Mailscanner - Spamassassin Issue

Shawn Iverson iversons at rushville.k12.in.us
Tue Jun 19 18:52:25 UTC 2018


Toby,

You can view the install.sh script to get an idea, but MailScanner isn't
just the MailScanner rpm (which is unlikely to be the issue, anyways), it
is the literally dozens of perl modules and various binaries that are used
with MailSCanner.  You could in theory, remove them all, but I am unsure it
would be a fruitful effort.

On Mon, Jun 11, 2018 at 4:19 PM, Toby <toby at rosecott.net> wrote:

> Hi,
>
> i have come to the conclusion that there is something seriously wrong with
> this deployment of mailscanner.
>
> even though i can manually call spamassassin as the postfix user, using
> the mailscanner spamassassin config, and get successful result, when its
> all triggered as part of the mail route, its rubbish again.
>
> I timed the manual scan and it took 11 seconds to complete.  in the mail
> log, the time between spam checks starting and completing is 3 seconds at
> best.
>
> blacklists are not working either, i have 4 email domains listed and am
> still getting emails from them.
>
> this may be because the system already had an installation of spamassassin
> installed originally
>
> is there a reliable way to remove all traces of mailscanner and
> spamassassin and start again (preferably without wiping the server which
> does dhcp and dns as well?)
>
>
>
>
> ------ Original Message ------
> From: "Shawn Iverson" <iversons at rushville.k12.in.us>
> To: "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
> Sent: 09/06/2018 08:42:20
> Subject: Re: Re[2]: Mailscanner - Spamassassin Issue
>
> Toby,
>
> Out of curiosity, what are these defined in your MailScanner.conf?
>
> SpamAssassin Local Rules Dir
> SpamAssassin Local State Dir
> SpamAssassin Default Rules Dir
>
>
> On Fri, Jun 8, 2018 at 8:16 PM, Toby <toby at rosecott.net> wrote:
>
>> Hi,
>>
>> Thanks again for the work put in here, i have been looking at your reply
>> :-
>>
>> 1.    I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs
>> file and maybe even the entire .spamassassin dir to avoid any confusion.
>> The MailScanner service script should be starting as user root to read all
>> of it's configs then lowering it's privs by switching to the postfix user.
>>
>> i did this, and the folder was just recreated when i ran the command.  I
>> tried copying the user files from the root/.spamassassin folder that is
>> mentioned in the good scan, but this had no effect
>>
>> 2. In the bad run, something is trying to open
>> /etc/mail/spamassassin/MailScanner.cf. Does that exist with an uppercase
>> "M"? It's supposed to be "mailscanner.cf" in /etc/mail/spamassassin all
>> lowercase.
>>
>> i checked the file, and it did exist with the capitalisation,
>> interestingly i renamed it and the result log changed as well, but this had
>> no effect on the result, so i changed it back again.
>>
>> 3. You need to track down what is pointing to the MailScanner.cf with a
>> "grep -rl MailScanner.cf *" from / or something.
>>  These are two very different files but I think something is crossed up
>> in your configs:
>> /etc/mail/spamassassin/mailscanner.cf
>> /etc/MailScanner/MailScanner.conf
>>
>> i have no idea how to do the grep thing, i'm a noob to linux, so i did
>> nothing about this, i have a colleague who may help with this if needs be.
>>
>> So i was still no further forwards.  i started comparing the results
>> again, and noticed a difference in some lines above the user_prefs you
>> mentioned.
>>
>> <bad results>
>> *Jun 9 01:03:34.495 [27253] dbg: config: using
>> "/etc/MailScanner/spamassassin.conf" for sys rules pre files*
>> *Jun 9 01:03:34.496 [27253] dbg: config: read file
>> /etc/MailScanner/spamassassin.conf*
>> *Jun 9 01:03:34.496 [27253] dbg: config: using
>> "/etc/MailScanner/spamassassin.conf" for default rules dir*
>> *Jun 9 01:03:34.497 [27253] dbg: config: read file
>> /etc/MailScanner/spamassassin.conf*
>> Jun 9 01:03:34.498 [27253] dbg: config: using "/etc/mail/spamassassin"
>> for site rules dir
>> Jun 9 01:03:34.499 [27253] dbg: config: read file
>> /etc/mail/spamassassin/MailScanner.cf
>> Jun 9 01:03:34.500 [27253] dbg: config: read file /etc/mail/spamassassin/
>> local.cf
>> Jun 9 01:03:34.500 [27253] dbg: config: using
>> "/var/spool/postfix/.spamassassin" for user state dir
>> Jun 9 01:03:34.501 [27253] dbg: config: using
>> "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file
>> Jun 9 01:03:34.502 [27253] dbg: config: read file
