Solved

spamassassin detecting spam but not tagging with prepended subject

Posted on 2009-05-18
4
702 Views
Last Modified: 2013-12-09
I installed qmail using the qmailrocks tutorial.  It has been up and running very well for some time.  It came to my attention recently that SpamAssassin is not tagging the subject of suspect emails.  I made sure the rewrite_header configuration item in local.cf was not commented, but still no joy.  In my logs, I do see SA firing off, and sending SA's output to a specific log file shows it is running through the normal routine.  I see the X-Spam-Status and X-Spam-Level headers inserted into the target email.  I just cannot get it to tag the subject line.  How can I correct this?

Server is installed with Ubuntu server 8.04.  SA version is 3.1.8.  Output from uname:

Linux mybox 2.6.27-11-server #1 SMP Wed Apr 1 21:34:13 UTC 2009 x86_64 GNU/Linux

From /etc/default/spamassassin, spamd is executed on boot with:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u vpopmail -s /var/log/sa.log -x --virtual-config-dir=/home/vpopmail/domains/%d/%l"

The config file (/etc/spamassassin/local.cf) has only one line not commented:

rewrite_header Subject *****SPAM*****

Originally, the command line for spamd used "-u spamd".  Everything after the -u option has been added during my testing.  Aside from the -s item, all of the items were added/changed to correct a permissions warning I saw in the logs with every SA thread.  Every time I have altered the configuration files, I have restarted SA with "/etc/init.d/spamassassin stop; /etc/init.d/spamassassin start".

I have also tried altering SA's behavior with a user_prefs file in the appropriate directory, to no avail:

[root@mybox:/home/vpopmail/domains/testdomain.com/spam]
#> cat user_prefs
rewrite_header Subject *****SPAM*****
add_header spam x-my-header This is spam
add_header all x-another-header Try to add a header

The additional headers I tried to add never showed up.  The entire log entry from sa.log for that email:
Mon May 18 16:16:17 2009 [13485] info: spamd: connection from localhost [127.0.0.1] at port 49190

Mon May 18 16:16:17 2009 [13485] info: spamd: using default config for spam@testdomain.com: /home/vpopmail/domains/testdomain.com/spam/user_prefs

Mon May 18 16:16:17 2009 [13485] info: spamd: checking message (unknown) for spam@testdomain.com:1010

Mon May 18 16:16:21 2009 [13485] info: spamd: identified spam (9.6/5.0) for spam@testdomain.com:1010 in 3.9 seconds, 742 bytes.

Mon May 18 16:16:21 2009 [13485] info: spamd: result: Y 9 - FH_HELO_EQ_D_D_D_D,FM_SCHOOLING,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,MISSING_MID,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC scantime=3.9,size=742,user=spam@testdomain.com,uid=1010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49190,mid=(unknown),autolearn=no

Mon May 18 16:16:21 2009 [13484] info: prefork: child states: II

Open in new window

0
Comment
Question by:Steve Bink
  • 2
  • 2
4 Comments
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 100 total points
ID: 24422347
I think your /etc/default and/or /etc/spamassassin configuration is being overridden by a more "local" config.... because the default config locations for spamassassin are in either
  /usr/share/spamassassin
      or
  /etc/mail/spamassassin

both of which are folders that may contain local.cf files. (The latter is more common to version 3.x of spamassassin, so is probably the RIGHT one for you).

So, try first looking at THAT location (/etc/mail/spamassassin) for the correct local.cf, and if that works REMOVE the other one so you won't be confused later.

If that is not it, please write back for additional tips at finding the appropriate file...

Dan
IT4SOHO
0
 
LVL 50

Author Comment

by:Steve Bink
ID: 24424117
Thanks for coming in.

I have /etc/spamassassin and /etc/mail/spamassassin.  Both contain local.cf, and both show the same rewrite_header directive as the only line not commented.

The /etc/default folder has several scripts to set up run-time or environment variables for init.d scripts, spamassassin included.  In /etc/default/spamassassin, that is where I altered the startup options to include the vpopmail configuration.

I also have /usr/share/spamassassin, which appears to contain the ruleset configurations that SA uses to determine which tests to apply.  There is no local.cf there, but 10_default_prefs.cf does set some of the initial configuration items.

Is there any way to tell what files are loaded in SA's chain?  Is there any way to see the chain of actions SA thinks it must execute once a message is determined to be spam?
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 0 total points
ID: 24424357
I found it.

Because this was done through qmailrocks, SA is called with qmail-scanner-queue.  Since I did not have setuid functionality on my server, I had to use the wrapper, which calls spamc with its own command line.  That perl script also sets things like the subject tag.  Once I edited /var/bin/qmail/qmail-scanner-queue.pl to reflect the subject I wanted, it worked.

my $spamc_subject='***** SPAM *****';

What a pain.  Removing the configuration from the actual configuration files is just poor practice, but live and learn I guess.  Next time I'll try setting up qmail without all the crap in the middle.

0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24425681
Glad I at least pointed you in the right direction!

Your issue is one common to *nix in general, and especially QMail... because there are so many different ways to configure/customize installations, if you don't know what you're doing (or did when you installed it), it can be very difficult to track down where to make configuration changes.

Maybe *nix should adopt the Windows Registry example....

Dan
IT4SOHO
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now