How to install SpamAssassin? - Mandriva

This is a discussion on How to install SpamAssassin? - Mandriva ; Hi, I installed SpamAssassin but it doesn't seem to be doing anything. After some googling is seems you need to make some modifications to Postfix master.cf and possibly write a script to connect Postfix to SpamAssassin. I'm not sure if ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 39

Thread: How to install SpamAssassin?

  1. How to install SpamAssassin?

    Hi,

    I installed SpamAssassin but it doesn't seem to be doing anything. After
    some googling is seems you need to make some modifications to Postfix
    master.cf and possibly write a script to connect Postfix to SpamAssassin.

    I'm not sure if LM10.0 does any of this when I install the SpamAssassin
    package so I'm hesitant about making changes.

    I would like SpamAssassin to filter incoming mail and put [SPAM] or
    something like that in the subject line before putting it in the user's
    mailbox.

    Another thing. I retrieve incoming mail from my isp via fetchmail. I'm
    not sure if I need to connect fetchmail to SpamAssassin or even if that's
    possible.

    Is this what SpamAssassin does? Or is there another package I should be
    using?

    Any advice would be greatly appreciated.


    Frank

  2. Re: How to install SpamAssassin?

    On Fri, 01 Aug 2008 03:42:38 GMT,
    Frank Dreyfus wrote:

    > I installed SpamAssassin but it doesn't seem to be doing anything.
    > After some googling is seems you need to make some modifications to
    > Postfix master.cf and possibly write a script to connect Postfix to
    > SpamAssassin.
    >
    > I'm not sure if LM10.0 does any of this when I install the
    > SpamAssassin package so I'm hesitant about making changes.


    LM10.0? For $DEITY's sake, Frank, time to upgrade to something that
    still gets security updates. Yikes.

    You need to install the "amavisd-new" package (it's on the CDs/in the
    "Main" online repo); the installation procedure will make the needed
    changes to Postfix's master.cf file. Be sure that the amavisd service
    is set to run at boot time. This daemon will accept mail from Postfix,
    run it through SA, and hand it back to Postfix for delivery. If you
    have ClamAV installed, it'll run the messages through that as well.
    Fetchmail should continue to work as now, with no changes needed there.

    HTH!

    --
    Bill Mullen
    RLU #270075



  3. Re: How to install SpamAssassin?

    On Fri, 01 Aug 2008 00:25:47 -0400, Bill Mullen wrote:

    > On Fri, 01 Aug 2008 03:42:38 GMT,
    > Frank Dreyfus wrote:
    >
    >> I installed SpamAssassin but it doesn't seem to be doing anything.
    >> After some googling is seems you need to make some modifications to
    >> Postfix master.cf and possibly write a script to connect Postfix to
    >> SpamAssassin.
    >>
    >> I'm not sure if LM10.0 does any of this when I install the SpamAssassin
    >> package so I'm hesitant about making changes.

    >
    > LM10.0? For $DEITY's sake, Frank, time to upgrade to something that
    > still gets security updates. Yikes.
    >
    > You need to install the "amavisd-new" package (it's on the CDs/in the
    > "Main" online repo); the installation procedure will make the needed
    > changes to Postfix's master.cf file. Be sure that the amavisd service is
    > set to run at boot time. This daemon will accept mail from Postfix, run
    > it through SA, and hand it back to Postfix for delivery. If you have
    > ClamAV installed, it'll run the messages through that as well. Fetchmail
    > should continue to work as now, with no changes needed there.


    Or you can use Procmail to pipe the mails through SpamAssassin. My setup
    is similar to the one described here:
    http://www.jennings.homelinux.net/ma...er_config.html





    --
    ** Posted from http://www.teranews.com **

  4. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080801002547.2e14b024
    @lunarhub.com:

    > You need to install the "amavisd-new" package


    Thanks for the heads up re: amavisd-new.

    But it screwed me up pretty badly. I don't know what happened but I
    stopped getting ANY mail and Postfix started sending warnings:

    "Your message could not be delivered for more than 2 hour(s).
    It will be retried until it is 5 day(s) old."

    I uninstalled amavisd-new but that didn't restore mail receipt.

    I think I tracked down the problem to a line or two at the end of
    main.cf. I commented out this:

    #content_filter = lmtp-filter:127.0.0.1:10025
    #receive_override_options = no_address_mappings

    and am now receiving mail.

    HOWEVER I still have not gotten the mail that Postfix warned about. I
    thought it would come in once I got Postfix running.

