How to know if spamfilter is working? [SOLVED] UPDATE: SOLVED, see: http://www.howtoforge.com/forums/showpost.php?p=190493&postcount=24 Thank's Till! HI gurus! I have a recent ISPConfig 2 on Ubuntu 8.10 from applianceforge installation and all seems works ok except the spam control... As you can see in this capture... http://www.elsxukurs.org/Snap174.jpg in the last two hours I received 3 mail clearly spam. In the last week I have received more than 200 mail clearly spam and 0 with the subject modified with "***SPAM***" How can I know if spamfilter works well? The process is working... Code: root@vito:~# ps aux | grep -i spam root 4163 0.0 0.8 29864 27188 ? Ss 00:53 0:10 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid root 4514 0.0 0.8 29864 25348 ? S 00:53 0:00 spamd child root 4516 0.0 0.8 29864 25348 ? S 00:53 0:00 spamd child Of course I have checked the "MailScan", "AntiSpam" and "Antivirus" filters with the Strategy option "Accept" Score "5.0" and rewrite subject "***SPAM***" Thank's!
The spamd daemon is not used by ispconfig 2. ISPConfig invokes the spamassassin script directly from procmail. If your spam does not get marked, then set the score to a lower value.
don't work... I changed from 5.0 to 1.0 (via ispconfig web administration) and still no detects spam... this user spamassassin prefs... Code: root@vito:/var/www/www.mysite.com/user/myuser# cat .spamassassin.rc # SpamAssassin sample procmailrc # # Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc' # if you use the spamc/spamd combination) # The condition line ensures that only messages smaller than 250 kB # (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam # isn't bigger than a few k and working with big messages can bring # SpamAssassin to its knees. :0fw * < 256000 | /usr/sbin/spamc # Mails with a score of 15 or higher are almost certainly spam (with 0.05% # false positives according to rules/STATISTICS.txt). Let's put them in a # different mbox. (This one is optional.) #:0: #* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\* #/dev/null # All mail tagged as spam (eg. with a score higher than the set threshold) # is moved to "/dev/null". #:0: #* ^X-Spam-Status: Yes #/dev/null # Work around procmail bug: any output on stderr will cause the "F" in "From" # to be dropped. This will re-add it. :0 * ^^rom[ ] { LOG="*** Dropped F off From_ header! Fixing up. " :0 fhw | sed -e '1s/^/F/' } root@vito:/var/www/www.mysite.com/user/myuser# cat .spamassassin/user_prefs # SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf' # for details of what can be tweaked. #* #* Note: this file is not read by SpamAssassin until copied into the user #* directory. At runtime, if a user has no preferences in their home directory #* already, it will be copied for them, allowing them to perform personalised #* customisation. If you want to make changes to the site-wide defaults, #* create a file in /etc/spamassassin or /etc/mail/spamassassin instead. ########################################################################### # How many hits before a mail is considered spam. required_score 1.0 rewrite_header Subject ***SPAM*** # Whitelist and blacklist addresses are now file-glob-style patterns, so # "[email protected]", "*@isp.com", or "*.domain.net" will all work. # whitelist_from [email protected] # whitelist_from # blacklist_from # URIBL support (see http://www.uribl.com) # urirhssub URIBL_BLACK multi.uribl.com. A 2 # body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') # describe URIBL_BLACK Contains an URL listed in the URIBL blacklist # tflags URIBL_BLACK net # score URIBL_BLACK 3.0 # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin rules files, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.org/tests.html . # # score SYMBOLIC_TEST_NAME n.nn # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost # definitely want to uncomment the following lines. They will switch off some # rules that detect 8-bit characters, which commonly trigger on mails using CJK # character sets, or that assume a western-style charset is in use. # # score HTML_COMMENT_8BITS 0 # score UPPERCASE_25_50 0 # score UPPERCASE_50_75 0 # score UPPERCASE_75_100 0 score AWL -100.0 As you can see, the score is changed...
within 24 hours I received over 50 mails clearly spam... http://www.elsxukurs.org/Snap176.jpg Anyone me can guide? Thank's!
What's in the .procmailrc of that user? Have you tried to update SpamAssassin's rulesets? Code: /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/sa-update
Hi, You can test your spam filter to send en email with this content XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Sorry for the delay. Thank's Falko, I executed /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/sa-update without errors, but still not detecting spam. In my user .procmailrc... Code: cat /var/www/web10/.procmailrc MAILDIR=$HOME/Maildir/ DEFAULT=$MAILDIR ORGMAIL=$MAILDIR INCLUDERC=/var/www/web10/user/10info/.mailsize.rc ## INCLUDERC=/var/www/web10/user/10info/.quota.rc INCLUDERC=/var/www/web10/user/10info/.antivirus.rc INCLUDERC=/var/www/web10/user/10info/.local-rules.rc INCLUDERC=/var/www/web10/user/10info/.html-trap.rc INCLUDERC=/var/www/web10/user/10info/.spamassassin.rc ## INCLUDERC=/var/www/web10/user/10info/.autoresponder.rc mccharlet thank's too, but yout test don't work... I have the mail my inbox withou SPAM tag.
