amavis + spamassassin

4integration · Jul 22, 2007

Hello,

I can not get amavis + spamassassin to work. Using Postfix and Dovecot. Some headers in mails are missing, I have:
X-Virus-Scanned: Debian amavisd-new at mail.mydomain.com
but no "X-Spam-Checker-Version", "X-Spam-Level", "X-Spam-Status".
I also mis "X-Virus-Status"

Postfix master.cf have the following at the bottom:

Code:

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

and main.cf

Code:

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

The file /etc/amavis/conf.d/15-content_filter_mode looks:

Code:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # insure a defined return

and the file: vi /etc/amavis/conf.d/20-debian_defaults

Code:

use strict;

$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

# Quota limits to avoid bombs (like 42.zip)

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes

# You should:
#   Use D_DISCARD to discard data (viruses)
#   Use D_BOUNCE to generate local bounces by amavisd-new
#   Use D_REJECT to generate local or remote bounces by the calling MTA
#   Use D_PASS to deliver the message
#
# Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
# mail to your account.  Use D_BOUNCE instead, otherwise you are delegating
# the bounce work to your friendly forwarders, which might not like it at all.
#
# On dual-MTA setups, one can often D_REJECT, as this just makes your own
# MTA generate the bounce message.  Test it first.
#
# Bouncing viruses is stupid, always discard them after you are sure the AV
# is working correctly.  Bouncing real SPAM is also useless, if you cannot
# D_REJECT it (and don't D_REJECT mail coming from your forwarders!).

$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;

Any idea what's wrong??

falko · Jul 23, 2007

Can you restart amavisd and take a look at the mail log? amavisd logs which modules it loads; is SpamAssassin listed there? Any errors in the log?

4integration · Jul 23, 2007

Below is the output from mail.log which shows spamassassin. I have also changed the parameter for "$sa_tag_level_deflt" to -1000 to always add headers (in /etc/amavis/conf.d/20-debian_defaults).

Right after I restarted the amavisd I saw something interesting in mail.log:

If I send a non-spam test message from my gmail account, the spam-related headers are not added. Why? It's seems to partly work but exactly as I want it.

Is there any good "send-test-spam-online-service" that are reliable?

mail.log when restarting amavisd:

Code:

Jul 23 21:09:24 frodo amavis[21734]: starting.  /usr/sbin/amavisd-new at frodo.jarkeborn.se amavisd-new-2.4.2 (20060627), Unicode aware, LANG=en_US.UTF-8
Jul 23 21:09:24 frodo amavis[21734]: Perl version               5.008008
Jul 23 21:09:26 frodo amavis[21739]: Module Amavis::Conf        2.068
Jul 23 21:09:26 frodo amavis[21739]: Module Archive::Tar        1.30
Jul 23 21:09:26 frodo amavis[21739]: Module Archive::Zip        1.16
Jul 23 21:09:26 frodo amavis[21739]: Module BerkeleyDB          0.31
Jul 23 21:09:26 frodo amavis[21739]: Module Compress::Zlib      1.42
Jul 23 21:09:26 frodo amavis[21739]: Module Convert::TNEF       0.17
Jul 23 21:09:26 frodo amavis[21739]: Module Convert::UUlib      1.06
Jul 23 21:09:26 frodo amavis[21739]: Module DBD::mysql          3.0008
Jul 23 21:09:26 frodo amavis[21739]: Module DBI                 1.53
Jul 23 21:09:26 frodo amavis[21739]: Module DB_File             1.814
Jul 23 21:09:26 frodo amavis[21739]: Module Digest::MD5         2.36
Jul 23 21:09:26 frodo amavis[21739]: Module MIME::Entity        5.420
Jul 23 21:09:26 frodo amavis[21739]: Module MIME::Parser        5.420
Jul 23 21:09:26 frodo amavis[21739]: Module MIME::Tools         5.420
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::Header        1.74
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::Internet      1.74
Jul 23 21:09:26 frodo amavis[21739]: Module Mail::SPF::Query    1.999001
[B]Jul 23 21:09:26 frodo amavis[21739]: Module Mail::SpamAssassin  3.001007[/B]
Jul 23 21:09:26 frodo amavis[21739]: Module Net::Cmd            2.26
Jul 23 21:09:26 frodo amavis[21739]: Module Net::DNS            0.59
Jul 23 21:09:26 frodo amavis[21739]: Module Net::SMTP           2.29
Jul 23 21:09:26 frodo amavis[21739]: Module Net::Server         0.94
Jul 23 21:09:26 frodo amavis[21739]: Module Razor2::Client::Version 2.81
Jul 23 21:09:26 frodo amavis[21739]: Module Time::HiRes         1.86
Jul 23 21:09:26 frodo amavis[21739]: Module Unix::Syslog        0.100
Jul 23 21:09:26 frodo amavis[21739]: Amavis::DB code      loaded
Jul 23 21:09:26 frodo amavis[21739]: Amavis::Cache code   loaded
Jul 23 21:09:26 frodo amavis[21739]: SQL base code        NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: SQL::Log code        NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: SQL::Quarantine      NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: Lookup::SQL code     NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: Lookup::LDAP code    NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: AM.PDP-in proto code loaded
Jul 23 21:09:26 frodo amavis[21739]: SMTP-in proto code   loaded
Jul 23 21:09:26 frodo amavis[21739]: Courier proto code   NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: SMTP-out proto code  loaded
Jul 23 21:09:26 frodo amavis[21739]: Pipe-out proto code  NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: BSMTP-out proto code NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: Local-out proto code loaded
Jul 23 21:09:26 frodo amavis[21739]: OS_Fingerprint code  NOT loaded
Jul 23 21:09:26 frodo amavis[21739]: ANTI-VIRUS code      loaded
Jul 23 21:09:26 frodo amavis[21739]: ANTI-SPAM code       loaded
Jul 23 21:09:26 frodo amavis[21739]: ANTI-SPAM-SA code    loaded
Jul 23 21:09:26 frodo amavis[21739]: Unpackers code       loaded
Jul 23 21:09:26 frodo amavis[21739]: Found $file            at /usr/bin/file
Jul 23 21:09:26 frodo amavis[21739]: No $dspam,             not using it
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .mail
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .asc
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .uue
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .hqx
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .ync
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .Z    at /bin/uncompress
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .gz
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .bz2  at /bin/bzip2 -d
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .lzo  at /usr/bin/lzop -d
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .cpio at /usr/bin/pax
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .tar  at /usr/bin/pax
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .deb  at /usr/bin/ar
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .zip
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .rar  at /usr/bin/rar
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .arj  at /usr/bin/arj
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .arc  at /usr/bin/nomarch
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .zoo  at /usr/bin/zoo
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .lha  tried: lha
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .doc  tried: ripole
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .cab  at /usr/bin/cabextract
Jul 23 21:09:26 frodo amavis[21739]: No decoder for       .tnef
Jul 23 21:09:26 frodo amavis[21739]: Internal decoder for .tnef
Jul 23 21:09:26 frodo amavis[21739]: Found decoder for    .exe  at /usr/bin/rar; /usr/bin/arj
Jul 23 21:09:26 frodo amavis[21739]: Using internal av scanner code for (primary) ClamAV-clamd
Jul 23 21:09:26 frodo amavis[21739]: Using internal av scanner code for (primary) check-jpeg
Jul 23 21:09:26 frodo amavis[21739]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jul 23 21:09:26 frodo amavis[21739]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4

