CentOS 7.1 amavisd-new/spam assassin help

Hi there,

New user year, I have a ISPConfig 3 setup on CentOS 7.1 (Using the perfect server tutorial).

I used to use CentOS 6.5 and it worked really well (including the spam filters).

Since upgrading to 7.1 the Spam Filters in ISP Config seem to take no effect (I have followed the tutorial correctly 100% and even reformatted a few times).

Amavisd-new doesnt seem to take notice of any of the spam filter policys applied in ISPConfig. (Normal, Trigger Happy) etc. And instead seems to follow the rules in /etc/amavisd/amavisd.conf

$sa_tag_level_deflt = -9.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 100; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces

These rules seem to work (And it does move the spam detected here to the Junk folder)

It doesnt matter what you apply in ISP Config and with these settings I get these headers in my mail

For Ham:
X-Virus-Scanned: amavisd-new at 247ns.co.uk
X-Spam-Flag: NO
X-Spam-Score: 1.813
X-Spam-Level: *
X-Spam-Status: No, score=1.813 tagged_above=-9 required=6.2
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_08=1.781, HTML_MESSAGE=0.001,
HTML_SHORT_LINK_IMG_1=0.139, RCVD_IN_MSPIKE_H3=-0.01,
RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01,
URIBL_BLOCKED=0.001, URIBL_DBL_ABUSE_REDIR=0.001]
autolearn=no autolearn_force=no

OR
For Spam:
X-Virus-Scanned: amavisd-new at 247ns.co.uk
X-Spam-Flag: YES
X-Spam-Score: 8.639
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.639 tagged_above=-9 required=6.2
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DRUGS_ERECTILE=2.221, DRUG_ED_CAPS=1.023, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001,
SERGIO_SUBJECT_VIAGRA01=2.089, SPF_PASS=-0.001,
SUBJECT_DRUG_GAP_C=0.989, SUBJ_ALL_CAPS=1.625, UPPERCASE_50_75=0.791,
URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no

 

Thanks for the quick response till.

I dont think it does! I would imagine this would be the cause of the issue but I didnt keep an old amavisd.conf file to compare!

Here is how it looks so far in amavisd.conf

# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
# @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} );
# $redis_logging_key = 'amavis-log';
# $redis_logging_queue_size_limit = 300000; # about 250 MB / 100000

 

Yep it appears so... There is also an /etc/amavisd.conf and it seems to contain slightly different parameters, but here are the references to SQL in /etc/amavisd.conf

# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
# @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} );
# $redis_logging_key = 'amavis-log';
# $redis_logging_queue_size_limit = 300000; # about 250 MB / 100000

 

My mistakes... In /etc/amavisd.conf further down I found another reference to sql

#
# Database connection settings
#

@lookup_sql_dsn =
( ['DBI:mysql:database=dbispconfig;host=127.0.0.1;port=3306', 'ispconfig', '5******************f'] );

 

So is there I way I can ask amavisd-new to use /etc/amvisd.conf as opposed to /etc/amavisd/amavisd.conf as its config file?

 

May 6 14:28:44 mail amavis[26894]: (26894-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.sock: No such file or directory
May 6 14:28:44 mail amavis[26894]: (26894-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (2)
May 6 14:28:45 mail postfix/smtpd[26833]: disconnect from unknown[192.168.120.16]
May 6 14:28:50 mail amavis[26894]: (26894-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.sock: No such file or directory
May 6 14:28:50 mail amavis[26894]: (26894-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.sock (All attempts (1) failed connecting to /var/run/clamav/clamd.sock) at (eval 98) line 608.\n
May 6 14:28:50 mail amavis[26894]: (26894-01) (!)WARN: all primary virus scanners failed, considering backups

 

Thanks till! That is filtering mail based on settings in ISPConfig now

See my post above however for a new error - I will checkout the differences in the 2 config files as to why this might be happening now but thought I would post the log.

Regards,
Jim

 

Was an issue with the path of the clamd socket.

e.g.
BACKUP FILE:
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
NEW FILE:
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,

I have updated the new file now to /var/run/clamd.amavisd/clamd.sock instead of /var/run/clamav/clamd.sock
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

 

Working perfectly!! Been an issue for a long time - even installed a mail firewall but spam engines were bypassing mx records and sending straight to the server!

Thanks for the good work till.