spamc, spamd and spamassassin

Steve Freegard steve.freegard at fsl.com
Thu Oct 15 16:39:11 IST 2009 

Roland de Lepper wrote:
> Hi there,
> 
> I'm evaluating MailScanner, the commecrial edition from FSL.
> They provide a nice set of installation packages which can be downloaded
> via yum groupinstall.
> 
> I installed the software from their server, including spamassassin.
> I did some test from the website declude.com. This site provide simple
> tests to test your spamassassin and virus scanner.
> 
> The badheader, spamheader and routing test fail. This means, it will go
> through Mailscanner and the email is delivered to the recipient.
> 
> This not good, because i tested it with another domain, which have
> Mailscanner in front of it, and those mails were blocked. I can not see
> have the other MailScanner is configured.
> 
> So I did some tests with spamassasin. The default packages from FSL
> contains only spamc. The parameter "Use Spamassassin" in MailScanner is
> set to YES.
> 
> [root at eumailscan tmp]# spamc < ClamAV.update.log
> --------------------------------------
> ClamAV update process started at Thu Oct 15 15:07:02 2009
> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder:
> sven)
> Downloading daily-9900.cdiff [100%]
> daily.cld updated (version: 9900, sigs: 84847, f-level: 43, builder: sven)
> Database updated (629882 signatures) from db.nl.clamav.net (IP: 194.109.6.97)
> Clamd successfully notified about the update.
> [root at eumailscan tmp]#
> 
> [root at eumailscan tmp]# spamassassin < ClamAV.update.log
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
> 	eumailscan.cvislabs.eu
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.4 required=5.0 tests=MISSING_DATE,MISSING_HB_SEP,
> 	MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
> 	NO_RELAYS autolearn=no version=3.2.5
> X-Spam-Report:
> 	*  0.0 MISSING_MID Missing Message-Id: header
> 	*  0.0 MISSING_DATE Missing Date: header
> 	* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
> 	*  2.5 MISSING_HB_SEP Missing blank line between message header and body
> 	*  1.6 MISSING_HEADERS Missing To: header
> 	*  1.3 MISSING_SUBJECT Missing Subject: header
> 	* -0.0 NO_RECEIVED Informational: message has no Received headers
> 	*  0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
> 	*      headers
> --------------------------------------
> Subject: [SPAM]
> X-Spam-Prev-Subject: (nonexistent)
> ClamAV update process started at Thu Oct 15 15:07:02 2009
> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder:
> sven)
> Downloading daily-9900.cdiff [100%]
> daily.cld updated (version: 9900, sigs: 84847, f-level: 43, builder: sven)
> Database updated (629882 signatures) from db.nl.clamav.net (IP: 194.109.6.97)
> Clamd successfully notified about the update.
> [root at eumailscan tmp]#
> 
> You see the difference? It is checking the headers!

No - it's not; the command 'spamassassin' gives totally different output
to 'spamc' by default.  Both are checking the headers but spamc is
simply not reporting the score (you have to run 'spamc --full < message'
to get the equivalent output.

> MailScanne is blocking spam though, but not from the test from declude.com.

The declude.com tests will pass through SpamAssassin as they are not
particularly 'good' anti-spam tests; they rely on the 'filter' to reject
the message bad upon one bad attribute (in the case of badheader - this
is merely a mis-formatted Date: header!).  SpamAssassin tests are
designed so that one bad attribute does not cause the message to be
tagged as spam or rejected as that would easily cause false-positives.

> No spamc or spamassassin deamon is running on my system.

> So how does MailScanner calls SpamAssassin? Does it call spamc instead
of Spamassassin?

MailScanner does not use spamd/spamd at all - it calls SpamAssassin via
the Perl API, so all you will see is the MailScanner processes.

> 
> Hope somebody can clearify my problem.
> 

Sure - you don't have a problem; MailScanner and SpamAssassin are
running as they were designed.  The declude.com tests are flawed as is
their implementation.  It's designed to fail with anything but their own
filter.

The implementation of the test is so flawed that it trips my own servers
pipelining checks (e.g. it sends all the SMTP commands without waiting
for a response - which is illegal if using SMTP (e.g. HELO vs EHLO):

220-mta11.safeguardmail.net SMTP Welcome to smtpf #633 (l9EBY0201453145500)
HELO www.declude.com
220 Copyright 2006, 2009 by SnertSoft. All rights reserved.
MAIL FROM: <webmaster-vir at declude.com>
250 Hello declude.com [216.144.195.82] #256 (l9EBY0201453145500)
RCPT TO: <steve.freegard at fsl.com>
250 2.1.0 sender  accepted #283 (l9EBY0201453145500)
DATA
550-5.3.3 pipelining not allowed #643 (l9EBY0201453145500) White list
via
http://mta11.safeguardmail.net/barricademx/click.php?h=l9EBY25a6134e025c9b82a9daaf928997922b2&c=click:declude.com,webmaster-vir@declude.com


Sorry, an error occurred!


Regards,
Steve.

More information about the MailScanner mailing list