    So, Could I have missed something in installing amavisd-new? There
    weren't any options. Is some configuration needed?

    And, any idea where those missed messages are. I assume they must be
    queued somewhere by Postfix. But how can I get them sent to the users?

    Thanks,


    Frank

  5. Re: How to install SpamAssassin?

    On Fri, 01 Aug 2008 19:07:35 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in news:20080801002547.2e14b024
    > @lunarhub.com:
    >
    > > You need to install the "amavisd-new" package

    >
    > Thanks for the heads up re: amavisd-new.
    >
    > But it screwed me up pretty badly. I don't know what happened but I
    > stopped getting ANY mail and Postfix started sending warnings:
    >
    > "Your message could not be delivered for more than 2 hour(s).
    > It will be retried until it is 5 day(s) old."
    >
    > I uninstalled amavisd-new but that didn't restore mail receipt.


    Did you restart Postfix after installing amavisd-new? And now that
    you've uninstalled it, have you restarted Postfix since then?

    > I think I tracked down the problem to a line or two at the end of
    > main.cf. I commented out this:
    >
    > #content_filter = lmtp-filter:127.0.0.1:10025
    > #receive_override_options = no_address_mappings
    >
    > and am now receiving mail.
    >
    > HOWEVER I still have not gotten the mail that Postfix warned about.
    > I thought it would come in once I got Postfix running.


    Type "mailq' to see what's still in the queue. If the messages show up
    there, run (as root) "sendmail -q" to get it to re-attempt processing.

    > So, Could I have missed something in installing amavisd-new? There
    > weren't any options. Is some configuration needed?


    The /etc/amavisd/amavisd.conf file contains the settings; a sample file
    is also included, as well as one that shows the daemon's defaults. As
    long as SA has already been installed, not much there needs tweaking,
    IIRC; adjusting the SA scoring cutoff levels for various handling
    outcomes might be worthwhile (variables such as $sa_tag_level_deflt,
    $sa_kill_level_deflt, and the like). Setting $myhostname to a FQDN in
    that file, as well as in Postfix's main.cf - and ensuring that the two
    settings agree with each other! - is also probably a good idea, IMHO.

    HTH!

    --
    Bill Mullen
    RLU #270075



  6. Re: How to install SpamAssassin?

    Bill Mullen wrote in
    news:20080801153622.4171594d@lunarhub.com:

    >>

    > Did you restart Postfix after installing amavisd-new? And now that
    > you've uninstalled it, have you restarted Postfix since then?


    Hi Bill,

    Yes and yes.

    >>
    >> HOWEVER I still have not gotten the mail that Postfix warned about.
    >> I thought it would come in once I got Postfix running.

    >
    > Type "mailq' to see what's still in the queue.


    There are 47 requests in the queue. All say "mail transport unavailable".

    > If the messages show up
    > there, run (as root) "sendmail -q" to get it to re-attempt processing.


    I tried this several times. It doesn't seem to do anything.

    >
    >> So, Could I have missed something in installing amavisd-new? There
    >> weren't any options. Is some configuration needed?

    >
    > The /etc/amavisd/amavisd.conf file contains the settings; a sample file
    > is also included, as well as one that shows the daemon's defaults. As
    > long as SA has already been installed, not much there needs tweaking,
    > IIRC; adjusting the SA scoring cutoff levels for various handling
    > outcomes might be worthwhile (variables such as $sa_tag_level_deflt,
    > $sa_kill_level_deflt, and the like). Setting $myhostname to a FQDN in
    > that file, as well as in Postfix's main.cf - and ensuring that the two
    > settings agree with each other! - is also probably a good idea, IMHO.
    >
    > HTH!
    >


    I'm going to try again; but first I want to figure out how to deliver the
    mail in the queue.

    Thanks for your help,

    Frank


  7. Re: How to install SpamAssassin?

    On Fri, 01 Aug 2008 19:53:44 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in
    > news:20080801153622.4171594d@lunarhub.com:
    >
    > > Type "mailq' to see what's still in the queue.

    >
    > There are 47 requests in the queue. All say "mail transport
    > unavailable".
    >
    > > If the messages show up
    > > there, run (as root) "sendmail -q" to get it to re-attempt
    > > processing.

    >
    > I tried this several times. It doesn't seem to do anything.

    [snip]
    > I'm going to try again; but first I want to figure out how to deliver
    > the mail in the queue.


    OK, it looks to me like those messages are expecting to find amavisd
    available to be able to continue their processing. I'd recommend
    reinstalling amavisd-new, checking main.cf to ensure that those two
    lines mentioned earlier are uncommented, checking master.cf as well to
    ensure that the "CONTENT FILTER" section at the bottom of the file is
    similarly uncommented, starting the amavisd service, restarting Postfix
    once amavisd is running, and then finally running "sendmail -q" again.

    HTH!

    --
    Bill Mullen
    RLU #270075



  8. Re: How to install SpamAssassin?

    Bill Mullen wrote in
    news:20080801164011.16108b2e@lunarhub.com:

    > checking master.cf as well to
    > ensure that the "CONTENT FILTER" section at the bottom of the file is
    > similarly uncommented


    Hi Bill,

    There are about 30 lines in the content filter section not including
    obvious comments. ALL of them are commented out.

    I'm afraid to uncomment the whole thing.

    Do I need to do that?

    Thanks,

    Frank

  9. Re: How to install SpamAssassin?

    On Fri, 01 Aug 2008 21:48:20 GMT,
    Frank Dreyfus wrote:

    > Bill Mullen wrote in
    > news:20080801164011.16108b2e@lunarhub.com:
    >
    > > checking master.cf as well to
    > > ensure that the "CONTENT FILTER" section at the bottom of the file
    > > is similarly uncommented

    >
    > Hi Bill,
    >
    > There are about 30 lines in the content filter section not including
    > obvious comments. ALL of them are commented out.
    >
    > I'm afraid to uncomment the whole thing.
    >
    > Do I need to do that?


    If you've reinstalled amavisd-new, then yes, you do. Those lines are
    what tell Postfix to listen on port 10026 for mail being passed back to
    it from amavisd, and without them uncommented that will not occur.

    --
    Bill Mullen
    RLU #270075



  10. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080801184237.4a3b5092
    @lunarhub.com:

    > If you've reinstalled amavisd-new, then yes, you do. Those lines are
    > what tell Postfix to listen on port 10026 for mail being passed back to
    > it from amavisd, and without them uncommented that will not occur.
    >
    >


    Yes, I have reinstalled amavisd-new.

    I've uncommented those lines (see below) and restarted postfix but I
    still can't flush the queue!?

    Here's the entire content filter section of master.cf with the lines
    uncommented.

    ##### START OF CONTENT FILTER CUSTOMIZATIONS #####
    # Please see the Postfix FILTER_README for details.
    # These sample entries expect your content filter to
    # listen on port 10025 and to inject mail back into
    # postfix on port 10026.
    #
    # to enable such content filter run the command
    # postconf -e content_filter=smtp-filter:127.0.0.1:10025
    # postconf -e smtp-filter_destination_concurrency_limit=2
    # or
    # postconf -e content_filter=lmtp-filter:127.0.0.1:10025
    # postconf -e lmtp-filter_destination_concurrency_limit=2
    # and the command
    # postconf -e receive_override_options=no_address_mappings
    #
    #
    #
    127.0.0.1:10026 inet n - n - -
    smtpd
    -o content_filter=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_end_of_data_restrictions=
    -o smtpd_etrn_restrictions=
    -o smtpd_data_restrictions=
    -o smtpd_delay_reject=no
    -o smtpd_recipient_restrictions=permit_mynetworks,rej ect
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o
    receive_override_options=no_unknown_recipient_chec ks,no_header_body_check
    s

    lmtp-filter unix - - n - - lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o lmtp_cache_connection=no
    -o max_use=20

    smtp-filter unix - - n - - smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o max_use=20

    #
    ##### END OF CONTENT FILTER CUSTOMIZATIONS #####



    Thanks,


    Frank

  11. Re: How to install SpamAssassin?

    Oh. Wait! The queue is slowly diminishing.

    I't now down to 21 requests.

    Thanks,

    Frank


  12. Re: How to install SpamAssassin?

    OK, the mail queue is down to three messages and those appear to be there
    for other reasons. For example, one says:

    (host mx01.1and1.com[74.208.5.4] refused to talk to me: 550 RBL
    rejection: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?
    76.23.201.54)

    And SA apparently sent out some notices to possible spammers for example:
    "A message from > to:
    -> ckindle@
    was considered unsolicited bulk e-mail (UBE)."

    HOWEVER, several obvious SPAM messages have been received and NONE of
    them has any indication that it is, or may be, spam. I was expecting
    "[SPAM]" or something like it in the header.

    What am I missing?

    Thanks,

    Frank




  13. Re: How to install SpamAssassin?

    On Sat, 02 Aug 2008 01:11:01 GMT,
    Frank Dreyfus wrote:

    > OK, the mail queue is down to three messages and those appear to be
    > there for other reasons. For example, one says:
    >
    > (host mx01.1and1.com[74.208.5.4] refused to talk to me: 550 RBL
    > rejection: Dynamic IP Addresses See:
    > http://www.sorbs.net/lookup.shtml? 76.23.201.54)


    That's typical; it got rejected because your IP address is in a block
    that is customarily dynamically assigned (whether or not that specific
    one is), and therefore appears in a block list that that mail system
    uses to decide who to block. If you had been using your ISP's SMTP
    server as a relay host, rather than having Postfix attempt to deliver
    the mail directly, that message would have probably gone through.

    > And SA apparently sent out some notices to possible spammers for
    > example: "A message from > to:
    > -> ckindle@
    > was considered unsolicited bulk e-mail (UBE)."
    >
    > HOWEVER, several obvious SPAM messages have been received and NONE of
    > them has any indication that it is, or may be, spam. I was expecting
    > "[SPAM]" or something like it in the header.


    You mean in the subject line header, I presume. There are others.

    > What am I missing?


    Look at the full headers of the mails in question to learn what SA
    thought of them. Then look at /etc/amavisd/amavisd.conf and see the
    settings therein that apply to SA's scores and how amavisd will handle
    the messages based on them. These include (but are from a more recent
    amavisd-new version, so YMMV):

    $sa_tag_level_deflt = 1.0; # add spam info headers if at, or above
    that level
    $sa_tag2_level_deflt = 4.9; # add 'spam detected' headers at that level
    $sa_kill_level_deflt = 4.9; # triggers spam evasive actions (e.g.
    blocks mail)
    $sa_dsn_cutoff_level = 10; # spam level beyond which a
    DSN is not sent
    # $sa_quarantine_cutoff_level = 25; # spam level beyond
    which quarantine is off

    So, if a message scores below 1.0, you won't see SA's headers in that
    mail. If it draws a score above 1.0 but below 4.9, you'll see the SA
    headers but no change in the subject line will be made. Above 4.9, the
    mail qualifies for having "***SPAM*** " added to the subject line (the
    text inserted is defined in $sa_spam_subject_tag), but a 4.9 or higher
    also triggers a bounce, so you won't see that message anyway. Adjust
    these default values to whatever works for you, then restart amavisd.

    You can also tweak the values in SA's own config file to adjust the
    scores given out for each test that it makes. Another way to improve
    SA's usefulness is to install the "rules_du_jour" package; I don't see
    one available for 10.0, but it's entirely composed of text files and one
    script, so you might be able to get away with installing it from a more
    recent release, such as:

    ftp://mirror.cs.wisc.edu/pub/mirrors...8.0.noarch.rpm

    This sets up a cron job to retrieve updated rule sets for SA, checking
    for new ones every day. They help SA's accuracy considerably, IME.

    Even with all that done, expect some SPAM to still get through; you can
    cut it down dramatically, but it's almost impossible to eliminate it
    entirely. :-/

    HTH!

    --
    Bill Mullen
    RLU #270075



  14. Re: How to install SpamAssassin?

    Frank Dreyfus wrote:
    > I installed SpamAssassin but it doesn't seem to be doing anything.


    Did you find the FAQ at
    http://wiki.apache.org/spamassassin/...AskedQuestions
    and the SpamAssassin homepage at
    http://spamassassin.apache.org/
    ?

    My ISP uses SpamAssassin, but I haven't experimented with it beyond
    the WWW interface that my ISP provides.

  15. Re: How to install SpamAssassin?

    Bill Mullen wrote:
    > Even with all that done, expect some SPAM to still get through


    I thought all-capitals "SPAM" is copyrighted by the Hormel Corp., and
    I thought we were supposed to refer to UCE/UBE as lower-case "spam."

  16. Re: How to install SpamAssassin?

    On it's own, Spamassassin can only do so much. It is one hell of a
    resource hog too.

    If you have a spare old PC about TANGLE is reasonable and expandable and
    offers a bit more than Bayes - which is easily poisoned anyway.

    To get any Bayes to work in a half decent way you need to give it far
    more 'ham' than 'spam'. The problem is most people get more 'spam' than
    'ham'.

    Bayes/SA is normally at the end of commercial spam filtering solutions
    and most 'spam' is blocked before it gets as far as it. RBL's,
    fingerprinting, rate control etc. all playing a far more important part
    in the game.

    --
    I collect spam + please send it to: givemespam@wibblywobblyteapot.co.uk

  17. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080802011053.48e4ed16
    @lunarhub.com:

    > Look at the full headers of the mails in question to learn what SA
    > thought of them. Then look at /etc/amavisd/amavisd.conf and see the
    > settings therein that apply to SA's scores and how amavisd will handle
    > the messages based on them.


    Hi Bill,

    I'm working on the tweaks you suggested.

    So far things are working nicely.

    I could NOT have done this without your generous help!

    Many thanks,


    Frank

  18. Postfix transport table for outbound email routing; [was Re: How toinstall SpamAssassin?]

    On 2008-08-02, Bill Mullen wrote:
    > On Sat, 02 Aug 2008 01:11:01 GMT,
    > Frank Dreyfus wrote:
    >
    >> OK, the mail queue is down to three messages and those appear to be
    >> there for other reasons. For example, one says:
    >>
    >> (host mx01.1and1.com[74.208.5.4] refused to talk to me: 550 RBL
    >> rejection: Dynamic IP Addresses See:
    >> http://www.sorbs.net/lookup.shtml? 76.23.201.54)

    >
    > That's typical; it got rejected because your IP address is in a block
    > that is customarily dynamically assigned (whether or not that specific
    > one is), and therefore appears in a block list that that mail system
    > uses to decide who to block. If you had been using your ISP's SMTP
    > server as a relay host, rather than having Postfix attempt to deliver
    > the mail directly, that message would have probably gone through.


    And, if you want to route outbound email differently
    depending on the destination domain, you can use Postfix's
    transport table. If you want to do that, there are a few
    things to do:

    Put the following line in main.cf:

    vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv cut here vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
    transport_maps = hash:/etc/postfix/transport
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cut here ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    You might need to add some portion of the next lines to
    main.cf:

    vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv cut here vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    # broken_sasl_auth_clients = yes
    # debug_peer_list = outgoing.your-isp-domain.net
    # debug_peer_level = 2
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cut here ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    If you have to use the SASL password map, make a
    'sasl_password' file.

    Then, put something like the following in 'transport':

    vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv cut here vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
    # send to snob domains via Verizon's 'smarthost'
    aol.com smtp:[outgoing.verizon.net]
    redhat.com smtp:[outgoing.verizon.net]
    ..redhat.com smtp:[outgoing.verizon.net]

    # send to everything else directly
    * :
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cut here ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    HTH

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  19. Re: Postfix transport table for outbound email routing; [was Re:How to install SpamAssassin?]

    On 3 Aug 2008 03:17:06 GMT,
    Robert Riches wrote:

    [re: /etc/postfix/transport file]

    > # send to snob domains via Verizon's 'smarthost'
    > aol.com smtp:[outgoing.verizon.net]
    > redhat.com smtp:[outgoing.verizon.net]
    > .redhat.com smtp:[outgoing.verizon.net]
    >
    > # send to everything else directly
    > * :


    It should also be noted that Postfix will not be able to use this file
    directly, so once you create it (and after every time you change it),
    you need to run (as root) "postmap transport", then "postfix reload".

    --
    Bill Mullen
    RLU #270075



  20. Re: How to install SpamAssassin?

    Bill Mullen wrote in news:20080802011053.48e4ed16
    @lunarhub.com:

    > Then look at /etc/amavisd/amavisd.conf and see the
    > settings therein that apply to SA's scores and how amavisd will handle
    > the messages based on them


    Hi Bill,

    I still can't get [SPAM] in the subject.

    Almost all of the spam I'm seeing is rated: X-SpamScore: 3

    So I made a few mods to /etc/amavisd/amavisd.conf:

    $sa_tag_level_deflt = 1.0; # add spam info headers if at, or above that
    level

    $sa_tag2_level_deflt = 2.5; # add 'spam detected' headers at that level

    $sa_kill_level_deflt = 5.9; # triggers spam evasive actions (e.g. blocks
    mail)

    $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

    I thought by setting $sa_tag2_level_deflt = 2.5 that all X-SpamScore: 3
    mail would get tagged (in the Subject line).

    Yes, I restarted amavisd and for good luck postfix.

    What am I missing?


    Thanks,


    Frank

+ Reply to Thread
Page 1 of 2 1 2 LastLast