The file /etc/spamassassin/local.cf contains:

Code:

# dcc
use_dcc 1
dcc_path /usr/bin/dccproc
dcc_add_header 1
dcc_dccifd_path /usr/sbin/dccifd

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_add_header 1

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

4integration · Jul 24, 2007

I think I found something...

From http://workaround.org/articles/ispmail-etch/#step-10-amavis-filtering-spam-and-viruses I found the quote below and added the similar in my config /etc/amavis/conf.d/50-user

so it looks like:
Code:
$pax='pax';
[I][B]
@lookup_sql_dsn = (
    ['DBI:mysql:database=mail;host=127.0.0.1;port=3306',
     'mailuser',
     'mailuserpassword']);

$sql_select_policy = 'SELECT domain FROM domain WHERE CONCAT("@",domain) IN (%k)';[/B][/I]
What's the purpose of "pax"?

It seems that the added lines make things to work and headers contains:
Code:
X-Virus-Scanned: Debian amavisd-new at mail.jarkeborn.se
X-Spam-Score: 1.178
X-Spam-Level: *
X-Spam-Status: No, score=1.178 required=6.31 tests=[AWL=-0.496,
	DRUGS_ERECTILE=0.1, HTML_10_20=0.945, HTML_MESSAGE=0.001,
	HTML_SHORT_LENGTH=0.629, SPF_PASS=-0.001]
And another issue to take care of: AMaViS tries to find out whether a certain email is incoming (sent from the internet to your domains) or outgoing (sent from your system to the internet) by looking at the @acl_local_domains setting. You need to tell AMaVis where to check if a certain domain is one of your destination domains. Edit the /etc/amavis/conf.d/50-user file and before the "1;" enter these lines:
Code:
@lookup_sql_dsn = (
    ['DBI:mysql:database=mailserver;host=127.0.0.1;port=3306',
     'mailuser',
     'mailuser2007']);

$sql_select_policy = 'SELECT name FROM virtual_domains WHERE CONCAT("@",name) IN (%k)';
The @lookup_sql_dsn defines how AMaVis can access your database. And the $sql_select_policy sets the SQL query that is run when AMaVis wants to determine if the destination domain of the currently scanned email is one of your virtual domains. The %k is a list of strings that AMaVis expects to find. The actual query will look like this:
Code:
SELECT name
FROM virtual_domains
WHERE CONCAT("@",name)
IN (
    '[email protected]',
    'john',
    '@example.com',
    '@.example.com',
    '@.com',
    '@.')
This may look a bit weird. But in the end the string '@example.com' is searched for.
Click to expand...

jimavis · Sep 13, 2007

@lookup_sql_dsn = (
['DBI:mysql:database=mailserver;host=127.0.0.1;port=3306',
'mailuser',
'mailuser2007']);

$sql_select_policy = 'SELECT name FROM virtual_domains WHERE CONCAT("@",name) IN (%k)';
Click to expand...

I did the howto forge tutor "postfix and amavis-new for etch with spamassassassing"

I tried the following sql query.

@lookup_sql_dsn = (
['DBI:mysql:database=mail;host=127.0.0.1;port=3306',
'mail_admin',
'mail_admin_password']);

$sql_select_policy = 'SELECT domain FROM domains WHERE CONCAT("@",domain) IN (%k)';

I receive emails, now with spam scan into the haeder!

X-Spam-Score: 0.963
X-Spam-Level:
X-Spam-Status: No, score=0.963 tagged_above=2.0 required=6

Log in or Sign up

amavis + spamassassin

4integration New Member

falko Super Moderator Howtoforge Staff

4integration New Member

4integration New Member

jimavis New Member

Share This Page

Log in or Sign up

amavis + spamassassin

4integration New Member

falko Super Moderator Howtoforge Staff

4integration New Member

4integration New Member

jimavis New Member

Share This Page

Useful Searches