Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Spamassassin Settings Question
heatsink
post Oct 22 2004, 08:46 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 9
Joined: 14-June 04
Member No.: 3,155



Hello All....

I've sucessfully set up Spamassassin on my Debian box with exim4 (I've installed sa-exim as well). SA is running, I know so because I can watch it in exim4's mainlog and the X headers are appearing in my delivered emails. It is rejecting some emails outright (those with a score of 17 is what I've seen so far) but letting ones with scores like 7.5 through even though they are marked as spam. Here's the applicable headers from one that got delivered to me:

CODE
X-SA-Exim-Connect-IP 63.241.65.15  
From Jon Watson <munged@munged.com>              
 
Subject WINNING NOTIFICATION.  
X-Spam-Flag YES  
X-Spam-Checker-Version SpamAssassin 3.0.0 (2004-09-13) on theheatsinkbbs  
X-Spam-Level *******  
X-Spam-Status Yes, score=7.5 required=5.0 tests=AWL,MILLION_USD,<br> NIGERIAN_BODY1,NIGERIAN_BODY2,NIGERIAN_BODY3,SUBJ_ALL_CAPS,<br> UNCLAIMED_MONEY,US_DOLLARS_3 autolearn=no version=3.0.0  
Content-Type multipart/mixed; boundary="----------=_41790D6E.959EFB98"  
X-SA-Exim-Version 4.1 (built Tue, 17 Aug 2004 11:06:07 +0200)  
X-SA-Exim-Scanned Yes (on theheatsinkbbs)


As you can see in the X-Spam-Status header, SA has determined (correctly) that this message is spam yet it still delivered it to me.

I am aware of the threshold setting (which you can see I have set to 5), but is there some other setting that I'm missing? Something like "anything between 5 and 10 still deliver to me?"

I've looked in the docs and I've given up on the wiki at the Spamassassin site (man I hate Wiki software). Does anyone have any ideas?

Thanks!

Jon
Go to the top of the page
 
+Quote Post
hughesjr
post Oct 22 2004, 05:54 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I use MailScanner to actually scan the mail before it is delivered and it has settings in it's config file (/etc/MailScanner/MailScanner.conf) like this:

CODE
# What to do with spam
# --------------------
#

# This is a list of actions to take when a message is spam.
# It can be any combination of the following:
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    bounce                  - send a rejection message back to the sender
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#
# This can also be the filename of a ruleset.
#Spam Actions = store forward anonymous@ecs.soton.ac.uk
Spam Actions = delete

# This is just like the "Spam Actions" option above, except that it applies
# then the score from SpamAssassin is higher than the "High SpamAssassin Score"
# value.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#
# This can also be the filename of a ruleset.
High Scoring Spam Actions = delete

# This is just like the "Spam Actions" option above, except that it applies
# to messages that are *NOT* spam.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text
#
# This can also be the filename of a ruleset.
Non Spam Actions = deliver

# This replaces the SpamAssassin configuration value 'required_hits'.
# If a message achieves a SpamAssassin score higher than this value,
# it is spam. See also the High SpamAssassin Score configuration option.
# This can also be the filename of a ruleset, so the SpamAssassin
# required_hits value can be set to different values for different messages.
Required SpamAssassin Score = 6.8

# If a message achieves a SpamAssassin score higher than this value,
# then the "High Scoring Spam Actions" are used. You may want to use
# this to deliver moderate scores, while deleting very high scoring messsages.
# This can also be the filename of a ruleset.
High SpamAssassin Score = 10


As I said, this is using MailScanner in conjunction with SpamAssassin. I have never used SpamAssassin on a mail server without MailScanner.

It can be used with Exim4, though I have personally only used it with SendMail and PostFix.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
heatsink
post Oct 25 2004, 10:25 AM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 9
Joined: 14-June 04
Member No.: 3,155



QUOTE (hughesjr @ Oct 22 2004, 05:54 PM)
I use MailScanner to actually scan the mail before it is delivered and it has settings in it's config file (/etc/MailScanner/MailScanner.conf) like this:

CODE
# What to do with spam
# --------------------

...snip...

Interesting.....thanks....