Does Code: /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin --lint show any errors?
I know EICAR test, but GTUBE is new for me, interesting! No... Code: root@vito# /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin --lint root@vito# I'm the only one who have this problem with "ISPConfig 2 on Ubuntu 8.10 from applianceforge"? This makes me think that I've done something wrong, but I have not changed anything other than through the web interface...
I see a line from antivirus... Code: Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: by vito.elseudomini.net (Postfix) id A556D13C21A; Sun, 22 Feb 2009 20:34:54 +0100 (CET) Delivered-To: [email protected] Received: from [78.167.116.205] (unknown [78.167.116.205]) by vito.elseudomini.net (Postfix) with ESMTP id 01C3A13C218 for <[email protected]>; Sun, 22 Feb 2009 20:34:39 +0100 (CET) Received: from [78.167.116.205] by mx3.hotmail.com; Sun, 22 Feb 2009 21:34:39 +0200 From: "Blake Rossi" <[email protected]> To: <[email protected]> Subject: Re: Date: Sun, 22 Feb 2009 21:34:39 +0200 MIME-Version: 1.0 X-Security: message sanitized on vito.elseudomini.net See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.151 $Date: 2006-01-20 07:29:24-08 X-Security: The postmaster has not enabled quarantine of poisoned messages. Content-Type: multipart/related; boundary="----=_NextPart_000_000E_01C99535.5D6D0180" X-Mailer: Microsoft Office Outlook, Build 11.0.5742 Thread-Index: Aca6QHHNGGHMW6TATX9MVIXZAQ255E== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3000.0558 Message-ID: <01c99535$5d6d0180$cd74a74e@telemaquem> X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ClamAV 0.94.1rc1/9022/Sun Feb 22 03:31:59 2009 This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C99535.5D6D0180 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000F_01C99535.5D6D0180" ------=_NextPart_001_000F_01C99535.5D6D0180 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit is so often misunderstood, Noted pediatrician and author the �zeros� element of your and why everything activities this should be your in between sips of a martini. in the shuffle, piece of accurate used in the Java API "There's just such a of every internal industry In a way that lets you put For now, will be provides a Design Patterns, you'll avoid for some of such an attitude neurobiology, cogn itive the report says. render you any further services.But you don't just have the resources, are unregulated and Head First Design Patterns balanced with plenty recommended by In a way that lets you p ut children are plopped in the investments within what to expect--a visually-rich stress for children that these investments or on the real relationship Ginsburg, the report's lead author and to a mor tgage endowment. ------=_NextPart_001_000F_01C99535.5D6D0180 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
I created a test user (prova(AT)elseudomini.net) and sent (from other domain outside of ISPConfig [email protected]) a GTUBE test, here is the header... Code: root@vito:/var/www/www.elseudomini.net/user/10prova/Maildir# cat cur/1235338449.3734_1.vito.elseudomini.net\:2\, Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from triesmailnou.MYOTHERDOMAIN.COM (unknown [81.47.195.202]) by vito.elseudomini.net (Postfix) with ESMTP id 269FC13C218 for <[email protected]>; Sun, 22 Feb 2009 22:34:09 +0100 (CET) Content-Class: urn:content-classes:message MIME-Version: 1.0 X-Security: message sanitized on vito.elseudomini.net See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.151 $Date: 2006-01-20 07:29:24-08 X-Security: The postmaster has not enabled quarantine of poisoned messages. Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C99535.209CF747" Subject: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3959 Date: Sun, 22 Feb 2009 22:32:56 +0100 Message-ID: <ECE3012EF7CA654A86F6753CCE68FFAE6C2F@triesmailnou.MYOTHERDOMAIN.COM> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X thread-index: AcmVNSCVgbh+LECdQUaZRQ/TuElc4g== From: "Marc Serra" <[email protected]> To: <[email protected]> X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ClamAV 0.94.1rc1/9023/Sun Feb 22 21:11:47 2009 This is a multi-part message in MIME format. ------_=_NextPart_001_01C99535.209CF747 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X=20 For this user I have this check boxes activated... MailScan, Antispam Filter and Antviritus.
Now i'm not at work, for this reason i can't check if apparmor is enabled, but ... It's enabled by default? The answer of this question is the answer of your question
I'm sorry to hear this, but thank you for your patience! Furthermore, only I have a question ... I am the only one that happens? Some also use the same virtual machine that I? Thank's again!
Sorry to re-live this post, but i'm still trying to solve it... In the mail header you can see ... Code: ... Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-virus-status: No X-virus-checker-version: clamassassin 1.2.4 with clamscan / ClamAV 0.94.2/9180/Sun Mar 29 22:40:14 2009 X-evolution-source: imap: ... but we should see a line like this, no?... Code: X-UKC-CSSpamCheck-Checker-Version: SpamAssassin 3.2.5-1ubuntu1 why that line is missing?