Mailscanner - Spamassassin Issue

Toby toby at rosecott.net
Mon Jun 11 20:19:59 UTC 2018 

Hi,

i have come to the conclusion that there is something seriously wrong 
with this deployment of mailscanner.

even though i can manually call spamassassin as the postfix user, using 
the mailscanner spamassassin config, and get successful result, when its 
all triggered as part of the mail route, its rubbish again.

I timed the manual scan and it took 11 seconds to complete.  in the mail 
log, the time between spam checks starting and completing is 3 seconds 
at best.

blacklists are not working either, i have 4 email domains listed and am 
still getting emails from them.

this may be because the system already had an installation of 
spamassassin installed originally

is there a reliable way to remove all traces of mailscanner and 
spamassassin and start again (preferably without wiping the server which 
does dhcp and dns as well?)




------ Original Message ------
From: "Shawn Iverson" <iversons at rushville.k12.in.us>
To: "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
Sent: 09/06/2018 08:42:20
Subject: Re: Re[2]: Mailscanner - Spamassassin Issue

>Toby,
>
>Out of curiosity, what are these defined in your MailScanner.conf?
>
>SpamAssassin Local Rules Dir
>SpamAssassin Local State Dir
>SpamAssassin Default Rules Dir
>
>
>On Fri, Jun 8, 2018 at 8:16 PM, Toby <toby at rosecott.net> wrote:
>>Hi,
>>
>>Thanks again for the work put in here, i have been looking at your 
>>reply :-
>>
>>1.    I would recommend removing the 
>>/var/spool/postfix/.spamassassin/user_prefs file and maybe even the 
>>entire .spamassassin dir to avoid any confusion. The MailScanner 
>>service script should be starting as user root to read all of it's 
>>configs then lowering it's privs by switching to the postfix user.
>>
>>i did this, and the folder was just recreated when i ran the command.  
>>I tried copying the user files from the root/.spamassassin folder that 
>>is mentioned in the good scan, but this had no effect
>>
>>2. In the bad run, something is trying to open 
>>/etc/mail/spamassassin/MailScanner.cf. Does that exist with an 
>>uppercase "M"? It's supposed to be "mailscanner.cf" in 
>>/etc/mail/spamassassin all lowercase.
>>
>>i checked the file, and it did exist with the capitalisation, 
>>interestingly i renamed it and the result log changed as well, but 
>>this had no effect on the result, so i changed it back again.
>>
>>3. You need to track down what is pointing to the MailScanner.cf with 
>>a "grep -rl MailScanner.cf *" from / or something.
>>  These are two very different files but I think something is crossed 
>>up in your configs:
>>/etc/mail/spamassassin/mailscanner.cf <http://mailscanner.cf>
>>/etc/MailScanner/MailScanner.conf
>>
>>i have no idea how to do the grep thing, i'm a noob to linux, so i did 
>>nothing about this, i have a colleague who may help with this if needs 
>>be.
>>
>>So i was still no further forwards.  i started comparing the results 
>>again, and noticed a difference in some lines above the user_prefs you 
>>mentioned.
>>
>><bad results>
>>Jun 9 01:03:34.495 [27253] dbg: config: using 
>>"/etc/MailScanner/spamassassin.conf" for sys rules pre files
>>Jun 9 01:03:34.496 [27253] dbg: config: read file 
>>/etc/MailScanner/spamassassin.conf
>>Jun 9 01:03:34.496 [27253] dbg: config: using 
>>"/etc/MailScanner/spamassassin.conf" for default rules dir
>>Jun 9 01:03:34.497 [27253] dbg: config: read file 
>>/etc/MailScanner/spamassassin.conf
>>Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin" 
>>for site rules dir
>>Jun 9 01:03:34.499 [27253] dbg: config: read file 
>>/etc/mail/spamassassin/MailScanner.cf
>>Jun 9 01:03:34.500 [27253] dbg: config: read file 
>>/etc/mail/spamassassin/local.cf <http://local.cf>
>>Jun 9 01:03:34.500 [27253] dbg: config: using 
>>"/var/spool/postfix/.spamassassin" for user state dir
>>Jun 9 01:03:34.501 [27253] dbg: config: using 
>>"/var/spool/postfix/.spamassassin/user_prefs" for user prefs file
>>Jun 9 01:03:34.502 [27253] dbg: config: read file 
>>/var/spool/postfix/.spamassassin/user_prefs
>>
>><Good results>
>>  dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre 
>>files
>>  dbg: config: using "/var/lib/spamassassin/3.004001" for default rules 
>>dir
>>  dbg: config: read file 
>>/var/lib/spamassassin/3.004001/updates_spamassassin_org.cf 
>><http://updates_spamassassin_org.cf>
>>  dbg: config: using "/etc/mail/spamassassin" for site rules dir
>>  dbg: config: read file /etc/mail/spamassassin/MailScanner.cf
>>  dbg: config: read file /etc/mail/spamassassin/local.cf 
>><http://local.cf>
>>  dbg: config: using "/root/.spamassassin" for user state dir