I've figured out that emails scored between the required_hits and the permreject score will still be sent to the user even though they are tagged as spam.

I have a new problem though....no matter what I set my required_hits to in my local.cf file (I have no user pref files), the spamassassin headers still say required_hits is 5.

Any idea where I set this value? Obviously local.cf isn't the right place...

Thanks!

Jon
Go to the top of the page
 
+Quote Post
surph
post Oct 25 2004, 11:35 AM
Post #4


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 25-October 04
Member No.: 4,030



Did you install local.cf in a different location? Is SA looking for the local.cf your looking at?
I believe default local.cf is located in /etc/mail/spammassassin

Just looked at my /etc/mail/spamassassin/local.cf
It is set to 7.5 and mark email is showing...
Content analysis details: (18.2 points, 7.5 required)

Let us know how it's going.
Go to the top of the page
 
+Quote Post
heatsink
post Oct 26 2004, 11:46 AM
Post #5


Whats this Lie-nix Thing?
*

Group: Members
Posts: 9
Joined: 14-June 04
Member No.: 3,155



QUOTE (surph @ Oct 25 2004, 11:35 AM)
Did you install local.cf in a different location?  Is SA looking for the local.cf your looking at?
I believe default local.cf is located in /etc/mail/spammassassin

Just looked at my /etc/mail/spamassassin/local.cf
It is set to 7.5 and mark email is showing...
Content analysis details: (18.2 points, 7.5 required)

Let us know how it's going.

Hiya!

Yes, indeed. My local.cf is in /etc/mail/spamassassin. Here it is...

CODE
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
# required_hits           3

# Whate score to ditch messages at
required_score 3.0

# Whether to change the subject of suspected spam
rewrite_subject         1

# Text to prepend to subject if rewrite_subject is used
subject_tag             *****SPAM*****

# Encapsulate spam in an attachment
report_safe             1

# Use terse version of the spam report
use_terse_report        0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
auto_learn              1

# Enable or disable network checks
skip_rbl_checks         1
use_razor2              1
use_dcc                 1
use_pyzor               1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - english
ok_languages            en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en


I've used required_hits and required_score and neither work.

However, you bring up an interesting point. My subject lines don't get rewritten with *****SPAM***** either so perhaps spamassassin *isn't* reading this local.cf....

I'm going to look around. I'll edit this message with my results.

Thanks!

Jon

EDIT: did a search of the entire HDD and there's only one local.cf file. Hmm....
Go to the top of the page
 
+Quote Post
hughesjr
post Oct 27 2004, 06:16 AM
Post #6


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



take a look in /usr/share/spamassassin, some distros put rules there as well...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
heatsink
post Oct 27 2004, 04:15 PM
Post #7


Whats this Lie-nix Thing?
*

Group: Members
Posts: 9
Joined: 14-June 04
Member No.: 3,155



QUOTE (hughesjr @ Oct 27 2004, 06:16 AM)
take a look in /usr/share/spamassassin, some distros put rules there as well...

Yes, there are rules in there in the form of .cf files, but they seem to pertain to the tests to run and the scores to assign to each test. I don't see anything in there that would allow me to set the required_hits or required_score number to anything. Am I missing something?

Thanks!

Jon
Go to the top of the page
 
+Quote Post
hughesjr
post Oct 27 2004, 07:50 PM
Post #8


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



If you looked at the files and there are no setup files, then you are probably not missing anything ... I just wanted you to be aware that there could be a .cf file in that directory that could affect SpamAssassin.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
heatsink
post Oct 29 2004, 03:27 PM
Post #9


Whats this Lie-nix Thing?
*

Group: Members
Posts: 9
Joined: 14-June 04
Member No.: 3,155



Got it.

At some point, probably many weeks ago, I made an error in the local.cf file. I changed required_hits 5.0 to required_hits=5.0 (notice the = sign). This is incorrect and spamassassin ignores it. However, it doesn't tell you it ignores it...it just does.

I stumbled across a nifty command called spamassassin --lint that parses the various cf files and tells you if there are errors. Try it, you'll like it.

So, now that I have required_hits 3.0 in my local.cf..everything works nicely.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st October 2017 - 11:38 PM