spamc, spamd and spamassassin

Roland de Lepper roland.de.lepper at cvis.nl
Thu Oct 15 17:03:14 IST 2009


Hi Steve,

Thanks for clarifying my "issue". It makes all sense now.

kind regards,

Roland

> Roland de Lepper wrote:
>> Hi there,
>>
>> I'm evaluating MailScanner, the commecrial edition from FSL.
>> They provide a nice set of installation packages which can be downloaded
>> via yum groupinstall.
>>
>> I installed the software from their server, including spamassassin.
>> I did some test from the website declude.com. This site provide simple
>> tests to test your spamassassin and virus scanner.
>>
>> The badheader, spamheader and routing test fail. This means, it will go
>> through Mailscanner and the email is delivered to the recipient.
>>
>> This not good, because i tested it with another domain, which have
>> Mailscanner in front of it, and those mails were blocked. I can not see
>> have the other MailScanner is configured.
>>
>> So I did some tests with spamassasin. The default packages from FSL
>> contains only spamc. The parameter "Use Spamassassin" in MailScanner is
>> set to YES.
>>
>> [root at eumailscan tmp]# spamc < ClamAV.update.log
>> --------------------------------------
>> ClamAV update process started at Thu Oct 15 15:07:02 2009
>> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder:
>> sven)
>> Downloading daily-9900.cdiff [100%]
>> daily.cld updated (version: 9900, sigs: 84847, f-level: 43, builder:
>> sven)
>> Database updated (629882 signatures) from db.nl.clamav.net (IP:
>> 194.109.6.97)
>> Clamd successfully notified about the update.
>> [root at eumailscan tmp]#
>>
>> [root at eumailscan tmp]# spamassassin < ClamAV.update.log
>> X-Spam-Flag: YES
>> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
>> 	eumailscan.cvislabs.eu
>> X-Spam-Level: *****
>> X-Spam-Status: Yes, score=5.4 required=5.0
>> tests=MISSING_DATE,MISSING_HB_SEP,
>> 	MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
>> 	NO_RELAYS autolearn=no version=3.2.5
>> X-Spam-Report:
>> 	*  0.0 MISSING_MID Missing Message-Id: header
>> 	*  0.0 MISSING_DATE Missing Date: header
>> 	* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
>> 	*  2.5 MISSING_HB_SEP Missing blank line between message header and
>> body
>> 	*  1.6 MISSING_HEADERS Missing To: header
>> 	*  1.3 MISSING_SUBJECT Missing Subject: header
>> 	* -0.0 NO_RECEIVED Informational: message has no Received headers
>> 	*  0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
>> 	*      headers
>> --------------------------------------
>> Subject: [SPAM]
>> X-Spam-Prev-Subject: (nonexistent)
>> ClamAV update process started at Thu Oct 15 15:07:02 2009
>> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder:
>> sven)
>> Downloading daily-9900.cdiff [100%]
>> daily.cld updated (version: 9900, sigs: 84847, f-level: 43, builder:
>> sven)
>> Database updated (629882 signatures) from db.nl.clamav.net (IP:
>> 194.109.6.97)
>> Clamd successfully notified about the update.
>> [root at eumailscan tmp]#
>>
>> You see the difference? It is checking the headers!
>
> No - it's not; the command 'spamassassin' gives totally different output
> to 'spamc' by default.  Both are checking the headers but spamc is
> simply not reporting the score (you have to run 'spamc --full < message'
> to get the equivalent output.
>
>> MailScanne is blocking spam though, but not from the test from
>> declude.com.
>
> The declude.com tests will pass through SpamAssassin as they are not
> particularly 'good' anti-spam tests; they rely on the 'filter' to reject
> the message bad upon one bad attribute (in the case of badheader - this
> is merely a mis-formatted Date: header!).  SpamAssassin tests are
> designed so that one bad attribute does not cause the message to be
> tagged as spam or rejected as that would easily cause false-positives.
>
>> No spamc or spamassassin deamon is running on my system.
>
>> So how does MailScanner calls SpamAssassin? Does it call spamc instead
> of Spamassassin?
>
> MailScanner does not use spamd/spamd at all - it calls SpamAssassin via
> the Perl API, so all you will see is the MailScanner processes.
>
>>
>> Hope somebody can clearify my problem.
>>
>
> Sure - you don't have a problem; MailScanner and SpamAssassin are
> running as they were designed.  The declude.com tests are flawed as is
> their implementation.  It's designed to fail with anything but their own
> filter.
>
> The implementation of the test is so flawed that it trips my own servers
> pipelining checks (e.g. it sends all the SMTP commands without waiting
> for a response - which is illegal if using SMTP (e.g. HELO vs EHLO):
>
> 220-mta11.safeguardmail.net SMTP Welcome to smtpf #633
> (l9EBY0201453145500)
> HELO www.declude.com
> 220 Copyright 2006, 2009 by SnertSoft. All rights reserved.
> MAIL FROM: <webmaster-vir at declude.com>
> 250 Hello declude.com [216.144.195.82] #256 (l9EBY0201453145500)
> RCPT TO: <steve.freegard at fsl.com>
> 250 2.1.0 sender  accepted #283 (l9EBY0201453145500)
> DATA
> 550-5.3.3 pipelining not allowed #643 (l9EBY0201453145500) White list
> via
> http://mta11.safeguardmail.net/barricademx/click.php?h=l9EBY25a6134e025c9b82a9daaf928997922b2&c=click:declude.com,webmaster-vir@declude.com
>
>
> Sorry, an error occurred!
>
>
> Regards,
> Steve.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




More information about the MailScanner mailing list