>>  dbg: config: using "/root/.spamassassin/user_prefs" for user prefs 
>>file
>>  dbg: config: read file /root/.spamassassin/user_prefs
>>
>>This got me thinking and i found a load of NN_xxxxxxx.cf files in a 
>>folder beneath 3.004.001.  i ended up copying these to the 
>>/etc/mail/Spamassassin folder.  and now i have it working.
>>
>>i don't think this is the correct solution, but it will hopefully 
>>point to the correct solution.
>>
>>in the meantime thanks again for the help
>>
>>
>>
>>------ Original Message ------
>>From: "David Jones via MailScanner" 
>><mailscanner at lists.mailscanner.info 
>><mailto:mailscanner at lists.mailscanner.info>>
>>To: mailscanner at lists.mailscanner.info 
>><mailto:mailscanner at lists.mailscanner.info>
>>Cc: "David Jones" <djones at ena.com>
>>Sent: 08/06/2018 22:32:48
>>Subject: Re: Mailscanner - Spamassassin Issue
>>
>>>On 06/08/2018 03:25 PM, Toby wrote:
>>>>Apologies, all public now
>>>>
>>>>------ Original Message ------
>>>>From: "David Jones via MailScanner" 
>>>><mailscanner at lists.mailscanner.info 
>>>><mailto:mailscanner at lists.mailscanner.info>>
>>>>To: mailscanner at lists.mailscanner.info 
>>>><mailto:mailscanner at lists.mailscanner.info>
>>>>Cc: "David Jones" <djones at ena.com>
>>>>Sent: 08/06/2018 20:45:20
>>>>Subject: Re: Mailscanner - Spamassassin Issue
>>>>
>>>>>On 06/08/2018 02:21 PM, Toby wrote:
>>>>>>Hi,
>>>>>>
>>>>>>Thanks for the replies, and the efforts so far.
>>>>>>
>>>>>>I checked the MailScanner.Conf, and it using postfix as the user 
>>>>>>and group.
>>>>>>
>>>>>>i have created several pastebins:-
>>>>>>
>>>>>>1: https://pastebin.com/07HcxD72 - Mailscanner --Version
>>>>>>
>>>>>>2: https://pastebin.com/eh3XmfWb - MailScanner --lint
>>>>>>
>>>>>>3: https://pastebin.com/J6d8GBB4 - MailScanner.conf
>>>>>>
>>>>>>4: https://pastebin.com/XAjrPftG - Spamassassin.conf
>>>>>>
>>>>>>5: https://pastebin.com/BmTnp5SL - Best scan results acheived with 
>>>>>>"sudo -u root -p -c spamassassin -D -t Testy.eml" - Score 9
>>>>>>
>>>>>>6: https://pastebin.com/dLi6QKjU - Successfull scan as described 
>>>>>>previously  "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - 
>>>>>>score 7.4
>>>>>>
>>>>>>7: https://pastebin.com/yhwrbb2G - Failed results as previously 
>>>>>>described "sudo -u postfix -p -c spamassassin -D -t -C 
>>>>>>/etc/MailScanner/spamassassin.conf Testy.eml" - score 0
>>>>>>
>>>>>>8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner
>>>>>>
>>>>>>
>>>>>>Hope this is enough to go forwards.  As you can see i get 
>>>>>>different results for the same user, depending on whether i 
>>>>>>declare the mailscanner/spamassassin.conf file
>>>>>>
>>>
>>>If you search for "user_prefs" in those 2 "spamassassin -D" runs you 
>>>will see that it's using 2 different preferences file.  That is the 
>>>difference.  Near the bottom of those runs you see that one is 
>>>hitting BAYES_* while the lower score is not.  That's the difference 
>>>in the good scores.
>>>
>>>I would recommend removing the 
>>>/var/spool/postfix/.spamassassin/user_prefs file and maybe even the 
>>>entire .spamassassin dir to avoid any confusion.  The MailScanner 
>>>service script should be starting as user root to read all of it's 
>>>configs then lowering it's privs by switching to the postfix user.
>>>
>>>In the bad run, something is trying to open 
>>>/etc/mail/spamassassin/MailScanner.cf.  Does that exist with an 
>>>uppercase "M"?  It's supposed to be "mailscanner.cf" in 
>>>/etc/mail/spamassassin all lowercase.
>>>
>>>You need to track down what is pointing to the MailScanner.cf with a 
>>>"grep -rl MailScanner.cf *" from / or something.
>>>
>>>These are two very different files but I think something is crossed 
>>>up in your configs:
>>>/etc/mail/spamassassin/mailscanner.cf <http://mailscanner.cf>
>>>/etc/MailScanner/MailScanner.conf
>>>
>>>-- David Jones
>>>
>>>
>>>-- MailScanner mailing list
>>>mailscanner at lists.mailscanner.info 
>>><mailto:mailscanner at lists.mailscanner.info>
>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner 
>>><http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>>
>>
>>
>>
>>--
>>MailScanner mailing list
>>mailscanner at lists.mailscanner.info 
>><mailto:mailscanner at lists.mailscanner.info>
>>http://lists.mailscanner.info/mailman/listinfo/mailscanner 
>><http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>>
>>
>
>
>
>--
>Shawn Iverson, CETL
>Director of Technology
>Rush County Schools
>765-932-3901 x1171
>iversons at rushville.k12.in.us
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180611/24d9a0c8/attachment.html>

More information about the MailScanner mailing list