh [at] rpsg>
> Jun 29 15:12:24 dctest1 postfix/pipe[6739]: CEDD2D006C:
> to=<jayanta.ghosh [at] rpsg>, relay=spamassassin, delay=1.2,
> delays=0.06/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via spamassassin
> service)
> Jun 29 15:12:24 dctest1 postfix/qmgr[22419]: CEDD2D006C: removed
> Jun 29 15:12:24 dctest1 postfix/cleanup[6737]: 13163D0077:
> message-id=<78467F45239F4DCF9ACCA0E823BDC23F [at] JayantaGhos>
> Jun 29 15:12:24 dctest1 postfix/qmgr[22419]: 13163D0077:
> from=<jayanta.ghosh [at] rpsg>, size=1626, nrcpt=1 (queue active)
> Jun 29 15:12:24 dctest1 authdaemond: received userid lookup request:
> jayanta.ghosh [at] rpsg
> Jun 29 15:12:24 dctest1 authdaemond: authmysql: trying this module
> Jun 29 15:12:24 dctest1 authdaemond: authmysqllib: connected. Versions:
> header 50152, client 50152, server 50152
> Jun 29 15:12:24 dctest1 authdaemond: SQL query: SELECT email, "", clear,
> uid, gid, homedir, maildir, quota, "", "" FROM postfix_users WHERE email =
> 'jayanta.ghosh [at] rpsg' AND (access='y')
> Jun 29 15:12:24 dctest1 authdaemond: SQL query: SELECT email, "", clear,
> uid, gid, homedir, maildir, quota, "", "" FROM postfix_users WHERE email =
> 'jayanta.ghosh [at] rpsg' AND (access='y')
> Jun 29 15:12:24 dctest1 authdaemond: Authenticated: sysusername=<null>,
> sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/,
> address=jayanta.ghosh [at] rpsg, fullname=<null>,
> maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>
> Jun 29 15:12:24 dctest1 authdaemond: Authenticated: clearpasswd=cesc,
> passwd=<null>
> Jun 29 15:12:24 dctest1 authdaemond: Authenticated: clearpasswd=cesc,
> passwd=<null>
> Jun 29 15:12:24 dctest1 spamd[6708]: prefork: child states: II
> Jun 29 15:12:24 dctest1 postfix/pipe[6743]: 13163D0077:
> to=<jayanta.ghosh [at] rpsg>, relay=maildrop, delay=0.05,
> delays=0.02/0.02/0/0.02, dsn=2.0.0, status=sent (delivered via maildrop
> service)


> Kindly guide us how to make spamassassin detect spam mails.

> Thanks & Regards,
> Jayanta Ghosh

--
If at first you don't succeed...
...so much for skydiving.


me at junc

Jun 30, 2012, 4:53 AM

Post #5 of 5 (351 views)
Permalink
Re: How to make Spamassassin detect spam mails [In reply to]
Den 2012-06-30 13:00, Martin Gregorie skrev:

>> We also added the following lines at the end of master.cf
>> spamassassin
>> unix - n n - - pipe
>> flags=R
>> user=spamuser
>> argv=/usr/bin/spamc
>> -e /usr/sbin/sendmail
>> -oi -f ${sender} ${recipient}
>>
> Don't use both spamassassin and spamc:

would be less confussing if it was spamc content_filter line, but its
does not call spamassassin perl here :=)

its entirely postfix that use spamc

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.