• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 716
  • Last Modified:

spamassassin detecting spam but not tagging with prepended subject

I installed qmail using the qmailrocks tutorial.  It has been up and running very well for some time.  It came to my attention recently that SpamAssassin is not tagging the subject of suspect emails.  I made sure the rewrite_header configuration item in local.cf was not commented, but still no joy.  In my logs, I do see SA firing off, and sending SA's output to a specific log file shows it is running through the normal routine.  I see the X-Spam-Status and X-Spam-Level headers inserted into the target email.  I just cannot get it to tag the subject line.  How can I correct this?

Server is installed with Ubuntu server 8.04.  SA version is 3.1.8.  Output from uname:

Linux mybox 2.6.27-11-server #1 SMP Wed Apr 1 21:34:13 UTC 2009 x86_64 GNU/Linux

From /etc/default/spamassassin, spamd is executed on boot with:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u vpopmail -s /var/log/sa.log -x --virtual-config-dir=/home/vpopmail/domains/%d/%l"

The config file (/etc/spamassassin/local.cf) has only one line not commented:

rewrite_header Subject *****SPAM*****

Originally, the command line for spamd used "-u spamd".  Everything after the -u option has been added during my testing.  Aside from the -s item, all of the items were added/changed to correct a permissions warning I saw in the logs with every SA thread.  Every time I have altered the configuration files, I have restarted SA with "/etc/init.d/spamassassin stop; /etc/init.d/spamassassin start".

I have also tried altering SA's behavior with a user_prefs file in the appropriate directory, to no avail:

[root@mybox:/home/vpopmail/domains/testdomain.com/spam]
#> cat user_prefs
rewrite_header Subject *****SPAM*****
add_header spam x-my-header This is spam
add_header all x-another-header Try to add a header

The additional headers I tried to add never showed up.  The entire log entry from sa.log for that email:
Mon May 18 16:16:17 2009 [13485] info: spamd: connection from localhost [127.0.0.1] at port 49190
Mon May 18 16:16:17 2009 [13485] info: spamd: using default config for spam@testdomain.com: /home/vpopmail/domains/testdomain.com/spam/user_prefs
Mon May 18 16:16:17 2009 [13485] info: spamd: checking message (unknown) for spam@testdomain.com:1010
Mon May 18 16:16:21 2009 [13485] info: spamd: identified spam (9.6/5.0) for spam@testdomain.com:1010 in 3.9 seconds, 742 bytes.
Mon May 18 16:16:21 2009 [13485] info: spamd: result: Y 9 - FH_HELO_EQ_D_D_D_D,FM_SCHOOLING,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,MISSING_MID,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC scantime=3.9,size=742,user=spam@testdomain.com,uid=1010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49190,mid=(unknown),autolearn=no
Mon May 18 16:16:21 2009 [13484] info: prefork: child states: II

Open in new window

0
Steve Bink
Asked:
Steve Bink
  • 2
  • 2
2 Solutions
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
I think your /etc/default and/or /etc/spamassassin configuration is being overridden by a more "local" config.... because the default config locations for spamassassin are in either
  /usr/share/spamassassin
      or
  /etc/mail/spamassassin

both of which are folders that may contain local.cf files. (The latter is more common to version 3.x of spamassassin, so is probably the RIGHT one for you).

So, try first looking at THAT location (/etc/mail/spamassassin) for the correct local.cf, and if that works REMOVE the other one so you won't be confused later.

If that is not it, please write back for additional tips at finding the appropriate file...

Dan
IT4SOHO
0
 
Steve BinkAuthor Commented:
Thanks for coming in.

I have /etc/spamassassin and /etc/mail/spamassassin.  Both contain local.cf, and both show the same rewrite_header directive as the only line not commented.

The /etc/default folder has several scripts to set up run-time or environment variables for init.d scripts, spamassassin included.  In /etc/default/spamassassin, that is where I altered the startup options to include the vpopmail configuration.

I also have /usr/share/spamassassin, which appears to contain the ruleset configurations that SA uses to determine which tests to apply.  There is no local.cf there, but 10_default_prefs.cf does set some of the initial configuration items.

Is there any way to tell what files are loaded in SA's chain?  Is there any way to see the chain of actions SA thinks it must execute once a message is determined to be spam?
0
 
Steve BinkAuthor Commented:
I found it.

Because this was done through qmailrocks, SA is called with qmail-scanner-queue.  Since I did not have setuid functionality on my server, I had to use the wrapper, which calls spamc with its own command line.  That perl script also sets things like the subject tag.  Once I edited /var/bin/qmail/qmail-scanner-queue.pl to reflect the subject I wanted, it worked.

my $spamc_subject='***** SPAM *****';

What a pain.  Removing the configuration from the actual configuration files is just poor practice, but live and learn I guess.  Next time I'll try setting up qmail without all the crap in the middle.

0
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Glad I at least pointed you in the right direction!

Your issue is one common to *nix in general, and especially QMail... because there are so many different ways to configure/customize installations, if you don't know what you're doing (or did when you installed it), it can be very difficult to track down where to make configuration changes.

Maybe *nix should adopt the Windows Registry example....

Dan
IT4SOHO
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now