debian packages - spamassassin not getting called

Julian Field mailscanner at
Sun Jun 30 14:46:57 IST 2002

Try sending yourself the "sample-spam.txt" file supplied with SpamAssassin.
The SA header will only normally be added if something actually detecteed
it as spam. If you want to always include the SA header, you'll have to
upgrade to a more recent version of MailScanner.

At 22:59 29/06/2002, you wrote:
>I'm starting to use Mailscanner and Spamassassin, via Debian 3.0 (Woody).
>Mailscanner is version 3.13 and Spamassassin is 2.20, and I am using
>Exim 4 (not part of Woody).
>Mailscanner is moving the email from one message queue to another and
>running Sophos at that time.  However I can find no trace that
>SpamAssassin is ever invoked, although I have set Use SpamAssassin =
>The mailscanner logs say "Scanning 1 message, 1260 bytes", which I
>interpret to be the virus scan.
>Should there be any log entries reflecting SpamAssassin being called ?
>Running Mailscanner in debug mode does not shed any more light on the
>Does anybody have any ideas on where I have gone wrong ?
>I will put my mailscanner.conf file below.
>Thanks in advance.
># Configuration file for MailScanner E-Mail Virus Scanner
># This file assumes everything is in the default locations provided
># by the MailScanner and RedHat 6.2 and upwards.
># Note: If your directories are symlinked (soft-linked) in any way,
>#       please put their *real* location in here, not a path that
>#       includes any links. You may get some very strange error
>#       messages from some of the virus scanners if you don't.
># User to run as (provided for Exim users)
>Run As User = mail
># Group to run as (provided for Exim users)
>Run As Group = mail
># In every batch of virus-scanning, limit the maximum
># a) number of text-only messages to deliver
># b) number of potentially infected messages to unpack and scan
># c) total size of text-only messages to deliver
># d) total size of potentially infected messages to unpack and scan
>Max Safe   Messages Per Scan = 500
>Max Unsafe Messages Per Scan = 100
>Max Safe   Bytes Per Scan = 100000000
>Max Unsafe Bytes Per Scan = 50000000
># To avoid resource leaks, re-start periodically.
>Restart Every = 14400 # 4 hours
># Name of this host, or just "the MailScanner" if you want to hide this info.
># It can be placed in the Help Desk note contained in virus warnings
>sent to users.
>Host name          =
># Add this extra header to all mail as it is scanned.
># (this must *include* terminating colon).
>Mail Header = X-MailScanner:
># Set the mail header to these values for clean/infected messages.
>Clean Header       = Certified virus free by Sophos Anti-Virus
>Infected Header    = Infected Message according to Sophos Anti-Virus
>Disinfected Header = Disinfected by Sophos Anti-Virus
># Set where to unpack incoming messages before scanning them
>Incoming Work Dir  = /var/spool/mailscanner/incoming
># Set where to store infected message attachments (if they are kept)
>Quarantine Dir     = /var/spool/mailscanner/quarantine
># Set where to store the process id so you can easily stop the scanner
>Pid File           = /var/run/mailscanner/
># Set where to find the attachment filename ruleset.
># The structure of this file is explained elsewhere, but it is used to
># accept or reject file attachments based on their name, regardless of
># whether they are infected or not.
>Filename Rules     = /etc/mailscanner/filename.rules.conf
># Set where to find the message text sent to users when one of their
># attachments has been quarantined.
>Stored Virus Message Report  = /etc/mailscanner/stored.virus.message.txt
>Stored Bad Filename Message Report  =
># Set where to find the message text sent to users when one of their
># attachments has been deleted.
>Deleted Virus Message Report = /etc/mailscanner/deleted.virus.message.txt
>Deleted Bad Filename Message Report =
># Set where to find the message text sent to users explaining about the
># attached disinfected documents.
>Disinfected Report = /etc/mailscanner/
># Set location of incoming mail queue
># and location of outgoing mail queue.
>Incoming Queue Dir = /var/spool/exim_incoming/input
>Outgoing Queue Dir = /var/spool/exim/input
># Set whether to use sendmail or exim (default is sendmail)
>MTA                = exim
># Set how to invoke MTA when sending created message
># (e.g. to sender/recipient saying "found a virus in your message")
>Sendmail           = /usr/sbin/exim
># Sendmail2 is provided for Exim users.
># It defaults to the value supplied for Sendmail.
># It is the command used to attempt delivery of outgoing
># (scanned/cleaned) messages.
># This is not usually required for sendmail.
>Sendmail2          = /usr/sbin/exim -C /etc/exim/exim.conf.outgoing
># Do you want to scan email for viruses?
># A few people have wanted to disable the entire virus scanning.
