Penguin
Recent Changes
Blame: SpamAssassinNotes
EditPageHistoryDiffInfoLikePages
Annotated edit history of SpamAssassinNotes version 8, including all changes. View license author blame.
Rev Author # Line
1 DrewBroadley 1 !! How to make SpamAssassin run on your local e-mail machine (with [Evolution] in mind)
2
3 * get and install SpamAssassin, test that it works by piping a good email and a spam email through it
4 * check that fetchmail(1) works, write a <tt>.fetchmailrc</tt> file
5 * check that procmail(1) works, write a <tt>.procmailrc</tt> file
6 * disable the regular pop mailboxes in Evolution
7 * add a new "local delivery" mailbox to Evolution
8 * write a tiny script I called <tt>getmail</tt> that does <tt>fetchmail -m procmail</tt> and make sure that it gets your email from the POP3 server correctly
9 * add <tt>getmail</tt> to your crontab to run every 5 minutes
10 * add a filter rule to Evolution: if specific header <tt>X-Spam-Flag = YES</tt>, drop the email in my Spam folder
11
12 <tt>.fetchmailrc</tt>::
13 <verbatim>
14 poll mail.myisp.co.nz protocol POP3
15 user "pop3user" password "secret" is user "localuser" here mda "/usr/bin/procmail";
16 </verbatim>
17
18 <tt>.procmailrc</tt>::
19 <verbatim>
20 # correct incoming messages for programs like Evolution and mail
21 :0 fhw
22 | formail -I "From " -a "From "
23
24 :0fw
25 | spamassassin
26 </verbatim>
27
28 <tt>~/bin/getmail</tt>::
29 <verbatim>
30 #!/bin/bash
31 /usr/bin/fetchmail >> ~/log/fetchmail
32 </verbatim>
33
34 crontab::
35 <verbatim>
36 */5 * * * * /home/localuser/bin/getmail
37 </verbatim>
38
4 CraigBox 39 !! SpamAssassin's ClamAV Plugin
1 DrewBroadley 40
41 This plugin submits the entire email to a locally running [ClamAV] server for virus detection. If a virus is found, it returns a positive return code to indicate spam and sets the header <tt>X-Spam-Virus: Yes ($virusname)</tt>. If you'd like to sort virus emails to a separate folder, create a rule looking for this header.
4 CraigBox 42
43 This isn't necessarily the best way to run [ClamAV]; for example, your MailTransferAgent, if it has a method to call SpamAssassin, probably has a method to call [ClamAV] too.
44
1 DrewBroadley 45
46 It requires
47 * [ClamAV] installed so that scanning a mail with <tt>clamscan</tt> works
48 * the [File::Scan::ClamAV | http://search.cpan.org/dist/File-Scan-ClamAV/] [Perl] module
4 CraigBox 49
1 DrewBroadley 50
51 To install, create the files in <tt>/etc/mail/spamassassin/</tt>. You can adjust the default score of 10 in <tt>clamav.cf</tt> if you like. Restart the <tt>spamd</tt> daemon if you're using that, and you should be all set.
52
53 <tt>clamav.cf</tt>::
54 <verbatim>
55 loadplugin ClamAV clamav.pm
56 full CLAMAV eval:check_clamav()
57 describe CLAMAV Clam AntiVirus detected a virus
58 score CLAMAV 10
59 </verbatim>
60
61 <tt>clamav.pm</tt>::
62 <verbatim>
63 package ClamAV;
64 use strict;
65 use warnings;
66
67 use Mail::SpamAssassin;
68 use Mail::SpamAssassin::Plugin;
69 use File::Scan::ClamAV;
70
71 our @ISA = qw(Mail::SpamAssassin::Plugin);
72
73 sub new {
74 my ( $class, $mailsa ) = @_;
75 my $self = $class->SUPER::new( $mailsa );
76 bless( $self, $class );
77 $self->register_eval_rule( "check_clamav" );
78 return $self;
79 }
80
81 sub _set_header {
82 my ( $msgstatus, $header ) = @_;
83 $msgstatus->{ main }->{ conf }->{ $_ }->{ "Virus" } = $header
84 for qw( headers_spam headers_ham );
85 }
86
87 sub check_clamav {
88 my ( $self, $permsgstatus, $fulltext ) = @_;
89 my $clamav = File::Scan::ClamAV->new( port => 3310 );
90 my ( $code, $virus ) = $clamav->streamscan( ${ $fulltext } );
91 if ( !$code ) {
92 my $errstr = $clamav->errstr();
93 Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error scanning: $errstr" );
94 _set_header( $permsgstatus, "Error ($errstr)" );
95 }
96 elsif ( $code eq 'OK' ) {
97 Mail::SpamAssassin::Plugin::dbg( "ClamAV: No virus detected" );
98 _set_header( $permsgstatus, "No" );
99 }
100 elsif ( $code eq 'FOUND' ) {
101 Mail::SpamAssassin::Plugin::dbg( "ClamAV: Detected virus: $virus" );
102 _set_header( $permsgstatus, "Yes ($virus)" );
103 return 1;
104 }
105 else {
106 Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error, unknown return code: $code" );
107 _set_header( $permsgstatus, "Error (Unknown return code from ClamAV: $code)" );
108 }
109 return;
110 }
111 1;
112 </verbatim>
113
114 !!Inappropriate ioctl for device in your debug logs under Sarge/Hoary
115
116 <verbatim>
117 debug: using "/root/.spamassassin" for user state dir
118 debug: lock: 29656 created /root/.spamassassin/auto-whitelist.lock.firewall.itpartners.co.nz.29656
119 debug: lock: 29656 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries
120 debug: lock: 29656 link to /root/.spamassassin/auto-whitelist.lock: link ok
121 debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
122 debug: unlock: 29656 unlink /root/.spamassassin/auto-whitelist.lock
123 debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for device
124 </verbatim>
125
126 You're using old format database files.
127
128 The perl version change effected a change of the BDB version being used. The bayes_seen and bayes_toks fixes are BDB files and
129 can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and you can install the db4.2-util package. with HTML
130
131 !! I'm running spamassassin from my MTA, and I get the error <tt>spam acl condition: cannot parse spamd output</tt> or similar.
