I did the Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch) howto. Actually I did it on three separate boxes. Everything works just fine ... with one exception ... spamassassin. I've yet to see anything anywhere that indicates spamassassin is checking any mail at all. No spamtags, no headers such as what's inserted when clamav runs on an email. I saw the comment blurp while doing the howto that says "In Debian Etch you have to activate DCC in /etc/spamassassin/v310.pre" I did that. I still get absolutely no spamassassin action. Anyone know why this would be? My thinking is that by using the howto instructions spamassassin would be operational upon completion of the howto. Apparently not. Everything else works good though.
Can you restart amavisd-new and at the same time take a look at /var/log/mail.log? amavisd-new should log which modules it loads - is SpamAssassin listed there?
I'm enclosed all the output an amavisd-new reload. It does show the spamassassin module loading. Fortunately, this mail server receives an extremely small amount of spam that is partially because of initial transaction filtering on helo's, To's, From's, etc. and because the users know how to not use their email addresses indiscriminately on the internet. It's reasonably possible that I've not had any spam delivery attempts since I brought up this setup a couple of days ago. I am unable to tell if spamassassin is actually checking the incoming or outgoing mail though. I am unable to find any sort of logging anywhere that would verify that it is. This is my first linux mail server and I probably am overlooking something but I am inclined to think there would at least be some sort of header in the email that shows a spam check was run, if nothing else. The mail.log shows clamav checks but never a spamassassin check on anything. I am not terribly worried about this because I have decided to use dspam instead as soon as I can figure out how to get it setup in this layout but I am confused as to why spamassassin doesn't seem to work when completing the howto. Here's my stats: Jul 6 12:25:06 mailsvr1 amavis[12941]: starting. /usr/sbin/amavisd-new at xxxxxx.xxxxx.xxx amavisd-new-2.4.2 (20060627), Unicode aware, LANG=en_US.UTF-8 Jul 6 12:25:06 mailsvr1 amavis[12941]: Perl version 5.008008 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Amavis::Conf 2.068 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Archive::Tar 1.30 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Archive::Zip 1.16 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module BerkeleyDB 0.31 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Compress::Zlib 1.42 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Convert::TNEF 0.17 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Convert::UUlib 1.06 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module DBD::mysql 3.0008 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module DBI 1.53 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module DB_File 1.814 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Digest::MD5 2.36 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module MIME::Entity 5.420 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module MIME:arser 5.420 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module MIME::Tools 5.420 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Mail::Header 1.74 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Mail::Internet 1.74 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Mail::SpamAssassin 3.001007 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Net::Cmd 2.26 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Net:NS 0.59 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Net::SMTP 2.29 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Net::Server 0.94 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Razor2::Client::Version 2.81 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Time::HiRes 1.86 Jul 6 12:25:06 mailsvr1 amavis[12948]: Module Unix::Syslog 0.100 Jul 6 12:25:06 mailsvr1 amavis[12948]: Amavis:B code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Amavis::Cache code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: SQL base code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: SQL::Log code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: SQL::Quarantine NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Lookup::SQL code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Lookup::LDAP code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: AM.PDP-in proto code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: SMTP-in proto code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Courier proto code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: SMTP-out proto code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Pipe-out proto code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: BSMTP-out proto code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Local-out proto code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: OS_Fingerprint code NOT loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: ANTI-VIRUS code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: ANTI-SPAM code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: ANTI-SPAM-SA code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Unpackers code loaded Jul 6 12:25:06 mailsvr1 amavis[12948]: Found $file at /usr/bin/file Jul 6 12:25:06 mailsvr1 amavis[12948]: No $dspam, not using it Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .mail Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .asc Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .uue Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .hqx Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .ync Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .F tried: unfreeze, freeze -d, melt, fcat Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .Z at /bin/uncompress Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .gz Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .bz2 at /bin/bzip2 -d Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .lzo at /usr/bin/lzop -d Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .rpm tried: rpm2cpio.pl, rpm2cpio Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .cpio