>Virus Scanning     = yes
># Which Virus Scanning package to use:
># sophos    from, or
># mcafee    from, or
># command   from, or
># kaspersky from, or
># inoculate from, or
># f-secure  from, or
># f-prot    from (which is *free* for Linux as of 1/1/2002)
># Note: If you want to use multiple virus scanners, then this should be a
># comma-separated list of virus scanners. For example:
># Virus Scanner      = sophos, f-prot
>Virus Scanner      = sophos
># Where the Virus scanner is installed. This is the command needed to run it.
># Note: If you want to use multiple virus scanners, then this should be a
># comma-separated list of commands, **in the same order** as they are listed
># in the "Virus Scanner" keyword just above. For example:
># Sweep = /etc/mailscanner/wrapper/sophoswrapper,
>Sweep = /etc/mailscanner/wrapper/sophoswrapper
># The maximum length of time the commercial virus scanner is allowed to run
># for 1 batch of messages (in seconds).
>Virus Scanner Timeout = 300
># Expand TNEF attachments using an external program?
># This should be "yes" except for Sophos (when it should be "no")
># as Sophos has the facility built-in.
>Expand TNEF        = no
># Where the MS-TNEF expander is installed.
># The new --maxsize option limits the maximum size that any expanded
># may be. It helps protect against Denial Of Service attacks in TNEF files.
>TNEF Expander      = /usr/bin/tnef --maxsize=100000000
># The maximum length of time the TNEF Expander is allowed to run for 1
># (in seconds)
>TNEF Timeout       = 120
># What should the attachments be called that replace virus-infected files?
>Attachment Warning Filename = VirusWarning.txt
># Should we scan all messages, including plain-text messages which are
># harmless? This should be "yes" since the MyParty message appeared.
>Scan All Messages = yes
># Once we have removed viruses from an email message and replaced them with
># VirusWarning.txt attachments, should we deliver the clean result to the
># original recipients (or just delete them if "no")?
>Deliver To Recipients = yes
># Deliver messages with viruses removed to their original recipients
># if they came from a local address, or just delete them so no-one knows
># we have a virus outbreak on our site?
>Deliver From Local Domains = yes
># Notify the senders of infected messages that they should check out
># their systems?
>Notify Senders = yes
># Set where to find the message text sent to the senders of infected
># messages.
>#Sender Report = /etc/mailscanner/
>Sender Virus Report        = /etc/mailscanner/
>Sender Bad Filename Report = /etc/mailscanner/
>Sender Error Report        = /etc/mailscanner/
># Notify the local postmaster when any infections are found?
>Notify Local Postmaster = yes
># Include the full headers of each message in the postmaster notification?
>Postmaster Gets Full Headers = yes
># Set email address of who to notify about any infections found.
># Should put your full domain name here too,
>#    e.g. postmaster at
>Local Postmaster = virusmaster at
># Set what to do with infected attachments or messages.
># keep   ==> Store under the "Quarantine Dir"
># delete ==> Just delete them
>#Action = delete
>Action = keep
># Should I attempt to disinfect infected attachments and then deliver
># the clean ones
>Deliver Disinfected Files = yes
># Local domain name, or filename containing a list of local domain names
># The file supports blank entries, '#' and ';' comment characters and
># uses the first word off each line. This should be compatible with all
># such lines in a sendmail or Exim configuration file.
>Local Domains =
># Mark infected messages in the message body.
># There can now be more than 1 of these configuration lines here, so you can
># break the warning message over multiple lines.
>Mark Infected Messages = yes
>Inline Text Warning = Warning: This message has had one or more
>attachments removed.
>Inline Text Warning = Warning: Please read the "VirusWarning.txt"
>attachment(s) for more information.
>Inline HTML Warning = <P><B><FONT SIZE="+1" COLOR="red">Warning:
></FONT>This message has had one or more attachments removed. Please
>read the "VirusWarning.txt" attachment(s) for more
># Sign clean messages in the message body.
># There can be more than 1 of these configuration lines here, so you can
># break the signature message over multiple lines.
># Note that enabling this option will add to the overall system load as some
># major optimisations will no longer be possible!
>Sign Clean Messages = no
>Inline Text Signature = --
>Inline Text Signature = This message has been scanned for viruses and
>Inline Text Signature = dangerous content by MailScanner, and is
>Inline Text Signature = believed to be clean.
>Inline HTML Signature = <BR>--
>Inline HTML Signature = <BR>This message has been scanned for viruses and
>Inline HTML Signature = <BR>dangerous content by
>Inline HTML Signature = <A
>Inline HTML Signature = and is<BR>believed to be clean.
># Do you want to archive all mail in a directory for later inspection?
># Be warned if you are in the UK: this may well be illegal due to RIPA
># and DPA restrictions!
>Archive Mail = no
># Where to store the mail archive.
># Be warned: this is likely to get big very quickly.
>Archive Mail Dir = /var/spool/mailscanner/archive
># Per-Domain Scanning and Spam Detection
># Do we want to only scan certain named domains for viruses and spam?