132
133 This occurs if you have upgraded perl, and not restarted spamd. Try restarting spamd and see if it solves the problem. It could also be a version mismatch, in which case you'll have to upgrade whichever process is calling spamassassin
134
135 !! I'm running spamassassin on [Debian] and get this error <tt>Cannot open bayes databases /home/jimbobdobalina/.spamassassin/bayes_* R/O: tie failed:</tt> (or similar)
136
137 Fix:
138
139 <verbatim>
140 apt-get install db4.3-util
141 </verbatim>
142
143 Go to where you Bayes DB's lie.
144
145 <verbatim>
146 db4.3_upgrade bayes_seen
3 PhilMurray 147 db4.3_upgrade bayes_toks
1 DrewBroadley 148 </verbatim>
149
150 Restart spamassassin, and voila!
151
4 CraigBox 152 !!Web based spam management
153
154 [Maia Mailguard|http://renaissoft.com/maia/] is a web-based interface and quarantine management system for amavisd-new, which allows users to manage their own spam. It has all the pitfalls of amavis, but might suit your needs.
5 CraigBox 155
156 !!Making Razor go
157
158 Is Razor running?
159
160 Uncomment it in /etc/spamassassin/v310.pre and you're effectively away. If you want to be able to submit, you have to [create an account|http://wiki.apache.org/spamassassin/InstallingRazor].
161
162 !!Making DCC go
163
164 Is DCC running? Have you uncommnented it in /etc/spamassassin/v310.pre?
165
166 <verbatim>
167 # spamassassin -t -D < /tmp/spam
168 <snip>
169 [8407] dbg: dcc: dccifd is not available: no r/w dccifd socket found
170 [8407] dbg: dcc: check timed out after 5 seconds
171 </verbatim>
172
173 Default Ubuntu/Debian installation, SA probably can't find the <tt>dccifd</tt> file - add to /etc/spamassassin/local.cf:
174
175 <verbatim>
176 # Enable DCC
177 use_dcc 1
178 dcc_home /var/lib/dcc
179 </verbatim>
180
181 !!Making Pyzor go
182
183 Is Pyzor running? Have you uncommnented it in /etc/spamassassin/v310.pre?
184
185 <verbatim>
186 # spamassassin -t -D < /tmp/spam
187 <snip>
188 [8615] dbg: util: executable for pyzor was found at /usr/bin/pyzor
189 [8615] dbg: pyzor: pyzor is available: /usr/bin/pyzor
190 [8615] dbg: info: entering helper-app run mode
191 [8615] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin8615OvQ1ymtmp
192 [8617] dbg: util: setuid: ruid=0 euid=0
193 [8615] dbg: pyzor: killed stale helper [8617]
194 [8615] dbg: pyzor: [8617] terminated: exit=0x000f
195 [8615] dbg: info: leaving helper-app run mode
196 [8615] dbg: pyzor: check timed out after 5 seconds
197 </verbatim>
198
199 The old Pyzor server has disappeared. Locate .pyzor/servers (systemwide on Debian/Ubuntu, it's under /root/.pyzor/servers) and replace the contents with <tt>82.94.255.100:24441</tt>. Don't run <tt>pyzor discover</tt> again, as it will overwrite the contents with the broken server. (Thanks to [this Nabble post|http://www.nabble.com/Pyzor-issue-since-upgrade-to-3.1.3-t1742083.html] for the answer)
6 CraigBox 200
201 !!Graphing your SA scores
202
203 Thanks to Tom from ItPartners for this cool script. Requires gnuplot. Graphs your spam scores.
204
205 <verbatim>
206 #!/bin/bash
207
208 # Generate a graph of SpamAssassin spam score frequencies.
209 # Needs gnuplot.
210
211 LOGFILES=/var/log/mail.log*
212
213 SCOREFILE=/tmp/spamscores
214 IMAGEFILE=/tmp/spamplot.gif
215
216 > $SCOREFILE
217 for score in `zegrep "identified spam|clean message" $LOGFILES | awk '{print $9}' | cut -d "/" -f 1 | cut -d '(' -f 2`
218 do
219 echo $score 1 >> $SCOREFILE
220 done
221
222 gnuplot <<EOF
223 set term gif
224 set output "$IMAGEFILE"
225 plot "$SCOREFILE" smooth frequency
226 EOF
227 </verbatim>
8 LawrenceDoliveiro 228
229 !!Systemwide filtering
230
231 ~SpamAssassin is normally supposed to be invoked on a per-user basis, perhaps via a procmail(1) rule, or directly in a <tt>.forward</tt> entry, that kind of thing. However, it is possible to filter all users' e-mail on a systemwide basis. The procedure for doing this with [Postfix] is described [here|http://www.geekly.com/entries/archives/00000155.htm].
232
7 LawrenceDoliveiro 233
234 !![SUSE] notes
235
236 Under SuSE, spamd is configured by default not to apply any rules that require Internet access (like accessing Pyzor, blocklists etc). To fix this, edit /etc/sysconfig/spamd. Look for the line
237
238 <verbatim>
239 SPAMD_ARGS="-d -c -L"
240 </verbatim>
241
242 and remove the "-L" switch.
1 DrewBroadley 243
244 ----
4 CraigBox 245 CategoryAntiSpam %%%
246 CategoryNotes

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 4 times)