>> /var/spool/postfix/.spamassassin/user_prefs
>>
>> <Good results>
>>  *dbg: config: using "/var/lib/spamassassin/3.004001" for sys rules pre
>> files*
>> * dbg: config: using "/var/lib/spamassassin/3.004001" for default rules
>> dir*
>> * dbg: config: read file
>> /var/lib/spamassassin/3.004001/updates_spamassassin_org.cf
>> <http://updates_spamassassin_org.cf>*
>>  dbg: config: using "/etc/mail/spamassassin" for site rules dir
>>  dbg: config: read file /etc/mail/spamassassin/MailScanner.cf
>>  dbg: config: read file /etc/mail/spamassassin/local.cf
>>  dbg: config: using "/root/.spamassassin" for user state dir
>>  dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file
>>  dbg: config: read file /root/.spamassassin/user_prefs
>>
>> This got me thinking and i found a load of NN_xxxxxxx.cf files in a
>> folder beneath 3.004.001.  i ended up copying these to the
>> /etc/mail/Spamassassin folder.  and now i have it working.
>>
>> i don't think this is the correct solution, but it will hopefully point
>> to the correct solution.
>>
>> in the meantime thanks again for the help
>>
>>
>>
>> ------ Original Message ------
>> From: "David Jones via MailScanner" <mailscanner at lists.mailscanner.info>
>> To: mailscanner at lists.mailscanner.info
>> Cc: "David Jones" <djones at ena.com>
>> Sent: 08/06/2018 22:32:48
>> Subject: Re: Mailscanner - Spamassassin Issue
>>
>> On 06/08/2018 03:25 PM, Toby wrote:
>>
>> Apologies, all public now
>>
>> ------ Original Message ------
>> From: "David Jones via MailScanner" <mailscanner at lists.mailscanner.info>
>> To: mailscanner at lists.mailscanner.info
>> Cc: "David Jones" <djones at ena.com>
>> Sent: 08/06/2018 20:45:20
>> Subject: Re: Mailscanner - Spamassassin Issue
>>
>>
>> On 06/08/2018 02:21 PM, Toby wrote:
>>
>> Hi,
>>
>> Thanks for the replies, and the efforts so far.
>>
>> I checked the MailScanner.Conf, and it using postfix as the user and
>> group.
>>
>> i have created several pastebins:-
>>
>> 1: https://pastebin.com/07HcxD72 - Mailscanner --Version
>>
>> 2: https://pastebin.com/eh3XmfWb - MailScanner --lint
>>
>> 3: https://pastebin.com/J6d8GBB4 - MailScanner.conf
>>
>> 4: https://pastebin.com/XAjrPftG - Spamassassin.conf
>>
>> 5: https://pastebin.com/BmTnp5SL - Best scan results acheived with "sudo
>> -u root -p -c spamassassin -D -t Testy.eml" - Score 9
>>
>> 6: https://pastebin.com/dLi6QKjU - Successfull scan as described
>> previously  "sudo -u postfix -p -c spamassassin -D -t Testy.eml" - score 7.4
>>
>> 7: https://pastebin.com/yhwrbb2G - Failed results as previously
>> described "sudo -u postfix -p -c spamassassin -D -t -C
>> /etc/MailScanner/spamassassin.conf Testy.eml" - score 0
>>
>> 8: https://pastebin.com/PtC30M5U - Defaults file from MailScanner
>>
>>
>> Hope this is enough to go forwards.  As you can see i get different
>> results for the same user, depending on whether i declare the
>> mailscanner/spamassassin.conf file
>>
>>
>>
>> If you search for "user_prefs" in those 2 "spamassassin -D" runs you will
>> see that it's using 2 different preferences file.  That is the difference.
>> Near the bottom of those runs you see that one is hitting BAYES_* while the
>> lower score is not.  That's the difference in the good scores.
>>
>> I would recommend removing the /var/spool/postfix/.spamassassin/user_prefs
>> file and maybe even the entire .spamassassin dir to avoid any confusion.
>> The MailScanner service script should be starting as user root to read all
>> of it's configs then lowering it's privs by switching to the postfix user.
>>
>> In the bad run, something is trying to open /etc/mail/spamassassin/MailSca
>> nner.cf.  Does that exist with an uppercase "M"?  It's supposed to be "
>> mailscanner.cf" in /etc/mail/spamassassin all lowercase.
>>
>> You need to track down what is pointing to the MailScanner.cf with a
>> "grep -rl MailScanner.cf *" from / or something.
>>
>> These are two very different files but I think something is crossed up in
>> your configs:
>> /etc/mail/spamassassin/mailscanner.cf
>> /etc/MailScanner/MailScanner.conf
>>
>> -- David Jones
>>
>>
>> -- MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>>
>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 x1171
> iversons at rushville.k12.in.us
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>


-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x1171
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180619/8099caa6/attachment.html>


More information about the MailScanner mailing list