at /usr/bin/pax Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .tar at /usr/bin/pax Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .deb at /usr/bin/ar Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .zip Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .rar tried: rar, unrar Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .arj tried: arj, unarj Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .arc at /usr/bin/nomarch Jul 6 12:25:06 mailsvr1 amavis[12948]: Found decoder for .zoo at /usr/bin/zoo Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .lha tried: lha Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .doc tried: ripole Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .cab tried: cabextract Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .tnef Jul 6 12:25:06 mailsvr1 amavis[12948]: Internal decoder for .tnef Jul 6 12:25:06 mailsvr1 amavis[12948]: No decoder for .exe tried: rar, unrar; lha; arj, unarj Jul 6 12:25:06 mailsvr1 amavis[12948]: Using internal av scanner code for (primary) ClamAV-clamd Jul 6 12:25:06 mailsvr1 amavis[12948]: Using internal av scanner code for (primary) check-jpeg Jul 6 12:25:06 mailsvr1 amavis[12948]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Jul 6 12:25:06 mailsvr1 amavis[12948]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4
UPDATE: I am also getting this in the mail.log: ul 6 13:51:53 mailsvr1 spamd[2354]: logger: removing stderr method Jul 6 13:51:54 mailsvr1 spamd[2360]: config: failed to parse line, skipping: dcc_add_header 1 Jul 6 13:51:54 mailsvr1 spamd[2360]: config: dcc_dccifd_path "/usr/sbin/dccifd" isn't a socket Jul 6 13:51:54 mailsvr1 spamd[2360]: config: SpamAssassin failed to parse line, "/usr/sbin/dccifd" is not valid for "dcc_dccifd_path", skipping: dcc_dccifd_path /usr/sbin/dccifd Jul 6 13:51:54 mailsvr1 spamd[2360]: config: failed to parse line, skipping: pyzor_add_header 1 Jul 6 13:51:56 mailsvr1 spamd[2360]: spamd: server started on port 783/tcp (running version 3.1.7-deb) Jul 6 13:51:56 mailsvr1 spamd[2360]: spamd: server pid: 2360 Jul 6 13:51:56 mailsvr1 spamd[2360]: spamd: server successfully spawned child process, pid 2516 Jul 6 13:51:56 mailsvr1 spamd[2360]: spamd: server successfully spawned child process, pid 2517 Jul 6 13:51:56 mailsvr1 spamd[2360]: prefork: child states: II
This happens only if the message gets more than $sa_tag_level_deflt points. $sa_tag_level_deflt is defined in your amavisd configuration. You can lower the setting - it doesn't mean that more mails get tagged as spam then because the spam level is defined in $sa_tag2_level_deflt. But you should also see something in the mail log if spam gets detected.
Well, I've gone a lot of days now and have not seen one bit of information anywhere about spamassassin actually scanning anything and it positively has not detected a single spam email and I've gotten a fair enough share of spam and it should have detected something. The effectiveness of spamassassin is questionable anyhow. I've installed POPFile as a temporary solution and simply have everyone popping through it to pickup their mail in Courier. I used POPFile with 99% + effectiveness on my windows mail server. I just transferred the database from my windows box. It immediately started detecting and tagging spam mail properly. I would prefer to use POPFile in the same way amavisd-new uses spamassassin but I don't know if that's feasible or even possible. It's probably beyond my ability but there surely has to be some way to utilize POPFile as a content filter directly in postfix, rather than a front end smtp proxy or sitting in front of courier.
POPFile is also a smtp proxy. It has an SMTP.PM module just as it has a POP3.PM and a NNTP.PM If dspam can work as a content filter in postfix I see no reason why popfile cannot. Here's a page to a dameon that has been created to allow POPfile work within the core of a windows mail server rather than as a smtp proxy in front of it. http://users.adelphia.net/~homedale/popfiled/
spamd typically should not be running when amavisd-new is in use. The comment stating otherwise is incorrect. vi /etc/default/spamassassin ENABLED=0 /etc/init.d/spamassassin stop Double check that spam scanning is enabled: http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch_p4 vi /etc/amavis/conf.d/15-content_filter_mode and make sure the proper lines are uncommented. grep amavis /var/log/mail.log | grep Hits Look at 'Hits:' If you have: Hits: -, this means spam scanning is bypassed, either because the message was larger than $sa_mail_body_size_limit or scanning is bypassed (you are not using the default @bypass_spam_checks_maps). If you get numbers after 'Hits:' then spam scanning is occuring. In order to see X-Spam headers, the recipient must be considered 'local' and the message must score above $sa_tag_level_deflt. Personally I suggest putting @local_domains_maps in 50-user: @local_domains_maps = ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); and explicitly setting $mydomain there also $mydomain = 'example.com'; $sa_tag_level_deflt = undef; you can also debug SA in amavisd-new by: amavisd-new stop amavisd-new debug-sa
I appreciate your reply mr88talent. I followed your suggested instructions and when I grep mail.log for Hits I now get numbers and I also have X-Spam header tags in email received. All seems to be okay. Thanks!
Just an update. I finally figured out how to get POPFile to work in a chain with amavisd-new rather than having it in front of postfix for SMTP or in front of Courier for POP. I enabled the SMTP module in POPFile, set it to listen on port 10026, set the smtp chain server to 127.0.0.1 and set the smtp chain server port to 10025. In /etc/amavis/conf.d/20-debian_defaults I inserted these 2 lines. $forward_method = 'smtp:[127.0.0.1]:10026'; $notify_method = 'smtp:[127.0.0.1]:10026'; amavisd-new does it's scans and passes the mail on to POPFile. POPFile does it's gig and then passes the mail back to postfix. I really don't know if this is the correct way to do it but ClamAV, Spamassassin and POPFile all scan and tag the mail and everything has been working okay for a couple of days now. I'll probably dispose of spamassassin shortly seeing that it only has about 60% accuracy and misses with POPFile are just about nil.