>Scanning By Domain = no
># Filename listing all the domains we want to scan
>Domains To Scan = /etc/mailscanner/
># Do we want to add a MailScanner header to messages we have not scanned
>Sign Unscanned Messages = no
># What do we want to put in the header
>Unscanned Header = not scanned: please contact your email provider for details
># Spam Detection
># Should the anti-spam checks be done on all incoming messages?
>Spam Checks = yes
># Set the name of the extra header to add to all messages found to be
># likely spam.
>Spam Header = X-MailScanner-SpamCheck:
># Do you want to put some text on the front of the subject line when
># we think it is spam?
>Spam Modify Subject = yes
># What text do we want to put on the front (gets followed by a " ")
>Spam Subject Text = {SPAM?}
># Do we have the SpamAssassin package installed?
># This is a very good, very clever heuristics-based spam checker.
># For more info and installation instructions, see
>Use SpamAssassin = yes
># Set the maximum size of message which we will check with SpamAssassin
># Don't set this too large as your system load will get very high processing
># huge messages.
>Max SpamAssassin Size = 100000
># Set the maximum time to allow SpamAssassin to process 1 message
>SpamAssassin Timeout = 10
># Set the list of database names and their corresponding DNS domains.
># All of these databases work in a similar way, allowing the simple use
># of multiple databases.
># See and for more information.
>#Spam List = ORDB-RBL,
># MAPS now charge for their services, so you'll have to buy a contract before
># attempting to use the next 3 lines.
>#Spam List = MAPS-RBL,
>#Spam List = MAPS-DUL,
>#Spam List = MAPS-RSS,
># This next line works for JANET UK Academic sites only
>#Spam List = MAPS-RBL+,
># Define local networks from whom you should always accept mail, and
># never mark it as spam. This is useful in case your own mail servers
># are ever in the ORBS or MAPS lists.
>#Accept Spam From = 152.78.
>#Accept Spam From = 139.166.
># Define a list of email addresses and email domains from whom you should
># always accept mail, and never mark it as spam. This is useful in case
># someone you correspond with a lot has their mail servers in the ORBS or
># MAPS lists.
>Spam White List = /etc/mailscanner/spam.whitelist.conf
># Advanced Features
># =================
># Don't bother changing anything below this unless you really know what
># you are doing.
># Set Debug to 1 to stop it running as a daemon
># and produce more verbose output
>Debug = 0
># Attempt immediate delivery of messages, or just place them in the outgoing
># queue for the MTA to deliver at a time of its own choosing?
># If attempting immediate delivery, do them one at a time,
>#                                or do them in batches of 30 at a time?
># Delivery Method = queue
># Delivery Method = individual
>Delivery Method = batch
># How to lock spool files.
># Don't set this unless you *know* you need to.
># For sendmail, it defaults to "flock".
># For Exim, it defaults to "posix".
># No other type is implemented.
>#Lock Type          = flock
># Where to put the virus scanning engine lock files.
># These lock files are used between MailScanner and the virus signature
># "autoupdate" scripts, to ensure that they aren't both working at the
># same time (which could cause MailScanner to let a virus through).
>Lock File Dir = /tmp
># What to do when you get several MailScanner headers in one message,
># from multiple MailScanner servers. Values are
># "append"  : Append the new data to the existing header
># "add"     : Add a new header
># "replace" : Replace the old data with the new data
># Default is "append"
>Multiple Headers = append
># Some versions of Microsoft Outlook generate unparsable Rich Text
># format attachments. Do we want to deliver these bad attachments anyway?
># Setting this to yes introduces the slight risk of a virus getting through,
># but if you have a lot of troubled Outlook users you might need to do this.
># We are working on a replacement for the TNEF decoder.
>Deliver Unparsable TNEF = no
># When attempting delivery of outgoing messages, should we do it in the
># background or wait for it to complete? The danger of doing it in the
># background is that the machine load goes ever upwards while all the
># slow sendmail processes run to completion. However, running it in the
># foreground may cause the mail server to run too slowly.
>Deliver In Background = no
># Minimum acceptable code stability status -- if we come across code
># that's not at least as stable as this, we barf.
># This is currently only used to check that you don't end up using untested
># virus scanner support code without realising it.
># Levels used are:
># none          - there may not even be any code.
># unsupported   - code may be completely untested, a contributed dirty hack,
>#                 anything, really.
># alpha         - code is pretty well untested. Don't assume it will work.
># beta          - code is tested a bit. It should work.
># supported     - code *should* be reliable.
># Don't even *think* about setting this to anything other than "beta" or
># "supported" on a system that receives real mail until you have tested it
># yourself and are happy that it is all working as you expect it to.
># Don't set it to anything other than "supported" on a system that could
># ever receive important mail.
>Minimum Code Status = supported

Julian Field                Teaching Systems Manager
jkf at         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list