Improve company productivity with a Business Account.Sign Up

x
?
Solved

spamassassin detecting spam but not tagging with prepended subject

Posted on 2009-05-18
4
Medium Priority
?
720 Views
Last Modified: 2013-12-09
I installed qmail using the qmailrocks tutorial.  It has been up and running very well for some time.  It came to my attention recently that SpamAssassin is not tagging the subject of suspect emails.  I made sure the rewrite_header configuration item in local.cf was not commented, but still no joy.  In my logs, I do see SA firing off, and sending SA's output to a specific log file shows it is running through the normal routine.  I see the X-Spam-Status and X-Spam-Level headers inserted into the target email.  I just cannot get it to tag the subject line.  How can I correct this?

Server is installed with Ubuntu server 8.04.  SA version is 3.1.8.  Output from uname:

Linux mybox 2.6.27-11-server #1 SMP Wed Apr 1 21:34:13 UTC 2009 x86_64 GNU/Linux

From /etc/default/spamassassin, spamd is executed on boot with:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u vpopmail -s /var/log/sa.log -x --virtual-config-dir=/home/vpopmail/domains/%d/%l"

The config file (/etc/spamassassin/local.cf) has only one line not commented:

rewrite_header Subject *****SPAM*****

Originally, the command line for spamd used "-u spamd".  Everything after the -u option has been added during my testing.  Aside from the -s item, all of the items were added/changed to correct a permissions warning I saw in the logs with every SA thread.  Every time I have altered the configuration files, I have restarted SA with "/etc/init.d/spamassassin stop; /etc/init.d/spamassassin start".

I have also tried altering SA's behavior with a user_prefs file in the appropriate directory, to no avail:

[root@mybox:/home/vpopmail/domains/testdomain.com/spam]
#> cat user_prefs
rewrite_header Subject *****SPAM*****
add_header spam x-my-header This is spam
add_header all x-another-header Try to add a header

The additional headers I tried to add never showed up.  The entire log entry from sa.log for that email:
Mon May 18 16:16:17 2009 [13485] info: spamd: connection from localhost [127.0.0.1] at port 49190
Mon May 18 16:16:17 2009 [13485] info: spamd: using default config for spam@testdomain.com: /home/vpopmail/domains/testdomain.com/spam/user_prefs
Mon May 18 16:16:17 2009 [13485] info: spamd: checking message (unknown) for spam@testdomain.com:1010
Mon May 18 16:16:21 2009 [13485] info: spamd: identified spam (9.6/5.0) for spam@testdomain.com:1010 in 3.9 seconds, 742 bytes.
Mon May 18 16:16:21 2009 [13485] info: spamd: result: Y 9 - FH_HELO_EQ_D_D_D_D,FM_SCHOOLING,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,MISSING_MID,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC scantime=3.9,size=742,user=spam@testdomain.com,uid=1010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49190,mid=(unknown),autolearn=no
Mon May 18 16:16:21 2009 [13484] info: prefork: child states: II

Open in new window

0
Comment
Question by:Steve Bink
  • 2
  • 2
4 Comments
 
LVL 21

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 400 total points
ID: 24422347
I think your /etc/default and/or /etc/spamassassin configuration is being overridden by a more "local" config.... because the default config locations for spamassassin are in either
  /usr/share/spamassassin
      or
  /etc/mail/spamassassin

both of which are folders that may contain local.cf files. (The latter is more common to version 3.x of spamassassin, so is probably the RIGHT one for you).

So, try first looking at THAT location (/etc/mail/spamassassin) for the correct local.cf, and if that works REMOVE the other one so you won't be confused later.

If that is not it, please write back for additional tips at finding the appropriate file...

Dan
IT4SOHO
0
 
LVL 51

Author Comment

by:Steve Bink
ID: 24424117
Thanks for coming in.

I have /etc/spamassassin and /etc/mail/spamassassin.  Both contain local.cf, and both show the same rewrite_header directive as the only line not commented.

The /etc/default folder has several scripts to set up run-time or environment variables for init.d scripts, spamassassin included.  In /etc/default/spamassassin, that is where I altered the startup options to include the vpopmail configuration.

I also have /usr/share/spamassassin, which appears to contain the ruleset configurations that SA uses to determine which tests to apply.  There is no local.cf there, but 10_default_prefs.cf does set some of the initial configuration items.

Is there any way to tell what files are loaded in SA's chain?  Is there any way to see the chain of actions SA thinks it must execute once a message is determined to be spam?
0
 
LVL 51

Accepted Solution

by:
Steve Bink earned 0 total points
ID: 24424357
I found it.

Because this was done through qmailrocks, SA is called with qmail-scanner-queue.  Since I did not have setuid functionality on my server, I had to use the wrapper, which calls spamc with its own command line.  That perl script also sets things like the subject tag.  Once I edited /var/bin/qmail/qmail-scanner-queue.pl to reflect the subject I wanted, it worked.

my $spamc_subject='***** SPAM *****';

What a pain.  Removing the configuration from the actual configuration files is just poor practice, but live and learn I guess.  Next time I'll try setting up qmail without all the crap in the middle.

0
 
LVL 21

Expert Comment

by:Daniel McAllister
ID: 24425681
Glad I at least pointed you in the right direction!

Your issue is one common to *nix in general, and especially QMail... because there are so many different ways to configure/customize installations, if you don't know what you're doing (or did when you installed it), it can be very difficult to track down where to make configuration changes.

Maybe *nix should adopt the Windows Registry example....

Dan
IT4SOHO
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question