SpamAssassin not marking spam

[sos]

I have recently setup postfix+fetchmail+spamassassin+dovecot imap/pop3 server

I have a couple of users setup to download mail via imap
and I am trying to get spamassassin to mark spams correctly.

My problem is that no spam is marked at all. If I run spamd in debug mode I can see the mail coming in and being checked. Usually saying its a clean msg, for example:

[25855] info: spamd: processing message <YzI5elFITnZjMk5oYkdkaGNua3VZMjl0Cg==@plutocable.com> for spamfilter:504
[25855] info: spamd: clean message (1.0/5.0) for spamfilter:504 in 2.0 seconds, 7042 bytes.


At the client end I can check the email headers and see evidence of SA at work, basically the same info that spamd is giving me.

I have tried using sa-learn to teach SA but to no avail.

I suspect that I have something misconfigured because nothing is getting marked as spam.

 

[RhythmAce]

First you need procmail to pass the mail to spamassassin. Here is my /etc/procmailrc:

DROPPRIVS=yes
:0fw
| /usr/bin/spamassassin

Add this these lines if you want to throw away everything considered as spam:

:0
* ^X-Spam-Status: Yes
/dev/null

Here is my /etc/mail/spamassassin/local.cf

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

This prepends "[SPAM]" to the Subject line.

Good luck

 

[sos]

Thanx for the reply RhythmAce,

Ok so I created the file /etc/procmailrc and removed the
~/user/.procmailrc files for each user.

my local.cf file for SA already had:

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

I got some msgs with [SPAM] in the subject so it seems
to be working. Thanx again.

 

[sos]

Also just wondering is it possible to still have .procmailrc
in each users home directory as well as /etc/procmailrc? I wasn't sure thats why I removed them?

 

[thedaver]

I believe, much like qmail, that the local/user version of the rc file will over-ride any settings establish in the central version. I think the central is regarded as the default so that >something< is processed....

Perhaps you had an error in your local rc that went un-noticed? Perhaps permissions to read the file!?

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[gbaughma]

You know, I occasionally have issues where my SpamAssassin stops working.... if you follow the method of actually saving the spam in a file... for example "probablyspam" and "almostcertainlyspam", etc. once those files get to be a certain size, SpamAssassin stops storing emails in those files, and starts delivering them again.

I don't know if that's your issue, if you're saving the e-mails for further analysis, or just sending them to /dev/null ... but if you're saving them, make sure you clean out the files every so often.



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

 

[zeland]

When I first setup postfix+sa+dovecot box, according to the docs I read, I has only to put these 2 lines in postfix's master.cf file.

smtp inet n - n - - smtpd -o content_filter=spamassassin

at the beginning of the file and

spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail.postfix -oi -f ${send
er} ${recipient}

at the end. This, I assume pipes mail directly into spamd without the need of going through procmail. The only thing I use procmail for is to move all mail marked as [SPAM] into the users trash folder.

Also, sa-learn "trains" spamd to gradually recognize certain words/phrases in an email as spam. Everytime you run spam through sa-learn, spamd will add a little more weight to its next scoring of spam. You would have most certainly notice spam scores like clean message (-1.7/4.0) or identified spam (17.6/4.0) in your maillog. You may want to lower you detection threshold by tweeking required_hits to a smaller number if a lot of spam is still coming through.

I've setup a public spam/ham imap folder that allows my users to copy undetected spam and false positives to them and later run sa-learn on these 2 folder everynight via a cron job.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[gbaughma]

You know, I never understood how to make SpamAssassin "Learn". Can someone give me a simple run-down of what I have to do? Right now, here's my SpamAssassin setup, in each of my .procmailrc files for each user:

:0fw: spamassassin.lock
* < 256000
| spamassassin

:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
almost-certainly-spam

:0:
* ^X-Spam-Status: Yes
probably-spam

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped. This will re-add it.
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "

:0 fhw
| sed -e '1s/^/F/'
}

... is this correct? It doesn't seem to be catching EVERYTHING, and I'd *love* to be able to have it "learn". Spammers are getting sneakier.... flooding the bottom of the message with random words (usually in an invisible font).

Any thoughts on a better way of setting this up? Thanks in advance!



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg