Hi Michael,

Thanks for the answer. Here are some comments.


Michael Scheidell wrote:
>
> One of the issues might be FreeBsd jail.
> (and as earlier poster stated, amavisd-new doesn't call spamd)
>

We are talking about amavisd-new, NOT amavisd, right?
Of course ;-). amavisd (not -new) port refuses to compile anyways.
pkg_info says:
amavisd-new-2.4.2_2,1 Performance-enhanced daemonized version of amavis-perl


Michael Scheidell wrote:
> I am the official ports maintainer of SpamAssassin, and would be
> interested in making sure it and amaivsd-new worked in a freebsd jail.

At the moment, I am mostly sure spamd is called since master.cf spamd filter
is named 'spamassassin' and spamd logs some actions with spamd name, while a
single line is logged to refer to spamassassin filter call.
I do confirm amavisd works perfectly in jail, with appropriately used IP
options to bound to jail-ip.
It costs a pf rule to bar access from "any but jail" to ports 10023-10025 (I
also have postgrey, ...).


Michael Scheidell wrote:
> Some of the 'jail' issues include NOT lo0 (localhost) ip address.
> (yes, you can ping localhost / 127.0.0.1, BUT, I suspect the ACL's in the
> amavisd.conf* files are looking for a Reverse ip == to 127.0.0.1

Yes, but spamd is not bound to localhost since I suspected some weird issues
as bound to jail @IP and program listing to localhost:783 port. So I forced
the -A jail-ip, -i jail-ip -p 783 args on spamd.
/etc/rc.conf says:
spamd_enable="YES"
spamd_flags="-A jail_ip -i jail_ip -p 783 -x -u spamd -C
/etc/mail/spamd/spamd.cf"


Michael Scheidell wrote:
> Things to try (assumes standard postfix/amavisd/spamassassin setup)
>
> Set $log_level = 9; in amavisd.conf, restart amavisd (you do have
> amavisd_enable = "yes" in rc.conf, right?
>
> Telnet localhost 25
> Telnet localhost 10024
> Telnet localhost 100025
>
> See what happens. You SHOULD get banners.
> (I just get:
> (!)DENIED ACCESS from IP 192.168.1.20, policy bank ''
>
> Where 192.168.1.20 is the 'jail' ip address.
>
> Ifconfig (note, NO ip address on lo0?)
>
> bge0: flags=8843 mtu 1500
> options=b
> inet 192.168.1.200 netmask 0xffffffff broadcast 10.70.1.20
> ether 00:0a:22:1f:18:64
> media: Ethernet autoselect (100baseTX )
> status: active
> bge1: flags=8802 mtu 1500
> options=b
> ether 00:0a:22:1f:18:65
> media: Ethernet autoselect (100baseTX )
> status: active
> lo0: flags=8049 mtu 16384
>


Take care, amavisd works perfectly.
I added spamassassin (to postfix and not amavisd by the way, realizing
that).
But amavisd is already bound with ClamAV and EICAR virus test is properly
detected & rejected.

Also, I tested spamd out of anything: cat sample-spam.txt | spamc -d jail-ip
-p port
I received exactly a copy (not even a SMTP header added for spamassassin
check) as stdout.

To me the issue is really on spamassassin itself, without any issue related
to postfix or amavisd.

Brgrds
--
View this message in context: http://www.nabble.com/Issue-with-Spa...p14529741.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.