Solved

spamassassin detecting spam but not tagging with prepended subject

Posted on 2009-05-18
4
706 Views
Last Modified: 2013-12-09
I installed qmail using the qmailrocks tutorial.  It has been up and running very well for some time.  It came to my attention recently that SpamAssassin is not tagging the subject of suspect emails.  I made sure the rewrite_header configuration item in local.cf was not commented, but still no joy.  In my logs, I do see SA firing off, and sending SA's output to a specific log file shows it is running through the normal routine.  I see the X-Spam-Status and X-Spam-Level headers inserted into the target email.  I just cannot get it to tag the subject line.  How can I correct this?

Server is installed with Ubuntu server 8.04.  SA version is 3.1.8.  Output from uname:

Linux mybox 2.6.27-11-server #1 SMP Wed Apr 1 21:34:13 UTC 2009 x86_64 GNU/Linux

From /etc/default/spamassassin, spamd is executed on boot with:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u vpopmail -s /var/log/sa.log -x --virtual-config-dir=/home/vpopmail/domains/%d/%l"

The config file (/etc/spamassassin/local.cf) has only one line not commented:

rewrite_header Subject *****SPAM*****

Originally, the command line for spamd used "-u spamd".  Everything after the -u option has been added during my testing.  Aside from the -s item, all of the items were added/changed to correct a permissions warning I saw in the logs with every SA thread.  Every time I have altered the configuration files, I have restarted SA with "/etc/init.d/spamassassin stop; /etc/init.d/spamassassin start".

I have also tried altering SA's behavior with a user_prefs file in the appropriate directory, to no avail:

[root@mybox:/home/vpopmail/domains/testdomain.com/spam]
#> cat user_prefs
rewrite_header Subject *****SPAM*****
add_header spam x-my-header This is spam
add_header all x-another-header Try to add a header

The additional headers I tried to add never showed up.  The entire log entry from sa.log for that email:
Mon May 18 16:16:17 2009 [13485] info: spamd: connection from localhost [127.0.0.1] at port 49190
Mon May 18 16:16:17 2009 [13485] info: spamd: using default config for spam@testdomain.com: /home/vpopmail/domains/testdomain.com/spam/user_prefs
Mon May 18 16:16:17 2009 [13485] info: spamd: checking message (unknown) for spam@testdomain.com:1010
Mon May 18 16:16:21 2009 [13485] info: spamd: identified spam (9.6/5.0) for spam@testdomain.com:1010 in 3.9 seconds, 742 bytes.
Mon May 18 16:16:21 2009 [13485] info: spamd: result: Y 9 - FH_HELO_EQ_D_D_D_D,FM_SCHOOLING,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,MISSING_MID,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC scantime=3.9,size=742,user=spam@testdomain.com,uid=1010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49190,mid=(unknown),autolearn=no
Mon May 18 16:16:21 2009 [13484] info: prefork: child states: II

Open in new window

0
Comment
Question by:Steve Bink
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 100 total points
ID: 24422347
I think your /etc/default and/or /etc/spamassassin configuration is being overridden by a more "local" config.... because the default config locations for spamassassin are in either
  /usr/share/spamassassin
      or
  /etc/mail/spamassassin

both of which are folders that may contain local.cf files. (The latter is more common to version 3.x of spamassassin, so is probably the RIGHT one for you).

So, try first looking at THAT location (/etc/mail/spamassassin) for the correct local.cf, and if that works REMOVE the other one so you won't be confused later.

If that is not it, please write back for additional tips at finding the appropriate file...

Dan
IT4SOHO
0
 
LVL 50

Author Comment

by:Steve Bink
ID: 24424117
Thanks for coming in.

I have /etc/spamassassin and /etc/mail/spamassassin.  Both contain local.cf, and both show the same rewrite_header directive as the only line not commented.

The /etc/default folder has several scripts to set up run-time or environment variables for init.d scripts, spamassassin included.  In /etc/default/spamassassin, that is where I altered the startup options to include the vpopmail configuration.

I also have /usr/share/spamassassin, which appears to contain the ruleset configurations that SA uses to determine which tests to apply.  There is no local.cf there, but 10_default_prefs.cf does set some of the initial configuration items.

Is there any way to tell what files are loaded in SA's chain?  Is there any way to see the chain of actions SA thinks it must execute once a message is determined to be spam?
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 0 total points
ID: 24424357
I found it.

Because this was done through qmailrocks, SA is called with qmail-scanner-queue.  Since I did not have setuid functionality on my server, I had to use the wrapper, which calls spamc with its own command line.  That perl script also sets things like the subject tag.  Once I edited /var/bin/qmail/qmail-scanner-queue.pl to reflect the subject I wanted, it worked.

my $spamc_subject='***** SPAM *****';

What a pain.  Removing the configuration from the actual configuration files is just poor practice, but live and learn I guess.  Next time I'll try setting up qmail without all the crap in the middle.

0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 24425681
Glad I at least pointed you in the right direction!

Your issue is one common to *nix in general, and especially QMail... because there are so many different ways to configure/customize installations, if you don't know what you're doing (or did when you installed it), it can be very difficult to track down where to make configuration changes.

Maybe *nix should adopt the Windows Registry example....

Dan
IT4SOHO
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question